fix(ui): Login attempts not reset after successful biometrics login#1577
fix(ui): Login attempts not reset after successful biometrics login#1577Sotatek-DukeVu wants to merge 1 commit intodevelopfrom
Conversation
Sotatek-DukeVu
requested review from
iFergal,
jimcase,
jorgenavben,
rcmorano and
sdisalvo-crd
as code owners
Sotatek-DukeVu
removed request for
iFergal,
jorgenavben,
rcmorano and
sdisalvo-crd
Sotatek-DukeVu
changed the title
| try { | ||
| await disablePrivacy(); | ||
| authenResult = await handleBiometricAuth(); | ||
| await resetLoginAttempt(); |
There was a problem hiding this comment.
The resetLoginAttempt() call is placed immediately after handleBiometricAuth() without checking the result.
If handleBiometricAuth() returns FAILURE, USER_CANCELLED, or NOT_AVAILABLE, the passcode attempt counter will still be reset. This could potentially allow an attacker to bypass the "max attempts" lockout for passcode guessing by simply toggling the biometric prompt (starting and cancelling it) to reset their counter
| }); | ||
| }); | ||
|
|
||
| test("Reset login attempt after login by biometric auth", async () => { |
There was a problem hiding this comment.
It actually uses passcodeFiller to log in, not biometrics. It mocks verifySecretMock (passcode check) to true. This tests that passcode login resets attempts (which is expected but irrelevant to the PR).
This test should likely use handleBiometricAuthMock resolving to SUCCESS to actually test the biometric flow, similar to the updated Login using biometrics test.
Also, there is no test verifying that resetLoginAttemptsMock is NOT called when biometric auth fails or is cancelled.
2 participants
Description
Please include a summary of the changes and a brief description about this PR.
Checklist before requesting a review
Issue ticket number and link
Testing & Validation
Design Review
Screen.Recording.2026-02-05.at.15.49.10.mov