feat(biometric-trust): invalidate biometric trust on enrollment change

Add handleBiometricTrustResult, a shared helper that maps a TrustResult into
an (unlocked, modal-config) outcome. Both call sites — handleLocalAuthentication's
upstream verify() preflight and PasscodeEnter's biometry-button retry — route
through it so the invalidation policy lives in one place.

On {kind: 'enrollmentChanged'} the helper runs disenrol() BEFORE clearing
BIOMETRY_ENABLED_KEY, so a crash between the two leaves a state slice 04's
reconciliation can clean up (a flipped flag with a live sentinel would
otherwise look like a healthy enrolment). The resulting modal carries
reason: 'enrollmentChanged' over LOCAL_AUTHENTICATE_EMITTER so slice 03 can
render an explanatory subtitle.

Cancel/error keep biometry available with skipAutoBiometry; unavailable is
passcode-only; success unlocks without a modal.

In PasscodeEnter the biometry button now mirrors hasBiometry/reason in local
state so an enrolment-change triggered from the button hides the button
within the same modal session without re-emitting the event (which would
orphan the upstream openModal promise).

Closes VLN-216.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: OtavioStasiak

app/containers/Passcode/PasscodeEnter.test.tsx

@@ -0,0 +1,94 @@
+import React from 'react';
+import { fireEvent, render, waitFor } from '@testing-library/react-native';
+
+import PasscodeEnter from './PasscodeEnter';
+import { biometryAuth } from '../../lib/methods/helpers/localAuthentication';
+import { biometricTrustStore } from '../../lib/biometricTrustStore';
+import UserPreferences from '../../lib/methods/userPreferences';
+import { BIOMETRY_ENABLED_KEY } from '../../lib/constants/localAuthentication';
+
+jest.mock('../../lib/methods/helpers/localAuthentication', () => ({
+	biometryAuth: jest.fn(),
+	resetAttempts: jest.fn(() => Promise.resolve())
+}));
+
+jest.mock('../../lib/biometricTrustStore', () => ({
+	biometricTrustStore: {
+		enrol: jest.fn(),
+		disenrol: jest.fn(() => Promise.resolve()),
+		verify: jest.fn(),
+		probeExists: jest.fn()
+	}
+}));
+
+jest.mock('../../lib/methods/userPreferences', () => ({
+	__esModule: true,
+	default: {
+		getBool: jest.fn(),
+		setBool: jest.fn(),
+		getString: jest.fn(),
+		setString: jest.fn()
+	},
+	useUserPreferences: () => [null, jest.fn()]
+}));
+
+jest.mock('../../i18n', () => ({ t: (key: string) => key }));
+
+const mockedBiometryAuth = biometryAuth as jest.Mock;
+const mockedDisenrol = biometricTrustStore.disenrol as jest.Mock;
+const mockedSetBool = UserPreferences.setBool as jest.Mock;
+
+describe('PasscodeEnter biometry button', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		mockedDisenrol.mockResolvedValue(undefined);
+	});
+
+	it('enrollmentChanged from button press → disenrols, clears flag, hides biometry button', async () => {
+		mockedBiometryAuth.mockResolvedValueOnce({ kind: 'enrollmentChanged' });
+		const finishProcess = jest.fn();
+
+		const { getByTestId, queryByTestId } = render(<PasscodeEnter hasBiometry skipAutoBiometry finishProcess={finishProcess} />);
+
+		await waitFor(() => expect(getByTestId('biometry-button')).toBeTruthy());
+
+		fireEvent.press(getByTestId('biometry-button'));
+
+		await waitFor(() => expect(mockedDisenrol).toHaveBeenCalledTimes(1));
+		expect(mockedSetBool).toHaveBeenCalledWith(BIOMETRY_ENABLED_KEY, false);
+		expect(finishProcess).not.toHaveBeenCalled();
+		await waitFor(() => expect(queryByTestId('biometry-button')).toBeNull());
+	});
+
+	it('success from button press → finishes process, no invalidation', async () => {
+		mockedBiometryAuth.mockResolvedValueOnce({ kind: 'success' });
+		const finishProcess = jest.fn();
+
+		const { getByTestId } = render(<PasscodeEnter hasBiometry skipAutoBiometry finishProcess={finishProcess} />);
+
+		await waitFor(() => expect(getByTestId('biometry-button')).toBeTruthy());
+
+		fireEvent.press(getByTestId('biometry-button'));
+
+		await waitFor(() => expect(finishProcess).toHaveBeenCalledTimes(1));
+		expect(mockedDisenrol).not.toHaveBeenCalled();
+		expect(mockedSetBool).not.toHaveBeenCalled();
+	});
+
+	it('canceled from button press → flag untouched, biometry button stays', async () => {
+		mockedBiometryAuth.mockResolvedValueOnce({ kind: 'canceled' });
+		const finishProcess = jest.fn();
+
+		const { getByTestId } = render(<PasscodeEnter hasBiometry skipAutoBiometry finishProcess={finishProcess} />);
+
+		await waitFor(() => expect(getByTestId('biometry-button')).toBeTruthy());
+
+		fireEvent.press(getByTestId('biometry-button'));
+
+		await waitFor(() => expect(mockedBiometryAuth).toHaveBeenCalled());
+		expect(mockedDisenrol).not.toHaveBeenCalled();
+		expect(mockedSetBool).not.toHaveBeenCalled();
+		expect(finishProcess).not.toHaveBeenCalled();
+		expect(getByTestId('biometry-button')).toBeTruthy();
+	});
+});

app/containers/Passcode/PasscodeEnter.tsx

@@ -9,31 +9,52 @@ import Locked from './Base/Locked';
 import { TYPE } from './constants';
 import { ATTEMPTS_KEY, LOCKED_OUT_TIMER_KEY, MAX_ATTEMPTS, PASSCODE_KEY } from '../../lib/constants/localAuthentication';
 import { biometryAuth, resetAttempts } from '../../lib/methods/helpers/localAuthentication';
+import { handleBiometricTrustResult, type BiometricInvalidationReason } from '../../lib/biometricTrustStore/handleResult';
 import { getDiff, getLockedUntil } from './utils';
 import { useUserPreferences } from '../../lib/methods/userPreferences';
 import I18n from '../../i18n';
 
 interface IPasscodePasscodeEnter {
 	hasBiometry: boolean;
 	skipAutoBiometry?: boolean;
+	reason?: BiometricInvalidationReason;
 	finishProcess: Function;
 }
 
-const PasscodeEnter = ({ hasBiometry, skipAutoBiometry = false, finishProcess }: IPasscodePasscodeEnter) => {
+const PasscodeEnter = ({
+	hasBiometry: initialHasBiometry,
+	skipAutoBiometry = false,
+	reason: initialReason,
+	finishProcess
+}: IPasscodePasscodeEnter) => {
 	const ref = useRef<IBase>(null);
 	let attempts = 0;
 	let lockedUntil: any = false;
 	const [passcode] = useUserPreferences(PASSCODE_KEY);
 	const [status, setStatus] = useState<TYPE | null>(null);
+	// Mirror hasBiometry/reason locally so an enrolment-change invalidation triggered from the
+	// biometry button immediately hides the button within the same modal session, without
+	// re-emitting LOCAL_AUTHENTICATE_EMITTER (which would orphan the upstream openModal promise).
+	const [hasBiometry, setHasBiometry] = useState<boolean>(initialHasBiometry);
+	// `reason` is held for slice 03's subtitle copy; _reason intentionally unused for now.
+	// eslint-disable-next-line @typescript-eslint/no-unused-vars
+	const [_reason, setReason] = useState<BiometricInvalidationReason | undefined>(initialReason);
 	const { setItem: setAttempts } = useAsyncStorage(ATTEMPTS_KEY);
 	const { setItem: setLockedUntil } = useAsyncStorage(LOCKED_OUT_TIMER_KEY);
 
 	const biometry = async () => {
-		if (hasBiometry && status === TYPE.ENTER) {
-			const result = await biometryAuth();
-			if (result.kind === 'success') {
-				finishProcess();
-			}
+		if (!hasBiometry || status !== TYPE.ENTER) {
+			return;
+		}
+		const result = await biometryAuth();
+		const { unlocked, modal } = await handleBiometricTrustResult(result);
+		if (unlocked) {
+			finishProcess();
+			return;
+		}
+		if (modal) {
+			setHasBiometry(modal.hasBiometry);
+			setReason(modal.reason);
 		}
 	};
 

app/lib/biometricTrustStore/handleResult.test.ts

@@ -0,0 +1,89 @@
+import UserPreferences from '../methods/userPreferences';
+import { BIOMETRY_ENABLED_KEY } from '../constants/localAuthentication';
+import { biometricTrustStore } from './index';
+import { handleBiometricTrustResult } from './handleResult';
+
+jest.mock('../methods/userPreferences', () => ({
+	__esModule: true,
+	default: {
+		getBool: jest.fn(),
+		setBool: jest.fn(),
+		getString: jest.fn(),
+		setString: jest.fn()
+	}
+}));
+
+jest.mock('./index', () => ({
+	biometricTrustStore: {
+		enrol: jest.fn(),
+		disenrol: jest.fn(() => Promise.resolve()),
+		verify: jest.fn(),
+		probeExists: jest.fn()
+	}
+}));
+
+const mockedSetBool = UserPreferences.setBool as jest.Mock;
+const mockedDisenrol = biometricTrustStore.disenrol as jest.Mock;
+
+describe('handleBiometricTrustResult', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('success → unlocked, no modal, no invalidation', async () => {
+		const outcome = await handleBiometricTrustResult({ kind: 'success' });
+
+		expect(outcome).toEqual({ unlocked: true });
+		expect(mockedDisenrol).not.toHaveBeenCalled();
+		expect(mockedSetBool).not.toHaveBeenCalled();
+	});
+
+	it('enrollmentChanged → disenrol() runs before BIOMETRY_ENABLED_KEY is cleared', async () => {
+		const order: string[] = [];
+		mockedDisenrol.mockImplementation(() => {
+			order.push('disenrol');
+			return Promise.resolve();
+		});
+		mockedSetBool.mockImplementation((key: string, value: boolean) => {
+			order.push(`setBool:${key}=${value}`);
+		});
+
+		const outcome = await handleBiometricTrustResult({ kind: 'enrollmentChanged' });
+
+		expect(order).toEqual(['disenrol', `setBool:${BIOMETRY_ENABLED_KEY}=false`]);
+		expect(outcome).toEqual({
+			unlocked: false,
+			modal: { hasBiometry: false, reason: 'enrollmentChanged' }
+		});
+	});
+
+	it('canceled → no disenrol, no flag clear, modal keeps biometry with skipAutoBiometry', async () => {
+		const outcome = await handleBiometricTrustResult({ kind: 'canceled' });
+
+		expect(mockedDisenrol).not.toHaveBeenCalled();
+		expect(mockedSetBool).not.toHaveBeenCalled();
+		expect(outcome).toEqual({
+			unlocked: false,
+			modal: { hasBiometry: true, skipAutoBiometry: true }
+		});
+	});
+
+	it('error → no disenrol, no flag clear, modal keeps biometry with skipAutoBiometry', async () => {
+		const outcome = await handleBiometricTrustResult({ kind: 'error', cause: new Error('boom') });
+
+		expect(mockedDisenrol).not.toHaveBeenCalled();
+		expect(mockedSetBool).not.toHaveBeenCalled();
+		expect(outcome).toEqual({
+			unlocked: false,
+			modal: { hasBiometry: true, skipAutoBiometry: true }
+		});
+	});
+
+	it('unavailable → passcode-only modal, no invalidation', async () => {
+		const outcome = await handleBiometricTrustResult({ kind: 'unavailable' });
+
+		expect(mockedDisenrol).not.toHaveBeenCalled();
+		expect(mockedSetBool).not.toHaveBeenCalled();
+		expect(outcome).toEqual({ unlocked: false, modal: { hasBiometry: false } });
+	});
+});

app/lib/biometricTrustStore/handleResult.ts

@@ -0,0 +1,40 @@
+import UserPreferences from '../methods/userPreferences';
+import { BIOMETRY_ENABLED_KEY } from '../constants/localAuthentication';
+import { biometricTrustStore, type TrustResult } from './index';
+
+export type BiometricInvalidationReason = 'enrollmentChanged';
+
+export type BiometricModalRequest = {
+	hasBiometry: boolean;
+	skipAutoBiometry?: boolean;
+	reason?: BiometricInvalidationReason;
+};
+
+export type BiometricTrustOutcome = {
+	unlocked: boolean;
+	modal?: BiometricModalRequest;
+};
+
+// Shared invalidation + modal-config resolution for both Option C call sites:
+// - handleLocalAuthentication (upstream verify() preflight)
+// - PasscodeEnter biometry button retry
+//
+// On enrollmentChanged we MUST disenrol() before clearing BIOMETRY_ENABLED_KEY so a crash between
+// the two leaves the app in a state slice 04's reconciliation can still clean up — a flipped flag
+// with a live sentinel would otherwise look like a healthy enrolment.
+export const handleBiometricTrustResult = async (result: TrustResult): Promise<BiometricTrustOutcome> => {
+	switch (result.kind) {
+		case 'success':
+			return { unlocked: true };
+		case 'enrollmentChanged':
+			await biometricTrustStore.disenrol();
+			UserPreferences.setBool(BIOMETRY_ENABLED_KEY, false);
+			return { unlocked: false, modal: { hasBiometry: false, reason: 'enrollmentChanged' } };
+		case 'unavailable':
+			return { unlocked: false, modal: { hasBiometry: false } };
+		case 'canceled':
+		case 'error':
+		default:
+			return { unlocked: false, modal: { hasBiometry: true, skipAutoBiometry: true } };
+	}
+};

app/lib/methods/helpers/events.ts

@@ -11,6 +11,7 @@ type TEventEmitterEmmitArgs =
 	| { force: boolean }
 	| { hasBiometry: boolean }
 	| { skipAutoBiometry: boolean }
+	| { reason: 'enrollmentChanged' }
 	| { visible: boolean; onCancel?: null | Function }
 	| { cancel: () => void }
 	| { submit: (param: string) => void }