Skip to content

Commit

Permalink
Removed watchID and touchID availability checks
Browse files Browse the repository at this point in the history
  • Loading branch information
findus committed Oct 25, 2024
1 parent 7a59e00 commit 2c28b5b
Showing 1 changed file with 4 additions and 78 deletions.
82 changes: 4 additions & 78 deletions src/quickunlock/TouchID.mm
Original file line number Diff line number Diff line change
Expand Up @@ -145,9 +145,9 @@ inline CFMutableDictionaryRef makeDictionary() {
accessControlFlags = accessControlFlags | kSecAccessControlOr | kSecAccessControlWatch;
#endif

if (isPasswordFallbackEnabled()) {
accessControlFlags = accessControlFlags | kSecAccessControlOr | kSecAccessControlDevicePasscode;
}
#if XC_COMPILER_SUPPORT(TOUCH_ID)
accessControlFlags = accessControlFlags | kSecAccessControlOr | kSecAccessControlDevicePasscode;
#endif

SecAccessControlRef sacObject = SecAccessControlCreateWithFlags(
kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, accessControlFlags, &error);
Expand Down Expand Up @@ -271,84 +271,10 @@ inline CFMutableDictionaryRef makeDictionary() {
return m_encryptedMasterKeys.contains(dbUuid);
}

// TODO: Both functions below should probably handle the returned errors to
// provide more information on availability. E.g.: the closed laptop lid results
// in an error (because touch id is not unavailable). That error could be
// displayed to the user when we first check for availability instead of just
// hiding the checkbox.

//! @return true if Apple Watch is available for authentication.
bool TouchID::isWatchAvailable()
{
#if XC_COMPILER_SUPPORT(WATCH_UNLOCK)
@try {
LAContext *context = [[LAContext alloc] init];

LAPolicy policyCode = LAPolicyDeviceOwnerAuthenticationWithWatch;
NSError *error;

bool canAuthenticate = [context canEvaluatePolicy:policyCode error:&error];
[context release];
if (error) {
debug("Apple Wach available: %d (%ld / %s / %s)", canAuthenticate,
(long)error.code, error.description.UTF8String,
error.localizedDescription.UTF8String);
} else {
debug("Apple Wach available: %d", canAuthenticate);
}
return canAuthenticate;
} @catch (NSException *) {
return false;
}
#else
return false;
#endif
}

//! @return true if Touch ID is available for authentication.
bool TouchID::isTouchIdAvailable()
{
#if XC_COMPILER_SUPPORT(TOUCH_ID)
@try {
LAContext *context = [[LAContext alloc] init];

LAPolicy policyCode = LAPolicyDeviceOwnerAuthenticationWithBiometrics;
NSError *error;

bool canAuthenticate = [context canEvaluatePolicy:policyCode error:&error];
[context release];
if (error) {
debug("Touch ID available: %d (%ld / %s / %s)", canAuthenticate,
(long)error.code, error.description.UTF8String,
error.localizedDescription.UTF8String);
} else {
debug("Touch ID available: %d", canAuthenticate);
}
return canAuthenticate;
} @catch (NSException *) {
return false;
}
#else
return false;
#endif
}

bool TouchID::isPasswordFallbackEnabled()
{
#if XC_COMPILER_SUPPORT(TOUCH_ID)
return (config()->get(Config::Security_TouchIdAllowFallbackToUserPassword).toBool());
#else
return false;
#endif
}

//! @return true if either TouchID or Apple Watch is available at the moment.
bool TouchID::isAvailable() const
{
// note: we cannot cache the check results because the configuration
// is dynamic in its nature. User can close the laptop lid or take off
// the watch, thus making one (or both) of the authentication types unavailable.
return isWatchAvailable() || isTouchIdAvailable() || isPasswordFallbackEnabled();
return true;
}

/**
Expand Down

0 comments on commit 2c28b5b

Please sign in to comment.