Add PIN code for spending (#711)

Spending operations (including swap refund or channel closing) can
be protected behind a 6-digits PIN different from the screen lock
authentication. This allows sharing the wallet with someone else.

---------

Co-authored-by: Robbie Hanson <[email protected]>

Author: dpad85

phoenix-android/src/main/kotlin/fr/acinq/phoenix/android/AppView.kt

@@ -71,7 +71,7 @@ import fr.acinq.phoenix.PhoenixBusiness
 import fr.acinq.phoenix.android.components.Button
 import fr.acinq.phoenix.android.components.dialogs.Dialog
 import fr.acinq.phoenix.android.components.openLink
-import fr.acinq.phoenix.android.components.screenlock.LockPrompt
+import fr.acinq.phoenix.android.components.auth.screenlock.ScreenLockPrompt
 import fr.acinq.phoenix.android.home.HomeView
 import fr.acinq.phoenix.android.initwallet.create.CreateWalletView
 import fr.acinq.phoenix.android.initwallet.InitWallet
@@ -501,17 +501,17 @@ fun AppView(
             }
 
             val isScreenLocked by appVM.isScreenLocked
-            val isBiometricLockEnabledState = userPrefs.getIsBiometricLockEnabled.collectAsState(initial = null)
+            val isBiometricLockEnabledState = userPrefs.getIsScreenLockBiometricsEnabled.collectAsState(initial = null)
             val isBiometricLockEnabled = isBiometricLockEnabledState.value
-            val isCustomPinLockEnabledState = userPrefs.getIsCustomPinLockEnabled.collectAsState(initial = null)
+            val isCustomPinLockEnabledState = userPrefs.getIsScreenLockPinEnabled.collectAsState(initial = null)
             val isCustomPinLockEnabled = isCustomPinLockEnabledState.value
 
             if ((isBiometricLockEnabled == true || isCustomPinLockEnabled == true) && isScreenLocked) {
                 BackHandler {
                     // back button minimises the app
                     context.findActivitySafe()?.moveTaskToBack(false)
                 }
-                LockPrompt(
+                ScreenLockPrompt(
                     promptScreenLockImmediately = appVM.promptScreenLockImmediately.value,
                     onLock = { appVM.lockScreen() },
                     onUnlock = {

phoenix-android/src/main/kotlin/fr/acinq/phoenix/android/AppViewModel.kt

@@ -92,7 +92,7 @@ class AppViewModel(
 
     private fun monitorUserLockPrefs() {
         viewModelScope.launch {
-            combine(userPrefs.getIsBiometricLockEnabled, userPrefs.getIsCustomPinLockEnabled) { isBiometricEnabled, isCustomPinEnabled ->
+            combine(userPrefs.getIsScreenLockBiometricsEnabled, userPrefs.getIsScreenLockPinEnabled) { isBiometricEnabled, isCustomPinEnabled ->
                 isBiometricEnabled to isCustomPinEnabled
             }.collect { (isBiometricEnabled, isCustomPinEnabled) ->
                 if (!isBiometricEnabled && !isCustomPinEnabled) {

phoenix-android/src/main/kotlin/fr/acinq/phoenix/android/components/Checkbox.kt

@@ -21,14 +21,15 @@ import androidx.compose.foundation.indication
 import androidx.compose.foundation.interaction.MutableInteractionSource
 import androidx.compose.foundation.layout.*
 import androidx.compose.material.Checkbox
+import androidx.compose.material.MaterialTheme
 import androidx.compose.material.Text
 import androidx.compose.material.ripple
-import androidx.compose.material.ripple.rememberRipple
 import androidx.compose.runtime.*
 import androidx.compose.runtime.saveable.rememberSaveable
 import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.semantics.Role
+import androidx.compose.ui.text.TextStyle
 import androidx.compose.ui.unit.dp
 import fr.acinq.phoenix.android.isDarkTheme
 import fr.acinq.phoenix.android.utils.gray300
@@ -40,6 +41,7 @@ fun Checkbox(
     checked: Boolean,
     onCheckedChange: (Boolean) -> Unit,
     modifier: Modifier = Modifier,
+    textStyle: TextStyle = MaterialTheme.typography.body1,
     enabled: Boolean = true,
     padding: PaddingValues = PaddingValues(vertical = 16.dp, horizontal = 0.dp)
 ) {
@@ -64,6 +66,6 @@ fun Checkbox(
             )
         )
         Spacer(Modifier.width(12.dp))
-        Text(text)
+        Text(text = text, style = textStyle)
     }
 }

phoenix-android/src/main/kotlin/fr/acinq/phoenix/android/components/auth/pincode/CheckPinFlow.kt

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2025 ACINQ SAS
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package fr.acinq.phoenix.android.components.auth.pincode
+
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.LaunchedEffect
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
+import fr.acinq.phoenix.android.R
+
+
+@Composable
+fun CheckPinFlow(
+    onCancel: () -> Unit,
+    onPinValid: () -> Unit,
+    vm: CheckPinViewModel,
+    prompt: @Composable () -> Unit,
+) {
+    val context = LocalContext.current
+    val isUIFrozen = vm.state !is CheckPinState.CanType
+
+    LaunchedEffect(Unit) { vm.evaluateLockState() }
+
+    BasePinDialog(
+        onDismiss = onCancel,
+        initialPin = vm.pinInput,
+        onPinSubmit = {
+            vm.pinInput = it
+            vm.checkPinAndSaveOutcome(context, it, onPinValid)
+        },
+        prompt = prompt,
+        stateLabel = when(val state = vm.state) {
+            is CheckPinState.Init, is CheckPinState.CanType -> null
+            is CheckPinState.Locked -> {
+                { PinStateMessage(text = stringResource(id = R.string.pincode_locked_label, state.timeToWait.toString()), icon = R.drawable.ic_clock) }
+            }
+            is CheckPinState.Checking -> {
+                { PinStateMessage(text = stringResource(id = R.string.pincode_checking_label)) }
+            }
+            is CheckPinState.MalformedInput -> {
+                { PinStateError(text = stringResource(id = R.string.pincode_error_malformed)) }
+            }
+            is CheckPinState.IncorrectPin -> {
+                { PinStateError(text = stringResource(id = R.string.pincode_failure_label)) }
+            }
+            is CheckPinState.Error -> {
+                { PinStateError(text = stringResource(id = R.string.pincode_error_generic)) }
+            }
+        },
+        enabled = !isUIFrozen,
+    )
+}

phoenix-android/src/main/kotlin/fr/acinq/phoenix/android/components/screenlock/CheckPinFlowViewModel.kt renamed to phoenix-android/src/main/kotlin/fr/acinq/phoenix/android/components/auth/pincode/CheckPinViewModel.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2024 ACINQ SAS
+ * Copyright 2025 ACINQ SAS
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,68 +14,65 @@
  * limitations under the License.
  */
 
-package fr.acinq.phoenix.android.components.screenlock
+package fr.acinq.phoenix.android.components.auth.pincode
 
 import android.content.Context
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.setValue
 import androidx.lifecycle.ViewModel
-import androidx.lifecycle.ViewModelProvider
 import androidx.lifecycle.viewModelScope
-import androidx.lifecycle.viewmodel.CreationExtras
-import fr.acinq.phoenix.android.PhoenixApplication
-import fr.acinq.phoenix.android.components.screenlock.PinDialog.PIN_LENGTH
-import fr.acinq.phoenix.android.security.EncryptedPin
-import fr.acinq.phoenix.android.utils.datastore.UserPrefsRepository
+import fr.acinq.phoenix.android.components.auth.pincode.PinDialog.PIN_LENGTH
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.cancelAndJoin
 import kotlinx.coroutines.delay
-import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.flow
 import kotlinx.coroutines.launch
+import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import kotlin.time.Duration
 import kotlin.time.Duration.Companion.minutes
 import kotlin.time.Duration.Companion.seconds
 
-/** View model tracking the state of the PIN dialog UI. */
-sealed class CheckPinFlowState {
-
-    data object Init : CheckPinFlowState()
 
-    data class Locked(val timeToWait: Duration): CheckPinFlowState()
-    data object CanType : CheckPinFlowState()
-    data object Checking : CheckPinFlowState()
-    data object MalformedInput: CheckPinFlowState()
-    data object IncorrectPin: CheckPinFlowState()
-    data class Error(val cause: Throwable) : CheckPinFlowState()
+/** View model tracking the state of the PIN dialog UI. */
+sealed class CheckPinState {
+    data object Init : CheckPinState()
+    data class Locked(val timeToWait: Duration): CheckPinState()
+    data object CanType : CheckPinState()
+    data object Checking : CheckPinState()
+    data object MalformedInput: CheckPinState()
+    data object IncorrectPin: CheckPinState()
+    data class Error(val cause: Throwable) : CheckPinState()
 }
 
-class CheckPinFlowViewModel(private val userPrefsRepository: UserPrefsRepository) : ViewModel() {
-    private val log = LoggerFactory.getLogger(this::class.java)
-    var state by mutableStateOf<CheckPinFlowState>(CheckPinFlowState.Init)
+abstract class CheckPinViewModel : ViewModel() {
+    val log: Logger = LoggerFactory.getLogger(this::class.java)
+    var state by mutableStateOf<CheckPinState>(CheckPinState.Init)
         private set
 
     var pinInput by mutableStateOf("")
 
-    init {
-        viewModelScope.launch { evaluateLockState() }
-    }
+    abstract suspend fun getPinCodeAttempt(): Int
+    abstract suspend fun savePinCodeSuccess()
+    abstract suspend fun savePinCodeFailure()
+    abstract suspend fun getExpectedPin(context: Context): String?
 
-    private suspend fun evaluateLockState() {
-        val currentPinCodeAttempt = userPrefsRepository.getPinCodeAttempt.first()
+    suspend fun evaluateLockState() {
+        val currentPinCodeAttempt = getPinCodeAttempt()
         val timeToWait = when (currentPinCodeAttempt) {
             0, 1, 2 -> Duration.ZERO
             3 -> 10.seconds
-            4 -> 1.minutes
-            5 -> 2.minutes
-            6 -> 5.minutes
-            7 -> 10.minutes
+            4 -> 30.seconds
+            5 -> 1.minutes
+            6 -> 2.minutes
+            7 -> 5.minutes
+            8 -> 10.minutes
             else -> 30.minutes
         }
+
         if (timeToWait > Duration.ZERO) {
-            state = CheckPinFlowState.Locked(timeToWait)
+            state = CheckPinState.Locked(timeToWait)
             val countdownJob = viewModelScope.launch {
                 val countdownFlow = flow {
                     while (true) {
@@ -85,70 +82,60 @@ class CheckPinFlowViewModel(private val userPrefsRepository: UserPrefsRepository
                 }
                 countdownFlow.collect {
                     val s = state
-                    if (s is CheckPinFlowState.Locked) {
-                        state = CheckPinFlowState.Locked((s.timeToWait.minus(1.seconds)).coerceAtLeast(Duration.ZERO))
+                    if (s is CheckPinState.Locked) {
+                        state = CheckPinState.Locked((s.timeToWait.minus(1.seconds)).coerceAtLeast(Duration.ZERO))
                     }
                 }
             }
             delay(timeToWait)
             countdownJob.cancelAndJoin()
-            state = CheckPinFlowState.CanType
+            state = CheckPinState.CanType
         } else {
-            state = CheckPinFlowState.CanType
+            state = CheckPinState.CanType
         }
     }
 
     fun checkPinAndSaveOutcome(context: Context, pin: String, onPinValid: () -> Unit) {
-        if (state is CheckPinFlowState.Checking || state is CheckPinFlowState.Locked) return
-        state = CheckPinFlowState.Checking
+        if (state is CheckPinState.Checking || state is CheckPinState.Locked) return
+        state = CheckPinState.Checking
 
         viewModelScope.launch(Dispatchers.IO) {
             try {
                 if (pin.isBlank() || pin.length != PIN_LENGTH) {
                     log.debug("malformed pin")
-                    state = CheckPinFlowState.MalformedInput
+                    state = CheckPinState.MalformedInput
                     delay(1300)
-                    if (state is CheckPinFlowState.MalformedInput) {
+                    if (state is CheckPinState.MalformedInput) {
                         evaluateLockState()
                     }
                 }
 
-                val expected = EncryptedPin.getPinFromDisk(context)
+                val expected = getExpectedPin(context)
                 if (pin == expected) {
                     log.debug("valid pin")
                     delay(20)
-                    userPrefsRepository.savePinCodeSuccess()
+                    savePinCodeSuccess()
                     pinInput = ""
-                    state = CheckPinFlowState.CanType
+                    state = CheckPinState.CanType
                     viewModelScope.launch(Dispatchers.Main) {
                         onPinValid()
                     }
                 } else {
                     log.debug("incorrect pin")
                     delay(80)
-                    userPrefsRepository.savePinCodeFailure()
-                    state = CheckPinFlowState.IncorrectPin
+                    savePinCodeFailure()
+                    state = CheckPinState.IncorrectPin
                     delay(1300)
                     pinInput = ""
                     evaluateLockState()
                 }
             } catch (e: Exception) {
                 log.error("error when checking pin code: ", e)
-                state = CheckPinFlowState.Error(e)
+                state = CheckPinState.Error(e)
                 delay(1300)
                 pinInput = ""
                 evaluateLockState()
             }
         }
     }
-
-    companion object {
-        val Factory: ViewModelProvider.Factory = object : ViewModelProvider.Factory {
-            @Suppress("UNCHECKED_CAST")
-            override fun <T : ViewModel> create(modelClass: Class<T>, extras: CreationExtras): T {
-                val application = checkNotNull(extras[ViewModelProvider.AndroidViewModelFactory.APPLICATION_KEY] as? PhoenixApplication)
-                return CheckPinFlowViewModel(application.userPrefs) as T
-            }
-        }
-    }
 }