[Enhancement] Add biometric re-authentication timeout for sensitive operations

[RUKAYAT-CODER]

Overview

After initial biometric login, the app never prompts for re-authentication — even for sensitive operations like changing payment method, viewing full card number, exporting data, or changing account email. If a user leaves their device unattended while the app is open, anyone with physical access can perform these sensitive operations without the owner's knowledge.

Specifications

Features:

• Sensitive operations require re-authentication if last biometric challenge > 5 minutes ago
• requireReauth HOC/hook wrapping sensitive operation handlers
• Last auth timestamp stored in deviceStore
• Configurable threshold (default 5 minutes, minimum 1 minute)

Tasks:

• Add lastBiometricAuth: number | null to deviceStore
• Create useRequireReauth(threshold?: number) hook
• Hook checks Date.now() - lastBiometricAuth > threshold; if true, triggers biometric prompt
• Wrap payment method change, email change, data export, and admin actions
• Add unit test for within-threshold and past-threshold scenarios

Impacted Files:

• src/store/slices/deviceStore.ts
• src/hooks/useRequireReauth.ts (create)
• Payment and account settings components

Acceptance Criteria

• Payment method change requires biometric challenge if > 5 minutes since last auth
• Challenge within 5-minute window skipped (smooth UX)
• Biometric cancel blocks the sensitive operation
• Unit tests cover within-threshold, past-threshold, and cancel scenarios

[MaimunaY]

@MaimunaY has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi Maintainer, I am a SWE, and I've reviewed the requirements of Issue #663 and have a clean, efficient fix ready to go. With your permission I'd be glad to resolve this issue. Thank you.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @MaimunaY to this issue.

[dot-enny]

@dot-enny has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi, i think i can handle this.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @dot-enny to this issue.

[AlphaMaleBaDI]

@AlphaMaleBaDI has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I will inplement biometric re-authentication timeout constraints for sensitive application operations to harden user data security bounds.

To deliver a pristine, 100% compliant security architecture matching all stated acceptance criteria, I plan to:

• Extend the deviceStore schema within src/store/slices/deviceStore.ts to cleanly support and track an optional lastBiometricAuth: number | null validation timestamp.
• Design and author the isolated React Hook src/hooks/useRequireReauth.ts accepting an optional threshold constraint (defaulting directly to 5 minutes, enforcing a 1-minute minimum fallback bound).
• Code the core hook checking logic to subtract the cached lastBiometricAuth marker from standard machine epoch values (Date.now()); if the duration is exceeded, it will fire an asynchronous biometric request.
• Route and wrap the high-leverage execution handlers governing payment method adjustments, email address changes, historical data exports, and administration actions behind this authentication guard.
• Formulate precise unit tests covering immediate pass-through checks inside the 5-minute sweet spot, explicit step-up prompts for expired states, and systematic event blocking on challenge cancellations.

Since my local workspace is perfectly calibrated for React Native/Mobile security architectures and state slices, I can jump straight into the hook layers and deliver a polished PR immediately. Ready to lock it in!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @AlphaMaleBaDI to this issue.

[collinsezedike]

@collinsezedike has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

GM Rukayat,

I've built re-auth gating like this before. The part that matters most is the cancel path. If the user dismisses the biometric prompt, the sensitive operation must not proceed under any circumstance, not even a default-allow fallback if the biometric API throws unexpectedly.

Here's my plan:

• Add lastBiometricAuth: number | null to deviceStore.ts, updated on every successful biometric challenge
• Create useRequireReauth(threshold = 5 * 60 * 1000) checking Date.now() - lastBiometricAuth > threshold
• If the threshold is exceeded, trigger the biometric prompt and only update lastBiometricAuth and allow the operation on success
• On cancel or any biometric error, block the operation and surface a clear message rather than failing open
• Wrap payment method change, email change, data export, and admin action handlers with the hook
• Tests: within-threshold skips the prompt, past-threshold triggers it, and cancel correctly blocks the operation

Happy to start as soon as I'm assigned.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @collinsezedike to this issue.

[Jerry-Tekh]

@Jerry-Tekh has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi Repo Manager, I’ll take this.

I’ll add biometric re-auth to rinafcode/teachLink_mobile: lastBiometricAuth in deviceStore, useRequireReauth hook with 5-min default, wrap payment/email/data export flows, and full unit tests for within-threshold, past-threshold, and cancel cases.

Please assign me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Jerry-Tekh to this issue.

[drips-wave]

Congratulations, @dot-enny! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @dot-enny: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊