Support class 3 face auth

import com.android.keyguard.FaceAuthUiEvent

import com.android.systemui.Dumpable

import com.android.systemui.R

import com.android.systemui.biometrics.data.repository.FacePropertyRepository

import com.android.systemui.biometrics.shared.model.SensorStrength

import com.android.systemui.bouncer.domain.interactor.AlternateBouncerInteractor

import com.android.systemui.common.coroutine.ChannelExt.trySendWithFailureLogging

import com.android.systemui.common.coroutine.ConflatedCallbackFlow.conflatedCallbackFlow

import javax.inject.Inject

import kotlinx.coroutines.CoroutineDispatcher

import kotlinx.coroutines.CoroutineScope

import kotlinx.coroutines.ExperimentalCoroutinesApi

import kotlinx.coroutines.Job

import kotlinx.coroutines.channels.awaitClose

import kotlinx.coroutines.delay

import kotlinx.coroutines.flow.distinctUntilChanged

import kotlinx.coroutines.flow.filter

import kotlinx.coroutines.flow.filterNotNull

import kotlinx.coroutines.flow.flatMapLatest

import kotlinx.coroutines.flow.flowOf

import kotlinx.coroutines.flow.launchIn

import kotlinx.coroutines.flow.map

    fun cancel()

}

@OptIn(ExperimentalCoroutinesApi::class)

@SysUISingleton

class DeviceEntryFaceAuthRepositoryImpl

@Inject

    @FaceDetectTableLog private val faceDetectLog: TableLogBuffer,

    @FaceAuthTableLog private val faceAuthLog: TableLogBuffer,

    private val keyguardTransitionInteractor: KeyguardTransitionInteractor,

    private val featureFlags: FeatureFlags,

    featureFlags: FeatureFlags,

    facePropertyRepository: FacePropertyRepository,

    dumpManager: DumpManager,

) : DeviceEntryFaceAuthRepository, Dumpable {

    private var authCancellationSignal: CancellationSignal? = null

    override val detectionStatus: Flow<FaceDetectionStatus>

        get() = _detectionStatus.filterNotNull()

    private val isFaceBiometricsAllowed: Flow<Boolean> =

        facePropertyRepository.sensorInfo.flatMapLatest {

            if (it?.strength == SensorStrength.STRONG)

                biometricSettingsRepository.isStrongBiometricAllowed

            else biometricSettingsRepository.isNonStrongBiometricAllowed

        }

    private val _isLockedOut = MutableStateFlow(false)

    override val isLockedOut: StateFlow<Boolean> = _isLockedOut

                canFaceAuthOrDetectRun(faceDetectLog),

                logAndObserve(isBypassEnabled, "isBypassEnabled", faceDetectLog),

                logAndObserve(

                    biometricSettingsRepository.isNonStrongBiometricAllowed

                        .isFalse()

                        .or(trustRepository.isCurrentUserTrusted),

                    "nonStrongBiometricIsNotAllowedOrCurrentUserIsTrusted",

                    isFaceBiometricsAllowed.isFalse().or(trustRepository.isCurrentUserTrusted),

                    "biometricIsNotAllowedOrCurrentUserIsTrusted",

                    faceDetectLog

                ),

                // We don't want to run face detect if fingerprint can be used to unlock the device

        listOf(

                canFaceAuthOrDetectRun(faceAuthLog),

                logAndObserve(isLockedOut.isFalse(), "isNotInLockOutState", faceAuthLog),

                logAndObserve(

                    deviceEntryFingerprintAuthRepository.isLockedOut.isFalse(),

                    "fpIsNotLockedOut",

                    faceAuthLog

                ),

                logAndObserve(

                    trustRepository.isCurrentUserTrusted.isFalse(),

                    "currentUserIsNotTrusted",

                    faceAuthLog

                ),

                logAndObserve(

                    biometricSettingsRepository.isNonStrongBiometricAllowed,

                    "nonStrongBiometricIsAllowed",

                    faceAuthLog

                ),

                logAndObserve(isFaceBiometricsAllowed, "isFaceBiometricsAllowed", faceAuthLog),

                logAndObserve(isAuthenticated.isFalse(), "faceNotAuthenticated", faceAuthLog),

            )

            .reduce(::and)

import com.android.systemui.R

import com.android.systemui.RoboPilotTest

import com.android.systemui.SysuiTestCase

import com.android.systemui.biometrics.data.repository.FaceSensorInfo

import com.android.systemui.biometrics.data.repository.FakeFacePropertyRepository

import com.android.systemui.biometrics.shared.model.SensorStrength

import com.android.systemui.bouncer.data.repository.FakeKeyguardBouncerRepository

import com.android.systemui.bouncer.domain.interactor.AlternateBouncerInteractor

import com.android.systemui.coroutines.FlowValue

    private lateinit var bouncerRepository: FakeKeyguardBouncerRepository

    private lateinit var fakeCommandQueue: FakeCommandQueue

    private lateinit var featureFlags: FakeFeatureFlags

    private lateinit var fakeFacePropertyRepository: FakeFacePropertyRepository

    private var wasAuthCancelled = false

    private var wasDetectCancelled = false

                    repository = keyguardTransitionRepository,

                )

                .keyguardTransitionInteractor

        fakeFacePropertyRepository = FakeFacePropertyRepository()

        return DeviceEntryFaceAuthRepositoryImpl(

            mContext,

            fmOverride,

            faceAuthBuffer,

            keyguardTransitionInteractor,

            featureFlags,

            fakeFacePropertyRepository,

            dumpManager,

        )

    }

            }

        }

    @Test

    fun authenticateDoesNotRunWhenStrongBiometricIsNotAllowedAndFaceSensorIsStrong() =

        testScope.runTest {

            fakeFacePropertyRepository.setSensorInfo(FaceSensorInfo(1, SensorStrength.STRONG))

            runCurrent()

            testGatingCheckForFaceAuth(isFaceStrong = true) {

                biometricSettingsRepository.setIsStrongBiometricAllowed(false)

            }

        }

    @Test

    fun authenticateDoesNotRunWhenSecureCameraIsActive() =

        testScope.runTest {

            }

        }

    @Test

    fun detectDoesNotRunWhenStrongBiometricIsAllowedAndFaceAuthSensorStrengthIsStrong() =

        testScope.runTest {

            fakeFacePropertyRepository.setSensorInfo(FaceSensorInfo(1, SensorStrength.STRONG))

            runCurrent()

            testGatingCheckForDetect(isFaceStrong = true) {

                biometricSettingsRepository.setIsStrongBiometricAllowed(true)

                // this shouldn't matter as face is set as a strong sensor

                biometricSettingsRepository.setIsNonStrongBiometricAllowed(false)

            }

        }

    @Test

    fun detectDoesNotRunIfUdfpsIsRunning() =

        testScope.runTest {

            faceAuthenticateIsCalled()

        }

    private suspend fun TestScope.testGatingCheckForFaceAuth(gatingCheckModifier: () -> Unit) {

    private suspend fun TestScope.testGatingCheckForFaceAuth(

        isFaceStrong: Boolean = false,

        gatingCheckModifier: () -> Unit

    ) {

        initCollectors()

        allPreconditionsToRunFaceAuthAreTrue()

        allPreconditionsToRunFaceAuthAreTrue(isFaceStrong)

        gatingCheckModifier()

        runCurrent()

        assertThat(underTest.canRunFaceAuth.value).isFalse()

        // flip the gating check back on.

        allPreconditionsToRunFaceAuthAreTrue()

        allPreconditionsToRunFaceAuthAreTrue(isFaceStrong)

        triggerFaceAuth(false)

        faceAuthenticateIsNotCalled()

    }

    private suspend fun TestScope.testGatingCheckForDetect(gatingCheckModifier: () -> Unit) {

    private suspend fun TestScope.testGatingCheckForDetect(

        isFaceStrong: Boolean = false,

        gatingCheckModifier: () -> Unit

    ) {

        initCollectors()

        allPreconditionsToRunFaceAuthAreTrue()

        if (isFaceStrong) {

            biometricSettingsRepository.setStrongBiometricAllowed(false)

        } else {

            // This will stop face auth from running but is required to be false for detect.

            biometricSettingsRepository.setIsNonStrongBiometricAllowed(false)

        }

        runCurrent()

        assertThat(canFaceAuthRun()).isFalse()

        cancellationSignal.value.setOnCancelListener { wasAuthCancelled = true }

    }

    private suspend fun TestScope.allPreconditionsToRunFaceAuthAreTrue() {

    private suspend fun TestScope.allPreconditionsToRunFaceAuthAreTrue(

        isFaceStrong: Boolean = false

    ) {

        verify(faceManager, atLeastOnce())

            .addLockoutResetCallback(faceLockoutResetCallback.capture())

        biometricSettingsRepository.setFaceEnrolled(true)

                WakeSleepReason.OTHER

            )

        )

        if (isFaceStrong) {

            biometricSettingsRepository.setStrongBiometricAllowed(true)

        } else {

            biometricSettingsRepository.setIsNonStrongBiometricAllowed(true)

        }

        biometricSettingsRepository.setIsUserInLockdown(false)

        fakeUserRepository.setSelectedUserInfo(primaryUser)

        biometricSettingsRepository.setIsFaceAuthSupportedInCurrentPosture(true)

        }

    @Test

    fun faceUnlockIsDisabledWhenFpIsLockedOut() = testScope.runTest {

    fun faceUnlockIsDisabledWhenFpIsLockedOut() =

        testScope.runTest {

            underTest.start()

            fakeDeviceEntryFingerprintAuthRepository.setLockedOut(true)

    private val _authFlags = MutableStateFlow(AuthenticationFlags(0, 0))

    override val authenticationFlags: Flow<AuthenticationFlags>

        get() = _authFlags

    fun setFingerprintEnrolled(isFingerprintEnrolled: Boolean) {

        _isFingerprintEnrolled.value = isFingerprintEnrolled

    }

    fun setIsNonStrongBiometricAllowed(value: Boolean) {

        _isNonStrongBiometricAllowed.value = value

    }

    fun setIsStrongBiometricAllowed(value: Boolean) {

        _isStrongBiometricAllowed.value = value

    }

}