Skip to content

feat: biometric re-authentication timeout for sensitive operations.#718

Merged
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
dot-enny:feature/biometric-timeout
Jun 28, 2026
Merged

feat: biometric re-authentication timeout for sensitive operations.#718
RUKAYAT-CODER merged 1 commit into
rinafcode:mainfrom
dot-enny:feature/biometric-timeout

Conversation

@dot-enny

@dot-enny dot-enny commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Closes #663

Summary

Implemented biometric re-authentication timeout for sensitive operations to prevent unauthorized access. If the user's last biometric challenge occurred more than 5 minutes ago (configurable, minimum 1 minute), sensitive operations will prompt for biometric verification.

Key changes:

  • Added lastBiometricAuth: number | null state and setLastBiometricAuth action to deviceStore.ts.
  • Created a useRequireReauth.ts hook enforcing thresholds and wrapping biometric prompts.
  • Exported the hook via hooks/index.ts.
  • Wrapped account email changes in MobileProfile.tsx to require verification.
  • Added UI settings rows and handlers in MobileSettings.tsx for "Change Payment Method", "View Full Card Number", "Export Personal Data", and "Admin Dashboard", all protected by biometric re-auth.

Type of Change

  • New feature (non-breaking change which adds functionality)

Testing Done

  • Unit Tests
    • Created useRequireReauth.test.ts covering null timestamp, within-threshold, past-threshold, cancellation, and 1-minute minimum limits. All 5/5 tests pass.
    • Verified deviceStore.test.ts passes with changes.

Security Considerations

  • Does this store user data securely (e.g., avoiding plain AsyncStorage for sensitive data)? Yes, uses secure storage integrated into deviceStore/biometrics.
  • Is token handling secure (no token exposure in logs or UI)? Yes.
  • Are all user inputs validated? Yes, email modification uses regex schema verification.
  • Is deep link handling safe from malicious payloads? N/A (unaffected).

Performance Considerations

  • Are React hooks (useCallback, useMemo) used appropriately to prevent unnecessary renders? Yes, wrapped all new handlers and hook functions in useCallback to avoid extra renders.
  • Is FlatList optimized (e.g., using getItemLayout, keyExtractor)? N/A
  • Are asynchronous patterns handled correctly (e.g., useEffect cleanup to avoid memory leaks)? Yes, handles async auth promises correctly.
  • Have bundle size impacts been considered? Yes, minimal impact.

Checklist

  • I have read the CONTRIBUTING guide.
  • My code follows the style guidelines of this project.
  • I have updated the documentation accordingly.
  • Are there architectural changes? If so, is there an Architectural Decision Record (ADR)? No architectural change.

@drips-wave

drips-wave Bot commented Jun 27, 2026

Copy link
Copy Markdown

@dot-enny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@RUKAYAT-CODER

RUKAYAT-CODER commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Thank you for contributing to the project.

@RUKAYAT-CODER RUKAYAT-CODER merged commit f432a14 into rinafcode:main Jun 28, 2026
2 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement] Add biometric re-authentication timeout for sensitive operations

2 participants

@dot-enny @RUKAYAT-CODER