diff --git a/ui/BankingiOSApp/BankingiOSApp.xcodeproj/project.pbxproj b/ui/BankingiOSApp/BankingiOSApp.xcodeproj/project.pbxproj index c6d5dfa2..3f4cc39a 100644 --- a/ui/BankingiOSApp/BankingiOSApp.xcodeproj/project.pbxproj +++ b/ui/BankingiOSApp/BankingiOSApp.xcodeproj/project.pbxproj @@ -50,6 +50,8 @@ 3684EB90250B7F560001139E /* BankingUiCommon.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 3684EB8E250B7F3C0001139E /* BankingUiCommon.framework */; }; 3684EB92250FD4AF0001139E /* LabelledValue.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3684EB91250FD4AF0001139E /* LabelledValue.swift */; }; 3684EB94250FD75B0001139E /* CustomUITextField.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3684EB93250FD75B0001139E /* CustomUITextField.swift */; }; + 36B70FA52536611000734588 /* CryptoSwift in Frameworks */ = {isa = PBXBuildFile; productRef = 36B70FA42536611000734588 /* CryptoSwift */; }; + 36B70FAA2536695800734588 /* Stopwatch.swift in Sources */ = {isa = PBXBuildFile; fileRef = 36B70FA92536695800734588 /* Stopwatch.swift */; }; 36B8A4482503D12100C15359 /* ProtectAppSettingsDialog.swift in Sources */ = {isa = PBXBuildFile; fileRef = 36B8A4472503D12100C15359 /* ProtectAppSettingsDialog.swift */; }; 36B8A44B2503D1E800C15359 /* BiometricAuthenticationService.swift in Sources */ = {isa = PBXBuildFile; fileRef = 36B8A44A2503D1E800C15359 /* BiometricAuthenticationService.swift */; }; 36B8A44D2503D96D00C15359 /* AuthenticationService.swift in Sources */ = {isa = PBXBuildFile; fileRef = 36B8A44C2503D96D00C15359 /* AuthenticationService.swift */; }; @@ -307,6 +309,7 @@ 361A0CD0252AA1AB007E25DD /* Security.framework in Frameworks */, 3684EB90250B7F560001139E /* BankingUiCommon.framework in Frameworks */, 36BCF86924BA550D005BEC29 /* BankFinder.framework in Frameworks */, + 36B70FA52536611000734588 /* CryptoSwift in Frameworks */, 36BCF85E24BA4DA8005BEC29 /* MultiplatformUtils.framework in Frameworks */, 36FC92D024B39C47002B12E9 /* fints4k.framework in Frameworks */, 36BCF87024BB0F8A005BEC29 /* fints4kBankingClient.framework in Frameworks */, @@ -652,6 +655,7 @@ name = BankingiOSApp; packageProductDependencies = ( 36BE06BF24D07CCD00CBBB68 /* SwiftSoup */, + 36B70FA42536611000734588 /* CryptoSwift */, ); productName = BankingiOSApp; productReference = 36FC929824B39A05002B12E9 /* Bankmeister.app */; @@ -732,6 +736,7 @@ mainGroup = 36FC928F24B39A05002B12E9; packageReferences = ( 36BE06BE24D07CCC00CBBB68 /* XCRemoteSwiftPackageReference "SwiftSoup" */, + 36B70FA32536611000734588 /* XCRemoteSwiftPackageReference "CryptoSwift" */, ); productRefGroup = 36FC929924B39A05002B12E9 /* Products */; projectDirPath = ""; @@ -1367,6 +1372,14 @@ /* End XCConfigurationList section */ /* Begin XCRemoteSwiftPackageReference section */ + 36B70FA32536611000734588 /* XCRemoteSwiftPackageReference "CryptoSwift" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/krzyzanowskim/CryptoSwift.git"; + requirement = { + kind = upToNextMajorVersion; + minimumVersion = 1.3.2; + }; + }; 36BE06BE24D07CCC00CBBB68 /* XCRemoteSwiftPackageReference "SwiftSoup" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/scinfu/SwiftSoup.git"; @@ -1378,6 +1391,11 @@ /* End XCRemoteSwiftPackageReference section */ /* Begin XCSwiftPackageProductDependency section */ + 36B70FA42536611000734588 /* CryptoSwift */ = { + isa = XCSwiftPackageProductDependency; + package = 36B70FA32536611000734588 /* XCRemoteSwiftPackageReference "CryptoSwift" */; + productName = CryptoSwift; + }; 36BE06BF24D07CCD00CBBB68 /* SwiftSoup */ = { isa = XCSwiftPackageProductDependency; package = 36BE06BE24D07CCC00CBBB68 /* XCRemoteSwiftPackageReference "SwiftSoup" */; diff --git a/ui/BankingiOSApp/BankingiOSApp/Security/AuthenticationService.swift b/ui/BankingiOSApp/BankingiOSApp/Security/AuthenticationService.swift index 7b34aa00..3c237e93 100644 --- a/ui/BankingiOSApp/BankingiOSApp/Security/AuthenticationService.swift +++ b/ui/BankingiOSApp/BankingiOSApp/Security/AuthenticationService.swift @@ -19,6 +19,11 @@ class AuthenticationService { init(_ persistence: IBankingPersistence) { self.persistence = persistence + if UserDefaults.standard.bool(forKey: "hasAppBeenStartedBefore", defaultValue: false) == false { // when uninstalling app key chain items aren't deleted -> delete them after reinstall + deleteAllKeyChainItems() + UserDefaults.standard.setValue(true, forKey: "hasAppBeenStartedBefore") + } + if let type = readAuthenticationType() { self.authenticationType = type @@ -26,7 +31,7 @@ class AuthenticationService { openDatabase(false, nil) } } - else { // first app run, no authentication type persisted yet -> set to .unprotected + else { // first app run, no authentication type persisted yet -> set default password removeAppProtection() openDatabase(false, nil) } @@ -162,6 +167,16 @@ class AuthenticationService { self.authenticationType = type } + private func deleteAuthenticationTypeKeychainItem() { + do { + let item = createAuthenticationTypeKeychainItem() + + try item.deleteItem() + } catch { + NSLog("Could not delete authentication type keychain item: \(error)") + } + } + private func createAuthenticationTypeKeychainItem() -> KeychainPasswordItem { return KeychainPasswordItem(Self.AuthenticationTypeKeychainAccountName) } @@ -229,6 +244,32 @@ class AuthenticationService { return nil } + @discardableResult + private func deleteDefaultPassword(_ useBiometricAuthentication: Bool) -> Bool { + do { + let passwordItem = createDefaultPasswordKeychainItem(useBiometricAuthentication) + + return deleteDefaultPassword(passwordItem) + } catch { + NSLog("Could not delete default password: \(error)") + } + + return false + } + + @discardableResult + private func deleteDefaultPassword(_ passwordItem: KeychainPasswordItem) -> Bool { + do { + try? passwordItem.deleteItem() + + return true + } catch { + NSLog("Could not delete default password: \(error)") + } + + return false + } + private func createDefaultPasswordKeychainItem(_ useBiometricAuthentication: Bool) -> KeychainPasswordItem { var accessControl: SecAccessControl? = nil var context: LAContext? = nil @@ -294,6 +335,16 @@ class AuthenticationService { } + private func deleteAllKeyChainItems() { + deleteAuthenticationTypeKeychainItem() + + deleteDefaultPassword(false) // TODO: which boolean value to set here? does it make any difference if it comes to deleting the key chain item?a + deleteDefaultPassword(true) + + deleteLoginPassword() + } + + private func generateRandomPassword(_ passwordLength: Int) -> String { let dictionary = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789§±!@#$%^&*-_=+;:|/?.>,<"