android/auth: handle user canceled authentication

Author: Beerosagos

backend/backend.go

@@ -117,6 +117,7 @@ type authEventType string
 const (
 	authRequired authEventType = "auth-required"
 	authForced   authEventType = "auth-forced"
+	authCanceled authEventType = "auth-canceled"
 	authOk       authEventType = "auth-ok"
 	authErr      authEventType = "auth-err"
 )
@@ -336,6 +337,17 @@ func (backend *Backend) TriggerAuth() {
 	})
 }
 
+// CancelAuth triggers an auth-canceled notification.
+func (backend *Backend) CancelAuth() {
+	backend.Notify(observable.Event{
+		Subject: "auth",
+		Action:  action.Replace,
+		Object: authEventObject{
+			Typ: authCanceled,
+		},
+	})
+}
+
 // ForceAuth triggers an auth-forced notification
 // followed by an auth-required notification.
 func (backend *Backend) ForceAuth() {

backend/bridgecommon/bridgecommon.go

@@ -131,6 +131,16 @@ func TriggerAuth() {
 	globalBackend.TriggerAuth()
 }
 
+// CancelAuth triggers an authentication canceled notification.
+func CancelAuth() {
+	mu.Lock()
+	defer mu.Unlock()
+	if globalBackend == nil {
+		return
+	}
+	globalBackend.CancelAuth()
+}
+
 // AuthResult triggers an authentication result notification
 // on the base of the input value.
 func AuthResult(ok bool) {

frontends/android/BitBoxApp/app/src/main/java/ch/shiftcrypto/bitboxapp/BiometricAuthHelper.java

@@ -16,6 +16,7 @@ public class BiometricAuthHelper {
     public interface AuthCallback {
         void onSuccess();
         void onFailure();
+        void onCancel();
     }
 
     public static void showAuthenticationPrompt(FragmentActivity activity, AuthCallback callback) {
@@ -35,9 +36,14 @@ public void onAuthenticationFailed() {
 
             @Override
             public void onAuthenticationError(int errorCode, @NonNull CharSequence errString) {
-                Util.log("Authentication error: " + errorCode + " - " + errString);
+                if (errorCode == BiometricPrompt.ERROR_USER_CANCELED) {
+                    Util.log("Authentication error: user canceled");
+                    new Handler(Looper.getMainLooper()).post(callback::onCancel);
+                } else {
+                    Util.log("Authentication error: " + errorCode + " - " + errString);
+                    new Handler(Looper.getMainLooper()).post(callback::onFailure);
+                }
                 super.onAuthenticationError(errorCode, errString);
-                new Handler(Looper.getMainLooper()).post(callback::onFailure);
             }
         });
 
@@ -47,7 +53,6 @@ public void onAuthenticationError(int errorCode, @NonNull CharSequence errString
                                 BiometricManager.Authenticators.BIOMETRIC_WEAK)
                 .setConfirmationRequired(false)
                 .build();
-
         biometricPrompt.authenticate(promptInfo);
     }
 }

frontends/android/BitBoxApp/app/src/main/java/ch/shiftcrypto/bitboxapp/MainActivity.java

@@ -375,11 +375,20 @@ public void onSuccess() {
 
                     @Override
                     public void onFailure() {
-                        // Failed or cancelled
+                        // Failed
                         Util.log("Auth failed");
                         goViewModel.closeAuth();;
                         Goserver.authResult(false);
                     }
+
+                    @Override
+                    public void onCancel() {
+                        // Canceled
+                        Util.log("Auth canceled");
+                        goViewModel.closeAuth();;
+                        Goserver.cancelAuth();
+
+                    }
                 });
             }
         });

frontends/android/goserver/goserver.go

@@ -217,6 +217,11 @@ func TriggerAuth() {
 	bridgecommon.TriggerAuth()
 }
 
+// CancelAuth triggers an auth canceled notification towards the frontend.
+func CancelAuth() {
+	bridgecommon.CancelAuth()
+}
+
 // AuthResult triggers an auth feeedback notification (auth-ok/auth-err) towards the frontend,
 // depending on the input value.
 func AuthResult(ok bool) {

frontends/web/src/api/backend.ts

@@ -117,7 +117,7 @@ export const forceAuth = (): Promise<void> => {
 };
 
 export type TAuthEventObject = {
-  typ: 'auth-required' | 'auth-forced' | 'auth-ok' | 'auth-err' ;
+  typ: 'auth-required' | 'auth-forced' | 'auth-canceled' | 'auth-ok' | 'auth-err' ;
 };
 
 export const subscribeAuth = (

frontends/web/src/components/auth/authrequired.tsx

@@ -44,6 +44,17 @@ export const AuthRequired = () => {
       case 'auth-err':
         authenticate(authForced.current);
         break;
+      case 'auth-canceled':
+        if (authForced.current) {
+          // forced auth can be dismissed and won't be repeated, as it is
+          // tied to a specific UI event (e.g. enabling the auth toggle in
+          // the advanced settings.
+          setAuthRequired(false);
+          authForced.current = false;
+        } else {
+          authenticate(authForced.current);
+        }
+        break;
       case 'auth-ok':
         setAuthRequired(false);
         authForced.current = false;

frontends/web/src/routes/settings/components/advanced-settings/enable-auth-setting.tsx

@@ -40,6 +40,10 @@ export const EnableAuthSetting = ({ backendConfig, onChangeConfig }: TProps) =>
         updateConfig(!e.target.checked);
         unsubscribe();
       }
+      if (data.typ === 'auth-canceled') {
+        // if the user canceled the auth, we leave everything as is.
+        unsubscribe();
+      }
     });
     forceAuth();
   };