Skip to content

fix: allow custom title and cancel button text for secure credentials#90

Merged
riderx merged 7 commits into
Cap-go:mainfrom
Vlodzimej:android-custom-secure-credentials-text
Jul 3, 2026
Merged

fix: allow custom title and cancel button text for secure credentials#90
riderx merged 7 commits into
Cap-go:mainfrom
Vlodzimej:android-custom-secure-credentials-text

Conversation

@Vlodzimej

@Vlodzimej Vlodzimej commented May 13, 2026

Copy link
Copy Markdown

Summary by CodeRabbit

  • New Features

    • On Android, biometric credential prompts now support customizing the dialog title and negative button text via options, with defaults of “Protect Credentials” and “Cancel” when not provided.
  • Documentation

    • Updated the README for SetCredentialOptions to include the new fields and show their defaults and since versions (including accessControl availability).

@coderabbitai

coderabbitai Bot commented May 13, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@riderx, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 41 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 577301f9-7cd4-45a6-a004-9b002bf2ff5a

📥 Commits

Reviewing files that changed from the base of the PR and between 2eed542 and 5294210.

📒 Files selected for processing (3)
  • README.md
  • android/src/main/java/ee/forgr/biometric/NativeBiometric.java
  • src/definitions.ts
📝 Walkthrough

Walkthrough

The PR adds Android-only prompt text options to the biometric plugin API, threads them into the Android credential flow with defaults, and updates the README to document the new fields and metadata.

Changes

Customizable Auth UI Text Configuration

Layer / File(s) Summary
Auth UI Text Options and Wiring
src/definitions.ts, android/src/main/java/ee/forgr/biometric/NativeBiometric.java, README.md
BiometricOptions adds title and negativeButtonText; Android setCredentials() reads both from PluginCall with fallback defaults before setting AuthActivity intent extras; the README updates the SetCredentialOptions table with the new fields, defaults, and version metadata.

Estimated code review effort: 2 (Simple) | ~8 minutes

Sequence Diagram(s)

sequenceDiagram
  participant PluginCall
  participant NativeBiometric
  participant AuthActivity
  PluginCall->>NativeBiometric: setCredentials(title, negativeButtonText)
  NativeBiometric->>AuthActivity: Intent extras with fallback defaults
Loading

Possibly related PRs

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: customizable title and cancel text for secure credential prompts.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

Copy link
Copy Markdown

Beta npm build

This PR comes from a fork, so beta publish is disabled for security.

If you need a beta package, move the branch into this repository first.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/definitions.ts`:
- Around line 165-166: SetCredentialOptions added two new public optional
properties (title and negativeButtonText) that lack JSDoc; add short JSDoc
comments above each property in the SetCredentialOptions interface describing
their purpose, expected type/format, and any default/behavior (e.g., title:
string shown on prompt; negativeButtonText: string label for cancel/negative
action) so docgen will include them in the API docs.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: dd48cd8d-652d-417e-8093-fb5d738665ef

📥 Commits

Reviewing files that changed from the base of the PR and between 3e649a3 and ef843b0.

📒 Files selected for processing (2)
  • android/src/main/java/ee/forgr/biometric/NativeBiometric.java
  • src/definitions.ts

Comment thread src/definitions.ts
@Vlodzimej Vlodzimej force-pushed the android-custom-secure-credentials-text branch from ef843b0 to c7d72fe Compare May 25, 2026 07:44

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@android/src/main/java/ee/forgr/biometric/NativeBiometric.java`:
- Around line 286-287: NativeBiometric.setCredentials currently forwards raw
strings from the PluginCall into the Intent extras ("title" and
"negativeButtonText") which can be empty/blank and cause AuthActivity's
BiometricPrompt.PromptInfo.Builder.build() to throw; update setCredentials to
normalize blank/whitespace-only values to the intended defaults before calling
intent.putExtra (e.g., treat "" or all-whitespace as null or use the default
strings "Protect Credentials"/"Cancel"), referencing
NativeBiometric.setCredentials, the "title"/"negativeButtonText" intent extras,
AuthActivity, and BiometricPrompt.PromptInfo.Builder.build to locate the code to
change.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 20f88f02-7a44-4b35-a189-6aeadbb1e3e5

📥 Commits

Reviewing files that changed from the base of the PR and between ef843b0 and c7d72fe.

📒 Files selected for processing (2)
  • android/src/main/java/ee/forgr/biometric/NativeBiometric.java
  • src/definitions.ts

Comment thread android/src/main/java/ee/forgr/biometric/NativeBiometric.java Outdated
riderx and others added 2 commits July 3, 2026 11:34
Merge latest main to fix CI, normalize empty title/negativeButtonText to
defaults before BiometricPrompt build, and document defaults in JSDoc.

Co-authored-by: Cursor <cursoragent@cursor.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
android/src/main/java/ee/forgr/biometric/NativeBiometric.java (1)

227-227: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Blank title / negativeButtonText still crash the auth flow. verifyIdentity() and getSecureCredentials() forward raw strings into AuthActivity, and AuthActivity.onCreate() passes them directly to BiometricPrompt.PromptInfo.Builder; empty values will still throw IllegalArgumentException. Apply the same blank-to-default sanitization used in setCredentials().

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@android/src/main/java/ee/forgr/biometric/NativeBiometric.java` at line 227,
Blank title and negativeButtonText values are still reaching AuthActivity and
causing BiometricPrompt.PromptInfo.Builder to throw, so sanitize them before
putting them into the intent. Update NativeBiometric.verifyIdentity() and
NativeBiometric.getSecureCredentials() to apply the same blank-to-default
fallback already used in setCredentials(), ensuring title defaults to
Authenticate and the negative button text falls back to a safe default whenever
the incoming strings are null or empty.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/definitions.ts`:
- Around line 177-190: The new biometric prompt fields in the definitions
interface are missing version metadata, unlike the nearby accessControl field.
Update the documentation for title and negativeButtonText in definitions.ts to
include matching `@since` tags with the version they were introduced, keeping the
API documentation consistent and traceable for consumers.

---

Outside diff comments:
In `@android/src/main/java/ee/forgr/biometric/NativeBiometric.java`:
- Line 227: Blank title and negativeButtonText values are still reaching
AuthActivity and causing BiometricPrompt.PromptInfo.Builder to throw, so
sanitize them before putting them into the intent. Update
NativeBiometric.verifyIdentity() and NativeBiometric.getSecureCredentials() to
apply the same blank-to-default fallback already used in setCredentials(),
ensuring title defaults to Authenticate and the negative button text falls back
to a safe default whenever the incoming strings are null or empty.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 150be8bf-10b6-4246-91cb-06e99da4e042

📥 Commits

Reviewing files that changed from the base of the PR and between c7d72fe and 2eed542.

📒 Files selected for processing (3)
  • README.md
  • android/src/main/java/ee/forgr/biometric/NativeBiometric.java
  • src/definitions.ts
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • Cap-go/capacitor-updater (manual)

Comment thread src/definitions.ts
Co-authored-by: Cursor <cursoragent@cursor.com>
riderx and others added 2 commits July 3, 2026 11:50
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@riderx riderx merged commit f5cc48d into Cap-go:main Jul 3, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants