fix: allow custom title and cancel button text for secure credentials#90
Conversation
|
Warning Review limit reached
Next review available in: 41 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThe PR adds Android-only prompt text options to the biometric plugin API, threads them into the Android credential flow with defaults, and updates the README to document the new fields and metadata. ChangesCustomizable Auth UI Text Configuration
Estimated code review effort: 2 (Simple) | ~8 minutes Sequence Diagram(s)sequenceDiagram
participant PluginCall
participant NativeBiometric
participant AuthActivity
PluginCall->>NativeBiometric: setCredentials(title, negativeButtonText)
NativeBiometric->>AuthActivity: Intent extras with fallback defaults
Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Beta npm buildThis PR comes from a fork, so beta publish is disabled for security. If you need a beta package, move the branch into this repository first. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/definitions.ts`:
- Around line 165-166: SetCredentialOptions added two new public optional
properties (title and negativeButtonText) that lack JSDoc; add short JSDoc
comments above each property in the SetCredentialOptions interface describing
their purpose, expected type/format, and any default/behavior (e.g., title:
string shown on prompt; negativeButtonText: string label for cancel/negative
action) so docgen will include them in the API docs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: dd48cd8d-652d-417e-8093-fb5d738665ef
📒 Files selected for processing (2)
android/src/main/java/ee/forgr/biometric/NativeBiometric.javasrc/definitions.ts
ef843b0 to
c7d72fe
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@android/src/main/java/ee/forgr/biometric/NativeBiometric.java`:
- Around line 286-287: NativeBiometric.setCredentials currently forwards raw
strings from the PluginCall into the Intent extras ("title" and
"negativeButtonText") which can be empty/blank and cause AuthActivity's
BiometricPrompt.PromptInfo.Builder.build() to throw; update setCredentials to
normalize blank/whitespace-only values to the intended defaults before calling
intent.putExtra (e.g., treat "" or all-whitespace as null or use the default
strings "Protect Credentials"/"Cancel"), referencing
NativeBiometric.setCredentials, the "title"/"negativeButtonText" intent extras,
AuthActivity, and BiometricPrompt.PromptInfo.Builder.build to locate the code to
change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 20f88f02-7a44-4b35-a189-6aeadbb1e3e5
📒 Files selected for processing (2)
android/src/main/java/ee/forgr/biometric/NativeBiometric.javasrc/definitions.ts
Merge latest main to fix CI, normalize empty title/negativeButtonText to defaults before BiometricPrompt build, and document defaults in JSDoc. Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
android/src/main/java/ee/forgr/biometric/NativeBiometric.java (1)
227-227: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winBlank
title/negativeButtonTextstill crash the auth flow.verifyIdentity()andgetSecureCredentials()forward raw strings intoAuthActivity, andAuthActivity.onCreate()passes them directly toBiometricPrompt.PromptInfo.Builder; empty values will still throwIllegalArgumentException. Apply the same blank-to-default sanitization used insetCredentials().🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@android/src/main/java/ee/forgr/biometric/NativeBiometric.java` at line 227, Blank title and negativeButtonText values are still reaching AuthActivity and causing BiometricPrompt.PromptInfo.Builder to throw, so sanitize them before putting them into the intent. Update NativeBiometric.verifyIdentity() and NativeBiometric.getSecureCredentials() to apply the same blank-to-default fallback already used in setCredentials(), ensuring title defaults to Authenticate and the negative button text falls back to a safe default whenever the incoming strings are null or empty.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/definitions.ts`:
- Around line 177-190: The new biometric prompt fields in the definitions
interface are missing version metadata, unlike the nearby accessControl field.
Update the documentation for title and negativeButtonText in definitions.ts to
include matching `@since` tags with the version they were introduced, keeping the
API documentation consistent and traceable for consumers.
---
Outside diff comments:
In `@android/src/main/java/ee/forgr/biometric/NativeBiometric.java`:
- Line 227: Blank title and negativeButtonText values are still reaching
AuthActivity and causing BiometricPrompt.PromptInfo.Builder to throw, so
sanitize them before putting them into the intent. Update
NativeBiometric.verifyIdentity() and NativeBiometric.getSecureCredentials() to
apply the same blank-to-default fallback already used in setCredentials(),
ensuring title defaults to Authenticate and the negative button text falls back
to a safe default whenever the incoming strings are null or empty.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 150be8bf-10b6-4246-91cb-06e99da4e042
📒 Files selected for processing (3)
README.mdandroid/src/main/java/ee/forgr/biometric/NativeBiometric.javasrc/definitions.ts
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
Cap-go/capacitor-updater(manual)
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Summary by CodeRabbit
New Features
Documentation