[Onboarding] Integrate the biometrics

[jrainville]

Description

Found here at point 14. #17045 (comment)

The biometrics need to be hooked correctly to the UI

Acceptance Criteria

• when using a Mac, the prompt to use the biometrics shows when the design shows it

[igor-sirotin]

Keychain component being is implemented here:

• feat: Keychain QML Item #17166

For the integration, this has to be done:

• Instantiate Keychain item:

  Keychain {
      id: keychain
      service: "StatusDesktop"
      reason: qsTr("authenticate you")
  }

• Call keychain.getCredential(keyUid) to get the password
• Call keychain.saveCredential(keyUid, password) to save the password
• keychain.loading property will be true when waiting for user's fingerprint
• On non-MacOS systems all methods will return false or an empty string.

cc @micieslak

[caybro]

In the UI we have these props in LoginScreen:

property bool biometricsAvailable: Qt.platform.os === Constants.mac
property bool isBiometricsLogin // old code: `localAccountSettings.storeToKeychainValue === Constants.keychain.storedValue.store`

// emitted when the user wants to try the biometrics prompt again
signal biometricsRequested()

Then we need to figure out the moment/place where to ask the keychain for the credentials. Additionally we should invoke/display the OS biometrics popup again when the user requests it explicitely via the biometricsRequested() signal.

Furthermore, the LoginScreen expects and reacts to these signals coming from the OnboardingStore:

// biometrics
signal obtainingPasswordSuccess(string password)
signal obtainingPasswordError(string errorDescription, string errorType /* Constants.keychain.errorType.* */, bool wrongFingerprint)

and uses those to either fill the UI with password/pin, or to display an error

[igor-sirotin]

As for the isBiometricsLogin, it seems that MacOS API provides a way to check if the item exists (not read it's value) in the Keychain without prompting for Biometrics/password. If yes, we should reuse it to check if the biometrics is available for the account.

didn't test this:

#import <Security/Security.h>

BOOL keychainItemExists(NSString *service, NSString *account) {
    NSDictionary *query = @{
        (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
        (__bridge id)kSecAttrService: service,
        (__bridge id)kSecAttrAccount: account,
        (__bridge id)kSecReturnAttributes: @NO // Do not return sensitive data
    };
    
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, NULL);
    
    return (status == errSecSuccess);
}