bug/9615-BiometricLoginRefreshTokenFix

VAMobile/ios/Podfile.lock

@@ -1425,7 +1425,7 @@ PODS:
     - React-Core
   - react-native-safe-area-context (4.10.9):
     - React-Core
-  - react-native-webview (13.10.4):
+  - react-native-webview (13.12.3):
     - DoubleConversion
     - glog
     - hermes-engine
@@ -1763,9 +1763,28 @@ PODS:
     - ReactCommon/turbomodule/bridging
     - ReactCommon/turbomodule/core
     - Yoga
-  - RNKeychain (8.2.0):
+  - RNKeychain (9.2.1):
+    - DoubleConversion
+    - glog
+    - hermes-engine
+    - RCT-Folly (= 2024.01.01.00)
+    - RCTRequired
+    - RCTTypeSafety
     - React-Core
-  - RNLocalize (3.2.1):
+    - React-debug
+    - React-Fabric
+    - React-featureflags
+    - React-graphics
+    - React-ImageManager
+    - React-NativeModulesApple
+    - React-RCTFabric
+    - React-rendererdebug
+    - React-utils
+    - ReactCodegen
+    - ReactCommon/turbomodule/bridging
+    - ReactCommon/turbomodule/core
+    - Yoga
+  - RNLocalize (3.3.0):
     - React-Core
   - RNReactNativeHapticFeedback (2.3.3):
     - DoubleConversion
@@ -2121,7 +2140,7 @@ EXTERNAL SOURCES:
 
 SPEC CHECKSUMS:
   boost: 4cb898d0bf20404aab1850c656dcea009429d6c1
-  DoubleConversion: fea03f2699887d960129cc54bba7e52542b6f953
+  DoubleConversion: 76ab83afb40bddeeee456813d9c04f67f78771b5
   FBLazyVector: 7b438dceb9f904bd85ca3c31d64cce32a035472b
   Firebase: 10c8cb12fb7ad2ae0c09ffc86cd9c1ab392a0031
   FirebaseABTesting: d87f56707159bae64e269757a6e963d490f2eebe
@@ -2137,7 +2156,7 @@ SPEC CHECKSUMS:
   FirebaseSessions: dbd14adac65ce996228652c1fc3a3f576bdf3ecc
   FirebaseSharedSwift: 20530f495084b8d840f78a100d8c5ee613375f6e
   fmt: 4c2741a687cc09f0634a2e2c72a838b99f1ff120
-  glog: c5d68082e772fa1c511173d6b30a9de2c05a69a2
+  glog: 69ef571f3de08433d766d614c73a9838a06bf7eb
   GoogleAppMeasurement: bb3c564c3efb933136af0e94899e0a46167466a8
   GoogleDataTransport: 6c09b596d841063d76d4288cc2d2f42cc36e1e2a
   GoogleUtilities: ea963c370a38a8069cc5f7ba4ca849a60b6d7d15
@@ -2184,7 +2203,7 @@ SPEC CHECKSUMS:
   react-native-image-picker: 2fbbafdae7a7c6db9d25df2f2b1db4442d2ca2ad
   react-native-notifications: 4601a5a8db4ced6ae7cfc43b44d35fe437ac50c4
   react-native-safe-area-context: ab8f4a3d8180913bd78ae75dd599c94cce3d5e9a
-  react-native-webview: fbafd1591cd068bd599f0d1afb0ddc19718908fa
+  react-native-webview: 926d2665cf3196e39c4449a72d136d0a53b9df8a
   React-nativeconfig: 4a9543185905fe41014c06776bf126083795aed9
   React-NativeModulesApple: 0506da59fc40d2e1e6e12a233db5e81c46face27
   React-perflogger: 3bbb82f18e9ac29a1a6931568e99d6305ef4403b
@@ -2222,15 +2241,15 @@ SPEC CHECKSUMS:
   RNFBRemoteConfig: bfb9f6a04a0269038a352d8386e5c77f4ff98125
   RNFileViewer: ce7ca3ac370e18554d35d6355cffd7c30437c592
   RNGestureHandler: 939f21fabf5d45a725c0bf175eb819dd25cf2e70
-  RNKeychain: bfe3d12bf4620fe488771c414530bf16e88f3678
-  RNLocalize: 4f22418187ecd5ca693231093ff1d912d1b3c9bc
+  RNKeychain: dcd1e815934f8657555f82b033800705a4cae4ba
+  RNLocalize: 298e85ce16540a11de40c1a588ead39fc5e9a072
   RNReactNativeHapticFeedback: 0d591ea1e150f36cb96d868d4e8d77272243d78a
   RNScreens: 19719a9c326e925498ac3b2d35c4e50fe87afc06
   RNSVG: 963a95f1f5d512a13d11ffd50d351c87fb5c6890
   SDWebImage: 8a6b7b160b4d710e2a22b6900e25301075c34cb3
   SDWebImageWebPCoder: e38c0a70396191361d60c092933e22c20d5b1380
   SocketRocket: abac6f5de4d4d62d24e11868d7a2f427e0ef940d
-  Yoga: 1354c027ab07c7736f99a3bef16172d6f1b12b47
+  Yoga: 4ef80d96a5534f0e01b3055f17d1e19a9fc61b63
 
 PODFILE CHECKSUM: 528e5ac3a06c35c8645d8271610e36fdcca33735
 

VAMobile/ios/VAMobile.xcodeproj/project.pbxproj

@@ -495,6 +495,7 @@
 				"${PODS_CONFIGURATION_BUILD_DIR}/React-cxxreact/React-cxxreact_privacy.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/SDWebImage/SDWebImage.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/boost/boost_privacy.bundle",
+				"${PODS_CONFIGURATION_BUILD_DIR}/glog/glog_privacy.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/react-native-blob-util/ReactNativeBlobUtilPrivacyInfo.bundle",
 			);
 			name = "[CP] Copy Pods Resources";
@@ -512,6 +513,7 @@
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/React-cxxreact_privacy.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/SDWebImage.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/boost_privacy.bundle",
+				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/glog_privacy.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/ReactNativeBlobUtilPrivacyInfo.bundle",
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -552,6 +554,7 @@
 				"${PODS_CONFIGURATION_BUILD_DIR}/React-cxxreact/React-cxxreact_privacy.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/SDWebImage/SDWebImage.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/boost/boost_privacy.bundle",
+				"${PODS_CONFIGURATION_BUILD_DIR}/glog/glog_privacy.bundle",
 				"${PODS_CONFIGURATION_BUILD_DIR}/react-native-blob-util/ReactNativeBlobUtilPrivacyInfo.bundle",
 			);
 			name = "[CP] Copy Pods Resources";
@@ -569,6 +572,7 @@
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/React-cxxreact_privacy.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/SDWebImage.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/boost_privacy.bundle",
+				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/glog_privacy.bundle",
 				"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/ReactNativeBlobUtilPrivacyInfo.bundle",
 			);
 			runOnlyForDeploymentPostprocessing = 0;

VAMobile/jest/testSetup.ts

@@ -133,6 +133,14 @@ jest.mock('react-native-keychain', () => {
       SECURE_HARDWARE: 'SECURE_HARDWARE',
       ANY: 'ANY',
     },
+    STORAGE_TYPE: {
+      FB: 'MOCK_FacebookConceal',
+      AES: 'MOCK_KeystoreAESGCM',
+      AES_GCM: 'MOCK_KeystoreAESCBC',
+      AES_GCM_NO_AUTH: 'MOCK_KeystoreAESGCMNoAuth',
+      RSA: 'MOCK_KeystoreRSAECB',
+      KC: 'MOCK_keychain',
+    },
     SECURITY_LEVEL_ANY: 'MOCK_SECURITY_LEVEL_ANY',
     SECURITY_LEVEL_SECURE_SOFTWARE: 'MOCK_SECURITY_LEVEL_SECURE_SOFTWARE',
     SECURITY_LEVEL_SECURE_HARDWARE: 'MOCK_SECURITY_LEVEL_SECURE_HARDWARE',

VAMobile/package.json

@@ -73,7 +73,7 @@
     "react-native-haptic-feedback": "^2.3.3",
     "react-native-image-picker": "^7.1.2",
     "react-native-keyboard-manager": "^6.5.11-2",
-    "react-native-keychain": "^9.1.0",
+    "react-native-keychain": "^9.2.0",
     "react-native-localize": "^3.3.0",
     "react-native-notifications": "^5.1.0",
     "react-native-safe-area-context": "^4.10.9",

VAMobile/src/store/slices/authSlice.sis.test.ts

@@ -277,10 +277,12 @@ context('authAction SIS', () => {
 
         // we shouldn't be logged in until the user decides how to store refreshToken
         expect(authState.loggedIn).toBeTruthy()
-        const expectedOpts = expect.objectContaining({
+        const expectedOpts = {
           accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
           accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
-        })
+          securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
+          storage: Keychain.STORAGE_TYPE.AES_GCM,
+        }
         expect(Keychain.setInternetCredentials).toHaveBeenCalledWith('vamobile', 'user', nonce, expectedOpts)
       })
     })
@@ -481,12 +483,17 @@ context('authAction SIS', () => {
         },
         body: `refresh_token=${testRefreshToken}`,
       })
-
+      const expectedOpts = {
+        accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
+        accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
+        securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
+        storage: Keychain.STORAGE_TYPE.AES_GCM,
+      }
       console.debug(testRefreshToken)
       console.debug(tokenPayload)
       expect(fetch).toHaveBeenCalledWith(tokenUrl, tokenPayload)
       console.debug(testRefreshToken)
-      expect(Keychain.setInternetCredentials).toHaveBeenCalledWith('vamobile', 'user', nonce, expect.anything())
+      expect(Keychain.setInternetCredentials).toHaveBeenCalledWith('vamobile', 'user', nonce, expectedOpts)
       expect(AsyncStorage.setItem).toHaveBeenCalledWith('@store_creds_bio', 'BIOMETRIC')
 
       const state = store.getState().auth

VAMobile/src/store/slices/authSlice.ts

@@ -318,6 +318,7 @@ const saveRefreshToken = async (refreshToken: string): Promise<void> => {
       accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
       accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
       securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
+      storage: Keychain.STORAGE_TYPE.AES_GCM,
     }
     console.debug('saveRefreshToken:', options)
     console.debug('saveRefreshToken: saving refresh token to keychain')

VAMobile/yarn.lock

@@ -9267,10 +9267,10 @@ react-native-keyboard-manager@^6.5.11-2:
   resolved "https://registry.yarnpkg.com/react-native-keyboard-manager/-/react-native-keyboard-manager-6.5.11-2.tgz#3d8cc8abb70ff4afe330dc83318dcbd30724fc18"
   integrity sha512-YpU7Ek7CZZbT06x8X6G/wwUjL915AOwWho/vxxlj7Dm3CljzmSHAJu4TwR7oCTihoD82W+fA1mUmozmYJYrDGg==
 
-react-native-keychain@^9.1.0:
-  version "9.1.0"
-  resolved "https://registry.yarnpkg.com/react-native-keychain/-/react-native-keychain-9.1.0.tgz#c31a5e0e23268682bc0823b1805d29b9054528fd"
-  integrity sha512-txBVnhO/AVg+j6lrKe9cL/HPpb5BNHYYBRg/6lzbxKe8AsNqp639wq0nN8/IdkUCPjSezN8Pgp142HNomgqk4Q==
+react-native-keychain@^9.2.0:
+  version "9.2.1"
+  resolved "https://registry.yarnpkg.com/react-native-keychain/-/react-native-keychain-9.2.1.tgz#64967dfd39497fa5392740cf0126d4afad1e9574"
+  integrity sha512-8tABv6o/XyicIBzpbfhknhPvx4PlctANUopN/UR09yq/onpIKAH5AhUGrMXw7/cXOnMuorxqBGjUtsQFDCdWJg==
 
 react-native-localize@^3.3.0:
   version "3.3.0"