From 0e80d007f4eb2a975ec4e81ccf5d8b55d7585028 Mon Sep 17 00:00:00 2001 From: Philipp Date: Fri, 25 Oct 2024 08:57:31 +0200 Subject: [PATCH] Removed watchID and touchID availability checks --- src/quickunlock/TouchID.h | 4 -- src/quickunlock/TouchID.mm | 82 ++------------------------------------ 2 files changed, 4 insertions(+), 82 deletions(-) diff --git a/src/quickunlock/TouchID.h b/src/quickunlock/TouchID.h index 44fe2cca5a..580022085b 100644 --- a/src/quickunlock/TouchID.h +++ b/src/quickunlock/TouchID.h @@ -33,11 +33,7 @@ class TouchID : public QuickUnlockInterface void reset(const QUuid& dbUuid = "") override; void reset() override; - private: - static bool isWatchAvailable(); - static bool isTouchIdAvailable(); - static bool isPasswordFallbackEnabled(); static void deleteKeyEntry(const QString& accountName); static QString databaseKeyName(const QUuid& dbUuid); diff --git a/src/quickunlock/TouchID.mm b/src/quickunlock/TouchID.mm index 5a44cef9dc..1152148aeb 100644 --- a/src/quickunlock/TouchID.mm +++ b/src/quickunlock/TouchID.mm @@ -145,9 +145,9 @@ inline CFMutableDictionaryRef makeDictionary() { accessControlFlags = accessControlFlags | kSecAccessControlOr | kSecAccessControlWatch; #endif - if (isPasswordFallbackEnabled()) { - accessControlFlags = accessControlFlags | kSecAccessControlOr | kSecAccessControlDevicePasscode; - } +#if XC_COMPILER_SUPPORT(TOUCH_ID) + accessControlFlags = accessControlFlags | kSecAccessControlOr | kSecAccessControlDevicePasscode; +#endif SecAccessControlRef sacObject = SecAccessControlCreateWithFlags( kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, accessControlFlags, &error); @@ -271,84 +271,10 @@ inline CFMutableDictionaryRef makeDictionary() { return m_encryptedMasterKeys.contains(dbUuid); } -// TODO: Both functions below should probably handle the returned errors to -// provide more information on availability. E.g.: the closed laptop lid results -// in an error (because touch id is not unavailable). That error could be -// displayed to the user when we first check for availability instead of just -// hiding the checkbox. - -//! @return true if Apple Watch is available for authentication. -bool TouchID::isWatchAvailable() -{ -#if XC_COMPILER_SUPPORT(WATCH_UNLOCK) - @try { - LAContext *context = [[LAContext alloc] init]; - - LAPolicy policyCode = LAPolicyDeviceOwnerAuthenticationWithWatch; - NSError *error; - - bool canAuthenticate = [context canEvaluatePolicy:policyCode error:&error]; - [context release]; - if (error) { - debug("Apple Wach available: %d (%ld / %s / %s)", canAuthenticate, - (long)error.code, error.description.UTF8String, - error.localizedDescription.UTF8String); - } else { - debug("Apple Wach available: %d", canAuthenticate); - } - return canAuthenticate; - } @catch (NSException *) { - return false; - } -#else - return false; -#endif -} - -//! @return true if Touch ID is available for authentication. -bool TouchID::isTouchIdAvailable() -{ -#if XC_COMPILER_SUPPORT(TOUCH_ID) - @try { - LAContext *context = [[LAContext alloc] init]; - - LAPolicy policyCode = LAPolicyDeviceOwnerAuthenticationWithBiometrics; - NSError *error; - - bool canAuthenticate = [context canEvaluatePolicy:policyCode error:&error]; - [context release]; - if (error) { - debug("Touch ID available: %d (%ld / %s / %s)", canAuthenticate, - (long)error.code, error.description.UTF8String, - error.localizedDescription.UTF8String); - } else { - debug("Touch ID available: %d", canAuthenticate); - } - return canAuthenticate; - } @catch (NSException *) { - return false; - } -#else - return false; -#endif -} - -bool TouchID::isPasswordFallbackEnabled() -{ -#if XC_COMPILER_SUPPORT(TOUCH_ID) - return (config()->get(Config::Security_TouchIdAllowFallbackToUserPassword).toBool()); -#else - return false; -#endif -} - //! @return true if either TouchID or Apple Watch is available at the moment. bool TouchID::isAvailable() const { - // note: we cannot cache the check results because the configuration - // is dynamic in its nature. User can close the laptop lid or take off - // the watch, thus making one (or both) of the authentication types unavailable. - return isWatchAvailable() || isTouchIdAvailable() || isPasswordFallbackEnabled(); + return true; } /**