feat(security): Require fingerprint for encryption password change

- The "Remove Encryption" button has been removed from the settings. - Changing the encryption password now exclusively requires fingerprint authentication. - This resolves a crash that occurred when device credential fallback was enabled with a negative button on the biometric prompt. Also includes dependency updates.
2025-11-02 08:10:30 +01:00
parent 34f4caeff2
commit 31d75abf48
5 changed files with 13 additions and 19 deletions
--- a/app/src/main/java/de/lxtools/noteshop/MainActivity.kt
+++ b/app/src/main/java/de/lxtools/noteshop/MainActivity.kt
@@ -226,7 +226,7 @@ class BiometricAuthenticator(private val context: Context) {
            .setTitle(title)
            .setSubtitle(subtitle)
            .setNegativeButtonText(negativeButtonText)
-            .setAllowedAuthenticators(BiometricManager.Authenticators.BIOMETRIC_STRONG or BiometricManager.Authenticators.DEVICE_CREDENTIAL)
+            .setAllowedAuthenticators(BiometricManager.Authenticators.BIOMETRIC_STRONG)
            .build()

        val executor = ContextCompat.getMainExecutor(context)
--- a/app/src/main/java/de/lxtools/noteshop/ui/SettingsScreen.kt
+++ b/app/src/main/java/de/lxtools/noteshop/ui/SettingsScreen.kt
@@ -92,8 +92,8 @@ fun SettingsScreen(
    val listState = rememberLazyListState()

    val authenticateAndProceed: ((() -> Unit) -> Unit) = { successAction ->
-        if (canUseBiometrics && isBiometricUnlockEnabled) {
-            biometricAuthenticator.promptBiometricAuth( // Changed to promptBiometricAuth
+        if (canUseBiometrics) {
+            biometricAuthenticator.promptBiometricAuth(
                title = context.getString(R.string.confirm_to_proceed),
                subtitle = context.getString(R.string.authenticate_to_perform_action),
                negativeButtonText = context.getString(R.string.cancel),
@@ -107,7 +107,7 @@ fun SettingsScreen(
                }
            )
        } else {
-            successAction()
+            android.widget.Toast.makeText(context, R.string.biometrics_not_available, android.widget.Toast.LENGTH_SHORT).show()
        }
    }

@@ -265,6 +265,8 @@ fun SettingsScreen(
                }
            }

+
+
            if (isEncryptionEnabled) {
                if (hasEncryptionPassword && canUseBiometrics) {
                    item {
@@ -306,17 +308,7 @@ fun SettingsScreen(
                        Text(text = stringResource(if (hasEncryptionPassword) R.string.change_encryption_password else R.string.set_encryption_password))
                    }
                }
-                if (hasEncryptionPassword) {
-                    item { Spacer(modifier = Modifier.height(8.dp)) }
-                    item {
-                                            Button(
-                                                onClick = { authenticateAndProceed { onRemoveEncryption() } },
-                                                modifier = Modifier.fillMaxWidth(),
-                                                enabled = canUseBiometrics // Disable if no biometrics
-                                            ) {
-                                                Text(text = stringResource(R.string.remove_encryption))
-                                            }                    }
-                }
+
            }
        }

--- a/app/src/main/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@@ -274,6 +274,7 @@
    <string name="confirm_to_change_password">Bestätigen, um das Verschlüsselungspasswort zu ändern</string>
    <string name="confirm_to_remove_encryption">Bestätigen, um die Verschlüsselung dauerhaft zu entfernen</string>
    <string name="biometric_unlock">Biometrisches Entsperren</string>
+    <string name="biometrics_not_available">Biometrie auf diesem Gerät nicht verfügbar.</string>
    <string name="unlock_failed">Entsperren fehlgeschlagen</string>
    <string name="data_export_successful">Daten erfolgreich exportiert</string>
    <string name="sync_folder_selected">Sync-Ordner ausgewählt</string>
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -276,6 +276,7 @@
    <string name="confirm_to_change_password">Confirm to change encryption password</string>
    <string name="confirm_to_remove_encryption">Confirm to permanently remove encryption</string>
    <string name="biometric_unlock">Biometric Unlock</string>
+    <string name="biometrics_not_available">Biometrics not available on this device.</string>
    <string name="unlock_failed">Unlock failed</string>
    <string name="data_export_successful">Data exported successfully</string>
    <string name="sync_folder_selected">Sync folder selected</string>
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,14 +1,14 @@
 [versions]
 activity-compose = "1.11.0"
-compose-bom = "2025.10.00"
+compose-bom = "2025.10.01"
 espresso-core = "3.7.0"
 junit = "4.13.2"
 junit-version = "1.3.0"
 lifecycle-runtime-ktx = "2.9.4"
 lifecycle-viewmodel-compose = "2.9.4"
 core-ktx = "1.17.0"
-room = "2.8.2"
-ksp = "2.2.20-2.0.4"
+room = "2.8.3"
+ksp = "2.3.0"
 agp = "8.13.0"
 kotlin = "2.2.21"
 reorderable = "3.0.0"
@@ -18,7 +18,7 @@ documentfile = "1.1.0"
 material = "1.13.0"
 compose-markdown = "0.5.7"
 kotlinx-serialization-json = "1.9.0"
-ktor = "2.3.11"
+ktor = "3.3.1"

 [libraries]
 androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "core-ktx" }