Breaking change/return input method (#4)

thomasrebam · web-flow · commit f8fb415ddb24 · 2024-02-01T10:02:22.000+01:00
As we would like to be able to retrieve the id of the used keyboard, we
change the isCurrentKeyboardSafe method to getCurrentInputMethodInfo.

The new method retrieves the id of the used keyboard, along with a
safety verification (comparison with the three main keyboards currently
used).
diff --git a/README.md b/README.md
@@ -136,12 +136,15 @@ Mitigating this threat is achieved by:
 - On iOS, doing nothing specific since iOS already prevent the use of third-party keyboard on sensitive fields such as passwords.
 
 ```tsx
-import { SafeKeyboardDetector } from '@bam.tech/react-native-app-security';
+import { SafeKeyboardDetector } from "@bam.tech/react-native-app-security";
 
-const isCurrentKeyboardSafe = SafeKeyboardDetector.isCurrentKeyboardSafe() // will always return true on iOS
+const { isInDefaultSafeList, inputMethodId } = getCurrentInputMethodInfo(); // Will always return {isInDefaultSafeList: true, inputMethodId: "iosKeyboard"} on iOS
+if (!isInDefaultSafeList) {
+  console.warn(`Your current keyboard (${inputMethodId}) is not safe`);
+}
 
 // Prompt the user to change the current keyboard
-SafeKeyboardDetector.showInputMethodPicker() // can only be called on Android
+SafeKeyboardDetector.showInputMethodPicker(); // can only be called on Android
 ```
 
 # Contributing
diff --git a/android/src/main/java/tech/bam/rnas/RNASModule.kt b/android/src/main/java/tech/bam/rnas/RNASModule.kt
@@ -17,11 +17,15 @@ class RNASModule : Module() {
     }
 
 
-    Function("isCurrentKeyboardSafe") { customPackagesList: Array<String>? ->
+    Function("getCurrentInputMethodInfo") {
       val currentKeyboardId =
         Settings.Secure.getString(context.contentResolver, Settings.Secure.DEFAULT_INPUT_METHOD)
+      val isInDefaultSafeList = isKeyboardSafe(currentKeyboardId)
 
-      return@Function isKeyboardSafe(currentKeyboardId, customPackagesList)
+      return@Function mapOf(
+        "isInDefaultSafeList" to isInDefaultSafeList,
+        "inputMethodId" to currentKeyboardId.substringBefore('/')
+      )
     }
   }
   private val context
@@ -52,7 +56,6 @@ fun doesPackageNameMatch(input: String, allowedPackagesList: Array<String>): Boo
   return allowedPackagesList.any { packageName.matches("${Regex.escape(it)}.*".toRegex()) }
 }
 
-fun isKeyboardSafe(keyboardID: String, customAllowedKeyboardPackagesList: Array<String>? = defaultAllowedKeyboardPackagesList): Boolean {
-  val allowedPackagesList = customAllowedKeyboardPackagesList ?: defaultAllowedKeyboardPackagesList
-  return doesPackageNameMatch(keyboardID, allowedPackagesList)
-}
+fun isKeyboardSafe(keyboardID: String): Boolean {
+  return doesPackageNameMatch(keyboardID, defaultAllowedKeyboardPackagesList)
+}
diff --git a/example/App.tsx b/example/App.tsx
@@ -68,6 +68,8 @@ const fetchInvalid = async () => {
 };
 
 const checkIsKeyboardSafe = () => {
-  const isKeyboardSafe = SafeKeyboardDetector.isCurrentKeyboardSafe();
+  const isKeyboardSafe =
+    SafeKeyboardDetector.getCurrentInputMethodInfo().isInDefaultSafeList;
+  console.log(SafeKeyboardDetector.getCurrentInputMethodInfo().inputMethodId);
   console.warn("is Keyboard safe", isKeyboardSafe);
 };
diff --git a/ios/RNASModule.swift b/ios/RNASModule.swift
@@ -9,13 +9,15 @@ public class RNASModule: Module {
           throw InputMethodPickerUnavailableException()
         }
 
-    Function("isCurrentKeyboardSafe") {() in
-          return true
+    Function("getCurrentInputMethodInfo") {() in
+          return ["isInDefaultSafeList": true, "inputMethodId": "iosKeyboard"]
     }
   }
 }
 
 
+
+
 internal class InputMethodPickerUnavailableException: Exception {
   override var reason: String {
     return "Method not implemented on iOS since third-party keyboards security issues are not relevant on iOS."
diff --git a/src/index.ts b/src/index.ts
@@ -2,6 +2,6 @@ import RNASModule from "./RNASModule";
 import { SafeKeyboardDetectorInterface } from "./types";
 
 export const SafeKeyboardDetector: SafeKeyboardDetectorInterface = {
-  isCurrentKeyboardSafe: RNASModule.isCurrentKeyboardSafe,
   showInputMethodPicker: RNASModule.showInputMethodPicker,
+  getCurrentInputMethodInfo: RNASModule.getCurrentInputMethodInfo,
 };
diff --git a/src/types.ts b/src/types.ts
@@ -1,17 +1,21 @@
-export type SafeKeyboardDetectorInterface ={
+export type SafeKeyboardDetectorInterface = {
   /**
-   * Compare the current keyboard package name with a list of safe keyboard package names on Android
-   * Will always return true on iOS
-   *
-   * @param customAllowedKeyboardList a list keyboard package names. If not provided, a default list is used.
+   * Compare the current keyboard package name with a list of default safe keyboard package names on Android
+   * Will always return {isInDefaultSafeList: true, inputMethodId: "iosKeyboard"} on iOS
    *
    * @example
-   * const isSafe = isCurrentKeyboardSafe(["com.touchtype.swiftkey", "com.samsung.android", "com.google.android"])
+   * const { isInDefaultSafeList, inputMethodId } = getCurrentInputMethodInfo();
+   * if (!isInDefaultSafeList) {
+   *  console.warn(`Your current keyboard (${inputMethodId}) is not safe`);
+   * }
    */
-  isCurrentKeyboardSafe: (customAllowedKeyboardList?: string[]) => boolean;
+  getCurrentInputMethodInfo: () => {
+    isInDefaultSafeList: boolean;
+    inputMethodId: string;
+  };
   /**
    * Prompt the user to change his current keyboard to a safe one.
    * Will throw an error if used on iOS
    */
   showInputMethodPicker: () => void;
-}
+};

Original file line number	Diff line number	Diff line change
`@@ -17,11 +17,15 @@ class RNASModule : Module() {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`
`20`		`- Function("isCurrentKeyboardSafe") { customPackagesList: Array<String>? ->`
	`20`	`+ Function("getCurrentInputMethodInfo") {`
`21`	`21`	`val currentKeyboardId =`
`22`	`22`	`Settings.Secure.getString(context.contentResolver, Settings.Secure.DEFAULT_INPUT_METHOD)`
	`23`	`+ val isInDefaultSafeList = isKeyboardSafe(currentKeyboardId)`
`23`	`24`
`24`		`- return@Function isKeyboardSafe(currentKeyboardId, customPackagesList)`
	`25`	`+ return@Function mapOf(`
	`26`	`+ "isInDefaultSafeList" to isInDefaultSafeList,`
	`27`	`+ "inputMethodId" to currentKeyboardId.substringBefore('/')`
	`28`	`+ )`
`25`	`29`	`}`
`26`	`30`	`}`
`27`	`31`	`private val context`
`@@ -52,7 +56,6 @@ fun doesPackageNameMatch(input: String, allowedPackagesList: Array<String>): Boo`
`52`	`56`	`return allowedPackagesList.any { packageName.matches("${Regex.escape(it)}.*".toRegex()) }`
`53`	`57`	`}`
`54`	`58`
`55`		`-fun isKeyboardSafe(keyboardID: String, customAllowedKeyboardPackagesList: Array<String>? = defaultAllowedKeyboardPackagesList): Boolean {`
`56`		`- val allowedPackagesList = customAllowedKeyboardPackagesList ?: defaultAllowedKeyboardPackagesList`
`57`		`- return doesPackageNameMatch(keyboardID, allowedPackagesList)`
`58`		`-}`
	`59`	`+fun isKeyboardSafe(keyboardID: String): Boolean {`
	`60`	`+ return doesPackageNameMatch(keyboardID, defaultAllowedKeyboardPackagesList)`
	`61`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -9,13 +9,15 @@ public class RNASModule: Module {`
`9`	`9`	`throw InputMethodPickerUnavailableException()`
`10`	`10`	`}`
`11`	`11`
`12`		`- Function("isCurrentKeyboardSafe") {() in`
`13`		`- return true`
	`12`	`+ Function("getCurrentInputMethodInfo") {() in`
	`13`	`+ return ["isInDefaultSafeList": true, "inputMethodId": "iosKeyboard"]`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`	`}`
`17`	`17`
`18`	`18`
	`19`	`+`
	`20`	`+`
`19`	`21`	`internal class InputMethodPickerUnavailableException: Exception {`
`20`	`22`	`override var reason: String {`
`21`	`23`	`return "Method not implemented on iOS since third-party keyboards security issues are not relevant on iOS."`