fix(android): report weak-only biometrics as unavailable for strong auth#91
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
🔗 Linked repositories identifiedCodeRabbit considers these linked repositories for cross-repo context during reviews:
📝 WalkthroughWalkthroughRemoves the Android code path that treated weak-only biometrics as sufficient to set ChangesAndroid Strong-Biometric Availability Enforcement
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Beta npm buildThis PR comes from a fork, so beta publish is disabled for security. If you need a beta package, move the branch into this repository first. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/definitions.ts`:
- Around line 79-86: Update the IsAvailableOptions.useFallback doc to state that
useFallback affects isAvailable() on Android but is ignored for
verifyIdentity(): change the lines describing IsAvailableOptions.useFallback
(referencing IsAvailableOptions.useFallback) to note that on Android useFallback
will be considered by isAvailable() (see isAvailable()) because the native code
computes fallbackAvailable = useFallback && deviceIsSecure in
NativeBiometric.java, but the BiometricPrompt-based verifyIdentity() flow does
not support fallback (so useFallback is ignored for verifyIdentity()). Ensure
the wording clearly distinguishes the two behaviors (availability vs
authentication) and removes the current claim that the option is entirely
ignored on Android.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 21d8fc7f-c25a-49a7-9696-e3f718fed0c4
📒 Files selected for processing (3)
README.mdandroid/src/main/java/ee/forgr/biometric/NativeBiometric.javasrc/definitions.ts
💤 Files with no reviewable changes (1)
- android/src/main/java/ee/forgr/biometric/NativeBiometric.java
212bdeb to
f661c48
Compare
f661c48 to
2db47cf
Compare
…antics Distinguish availability vs authentication: on Android, useFallback is honored by isAvailable() (fallbackAvailable = useFallback && deviceIsSecure) but ignored by verifyIdentity() due to BiometricPrompt API constraints. Addresses CodeRabbit review comment on PR Cap-go#91.
|
Pushed a follow-up commit (c5ff15b) refining the |
|
sorry i missed it ! can you check the conflicts? |
# Conflicts: # .github/scripts/verify-packed-example.sh # example-app/package.json
What
Why
How
Testing
Not Tested
AI-assisted with Codex; I reviewed the patch and kept it scoped.
Summary by CodeRabbit
Bug Fixes
Documentation