-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PM-10741] Refactor biometrics interface & add dynamic status #10973
base: km/pm-9823/extract-biometric-messaging-service
Are you sure you want to change the base?
[PM-10741] Refactor biometrics interface & add dynamic status #10973
Conversation
Fixed Issues
|
2e0002a
to
62f65aa
Compare
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## km/pm-9823/extract-biometric-messaging-service #10973 +/- ##
==================================================================================
+ Coverage 33.17% 35.05% +1.87%
==================================================================================
Files 2691 2692 +1
Lines 83005 83777 +772
Branches 15761 15894 +133
==================================================================================
+ Hits 27537 29367 +1830
- Misses 53301 53443 +142
+ Partials 2167 967 -1200 ☔ View full report in Codecov by Sentry. |
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-10741
📔 Objective
Refactor biometrics both in browser and desktop.
This has a few goals, mainly to improve readability, maintainability; since this is a fairly large PR here is a breakdown:
New biometrics service interface
We introduce a new interface for biometrics:
implemented both on desktop and browser. Previously, the user-specific biometrics would be done via the
keytar
with a special biometric key suffix. This was intuitive. Further, the api for this set the userkey to state as a side-effect. In the new biometrics interface, the user is responsible for setting the userkey, when calling "unlockWithBiometricsForUser". Additionally, this greatly simplifies the keytar code, which previously had many special case exceptions to handle the biometrics related codepaths.Consumers of the biometrics API no longer need to care about multiple different ways of getting the status or platform support of biometrics. They can query either the general biometrics status, or the status for one specific user (which will include responses such as "unlock is needed" when masterpassword reprompt is used).
Lock screen availability check
Since the biometrics state is not much more easily accessible both on desktop and browser, this PR adds a dynamic availability check to the lock components, which will show the reason why biometrics are unavailable, instead of just hiding the option.
TODO SCREENSHOTS
Moved os biometrics services
The naming for the biometrics services has been clarified to "os-biometrics-{windows/mac/linux}". The
os-biometrics*
implementation is the lowest layer, and will be later moved to rust.Consistent naming of ipc methods
All ipc methods follow the same naming of the methods of the biometrics interfaces they implement, message commands are also renamed to follow the same naming scheme, improving readability.
Client keyhalf by userid instead of service + key
The client keyhalf was previously set using a "service" and "key", which was added complexity. It is just a key for each user, and so we store it by userId. In a later refactor, this concept will be moved to the windows implementation entirely, since it is only used there.
Refactored IPC
IPC between desktop and browser has been refactored, both to break out the biometric specific code into other files, but also in order to support concurrent requsests. Previously a single message handler callback would be registered, and if another message was sent before the first response was received, the handler would be overwritten and no response would be received. This PR introduces a map of callbacks and message ids in order to support concurrent requests (f.e for checking availability concurrently to unlocking).
Backward compatibility:
Note: This changes Browser<->desktop IPC, which has backward compatibility implications. The PR handles both directions (browser being older than desktop, and desktop being older than browser). The remaining messages will be removed in 3 releases.
📸 Screenshots
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or ℹ️ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or 💭 (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or:warning:
) for more significant problems or concerns needing attention:seedling:
) or ♻️ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes