department-of-veterans-affairs · theodur · Nov 13, 2024 · Oct 29, 2024 · Nov 5, 2024 · Nov 5, 2024
@@ -73,7 +73,7 @@
     "react-native-haptic-feedback": "^2.3.3",
     "react-native-image-picker": "^7.1.2",
     "react-native-keyboard-manager": "^6.5.11-2",
-    "react-native-keychain": "^8.2.0",
+    "react-native-keychain": "^9.1.0",
     "react-native-localize": "^3.2.1",
     "react-native-notifications": "^5.1.0",
     "react-native-safe-area-context": "^4.10.9",

@@ -7,14 +7,24 @@ import AsyncStorage from '@react-native-async-storage/async-storage'
 
 import { Button, ButtonVariants } from '@department-of-veterans-affairs/mobile-component-library'
 
-import { AlertWithHaptics, Box, CrisisLineButton, VALogo, VAScrollView, WaygateWrapper } from 'components'
+import {
+  AlertWithHaptics,
+  Box,
+  CrisisLineButton,
+  LoadingComponent,
+  TextView,
+  VALogo,
+  VAScrollView,
+  WaygateWrapper,
+} from 'components'
 import AppVersionAndBuild from 'components/AppVersionAndBuild'
 import { Events } from 'constants/analytics'
 import { NAMESPACE } from 'constants/namespaces'
 import { RootState } from 'store'
 import { AuthParamsLoadingStateTypeConstants } from 'store/api/types/auth'
 import { AuthState, FIRST_TIME_LOGIN, NEW_SESSION, loginStart, setPKCEParams } from 'store/slices/authSlice'
 import { DemoState, updateDemoMode } from 'store/slices/demoSlice'
+import colors from 'styles/themes/VAColors'
 import { a11yLabelVA } from 'utils/a11yLabel'
 import { logAnalyticsEvent } from 'utils/analytics'
 import getEnv from 'utils/env'
@@ -25,7 +35,7 @@ import DemoAlert from './DemoAlert'
 
 function LoginScreen() {
   const { t } = useTranslation(NAMESPACE.COMMON)
-  const { firstTimeLogin } = useSelector<RootState, AuthState>((state) => state.auth)
+  const { firstTimeLogin, loadingRefreshToken } = useSelector<RootState, AuthState>((state) => state.auth)
   const { authParamsLoadingState } = useSelector<RootState, AuthState>((state) => state.auth)
 
   const dispatch = useAppDispatch()
@@ -105,7 +115,7 @@ function LoginScreen() {
         backgroundColor={theme.colors.background.main}
       />
       <DemoAlert visible={demoPromptVisible} setVisible={setDemoPromptVisible} onConfirm={handleUpdateDemoMode} />
-      <CrisisLineButton />
+      {!loadingRefreshToken && <CrisisLineButton />}
       {demoMode && <AlertWithHaptics variant="info" header="DEMO MODE" />}
       <WaygateWrapper waygateName="WG_Login" />
       <Box
@@ -124,19 +134,40 @@ function LoginScreen() {
           accessibilityRole="image"
           accessibilityLabel={t('demoMode.imageDescription')}>
           <VALogo testID="VALogo" />
+          {loadingRefreshToken && (
+            <Box alignItems={'center'} justifyContent={'center'} mx={theme.dimensions.gutter} mt={70}>
+              <LoadingComponent
+                justTheSpinnerIcon={true}
+                spinnerColor={theme.mode === 'dark' ? colors.grayLightest : colors.primary}
+              />
+              <TextView
+                variant={'MobileBody'}
+                justifyContent={'center'}
+                color={'primary'}
+                alignItems={'center'}
+                textAlign={'center'}
+                mt={theme.dimensions.standardMarginBetween}>
+                {t('sync.progress.signin')}
+              </TextView>
+            </Box>
+          )}
         </Box>
-        <Box mx={theme.dimensions.gutter} my={theme.dimensions.standardMarginBetween}>
-          <Button onPress={onLoginInit} label={t('signin')} />
-        </Box>
-        <Box mx={theme.dimensions.gutter} mb={70}>
-          <Button
-            onPress={onFacilityLocator}
-            label={t('findLocation.title')}
-            a11yLabel={a11yLabelVA(t('findLocation.title'))}
-            buttonType={ButtonVariants.Secondary}
-          />
-        </Box>
-        <AppVersionAndBuild textColor={'appVersionAndBuild'} />
+        {!loadingRefreshToken && (
+          <>
+            <Box mx={theme.dimensions.gutter} my={theme.dimensions.standardMarginBetween}>
+              <Button onPress={onLoginInit} label={t('signin')} />
+            </Box>
+            <Box mx={theme.dimensions.gutter} mb={70}>
+              <Button
+                onPress={onFacilityLocator}
+                label={t('findLocation.title')}
+                a11yLabel={a11yLabelVA(t('findLocation.title'))}
+                buttonType={ButtonVariants.Secondary}
+              />
+            </Box>
+            <AppVersionAndBuild textColor={'appVersionAndBuild'} />
+          </>
+        )}
       </Box>
     </VAScrollView>
   )

@@ -280,7 +280,6 @@ context('authAction SIS', () => {
         const expectedOpts = expect.objectContaining({
           accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
           accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
-          authenticationType: Keychain.AUTHENTICATION_TYPE.BIOMETRICS,
         })
         expect(Keychain.setInternetCredentials).toHaveBeenCalledWith('vamobile', 'user', nonce, expectedOpts)
       })

@@ -61,6 +61,7 @@ const authNonFatalErrorString = 'Auth Service Error'
 
 export type AuthState = {
   loading: boolean
+  loadingRefreshToken: boolean
   initializing: boolean
   syncing: boolean
   error?: Error
@@ -87,6 +88,7 @@ export type AuthState = {
 
 export const initialAuthState: AuthState = {
   loading: false,
+  loadingRefreshToken: false,
   initializing: true,
   loggedIn: false,
   loggingOut: false,
@@ -312,10 +314,9 @@ const saveRefreshToken = async (refreshToken: string): Promise<void> => {
   await Keychain.resetInternetCredentials(KEYCHAIN_STORAGE_KEY)
   if (saveWithBiometrics) {
     // user opted to store with biometrics
-    const options: Keychain.Options = {
+    const options: Keychain.SetOptions = {
       accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
       accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
-      authenticationType: Keychain.AUTHENTICATION_TYPE.BIOMETRICS,
       securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
     }
     console.debug('saveRefreshToken:', options)
@@ -329,7 +330,7 @@ const saveRefreshToken = async (refreshToken: string): Promise<void> => {
     // In development environment, allow saving refresh token/unlock without biometrics
   } else if (__DEV__) {
     console.debug('saveRefreshToken: saving non biometric protected')
-    const options: Keychain.Options = {
+    const options: Keychain.SetOptions = {
       accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
       accessControl: Keychain.ACCESS_CONTROL.DEVICE_PASSCODE,
       securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
@@ -356,7 +357,7 @@ const saveRefreshToken = async (refreshToken: string): Promise<void> => {
  */
 const storeRefreshToken = async (
   refreshToken: string,
-  options: Keychain.Options,
+  options: Keychain.SetOptions,
   storageType: AUTH_STORAGE_TYPE,
 ): Promise<void> => {
   const splitToken = refreshToken.split('.')
@@ -377,21 +378,42 @@ const storeRefreshToken = async (
 /**
  * Returns a reconstructed refresh token with the nonce from Keychain and the rest from AsyncStorage
  */
-const retrieveRefreshToken = async (): Promise<string | undefined> => {
-  console.debug('retrieveRefreshToken')
-  const result = await Promise.all([
-    AsyncStorage.getItem(REFRESH_TOKEN_ENCRYPTED_COMPONENT_KEY),
-    Keychain.getInternetCredentials(KEYCHAIN_STORAGE_KEY),
-  ])
-  const reconstructedToken = result[0] && result[1] ? `${result[0]}.${result[1].password}.V0` : undefined
+const retrieveRefreshToken = async (dispatch?: AppDispatch): Promise<string | undefined> => {
+  let refreshToken
+  let attemptCount = 3
 
-  if (reconstructedToken) {
-    await logAnalyticsEvent(Events.vama_login_token_get(true))
-  } else {
-    await logAnalyticsEvent(Events.vama_login_token_get(false))
+  if (dispatch) {
+    dispatch(dispatchStartLoadingRefreshToken())
   }
 
-  return reconstructedToken
+  while (attemptCount > 0) {
+    try {
+      console.debug('retrieveRefreshToken')
+      const tokenArray = await Promise.all([
+        AsyncStorage.getItem(REFRESH_TOKEN_ENCRYPTED_COMPONENT_KEY),
+        Keychain.getInternetCredentials(KEYCHAIN_STORAGE_KEY),
+      ])
+
+      refreshToken =
+        tokenArray && tokenArray[0] && tokenArray[1] ? `${tokenArray[0]}.${tokenArray[1].password}.V0` : undefined
+      return refreshToken
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    } catch (error: any) {
+      attemptCount -= 1
+      if (attemptCount === 0 || error?.message?.includes('Cancel')) {
+        throw error
+      }
+    } finally {
+      if (refreshToken) {
+        await logAnalyticsEvent(Events.vama_login_token_get(true))
+      } else {
+        await logAnalyticsEvent(Events.vama_login_token_get(false))
+      }
+      if (dispatch) {
+        dispatch(dispatchFinishLoadingRefreshToken())
+      }
+    }
+  }
 }
 
 type StringMap = { [key: string]: string | undefined }
@@ -636,7 +658,7 @@ export const startBiometricsLogin = (): AppThunk => async (dispatch, getState) =
   dispatch(sendLoginStartAnalytics(true))
   let refreshToken: string | undefined
   try {
-    refreshToken = await retrieveRefreshToken()
+    refreshToken = await retrieveRefreshToken(dispatch)
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
   } catch (err: any) {
     if (isAndroid()) {
@@ -870,6 +892,12 @@ const authSlice = createSlice({
     dispatchFinishSetBiometricPreference: (state) => {
       state.settingBiometricPreference = false
     },
+    dispatchStartLoadingRefreshToken: (state) => {
+      state.loadingRefreshToken = true
+    },
+    dispatchFinishLoadingRefreshToken: (state) => {
+      state.loadingRefreshToken = false
+    },
   },
 })
 
@@ -891,6 +919,8 @@ export const {
   dispatchStartLogout,
   dispatchStartSetBiometricPreference,
   dispatchFinishSetBiometricPreference,
+  dispatchStartLoadingRefreshToken,
+  dispatchFinishLoadingRefreshToken,
 } = authSlice.actions
 
 export default authSlice.reducer
@@ -58,7 +58,7 @@ export const fetchSSOCookies = async () => {
  */
 export const storeDeviceSecret = async (deviceSecret: string) => {
   try {
-    const options: Keychain.Options = {
+    const options: Keychain.SetOptions = {
       accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
       securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
     }

@@ -9267,10 +9267,10 @@ react-native-keyboard-manager@^6.5.11-2:
   resolved "https://registry.yarnpkg.com/react-native-keyboard-manager/-/react-native-keyboard-manager-6.5.11-2.tgz#3d8cc8abb70ff4afe330dc83318dcbd30724fc18"
   integrity sha512-YpU7Ek7CZZbT06x8X6G/wwUjL915AOwWho/vxxlj7Dm3CljzmSHAJu4TwR7oCTihoD82W+fA1mUmozmYJYrDGg==
 
-react-native-keychain@^8.2.0:
-  version "8.2.0"
-  resolved "https://registry.yarnpkg.com/react-native-keychain/-/react-native-keychain-8.2.0.tgz#aea82df37aacbb04f8b567a8e0e6d7292025610a"
-  integrity sha512-SkRtd9McIl1Ss2XSWNLorG+KMEbgeVqX+gV+t3u1EAAqT8q2/OpRmRbxpneT2vnb/dMhiU7g6K/pf3nxLUXRvA==
+react-native-keychain@^9.1.0:
+  version "9.1.0"
+  resolved "https://registry.yarnpkg.com/react-native-keychain/-/react-native-keychain-9.1.0.tgz#c31a5e0e23268682bc0823b1805d29b9054528fd"
+  integrity sha512-txBVnhO/AVg+j6lrKe9cL/HPpb5BNHYYBRg/6lzbxKe8AsNqp639wq0nN8/IdkUCPjSezN8Pgp142HNomgqk4Q==
 
 react-native-localize@^3.2.1:
   version "3.2.1"
@@ -10314,7 +10314,7 @@ string-natural-compare@^3.0.1:
   resolved "https://registry.yarnpkg.com/string-natural-compare/-/string-natural-compare-3.0.1.tgz#7a42d58474454963759e8e8b7ae63d71c1e7fdf4"
   integrity sha512-n3sPwynL1nwKi3WJ6AIsClwBMa0zTi54fn2oLU6ndfTSIO05xaznjSf15PcBZU6FNWbmN5Q6cxT4V5hGvB4taw==
 
-"string-width-cjs@npm:string-width@^4.2.0":
+"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
   version "4.2.3"
   resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
   integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
@@ -10331,15 +10331,6 @@ string-width@^2.0.0, string-width@^2.1.1:
     is-fullwidth-code-point "^2.0.0"
     strip-ansi "^4.0.0"
 
-string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
-  version "4.2.3"
-  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
-  integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
-  dependencies:
-    emoji-regex "^8.0.0"
-    is-fullwidth-code-point "^3.0.0"
-    strip-ansi "^6.0.1"
-
 string-width@^5.0.1, string-width@^5.1.2:
   version "5.1.2"
   resolved "https://registry.yarnpkg.com/string-width/-/string-width-5.1.2.tgz#14f8daec6d81e7221d2a357e668cab73bdbca794"
@@ -10469,7 +10460,7 @@ string_decoder@~1.1.1:
   dependencies:
     safe-buffer "~5.1.0"
 
-"strip-ansi-cjs@npm:strip-ansi@^6.0.1":
+"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
   version "6.0.1"
   resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
   integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
@@ -10490,13 +10481,6 @@ strip-ansi@^5.0.0, strip-ansi@^5.2.0:
   dependencies:
     ansi-regex "^4.1.0"
 
-strip-ansi@^6.0.0, strip-ansi@^6.0.1:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
-  integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
-  dependencies:
-    ansi-regex "^5.0.1"
-
 strip-ansi@^7.0.1, strip-ansi@^7.1.0:
   version "7.1.0"
   resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45"
@@ -11357,7 +11341,7 @@ word-wrap@~1.2.3:
   resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f"
   integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==
 
-"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0":
+"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0:
   version "7.0.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
   integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
@@ -11375,15 +11359,6 @@ wrap-ansi@^6.2.0:
     string-width "^4.1.0"
     strip-ansi "^6.0.0"
 
-wrap-ansi@^7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
-  integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
-  dependencies:
-    ansi-styles "^4.0.0"
-    string-width "^4.1.0"
-    strip-ansi "^6.0.0"
-
 wrap-ansi@^8.1.0:
   version "8.1.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214"