Merge branch 'android-auth' into staging-watchonly

Author: Beerosagos

backend/accounts_test.go

@@ -310,6 +310,8 @@ func (e environment) DetectDarkTheme() bool {
 	return false
 }
 
+func (e environment) Auth() {}
+
 func newBackend(t *testing.T, testing, regtest bool) *Backend {
 	t.Helper()
 	b, err := NewBackend(

backend/backend.go

@@ -112,6 +112,20 @@ type AccountEvent struct {
 	Data string             `json:"data"`
 }
 
+type authEventType string
+
+const (
+	authRequired authEventType = "auth-required"
+	authForced   authEventType = "auth-forced"
+	authCanceled authEventType = "auth-canceled"
+	authOk       authEventType = "auth-ok"
+	authErr      authEventType = "auth-err"
+)
+
+type authEventObject struct {
+	Typ authEventType `json:"typ"`
+}
+
 // Environment represents functionality where the implementation depends on the environment the app
 // runs in, e.g. Qt5/Mobile/webdev.
 type Environment interface {
@@ -143,6 +157,7 @@ type Environment interface {
 	SetDarkTheme(bool)
 	// DetectDarkTheme returns true if the dark theme is enabled at OS level.
 	DetectDarkTheme() bool
+	Auth()
 }
 
 // Backend ties everything together and is the main starting point to use the BitBox wallet library.
@@ -296,6 +311,79 @@ func (backend *Backend) Config() *config.Config {
 	return backend.config
 }
 
+// Authenticate executes a system authentication if
+// the authentication config flag is enabled or if the
+// `force` input flag is enabled (as a consequence of an
+// 'auth/auth-forced' notification).
+// Otherwise, the authentication is automatically assumed as
+// successful.
+func (backend *Backend) Authenticate(force bool) {
+	backend.log.Info("Auth requested")
+	if backend.config.AppConfig().Backend.Authentication || force {
+		backend.environment.Auth()
+	} else {
+		backend.AuthResult(true)
+	}
+}
+
+// TriggerAuth triggers an auth-required notification.
+func (backend *Backend) TriggerAuth() {
+	backend.Notify(observable.Event{
+		Subject: "auth",
+		Action:  action.Replace,
+		Object: authEventObject{
+			Typ: authRequired,
+		},
+	})
+}
+
+// CancelAuth triggers an auth-canceled notification.
+func (backend *Backend) CancelAuth() {
+	backend.Notify(observable.Event{
+		Subject: "auth",
+		Action:  action.Replace,
+		Object: authEventObject{
+			Typ: authCanceled,
+		},
+	})
+}
+
+// ForceAuth triggers an auth-forced notification
+// followed by an auth-required notification.
+func (backend *Backend) ForceAuth() {
+	backend.Notify(observable.Event{
+		Subject: "auth",
+		Action:  action.Replace,
+		Object: authEventObject{
+			Typ: authForced,
+		},
+	})
+	backend.Notify(observable.Event{
+		Subject: "auth",
+		Action:  action.Replace,
+		Object: authEventObject{
+			Typ: authRequired,
+		},
+	})
+}
+
+// AuthResult triggers an auth-ok or auth-err notification
+// depending on the input value.
+func (backend *Backend) AuthResult(ok bool) {
+	backend.log.Infof("Auth result: %v", ok)
+	typ := authErr
+	if ok {
+		typ = authOk
+	}
+	backend.Notify(observable.Event{
+		Subject: "auth",
+		Action:  action.Replace,
+		Object: authEventObject{
+			Typ: typ,
+		},
+	})
+}
+
 // DefaultAppConfig returns the default app config.
 func (backend *Backend) DefaultAppConfig() config.AppConfig {
 	return config.NewDefaultAppConfig()

backend/bridgecommon/bridgecommon.go

@@ -121,6 +121,37 @@ func HandleURI(uri string) {
 	globalBackend.HandleURI(uri)
 }
 
+// TriggerAuth triggers an authentication request notification.
+func TriggerAuth() {
+	mu.Lock()
+	defer mu.Unlock()
+	if globalBackend == nil {
+		return
+	}
+	globalBackend.TriggerAuth()
+}
+
+// CancelAuth triggers an authentication canceled notification.
+func CancelAuth() {
+	mu.Lock()
+	defer mu.Unlock()
+	if globalBackend == nil {
+		return
+	}
+	globalBackend.CancelAuth()
+}
+
+// AuthResult triggers an authentication result notification
+// on the base of the input value.
+func AuthResult(ok bool) {
+	mu.Lock()
+	defer mu.Unlock()
+	if globalBackend == nil {
+		return
+	}
+	globalBackend.AuthResult(ok)
+}
+
 // UsingMobileDataChanged should be called when the network connnection changed.
 func UsingMobileDataChanged() {
 	mu.RLock()
@@ -147,6 +178,7 @@ type BackendEnvironment struct {
 	GetSaveFilenameFunc func(string) string
 	SetDarkThemeFunc    func(bool)
 	DetectDarkThemeFunc func() bool
+	AuthFunc            func()
 }
 
 // NotifyUser implements backend.Environment.
@@ -156,6 +188,13 @@ func (env *BackendEnvironment) NotifyUser(text string) {
 	}
 }
 
+// Auth implements backend.Environment.
+func (env *BackendEnvironment) Auth() {
+	if env.AuthFunc != nil {
+		env.AuthFunc()
+	}
+}
+
 // DeviceInfos implements backend.Environment.
 func (env *BackendEnvironment) DeviceInfos() []usb.DeviceInfo {
 	if env.DeviceInfosFunc != nil {

backend/bridgecommon/bridgecommon_test.go

@@ -69,6 +69,8 @@ func (e environment) DetectDarkTheme() bool {
 	return false
 }
 
+func (e environment) Auth() {}
+
 // TestServeShutdownServe checks that you can call Serve twice in a row.
 func TestServeShutdownServe(t *testing.T) {
 	bridgecommon.Serve(

backend/config/config.go

@@ -74,6 +74,8 @@ type Backend struct {
 	DeprecatedLitecoinActive bool `json:"litecoinActive"`
 	DeprecatedEthereumActive bool `json:"ethereumActive"`
 
+	Authentication bool `json:"authentication"`
+
 	BTC  btcCoinConfig `json:"btc"`
 	TBTC btcCoinConfig `json:"tbtc"`
 	RBTC btcCoinConfig `json:"rbtc"`
@@ -155,6 +157,7 @@ func NewDefaultAppConfig() AppConfig {
 				UseProxy:     false,
 				ProxyAddress: "",
 			},
+			Authentication:           false,
 			DeprecatedBitcoinActive:  true,
 			DeprecatedLitecoinActive: true,
 			DeprecatedEthereumActive: true,

backend/handlers/handlers.go

@@ -101,6 +101,9 @@ type Backend interface {
 	AOPPCancel()
 	AOPPApprove()
 	AOPPChooseAccount(code accountsTypes.Code)
+	Authenticate(force bool)
+	TriggerAuth()
+	ForceAuth()
 	GetAccountFromCode(code string) (accounts.Interface, error)
 	HTTPClient() *http.Client
 	CancelConnectKeystore()
@@ -194,6 +197,9 @@ func NewHandlers(
 	getAPIRouterNoError(apiRouter)("/update", handlers.getUpdateHandler).Methods("GET")
 	getAPIRouterNoError(apiRouter)("/banners/{key}", handlers.getBannersHandler).Methods("GET")
 	getAPIRouterNoError(apiRouter)("/using-mobile-data", handlers.getUsingMobileDataHandler).Methods("GET")
+	getAPIRouterNoError(apiRouter)("/authenticate", handlers.postAuthenticateHandler).Methods("POST")
+	getAPIRouterNoError(apiRouter)("/trigger-auth", handlers.postTriggerAuthHandler).Methods("POST")
+	getAPIRouterNoError(apiRouter)("/force-auth", handlers.postForceAuthHandler).Methods("POST")
 	getAPIRouter(apiRouter)("/set-dark-theme", handlers.postDarkThemeHandler).Methods("POST")
 	getAPIRouterNoError(apiRouter)("/detect-dark-theme", handlers.getDetectDarkThemeHandler).Methods("GET")
 	getAPIRouterNoError(apiRouter)("/version", handlers.getVersionHandler).Methods("GET")
@@ -459,6 +465,29 @@ func (handlers *Handlers) getUsingMobileDataHandler(r *http.Request) interface{}
 	return handlers.backend.Environment().UsingMobileData()
 }
 
+func (handlers *Handlers) postAuthenticateHandler(r *http.Request) interface{} {
+	var force bool
+	if err := json.NewDecoder(r.Body).Decode(&force); err != nil {
+		return map[string]interface{}{
+			"success":      false,
+			"errorMessage": err.Error(),
+		}
+	}
+
+	handlers.backend.Authenticate(force)
+	return nil
+}
+
+func (handlers *Handlers) postTriggerAuthHandler(r *http.Request) interface{} {
+	handlers.backend.TriggerAuth()
+	return nil
+}
+
+func (handlers *Handlers) postForceAuthHandler(r *http.Request) interface{} {
+	handlers.backend.ForceAuth()
+	return nil
+}
+
 func (handlers *Handlers) postDarkThemeHandler(r *http.Request) (interface{}, error) {
 	var isDark bool
 	if err := json.NewDecoder(r.Body).Decode(&isDark); err != nil {

backend/handlers/handlers_test.go

@@ -58,6 +58,7 @@ func (e *backendEnv) NativeLocale() string          { return e.Locale }
 func (e *backendEnv) GetSaveFilename(string) string { return "" }
 func (e *backendEnv) SetDarkTheme(bool)             {}
 func (e *backendEnv) DetectDarkTheme() bool         { return false }
+func (e *backendEnv) Auth()                         {}
 
 func TestGetNativeLocale(t *testing.T) {
 	const ptLocale = "pt"

cmd/servewallet/main.go

@@ -23,7 +23,7 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/digitalbitbox/bitbox-wallet-app/backend"
+	backendPkg "github.com/digitalbitbox/bitbox-wallet-app/backend"
 	"github.com/digitalbitbox/bitbox-wallet-app/backend/arguments"
 	btctypes "github.com/digitalbitbox/bitbox-wallet-app/backend/coins/btc/types"
 	"github.com/digitalbitbox/bitbox-wallet-app/backend/devices/usb"
@@ -39,6 +39,8 @@ const (
 	address = "0.0.0.0"
 )
 
+var backend *backendPkg.Backend
+
 // webdevEnvironment implements backend.Environment.
 type webdevEnvironment struct {
 }
@@ -80,6 +82,16 @@ func (webdevEnvironment) UsingMobileData() bool {
 	return false
 }
 
+// Auth implements backend.Environment.
+func (webdevEnvironment) Auth() {
+	log := logging.Get().WithGroup("servewallet")
+	log.Info("Webdev Auth")
+	if backend != nil {
+		backend.AuthResult(true)
+		log.Info("Webdev Auth OK")
+	}
+}
+
 // NativeLocale naively implements backend.Environment.
 // This version is unlikely to work on Windows.
 func (webdevEnvironment) NativeLocale() string {
@@ -141,7 +153,7 @@ func main() {
 	log.Info("--------------- Started application --------------")
 	// since we are in dev-mode, we can drop the authorization token
 	connectionData := backendHandlers.NewConnectionData(-1, "")
-	backend, err := backend.NewBackend(
+	newBackend, err := backendPkg.NewBackend(
 		arguments.NewArguments(
 			config.AppDir(),
 			!*mainnet,
@@ -153,6 +165,7 @@ func main() {
 	if err != nil {
 		log.WithField("error", err).Panic(err)
 	}
+	backend = newBackend
 	handlers := backendHandlers.NewHandlers(backend, connectionData)
 	log.WithFields(logrus.Fields{"address": address, "port": port}).Info("Listening for HTTP")
 	fmt.Printf("Listening on: http://localhost:%d\n", port)

frontends/android/BitBoxApp/app/build.gradle

@@ -28,6 +28,7 @@ android {
 dependencies {
     implementation fileTree(dir: 'libs', include: ['*.jar'])
     implementation 'androidx.appcompat:appcompat:1.0.2'
+    implementation 'androidx.biometric:biometric:1.1.0'
     implementation 'androidx.constraintlayout:constraintlayout:1.1.3'
     testImplementation 'junit:junit:4.12'
     androidTestImplementation 'androidx.test:runner:1.2.0'

frontends/android/BitBoxApp/app/src/main/java/ch/shiftcrypto/bitboxapp/BiometricAuthHelper.java

@@ -0,0 +1,58 @@
+package ch.shiftcrypto.bitboxapp;
+
+import android.os.Handler;
+import android.os.Looper;
+
+import androidx.annotation.NonNull;
+import androidx.biometric.BiometricManager;
+import androidx.biometric.BiometricPrompt;
+import androidx.core.content.ContextCompat;
+import androidx.fragment.app.FragmentActivity;
+
+import java.util.concurrent.Executor;
+
+public class BiometricAuthHelper {
+
+    public interface AuthCallback {
+        void onSuccess();
+        void onFailure();
+        void onCancel();
+    }
+
+    public static void showAuthenticationPrompt(FragmentActivity activity, AuthCallback callback) {
+        Executor executor = ContextCompat.getMainExecutor(activity);
+        BiometricPrompt biometricPrompt = new BiometricPrompt(activity, executor, new BiometricPrompt.AuthenticationCallback() {
+            @Override
+            public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+                super.onAuthenticationSucceeded(result);
+                new Handler(Looper.getMainLooper()).post(callback::onSuccess);
+            }
+
+            @Override
+            public void onAuthenticationFailed() {
+                super.onAuthenticationFailed();
+                new Handler(Looper.getMainLooper()).post(callback::onFailure);
+            }
+
+            @Override
+            public void onAuthenticationError(int errorCode, @NonNull CharSequence errString) {
+                if (errorCode == BiometricPrompt.ERROR_USER_CANCELED) {
+                    Util.log("Authentication error: user canceled");
+                    new Handler(Looper.getMainLooper()).post(callback::onCancel);
+                } else {
+                    Util.log("Authentication error: " + errorCode + " - " + errString);
+                    new Handler(Looper.getMainLooper()).post(callback::onFailure);
+                }
+                super.onAuthenticationError(errorCode, errString);
+            }
+        });
+
+        BiometricPrompt.PromptInfo promptInfo = new BiometricPrompt.PromptInfo.Builder()
+                .setTitle("Authentication required")
+                .setAllowedAuthenticators(BiometricManager.Authenticators.DEVICE_CREDENTIAL |
+                                BiometricManager.Authenticators.BIOMETRIC_WEAK)
+                .setConfirmationRequired(false)
+                .build();
+        biometricPrompt.authenticate(promptInfo);
+    }
+}