Updated plugin with new func

readme.md

@@ -45,6 +45,7 @@ Click your project, Build Phases, Link Binary With Libraries, search for and add
 iOS: Copy the four `.h` and two `.m` files to `platforms/ios/<ProjectName>/Plugins`
 
 ### Base on the original touch ID created by different people
+* https://github.com/sjhoeksma/cordova-plugin-keychain-touch-id
 * https://github.com/EddyVerbruggen/cordova-plugin-touch-id
 * https://github.com/kunder-lab/kunder-touchid-keychain
 * https://github.com/PeerioTechnologies/peerio-keychain-touchid
@@ -66,34 +67,47 @@ Call the function you like
 
 **isAvailable(successCallback, errorCallback(msg))** will Check if touchid is available on the used device 	
 
-**save(key,password, successCallback, errorCallback(msg))** 
+**saveKey(key,password, successCallback, errorCallback(msg))**
 will save a password under the key in the device keychain, which can be retrieved using a fingerprint
 
-**verify(key,message,successCallback(password), errorCallback(errorCode))**
+**verifyKey(key,message,successCallback(password), errorCallback(errorCode))**
 will open the fingerprint dialog, for the given key, showing an additional message.
 successCallback will return the password stored in key chain.
 errorCallback will return the error code, where -1 indicated not available.
 
-**has(key,successCallback, errorCallback)**
+**hasKey(key,successCallback, errorCallback)**
 will check if there is a password stored within the keychain for the given key
 
-**delete(key,successCallback, errorCallback)**
+**deleteKey(key,successCallback, errorCallback)**
 will delete the password stored under given key from the keychain
 
+**didFingerprintDatabaseChange(successCallback, errorCallback)**
+IOS ONLY! checks fingerprint database and returns whether it has been modified or not
+
+
+## Security++
+Since iOS9 it's possible to check whether or not the list of enrolled fingerprints changed since
+the last time you checked it. It's recommended you add this check so you can counter hacker attacks
+to your app. See [this article](https://godpraksis.no/2016/03/fingerprint-trojan/) for more details.
+
+So instead of checking the fingerprint after `isAvailable` add another check.
+In case `didFingerprintDatabaseChange` returns `true` you probably want to re-authenticate your user
+before accepting valid fingerprints again.
+
 ## Android quirks
 
 When a new fingerprint is enrolled, no more fingerprints are enrolled, secure lock screen is disabled or forcibly reset,
 the key which is used to hash the password is permanently invalidated. It cannot be used anymore.
 
-`verify` and `save` functions will return the `"KeyPermanentlyInvalidatedException"` message in the error callback.
+`verifyKey` and `saveKey` functions will return the `"KeyPermanentlyInvalidatedException"` message in the error callback.
 This invalid key is removed - user needs to **save their password again**.
 
 # Examples
 
 ```js
 if (window.plugins) {
     window.plugins.touchid.isAvailable(function() {
-        window.plugins.touchid.has("MyKey", function() {
+        window.plugins.touchid.hasKey("MyKey", function() {
             alert("Touch ID avaialble and Password key available");
         }, function() {
             alert("Touch ID available but no Password Key available");
@@ -104,19 +118,19 @@ if (window.plugins) {
 }
 
 if (window.plugins) {
-    window.plugins.touchid.verify("MyKey", "My Message", function(password) {
+    window.plugins.touchid.verifyKey("MyKey", "My Message", function(password) {
         alert("Tocuh " + password);
     });
 }
 
 if (window.plugins) {
-    window.plugins.touchid.save("MyKey", "My Password", function() {
+    window.plugins.touchid.saveKey("MyKey", "My Password", function() {
         alert("Password saved");
     });
 }
 
 if (window.plugins) {
-    window.plugins.touchid.delete("MyKey", function() {
+    window.plugins.touchid.deleteKey("MyKey", function() {
         alert("Password key deleted");
     });
 }

src/ios/TouchID.h

@@ -35,6 +35,8 @@
 - (void) verify:(CDVInvokedUrlCommand*)command;
 - (void) delete:(CDVInvokedUrlCommand*)command;
 - (void) setLocale:(CDVInvokedUrlCommand*)command;
+- (void) didFingerprintDatabaseChange:(CDVInvokedUrlCommand*)command;
+
 
 
 @end

src/ios/TouchID.m

@@ -22,6 +22,8 @@ Licensed to the Apache Software Foundation (ASF) under one
 #include <sys/sysctl.h>
 #import <Cordova/CDV.h>
 
+static NSString *const FingerprintDatabaseStateKey = @"FingerprintDatabaseStateKey";
+
 @implementation TouchID
 
 - (void)isAvailable:(CDVInvokedUrlCommand*)command{
@@ -125,13 +127,52 @@ -(void)verify:(CDVInvokedUrlCommand*)command{
 
         }
         else{
-            CDVPluginResult* pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_ERROR messageAsString: @"-1"];
+            CDVPluginResult* pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_ERROR messageAsString: @"-11"];
             [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];
         }
     }
     else{
-           CDVPluginResult* pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_ERROR messageAsString: @"-1"];
+           CDVPluginResult* pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_ERROR messageAsString: @"-12"];
             [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];
     }
 }
+
+- (void) didFingerprintDatabaseChange:(CDVInvokedUrlCommand*)command {
+  // Get enrollment state
+  [self.commandDelegate runInBackground:^{
+    LAContext *laContext = [[LAContext alloc] init];
+    NSError *error = nil;
+
+    // we expect the dev to have checked 'isAvailable' already so this should not return an error,
+    // we do however need to run canEvaluatePolicy here in order to get a non-nil evaluatedPolicyDomainState
+    if (![laContext canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) {
+      [self.commandDelegate sendPluginResult:[CDVPluginResult resultWithStatus:CDVCommandStatus_ERROR messageAsString:[error localizedDescription]] callbackId:command.callbackId];
+      return;
+    }
+
+    // only supported on iOS9+, so check this.. if not supported just report back as false
+    if (![laContext respondsToSelector:@selector(evaluatedPolicyDomainState)]) {
+      [self.commandDelegate sendPluginResult:[CDVPluginResult resultWithStatus:CDVCommandStatus_OK messageAsBool:NO] callbackId:command.callbackId];
+      return;
+    }
+
+    NSData * state = [laContext evaluatedPolicyDomainState];
+    if (state != nil) {
+
+      NSString * stateStr = [state base64EncodedStringWithOptions:0];
+
+      NSString * storedState = [[NSUserDefaults standardUserDefaults] stringForKey:FingerprintDatabaseStateKey];
+
+      // whenever a finger is added/changed/removed the value of the storedState changes,
+      // so compare agains a value we previously stored in the context of this app
+      BOOL changed = storedState != nil && ![stateStr isEqualToString:storedState];
+
+      [self.commandDelegate sendPluginResult:[CDVPluginResult resultWithStatus:CDVCommandStatus_OK messageAsBool:changed] callbackId:command.callbackId];
+
+      // Store enrollment
+      [[NSUserDefaults standardUserDefaults] setObject:stateStr forKey:FingerprintDatabaseStateKey];
+      [[NSUserDefaults standardUserDefaults] synchronize];
+    }
+  }];
+}
 @end

www/touchid.js

@@ -5,20 +5,23 @@ var touchid = {
 	isAvailable: function(successCallback, errorCallback){
 		exec(successCallback, errorCallback, "TouchID", "isAvailable", []);
 	},
-	save: function(key,password, successCallback, errorCallback) {
+	saveKey: function(key,password, successCallback, errorCallback) {
 		exec(successCallback, errorCallback, "TouchID", "save", [key,password]);
 	},
-	verify: function(key,message,successCallback, errorCallback){
+	verifyKey: function(key,message,successCallback, errorCallback){
 		exec(successCallback, errorCallback, "TouchID", "verify", [key,message]);
 	},
-	has: function(key,successCallback, errorCallback){
+	hasKey: function(key,successCallback, errorCallback){
 		exec(successCallback, errorCallback, "TouchID", "has", [key]);
 	},
-	delete: function(key,successCallback, errorCallback){
+	deleteKey: function(key,successCallback, errorCallback){
 		exec(successCallback, errorCallback, "TouchID", "delete", [key]);
 	},
 	setLocale: function(locale,successCallback, errorCallback){
 		exec(successCallback, errorCallback, "TouchID", "setLocale", [locale]);
+	},
+	didFingerprintDatabaseChange: function (successCallback, errorCallback) {
+		exec(successCallback, errorCallback, "TouchID", "didFingerprintDatabaseChange", []);
 	}
 };