UNPKG

@aparajita/capacitor-biometric-auth

Version:

Provides access to the native biometric auth & device security APIs for Capacitor apps

github.com/aparajita/capacitor-biometric-auth

aparajita/capacitor-biometric-auth

327 lines (314 loc) 13.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
var capacitorBiometricAuth = (function (exports, core, app) { 'use strict'; // noinspection JSUnusedGlobalSymbols /** * The type of biometry supported by the device. */ exports.BiometryType = void 0; (function (BiometryType) { BiometryType[BiometryType["none"] = 0] = "none"; /** * iOS Touch ID */ BiometryType[BiometryType["touchId"] = 1] = "touchId"; /** * iOS Face ID */ BiometryType[BiometryType["faceId"] = 2] = "faceId"; /** * Android fingerprint authentication */ BiometryType[BiometryType["fingerprintAuthentication"] = 3] = "fingerprintAuthentication"; /** * Android face authentication */ BiometryType[BiometryType["faceAuthentication"] = 4] = "faceAuthentication"; /** * Android iris authentication */ BiometryType[BiometryType["irisAuthentication"] = 5] = "irisAuthentication"; })(exports.BiometryType || (exports.BiometryType = {})); exports.AndroidBiometryStrength = void 0; (function (AndroidBiometryStrength) { /** * `authenticate()` will present any available biometry. */ AndroidBiometryStrength[AndroidBiometryStrength["weak"] = 0] = "weak"; /** * `authenticate()` will only present strong biometry. */ AndroidBiometryStrength[AndroidBiometryStrength["strong"] = 1] = "strong"; })(exports.AndroidBiometryStrength || (exports.AndroidBiometryStrength = {})); /** * If the `authenticate()` method throws an exception, the `BiometryError` * instance contains a `.code` property which will contain one of these strings, * indicating what the error was. * * See https://developer.apple.com/documentation/localauthentication/laerror * for a description of each error code. */ exports.BiometryErrorType = void 0; (function (BiometryErrorType) { BiometryErrorType["none"] = ""; BiometryErrorType["appCancel"] = "appCancel"; BiometryErrorType["authenticationFailed"] = "authenticationFailed"; BiometryErrorType["invalidContext"] = "invalidContext"; BiometryErrorType["notInteractive"] = "notInteractive"; BiometryErrorType["passcodeNotSet"] = "passcodeNotSet"; BiometryErrorType["systemCancel"] = "systemCancel"; BiometryErrorType["userCancel"] = "userCancel"; BiometryErrorType["userFallback"] = "userFallback"; BiometryErrorType["biometryLockout"] = "biometryLockout"; BiometryErrorType["biometryNotAvailable"] = "biometryNotAvailable"; BiometryErrorType["biometryNotEnrolled"] = "biometryNotEnrolled"; BiometryErrorType["noDeviceCredential"] = "noDeviceCredential"; })(exports.BiometryErrorType || (exports.BiometryErrorType = {})); /** * `authenticate()` throws instances of this class. */ class BiometryError { constructor(message, code) { this.message = message; this.code = code; } } const kBiometryTypeNameMap = { [exports.BiometryType.none]: '', [exports.BiometryType.touchId]: 'Touch ID', [exports.BiometryType.faceId]: 'Face ID', [exports.BiometryType.fingerprintAuthentication]: 'Fingerprint Authentication', [exports.BiometryType.faceAuthentication]: 'Face Authentication', [exports.BiometryType.irisAuthentication]: 'Iris Authentication', }; /** * Return a human-readable name for a BiometryType. */ // eslint-disable-next-line import/prefer-default-export function getBiometryName(type) { return kBiometryTypeNameMap[type] || ''; } const proxy = core.registerPlugin('BiometricAuthNative', { web: async () => Promise.resolve().then(function () { return web; }).then((module) => new module.BiometricAuthWeb()), ios: async () => Promise.resolve().then(function () { return native; }).then((module) => new module.BiometricAuthNative(proxy)), android: async () => Promise.resolve().then(function () { return native; }).then((module) => new module.BiometricAuthNative(proxy)), }); class BiometricAuthBase extends core.WebPlugin { async authenticate(options) { try { await this.internalAuthenticate(options); } catch (error) { // error will be an instance of CapacitorException on native platforms, // an instance of BiometryError on the web. if (error instanceof core.CapacitorException) { throw new BiometryError(error.message, error.code); } else { throw error; } } } async addResumeListener(listener) { return app.App.addListener('appStateChange', ({ isActive }) => { if (isActive) { this.checkBiometry() .then((info) => { listener(info); }) .catch(console.error); } }); } } // eslint-disable-next-line import/prefer-default-export class BiometricAuthWeb extends BiometricAuthBase { constructor() { super(...arguments); this.biometryType = exports.BiometryType.none; this.biometryTypes = []; this.biometryIsEnrolled = false; this.deviceIsSecure = false; } // On the web, return the fake biometry set by setBiometryType(). async checkBiometry() { const hasBiometry = this.biometryType !== exports.BiometryType.none; const available = hasBiometry && this.biometryIsEnrolled; let reason = ''; let code = exports.BiometryErrorType.none; if (!hasBiometry) { reason = 'No biometry is available'; code = exports.BiometryErrorType.biometryNotAvailable; } else if (!this.biometryIsEnrolled) { reason = 'Biometry is not enrolled'; code = exports.BiometryErrorType.biometryNotEnrolled; } return Promise.resolve({ isAvailable: available, strongBiometryIsAvailable: this.biometryIsEnrolled && this.hasStrongBiometry(), biometryType: this.biometryType, biometryTypes: this.biometryTypes, deviceIsSecure: this.deviceIsSecure, reason, code, }); } hasStrongBiometry() { return this.biometryTypes.some((type) => type === exports.BiometryType.faceId || type === exports.BiometryType.touchId || type === exports.BiometryType.fingerprintAuthentication); } /* eslint-disable no-alert */ // On the web, fake authentication with a confirm dialog. async internalAuthenticate(options) { const result = await this.checkBiometry(); // First try biometry if available. if (result.isAvailable) { if (confirm( // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- we want to use the default value if options?.reason is an empty string (options === null || options === void 0 ? void 0 : options.reason) || `Authenticate with ${result.biometryTypes .map((type) => getBiometryName(type)) .join(' or ')}?`)) { return; } } if (options === null || options === void 0 ? void 0 : options.allowDeviceCredential) { // Either biometry is not available, or the user declined to use it // and device security is allowed. if (result.deviceIsSecure) { if (confirm('Authenticate with device security?')) { return; } else { throw new BiometryError('User cancelled', exports.BiometryErrorType.userCancel); } } else if (result.isAvailable) { throw new BiometryError('Device is not secure', exports.BiometryErrorType.noDeviceCredential); } } else if (!result.isAvailable) { // Biometry is not available and device security is not allowed. if (result.biometryType === exports.BiometryType.none) { throw new BiometryError('Biometry is not available', exports.BiometryErrorType.biometryNotAvailable); } else { throw new BiometryError('Biometry is not enrolled', exports.BiometryErrorType.biometryNotEnrolled); } } // The user declined to use biometry and device credentials not allowed. throw new BiometryError('User cancelled', exports.BiometryErrorType.userCancel); } // Web only, used for simulating biometric authentication. async setBiometryType(type) { if (type === undefined) { return Promise.resolve(); } const types = Array.isArray(type) ? type : [type]; this.biometryTypes = []; this.biometryType = exports.BiometryType.none; if (types.length === 0) { return Promise.resolve(); } if (isBiometryTypes(types)) { this.biometryType = types[0]; if (this.biometryType !== exports.BiometryType.none) { this.biometryTypes = types; } } else { for (let i = 0; i < types.length; i++) { // eslint-disable-next-line no-prototype-builtins if (exports.BiometryType.hasOwnProperty(types[i])) { const biometryType = exports.BiometryType[types[i]]; if (this.biometryType === exports.BiometryType.none) { this.biometryTypes = []; } else { this.biometryTypes.push(biometryType); } if (i === 0) { this.biometryType = biometryType; } } } } return Promise.resolve(); } // Web only, used for simulating device unlock security. async setBiometryIsEnrolled(enrolled) { this.biometryIsEnrolled = enrolled; return Promise.resolve(); } // Web only, used for simulating device unlock security. async setDeviceIsSecure(isSecure) { this.deviceIsSecure = isSecure; return Promise.resolve(); } } function isBiometryTypes(value) { return Object.values(exports.BiometryType).includes(value[0]); } var web = /*#__PURE__*/Object.freeze({ __proto__: null, BiometricAuthWeb: BiometricAuthWeb }); /* eslint-disable @typescript-eslint/no-unused-vars, @typescript-eslint/require-await */ // eslint-disable-next-line import/prefer-default-export class BiometricAuthNative extends BiometricAuthBase { constructor(capProxy) { super(); /* In order to call native methods and maintain the ability to call pure Javascript methods as well, we have to bind the native methods to the proxy. capProxy is a proxy of an instance of this class, so it is safe to cast it to this class. */ const proxy = capProxy; /* eslint-disable @typescript-eslint/unbound-method */ this.checkBiometry = proxy.checkBiometry; this.internalAuthenticate = proxy.internalAuthenticate; /* eslint-enable @typescript-eslint/unbound-method */ } // @native async checkBiometry() { // Never used, but we have to satisfy the compiler. return Promise.resolve({ isAvailable: false, strongBiometryIsAvailable: false, biometryType: exports.BiometryType.none, biometryTypes: [], deviceIsSecure: false, reason: '', code: exports.BiometryErrorType.none, strongReason: '', strongCode: exports.BiometryErrorType.none, }); } // @native // On native platforms, this will present the native authentication UI. async internalAuthenticate(options) { } // Web only, used for simulating biometric authentication. async setBiometryType(type) { console.warn('setBiometryType() is web only'); } // Web only, used for simulating biometry enrollment. async setBiometryIsEnrolled(enrolled) { console.warn('setBiometryEnrolled() is web only'); } // Web only, used for simulating device security. async setDeviceIsSecure(isSecure) { console.warn('setDeviceIsSecure() is web only'); } } var native = /*#__PURE__*/Object.freeze({ __proto__: null, BiometricAuthNative: BiometricAuthNative }); exports.BiometricAuth = proxy; exports.BiometryError = BiometryError; exports.getBiometryName = getBiometryName; return exports; })({}, capacitorExports, app);