PM-11979: Allow PIN unlock to configure biometric integrity if needed (#918)

matt-livefront · web-flow · commit 121a26d9a02c · 2024-09-11T15:43:21.000-05:00
diff --git a/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift b/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift
@@ -959,8 +959,7 @@ extension DefaultAuthRepository: AuthRepository {
 
             try await configureBiometricUnlockIfRequired()
         case .pin:
-            // No-op: nothing extra to do for pin unlock.
-            break
+            try await configureBiometricUnlockIfRequired()
         }
 
         _ = try await trustDeviceService.trustDeviceIfNeeded()
diff --git a/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift b/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift
@@ -1742,6 +1742,37 @@ class AuthRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_bo
         )
         XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1"))
         XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction)
+        XCTAssertFalse(biometricsRepository.didConfigureBiometricIntegrity)
+    }
+
+    /// `unlockVaultWithPIN(_:)` unlocks the vault with the user's PIN and configures biometric
+    /// integrity if needed.
+    func test_unlockVaultWithPIN_configuresBiometrics() async throws {
+        let account = Account.fixture()
+        stateService.activeAccount = account
+        stateService.accountEncryptionKeys = [
+            "1": AccountEncryptionKeys(encryptedPrivateKey: "PRIVATE_KEY", encryptedUserKey: "USER_KEY"),
+        ]
+        stateService.encryptedPinByUserId[account.profile.userId] = "123"
+        stateService.pinProtectedUserKeyValue[account.profile.userId] = "123"
+        biometricsRepository.biometricUnlockStatus = .success(
+            .available(.faceID, enabled: true, hasValidIntegrity: false)
+        )
+
+        try await subject.unlockVaultWithPIN(pin: "123")
+
+        XCTAssertEqual(
+            clientService.mockCrypto.initializeUserCryptoRequest,
+            InitUserCryptoRequest(
+                kdfParams: .pbkdf2(iterations: UInt32(Constants.pbkdf2Iterations)),
+                email: "user@bitwarden.com",
+                privateKey: "PRIVATE_KEY",
+                method: .pin(pin: "123", pinProtectedUserKey: "123")
+            )
+        )
+        XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1"))
+        XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction)
+        XCTAssertTrue(biometricsRepository.didConfigureBiometricIntegrity)
     }
 
     /// `unlockVaultWithPIN(_:)` throws an error if there's no pin.

Original file line number	Diff line number	Diff line change
`@@ -959,8 +959,7 @@ extension DefaultAuthRepository: AuthRepository {`
`959`	`959`
`960`	`960`	`try await configureBiometricUnlockIfRequired()`
`961`	`961`	`case .pin:`
`962`		`- // No-op: nothing extra to do for pin unlock.`
`963`		`- break`
	`962`	`+ try await configureBiometricUnlockIfRequired()`
`964`	`963`	`}`
`965`	`964`
`966`	`965`	`_ = try await trustDeviceService.trustDeviceIfNeeded()`