feat(security): Always require fingerprint to unlock items

- The biometric prompt will now always be shown when unlocking a shopping list, note, or recipe, regardless of other settings.
2025-11-02 09:16:12 +01:00
parent f41dbbe4ae
commit e8a392aafc
1 changed files with 30 additions and 41 deletions
--- a/app/src/main/java/de/lxtools/noteshop/MainActivity.kt
+++ b/app/src/main/java/de/lxtools/noteshop/MainActivity.kt
@@ -1760,47 +1760,36 @@ fun AppShell(
                            secretKey = secretKey,
                            fileEncryptor = fileEncryptor,
                            onUnlockClick = {
-                                scope.launch {
-                                    if (secretKey != null) {
-                                        // Key already exists, decrypt directly
-                                        shoppingListsViewModel.toggleListLock(
-                                            selectedListId!!,
-                                            secretKey,
-                                            fileEncryptor
-                                        )
-                                    } else {
-                                        // No session key, prompt for authentication
-                                        val cipher = keyManager.getDecryptionCipher()
-                                        if (cipher != null) {
-                                            val crypto = BiometricPrompt.CryptoObject(cipher)
-                                            val activity =
-                                                context.findActivity() as FragmentActivity
-                                            biometricAuthenticator.promptBiometricAuth(
-                                                title = context.getString(R.string.unlock_list),
-                                                subtitle = "",
-                                                negativeButtonText = context.getString(R.string.cancel),
-                                                fragmentActivity = activity,
-                                                crypto = crypto,
-                                                onSuccess = { result ->
-                                                    result.cryptoObject?.cipher?.let { authenticatedCipher ->
-                                                        scope.launch {
-                                                            val key =
-                                                                keyManager.getSecretKeyFromAuthenticatedCipher(
-                                                                    authenticatedCipher
-                                                                )
-                                                            shoppingListsViewModel.toggleListLock(
-                                                                selectedListId!!,
-                                                                key,
-                                                                fileEncryptor
-                                                            )
-                                                        }
-                                                    }
-                                                },
-                                                onFailed = {},
-                                                onError = { _, _ -> }
-                                            )
-                                        }
-                                    }
+                                // Always prompt for authentication
+                                val cipher = keyManager.getDecryptionCipher()
+                                if (cipher != null) {
+                                    val crypto = BiometricPrompt.CryptoObject(cipher)
+                                    val activity =
+                                        context.findActivity() as FragmentActivity
+                                    biometricAuthenticator.promptBiometricAuth(
+                                        title = context.getString(R.string.unlock_list),
+                                        subtitle = "",
+                                        negativeButtonText = context.getString(R.string.cancel),
+                                        fragmentActivity = activity,
+                                        crypto = crypto,
+                                        onSuccess = { result ->
+                                            result.cryptoObject?.cipher?.let { authenticatedCipher ->
+                                                scope.launch {
+                                                    val key =
+                                                        keyManager.getSecretKeyFromAuthenticatedCipher(
+                                                            authenticatedCipher
+                                                        )
+                                                    shoppingListsViewModel.toggleListLock(
+                                                        selectedListId!!,
+                                                        key,
+                                                        fileEncryptor
+                                                    )
+                                                }
+                                            }
+                                        },
+                                        onFailed = {},
+                                        onError = { _, _ -> }
+                                    )
                                }
                            }
                        )