Changes to Credit Card Autofill behaviour (#1928)

Task/Issue URL: https://app.asana.com/0/1175293949586521/1206085730384194/f
Tech Design URL:
CC:

Description:
Updates Credit Card autofill to always require device authentication before filling forms (with 10 second grace period)

Author: amddg44

DuckDuckGo.xcodeproj/project.pbxproj

@@ -12752,7 +12752,7 @@
 			repositoryURL = "https://github.com/duckduckgo/BrowserServicesKit";
 			requirement = {
 				kind = exactVersion;
-				version = 92.0.3;
+				version = 92.0.4;
 			};
 		};
 		AA06B6B52672AF8100F541C5 /* XCRemoteSwiftPackageReference "Sparkle" */ = {

DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -14,8 +14,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/duckduckgo/BrowserServicesKit",
       "state" : {
-        "revision" : "5ca0b3d915ab73de43744db40edf41c1d5060034",
-        "version" : "92.0.3"
+        "revision" : "33e55105acc9d6d69ae1326fd5c506cefb89d5cc",
+        "version" : "92.0.4"
       }
     },
     {
@@ -32,8 +32,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/duckduckgo/duckduckgo-autofill.git",
       "state" : {
-        "revision" : "93677cc02cfe650ce7f417246afd0e8e972cd83e",
-        "version" : "10.0.0"
+        "revision" : "dbecae0df07650a21b5632a92fa2e498c96af7b5",
+        "version" : "10.0.1"
       }
     },
     {

DuckDuckGo/Autofill/ContentOverlayViewController.swift

@@ -302,7 +302,7 @@ extension ContentOverlayViewController: SecureVaultManagerDelegate {
     }
 
     public func secureVaultManager(_: SecureVaultManager, didRequestAuthenticationWithCompletionHandler handler: @escaping (Bool) -> Void) {
-        DeviceAuthenticator.shared.authenticateUser(reason: .autofill) { authenticationResult in
+        DeviceAuthenticator.shared.authenticateUser(reason: .autofillCreditCards) { authenticationResult in
             handler(authenticationResult.authenticated)
         }
     }

DuckDuckGo/Common/Localizables/UserText.swift

@@ -374,8 +374,8 @@ struct UserText {
     static let autofillAutoLock = NSLocalizedString("autofill.auto-lock", value: "Auto-lock", comment: "Autofill settings section title")
     static let autofillLockWhenIdle = NSLocalizedString("autofill.lock-when-idle", value: "Lock Autofill after computer is idle for", comment: "Autofill auto-lock setting")
     static let autofillNeverLock = NSLocalizedString("autofill.never-lock", value: "Never lock Autofill", comment: "Autofill auto-lock setting")
-    static let autofillNeverLockWarning = NSLocalizedString("autofill.never-lock-warning", value: "Anyone with access to your device will be able to use and modify your Autofill data if not locked.", comment: "Autofill disabled auto-lock warning")
-    static let autolockLocksFormFill = NSLocalizedString("autofill.autolock-locks-form-filling", value: "Also lock access to Login and Credit Card form fill.", comment: "Lock form filling when auto-lock is active text")
+    static let autofillNeverLockWarning = NSLocalizedString("autofill.never-lock-warning", value: "If not locked, anyone with access to your device will be able to use and modify your autofill data. For security purposes, saved credit cards always require authentication.", comment: "Autofill disabled auto-lock warning")
+    static let autolockLocksFormFill = NSLocalizedString("autofill.autolock-locks-form-filling", value: "Also lock password form fill", comment: "Lock form filling when auto-lock is active text")
 
 
     static let downloadsLocation = NSLocalizedString("downloads.location", value: "Location", comment: "Downloads directory location")

DuckDuckGo/DeviceAuthentication/DeviceAuthenticator.swift

@@ -34,13 +34,14 @@ final class DeviceAuthenticator: UserAuthenticating {
 
     enum AuthenticationReason {
         case autofill
+        case autofillCreditCards
         case changeLoginsSettings
         case unlockLogins
         case exportLogins
 
         var localizedDescription: String {
             switch self {
-            case .autofill: return UserText.pmAutoLockPromptAutofill
+            case .autofill, .autofillCreditCards: return UserText.pmAutoLockPromptAutofill
             case .changeLoginsSettings: return UserText.pmAutoLockPromptChangeLoginsSettings
             case .unlockLogins: return UserText.pmAutoLockPromptUnlockLogins
             case .exportLogins: return UserText.pmAutoLockPromptExportLogins
@@ -50,6 +51,7 @@ final class DeviceAuthenticator: UserAuthenticating {
 
     internal enum Constants {
         static var intervalBetweenIdleChecks: TimeInterval = 1
+        static var intervalBetweenCreditCardAutofillChecks: TimeInterval = 10
     }
 
     static var deviceSupportsBiometrics: Bool {
@@ -91,6 +93,7 @@ final class DeviceAuthenticator: UserAuthenticating {
     private let queue = DispatchQueue(label: "Device Authenticator Queue")
 
     private var timer: Timer?
+    private var timerCreditCard: Timer?
 
     private var _isAuthenticating: Bool = false
     private var _deviceIsLocked: Bool = false
@@ -144,7 +147,7 @@ final class DeviceAuthenticator: UserAuthenticating {
     }
 
     func authenticateUser(reason: AuthenticationReason, result: @escaping (DeviceAuthenticationResult) -> Void) {
-        guard requiresAuthentication else {
+        guard (reason == .autofillCreditCards && creditCardTimeIntervalExpired()) || requiresAuthentication else {
             result(.success)
             return
         }
@@ -162,6 +165,7 @@ final class DeviceAuthenticator: UserAuthenticating {
             if authenticationResult.authenticated {
                 // Now that the user has unlocked the device, begin the idle timer again.
                 self.beginIdleCheckTimer()
+                self.beginCreditCardAutofillTimer()
             }
 
             result(authenticationResult)
@@ -233,4 +237,36 @@ final class DeviceAuthenticator: UserAuthenticating {
         }
     }
 
+    // MARK: - Credit Card Autofill Timer
+
+    private func beginCreditCardAutofillTimer() {
+        os_log("Beginning credit card autofill timer", log: .autoLock)
+
+        self.timerCreditCard?.invalidate()
+        self.timerCreditCard = nil
+
+        let timer = Timer(timeInterval: Constants.intervalBetweenCreditCardAutofillChecks, repeats: false) { [weak self] _ in
+            guard let self = self else {
+                return
+            }
+            self.cancelCreditCardAutofillTimer()
+        }
+
+        self.timerCreditCard = timer
+        RunLoop.current.add(timer, forMode: .common)
+    }
+
+    private func cancelCreditCardAutofillTimer() {
+        os_log("Cancelling credit card autofill timer", log: .autoLock)
+        self.timerCreditCard?.invalidate()
+        self.timerCreditCard = nil
+    }
+
+    private func creditCardTimeIntervalExpired() -> Bool {
+        guard let timer = timerCreditCard else {
+            return true
+        }
+        return timer.timeInterval >= Constants.intervalBetweenCreditCardAutofillChecks
+    }
+
 }

LocalPackages/Account/Package.swift

@@ -12,7 +12,7 @@ let package = Package(
             targets: ["Account"]),
     ],
     dependencies: [
-        .package(url: "https://github.com/duckduckgo/BrowserServicesKit", exact: "92.0.3"),
+        .package(url: "https://github.com/duckduckgo/BrowserServicesKit", exact: "92.0.4"),
         .package(path: "../Purchase")
     ],
     targets: [

LocalPackages/DataBrokerProtection/Package.swift

@@ -29,7 +29,7 @@ let package = Package(
             targets: ["DataBrokerProtection"])
     ],
     dependencies: [
-        .package(url: "https://github.com/duckduckgo/BrowserServicesKit", exact: "92.0.3"),
+        .package(url: "https://github.com/duckduckgo/BrowserServicesKit", exact: "92.0.4"),
         .package(path: "../PixelKit"),
         .package(path: "../SwiftUIExtensions"),
         .package(path: "../XPCHelper")

LocalPackages/NetworkProtectionMac/Package.swift

@@ -30,7 +30,7 @@ let package = Package(
         .library(name: "NetworkProtectionUI", targets: ["NetworkProtectionUI"])
     ],
     dependencies: [
-        .package(url: "https://github.com/duckduckgo/BrowserServicesKit", exact: "92.0.3"),
+        .package(url: "https://github.com/duckduckgo/BrowserServicesKit", exact: "92.0.4"),
         .package(path: "../XPCHelper"),
         .package(path: "../SwiftUIExtensions")
     ],