OSReauthenticatorDarwin.mm

Enable keyboard shortcuts

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

/* vim: set ts=8 sts=2 et sw=2 tw=80: */

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "OSReauthenticator.h"

#include "mozilla/MacStringHelpers.h"

using namespace mozilla;

#include <CoreFoundation/CoreFoundation.h>

#include <LocalAuthentication/LocalAuthentication.h>

static const int32_t kPasswordNotSetErrorCode = -1000;

nsresult ReauthenticateUserMacOS(const nsAString& aPrompt,

                                 /* out */ bool& aReauthenticated,

                                 /* out */ bool& aIsBlankPassword) {

  // The idea here is that we ask to be authorized to unlock the user's session.

  // This should cause a prompt to come up for the user asking them for their

  // password. If they correctly enter it, we'll set aReauthenticated to true.

  LAContext* context = [[LAContext alloc] init];

  NSString* prompt = mozilla::XPCOMStringToNSString(aPrompt);

  dispatch_semaphore_t sema = dispatch_semaphore_create(0);

  __block BOOL biometricSuccess = NO;     // mark variable r/w across the block

  __block BOOL errorPasswordNotSet = NO;  // mark variable r/w across the block

  // Note: This is an async callback in an already-async Promise chain.

  [context evaluatePolicy:LAPolicyDeviceOwnerAuthentication

          localizedReason:prompt

                    reply:^(BOOL success, NSError* error) {

                      dispatch_async(dispatch_get_main_queue(), ^{

                        // error is not particularly useful in this context, and

                        // we have no mechanism to really return it. We could

                        // use it to set the nsresult, but this is a best-effort

                        // mechanism and there's no particular case for

                        // propagating up XPCOM. The one exception being a user

                        // account that has no passcode set, which we handle

                        // below.

                        errorPasswordNotSet =

                            error && [error code] == kPasswordNotSetErrorCode;

                        biometricSuccess = success || errorPasswordNotSet;

                        dispatch_semaphore_signal(sema);

});

}];

  // What we want to do here is convert this into a blocking call, since

  // our calling methods expect us to block and set aReauthenticated on return.

  dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);

  dispatch_release(sema);

  sema = NULL;

  aReauthenticated = biometricSuccess;

  aIsBlankPassword = errorPasswordNotSet;

  [context release];

  return NS_OK;