Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve PIN handling for creating and importing accounts #1623

Merged
merged 7 commits into from
Jan 20, 2024
Merged

Improve PIN handling for creating and importing accounts #1623

merged 7 commits into from
Jan 20, 2024

Conversation

clangenb
Copy link
Member

@clangenb clangenb commented Jan 19, 2024
edited
Loading

I was about to investigate #1496, where I noticed that the account importing and the PIN querying was much more complicated and obfuscated than necessary (to be fair, parts of the simplifications were only possible after #1618).

Summary of changes:

  • Remove responsibility of the NewAccountStore to also query the pin, as it is not even needed anymore to create new accounts. Simply ask for the PIN if not cached on the Create/Import page. Closes account import fails at first attempt if PIN not cached #1496.
  • There were unnecessary calls to setPin in cases where we only wanted to (runtime-)cache the PIN, but setPin actually persists them to the secure storage. I removed all cases of setPIN except for when actually setting the PIN or changing the PIN.

clangenb
clangenb commented Jan 19, 2024
View reviewed changes
app/lib/modules/login/logic/login_store.dart
Comment on lines +36 to +43
/// Persists the new PIN in the secure storage.
///
/// Attention: This function must be called *exclusively* upon:
/// * Setting the PIN initially
/// * Changing the PIN
Future<void> persistNewPin(String pin) async {
cachedPin = pin;
await loginService.setPin(pin);
await loginService.persistPin(pin);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted this to be more expressive that this is a sensitive operation that should be used with caution.

@clangenb clangenb added A1-bugfix PR fixes a bug B0-low Does not elevate a release containing this beyond "low priority" C0-breaksnothing PR does not introduce any breaking changes labels Jan 19, 2024
@clangenb clangenb changed the title Simplify creating or importing new accounts Improve code paths around PIN handling for creating and importing accounts Jan 19, 2024
@clangenb clangenb changed the title Improve code paths around PIN handling for creating and importing accounts Improve PIN handling for creating and importing accounts Jan 19, 2024
@clangenb clangenb merged commit 1de18c1 into master Jan 20, 2024
20 of 26 checks passed
@clangenb clangenb deleted the cl/profile-import-account-does-not-require-confirm branch January 20, 2024 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A1-bugfix PR fixes a bug B0-low Does not elevate a release containing this beyond "low priority" C0-breaksnothing PR does not introduce any breaking changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

account import fails at first attempt if PIN not cached
1 participant
@clangenb