feat: Authentication bypass via biometric enrollment change

[OtavioStasiak]

Proposed changes

Fix authentication bypass, where an attacker who knows the device passcode can enrol a new biometric in OS Settings and use it to unlock the app, the previous implementation never verified that the enrolment set hadn't changed since biometry was enabled in-app.

This PR also fixes the bug that freezes the app when you try to change the passcode. Additionally, we added E2E tests for the passcode feature.

Issue(s)

https://rocketchat.atlassian.net/browse/VLN-216

How to test or reproduce

Reproducing the original vulnerability (on develop, before this PR):

1. Install the app, log in, go to Settings → Screen lock, enable auto-lock, set a passcode, enable biometry (Touch ID / Face ID / fingerprint).
2. Background the app long enough to trigger auto-lock.
3. In OS Settings (not the app), add a new fingerprint / re-enrol Face ID using the device passcode.
4. Reopen the app → the newly enrolled biometric unlocks it. Bug confirmed.

Verifying the fix (with this PR):

1. Repeat steps 1–3 above.
2. Reopen the app → biometry prompt is not auto-fired; the passcode modal appears with the subtitle "Biometric enrollment changed, please use your passcode".
3. Open Settings → Screen lock → the biometry toggle is now off.
4. Re-enable biometry from Settings → fresh enrol() runs, sentinel is rebound to the new enrolment set, normal biometric unlock works again on the next
   auto-lock cycle.

Other paths to sanity-check:

• Cancel the biometric prompt: unlock flow should fall back to the passcode modal with the biometry button still visible (no auto re-prompt). Tap the biometry
  button → prompt re-fires; cancel again → button stays, flag untouched.
• Disable biometry from Settings: sentinel is removed (disenrol()); re-enabling runs a fresh enrol().
• Force_Screen_Lock, MAX_ATTEMPTS, lockout timer: unchanged — verify by exhausting passcode attempts.
• Upgrade path (silent-bind migration): install a build from develop with biometry enabled, then update to this branch without changing OS biometric
  enrolment. First unlock should be biometric as usual — no passcode interstitial. Migration runs once on app init and is idempotent on subsequent launches.
• Auto-lock unlock with no enrolment change: passcode modal shows no subtitle (the subtitle is strictly tied to the invalidation event).

Upgrade-path (silent-bind migration) — step by step:

1. Check out develop (or any commit before this PR), pnpm install && pnpm pod-install, run pnpm ios / pnpm android on a device with biometry enrolled.
2. Log in, go to Settings → Screen lock, enable auto-lock + set a passcode + turn biometry on. Background the app, foreground it once, confirm biometric
   unlock works. Quit the app.
3. Without changing OS biometric enrolment and without uninstalling, check out this branch and rebuild on top of the same install (so
   BIOMETRY_ENABLED_KEY=true survives but the new sentinel doesn't exist yet).
4. Launch the app → first unlock should be biometric, with no passcode interstitial. Behind the scenes runBiometricTrustMigration() ran on init, saw flag=true
   && !sentinel && !migrated, called enrol() silently, and set BIOMETRIC_TRUST_MIGRATION_V1_DONE=true.
5. Background → foreground again → still biometric, still no interstitial (migration is now a no-op because the sentinel exists).
6. Fully quit and relaunch → still biometric (idempotency check; migration short-circuits on sentinel exists).
7. Verify the upgrade didn't weaken the enrolment-change protection: after step 6, go into OS Settings and add a new fingerprint / re-enrol Face ID. Reopen
   the app → passcode modal with the "Biometric enrollment changed" subtitle, Screen Lock toggle now off. This proves the migration grandfathered the user in and
   the sentinel is bound to the current enrolment set.
8. Reconciliation branch (harder to repro without dev tooling — optional): with the marker set and biometry on, manually clear the keychain item (e.g. via
   Xcode's "Erase All Content" simulator option or by toggling biometry off-then-on at the OS level on Android in a way that wipes Keystore). Relaunch →
   migration sees flag=true && !sentinel && migrated, clears BIOMETRY_ENABLED_KEY without re-enrolling; Screen Lock toggle shows off; next unlock is
   passcode-only. Re-enabling biometry from Settings works normally.
9. Fresh-install control: uninstall, reinstall this branch, set up biometry from scratch → migration is a no-op (no flag at boot); normal enrol() runs from
   the Settings toggle. Confirms the migration helper doesn't run on installs that never had pre-fix biometry.

Screenshots

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Improvement (non-breaking change which improves a current function)
• New feature (non-breaking change which adds functionality)
• Documentation update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if applicable)
• I have added necessary documentation (if applicable)
• Any dependent changes have been merged and published in downstream modules

Further comments

Summary by CodeRabbit

• New Features
  • Biometric trust: detects enrollment changes, falls back to passcode, and runs a one‑shot migration; settings and flows now use the trust store and surface an enrollment-change subtitle only when applicable.
  • Deferred modal confirmations: passcode/change-passcode modals defer callbacks until after hide animations.
• Localization
  • Added biometric-enrollment-change translations in 20+ languages.
• Tests
  • Expanded unit and E2E coverage for biometric trust, migration, modal settling, and screen-lock flows.
• Documentation
  • Added architecture, flows, and platform docs for the biometric trust subsystem.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a keychain-backed biometric trust store, migration, and resolve flow; replaces expo-local-authentication wiring with trust-store APIs; surfaces enrollment-change reasons through lock modals; defers modal callbacks until hide; and adds tests, translations, docs, and E2E coverage.

Changes

Biometric Trust Store & Passcode Authentication

Layer / File(s)	Summary
Core types and constants app/definitions/IBiometricTrustStore.ts, app/definitions/index.ts, app/lib/constants/localAuthentication.ts	Adds TrustResult and IBiometricTrustStore, re-exports the new types, and introduces migration/sentinel and E2E timing constants.
Keychain trust store implementation & tests app/lib/biometricTrustStore/index.ts, app/lib/biometricTrustStore/index.test.ts, jest.setup.js, package.json	Implements biometricTrustStore using react-native-keychain, classifyError, enroll/verify/disenrol, enablement APIs and setBiometryEnabled; adds unit tests and a Jest keychain mock; adds react-native-keychain dependency.
Resolve biometric trust app/lib/biometricTrustStore/resolveBiometricTrust.ts, app/lib/biometricTrustStore/resolveBiometricTrust.test.ts	Maps TrustResult to { unlocked } or { unlocked:false, modal }, runs disenrol() before disabling on invalidation, and tests outcome kinds and ordering.
Biometric trust migration & restore app/lib/biometricTrustStore/migration.ts, app/lib/biometricTrustStore/migration.test.ts, app/sagas/init.js	One-shot migration that probes sentinel, enrols when needed, sets migration marker, or reconciles by disabling trust; wired to app restore and covered by tests for upgrade/reconcile/idempotency/errors.
Local authentication helpers app/lib/methods/helpers/localAuthentication.ts, app/lib/methods/helpers/localAuthentication.test.ts, app/lib/methods/helpers/events.ts	Replaces expo-local-authentication flow with biometricTrustStore.enrol()/verify()/setEnabled(), returns TrustResult from biometryAuth, extends emitted modal payloads to include reason, and updates tests and auto-lock E2E override.
Passcode entry & lock modal UI app/containers/Passcode/PasscodeEnter.tsx, app/containers/Passcode/PasscodeEnter.test.tsx	Passcode modal accepts and mirrors reason and hasBiometry into state, resolves resolveBiometricTrust outcomes to either finish or update modal state, and shows enrollment-change subtitle only for that reason (tests added).
Screen locked / change-passcode modal deferral app/views/ScreenLockedView.tsx, app/views/ChangePasscodeView.tsx, app/lib/hooks/useDeferredModalSettle.ts	Defers submit/cancel callbacks by storing pending resolvers and invoking them on onModalHide; flushes pending resolvers when new requests arrive to avoid leaving callers unresolved.
Screen lock settings app/views/ScreenLockConfigView.tsx	Switches biometry state to biometricTrustStore.isEnabled() and uses setBiometryEnabled() when toggled; forces UI off on non-success results and adds testIDs for E2E.
Deep-linking & server selection guards app/sagas/deepLinking.js, app/views/RoomsListView/components/ServersList.tsx, app/views/SecurityPrivacyView.tsx	Guards navigation/selection flows by catching local-auth failures and aborting navigation where appropriate.
Maestro E2E & helpers .maestro/scripts/data-setup.js, .maestro/tests/assorted/screen-lock.yaml	Exports sleep helper; adds an end-to-end screen-lock spec validating passcode setup, auto-lock, change-passcode flow, and relaunch unlocks.
Translations & documentation app/i18n/locales/*.json, app/lib/biometricTrustStore/docs/*	Adds Local_authentication_biometric_enrollment_changed across locales and adds architecture/flows/platform docs for the trust-store subsystem.

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• diegolmello

Suggested labels

type: bug

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'feat: Authentication bypass via biometric enrollment change' is vague and potentially misleading, describing a security vulnerability rather than the actual fix being implemented.	Rephrase the title to clearly indicate the feature being added, such as 'feat: Add biometric trust sentinel validation to prevent enrollment-change bypass' or 'feat: Implement biometric enrollment verification via keychain sentinel'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• VLN-216: Request failed with status code 401

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[OtavioStasiak]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/containers/Passcode/PasscodeEnter.tsx`:
- Around line 43-56: The biometry() async function can reject and is currently
invoked as a floating promise from readStorage(); wrap the internal async calls
in biometry() (calls to biometryAuth() and handleBiometricTrustResult()) in a
try/catch and surface/log/handle errors (e.g., set UI state or clear modal)
before returning, and also ensure every call site (e.g., where readStorage()
calls biometry()) either awaits biometry() or attaches .catch(...) to handle
rejections so no unhandled promise rejections occur; update symbols involved:
biometry(), biometryAuth, handleBiometricTrustResult, finishProcess,
setHasBiometry, setReason, and the readStorage() call sites to explicitly handle
errors.

In `@app/views/ScreenLockConfigView.tsx`:
- Around line 165-173: The async setState callback that calls
biometricTrustStore.enrol()/disenrol() lacks error handling and unconditionally
persists userPreferences.setBool(BIOMETRY_ENABLED_KEY, biometry), which can
desync UI and the trust store; wrap the enrol/disenrol calls in a try/catch
inside the callback, only call userPreferences.setBool(BIOMETRY_ENABLED_KEY,
biometry) after the operation succeeds, and on failure revert the UI toggle
(reset this.state.biometry or call setState to the previous value) and
surface/log the error (e.g., show an error toast or processLogger.error) so the
preference and keychain remain consistent with biometricTrustStore state.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d18c30d1-9315-4a3e-b18c-b8ff74efb8f9

📥 Commits

Reviewing files that changed from the base of the PR and between 41444f4 and f091568.

⛔ Files ignored due to path filters (2)

• ios/Podfile.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (38)

• app/containers/Passcode/PasscodeEnter.test.tsx
• app/containers/Passcode/PasscodeEnter.tsx
• app/i18n/locales/ar.json
• app/i18n/locales/bn-IN.json
• app/i18n/locales/cs.json
• app/i18n/locales/de.json
• app/i18n/locales/en.json
• app/i18n/locales/fi.json
• app/i18n/locales/fr.json
• app/i18n/locales/hi-IN.json
• app/i18n/locales/hu.json
• app/i18n/locales/it.json
• app/i18n/locales/nl.json
• app/i18n/locales/no.json
• app/i18n/locales/pt-BR.json
• app/i18n/locales/ru.json
• app/i18n/locales/sl-SI.json
• app/i18n/locales/sv.json
• app/i18n/locales/ta-IN.json
• app/i18n/locales/te-IN.json
• app/i18n/locales/tr.json
• app/i18n/locales/zh-CN.json
• app/i18n/locales/zh-TW.json
• app/lib/biometricTrustStore/handleResult.test.ts
• app/lib/biometricTrustStore/handleResult.ts
• app/lib/biometricTrustStore/index.test.ts
• app/lib/biometricTrustStore/index.ts
• app/lib/biometricTrustStore/migration.test.ts
• app/lib/biometricTrustStore/migration.ts
• app/lib/constants/localAuthentication.ts
• app/lib/methods/helpers/events.ts
• app/lib/methods/helpers/localAuthentication.test.ts
• app/lib/methods/helpers/localAuthentication.ts
• app/sagas/init.js
• app/views/ScreenLockConfigView.tsx
• app/views/ScreenLockedView.tsx
• jest.setup.js
• package.json

📜 Review details

🧰 Additional context used

📓 Path-based instructions (5)

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{js,ts,jsx,tsx}: Use descriptive names for functions, variables, and classes that clearly convey their purpose
Write comments that explain the 'why' behind code decisions, not the 'what'
Keep functions small and focused on a single responsibility
Use const by default, let when reassignment is needed, and avoid var
Prefer async/await over .then() chains for handling asynchronous operations
Use explicit error handling with try/catch blocks for async operations
Avoid deeply nested code; refactor complex logic into helper functions

Files:

• app/lib/constants/localAuthentication.ts
• app/lib/methods/helpers/events.ts
• jest.setup.js
• app/views/ScreenLockConfigView.tsx
• app/sagas/init.js
• app/lib/biometricTrustStore/migration.ts
• app/views/ScreenLockedView.tsx
• app/lib/biometricTrustStore/index.ts
• app/lib/biometricTrustStore/index.test.ts
• app/lib/biometricTrustStore/handleResult.ts
• app/containers/Passcode/PasscodeEnter.test.tsx
• app/lib/methods/helpers/localAuthentication.ts
• app/lib/biometricTrustStore/handleResult.test.ts
• app/lib/methods/helpers/localAuthentication.test.ts
• app/containers/Passcode/PasscodeEnter.tsx
• app/lib/biometricTrustStore/migration.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Use TypeScript for type safety; add explicit type annotations to function parameters and return types
Prefer interfaces over type aliases for defining object shapes in TypeScript
Use enums for sets of related constants rather than magic strings or numbers

Use TypeScript with strict mode and baseUrl set to app/ for import resolution

Files:

• app/lib/constants/localAuthentication.ts
• app/lib/methods/helpers/events.ts
• app/views/ScreenLockConfigView.tsx
• app/lib/biometricTrustStore/migration.ts
• app/views/ScreenLockedView.tsx
• app/lib/biometricTrustStore/index.ts
• app/lib/biometricTrustStore/index.test.ts
• app/lib/biometricTrustStore/handleResult.ts
• app/containers/Passcode/PasscodeEnter.test.tsx
• app/lib/methods/helpers/localAuthentication.ts
• app/lib/biometricTrustStore/handleResult.test.ts
• app/lib/methods/helpers/localAuthentication.test.ts
• app/containers/Passcode/PasscodeEnter.tsx
• app/lib/biometricTrustStore/migration.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,js,jsx}: Use Prettier with tabs, single quotes, 130 char width, no trailing commas, arrow parens avoid, bracket same line
Use @rocket.chat/eslint-config base with React, React Native, TypeScript, Jest plugins

Files:

• app/lib/constants/localAuthentication.ts
• app/lib/methods/helpers/events.ts
• jest.setup.js
• app/views/ScreenLockConfigView.tsx
• app/sagas/init.js
• app/lib/biometricTrustStore/migration.ts
• app/views/ScreenLockedView.tsx
• app/lib/biometricTrustStore/index.ts
• app/lib/biometricTrustStore/index.test.ts
• app/lib/biometricTrustStore/handleResult.ts
• app/containers/Passcode/PasscodeEnter.test.tsx
• app/lib/methods/helpers/localAuthentication.ts
• app/lib/biometricTrustStore/handleResult.test.ts
• app/lib/methods/helpers/localAuthentication.test.ts
• app/containers/Passcode/PasscodeEnter.tsx
• app/lib/biometricTrustStore/migration.test.ts

app/views/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

View components (70+ screen components) should be placed in app/views/ directory

Files:

• app/views/ScreenLockConfigView.tsx
• app/views/ScreenLockedView.tsx

app/containers/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Reusable UI components should be placed in app/containers/ directory

Files:

• app/containers/Passcode/PasscodeEnter.test.tsx
• app/containers/Passcode/PasscodeEnter.tsx

🧠 Learnings (5)

📚 Learning: 2026-04-30T17:07:51.020Z

Learnt from: diegolmello
Repo: RocketChat/Rocket.Chat.ReactNative PR: 7274
File: app/lib/services/voip/MediaCallEvents.ts:0-0
Timestamp: 2026-04-30T17:07:51.020Z
Learning: In this Rocket.Chat React Native codebase, the ESLint rule `no-void: error` is enforced. When you see a promise returned from an async call that is not awaited (a “floating promise”), do not silence it with the `void somePromise()` pattern. Instead, handle the promise explicitly by attaching `.catch(...)` (or otherwise awaiting/handling the error) so unhandled-rejection risks are addressed in a way that satisfies the existing ESLint configuration.

Applied to files:

• app/lib/constants/localAuthentication.ts
• app/lib/methods/helpers/events.ts
• app/views/ScreenLockConfigView.tsx
• app/lib/biometricTrustStore/migration.ts
• app/views/ScreenLockedView.tsx
• app/lib/biometricTrustStore/index.ts
• app/lib/biometricTrustStore/index.test.ts
• app/lib/biometricTrustStore/handleResult.ts
• app/containers/Passcode/PasscodeEnter.test.tsx
• app/lib/methods/helpers/localAuthentication.ts
• app/lib/biometricTrustStore/handleResult.test.ts
• app/lib/methods/helpers/localAuthentication.test.ts
• app/containers/Passcode/PasscodeEnter.tsx
• app/lib/biometricTrustStore/migration.test.ts

📚 Learning: 2026-03-30T15:49:26.708Z

Learnt from: Rohit3523
Repo: RocketChat/Rocket.Chat.ReactNative PR: 6875
File: app/containers/RoomItem/Actions.tsx:12-12
Timestamp: 2026-03-30T15:49:26.708Z
Learning: In Rocket.Chat.ReactNative, do not rely on `react-native-worklets` v0.6.1 exporting a built-in Jest mock (e.g., `react-native-worklets/lib/module/mock` does not exist for this version). Instead, add the Jest manual mock in your repo’s `jest.setup.js`/`jest.setup.ts`, mocking `react-native-worklets` to provide `scheduleOnRN: jest.fn((fn, ...args) => fn(...args))`. This ensures Jest can import the module and that `scheduleOnRN` executes the passed function during tests.

Applied to files:

• jest.setup.js

📚 Learning: 2026-05-07T13:19:52.152Z

Learnt from: diegolmello
Repo: RocketChat/Rocket.Chat.ReactNative PR: 7304
File: app/sagas/deepLinking.js:237-243
Timestamp: 2026-05-07T13:19:52.152Z
Learning: In this codebase’s Redux-Saga usage, remember that `yield put(action)` dispatches through the Redux store synchronously, and any saga(s) that synchronously react via action listeners (and synchronous `put` chains) will run to completion before the calling saga resumes at its next `yield`. As a result, within a single saga there is no scheduler interleaving between a `yield select(...)` and a subsequent `yield take(...)` at the next `yield` point, so a check-then-take pattern like `const state = yield select(...); if (state !== TARGET) { yield take(a => a.type === TARGET); }` is safe from TOCTOU races under the synchronous `put`/take model described above.

Applied to files:

• app/sagas/init.js

📚 Learning: 2026-02-05T13:55:00.974Z

Learnt from: Rohit3523
Repo: RocketChat/Rocket.Chat.ReactNative PR: 6930
File: package.json:101-101
Timestamp: 2026-02-05T13:55:00.974Z
Learning: In this repository, the dependency on react-native-image-crop-picker should reference the RocketChat fork (RocketChat/react-native-image-crop-picker) with explicit commit pins, not the upstream ivpusic/react-native-image-crop-picker. Update package.json dependencies (and any lockfile) to point to the fork URL and a specific commit, ensuring edge-to-edge Android fixes are included. This pattern should apply to all package.json files in the repo that declare this dependency.

Applied to files:

• package.json

📚 Learning: 2026-05-07T17:47:14.516Z

Learnt from: diegolmello
Repo: RocketChat/Rocket.Chat.ReactNative PR: 7303
File: package.json:5-5
Timestamp: 2026-05-07T17:47:14.516Z
Learning: When reviewing pnpm `packageManager` version pins in any `package.json` (e.g., `"packageManager": "pnpm@<version>"`), don’t rely solely on web-search results to determine whether a version exists. For very recently published versions, cross-check the target version against the official pnpm release page (https://github.com/pnpm/pnpm/releases) and the npm registry page for pnpm (https://www.npmjs.com/package/pnpm) before flagging the pinned version as non-existent.

Applied to files:

• package.json

🔇 Additional comments (36)

app/lib/biometricTrustStore/index.ts (1)

1-107: LGTM!

app/lib/biometricTrustStore/index.test.ts (1)

1-153: LGTM!

jest.setup.js (1)

319-327: LGTM!

package.json (1)

106-106: LGTM!

app/lib/biometricTrustStore/handleResult.ts (1)

1-40: LGTM!

app/lib/biometricTrustStore/handleResult.test.ts (1)

1-89: LGTM!

app/lib/biometricTrustStore/migration.ts (1)

1-48: LGTM!

app/lib/biometricTrustStore/migration.test.ts (1)

1-135: LGTM!

app/lib/constants/localAuthentication.ts (1)

5-5: LGTM!

app/lib/methods/helpers/localAuthentication.ts (1)

11-13: LGTM!

Also applies to: 55-63, 81-87, 94-97, 119-134

app/lib/methods/helpers/localAuthentication.test.ts (1)

1-149: LGTM!

app/lib/methods/helpers/events.ts (1)

13-14: LGTM!

app/sagas/init.js (1)

13-13: LGTM!

Also applies to: 27-27

app/containers/Passcode/PasscodeEnter.test.tsx (1)

47-61: LGTM!

Also applies to: 63-76, 78-93, 101-113

app/views/ScreenLockedView.tsx (1)

20-21: LGTM!

Also applies to: 83-88

app/i18n/locales/ar.json (1)

327-327: LGTM!

app/i18n/locales/bn-IN.json (1)

454-454: LGTM!

app/i18n/locales/cs.json (1)

486-486: LGTM!

app/i18n/locales/de.json (1)

448-448: LGTM!

app/i18n/locales/en.json (1)

501-501: LGTM!

app/i18n/locales/fi.json (1)

429-429: LGTM!

app/i18n/locales/fr.json (1)

394-394: LGTM!

app/i18n/locales/hi-IN.json (1)

454-454: LGTM!

app/i18n/locales/hu.json (1)

455-455: LGTM!

app/i18n/locales/it.json (1)

356-356: LGTM!

app/i18n/locales/nl.json (1)

394-394: LGTM!

app/i18n/locales/no.json (1)

480-480: LGTM!

app/i18n/locales/pt-BR.json (1)

496-496: LGTM!

app/i18n/locales/ru.json (1)

419-419: LGTM!

app/i18n/locales/sl-SI.json (1)

404-404: LGTM!

app/i18n/locales/sv.json (1)

428-428: LGTM!

app/i18n/locales/ta-IN.json (1)

454-454: LGTM!

app/i18n/locales/te-IN.json (1)

453-453: LGTM!

app/i18n/locales/tr.json (1)

341-341: LGTM!

app/i18n/locales/zh-CN.json (1)

326-326: LGTM!

app/i18n/locales/zh-TW.json (1)

342-342: LGTM!

[github-actions]

iOS Build Available

Rocket.Chat 4.73.0.108982

[diegolmello]

AIs' comments are usually not very human readable, which makes hard to understand what's going on.
Read the comments and try to understand them without context, for example.
That's one of the final steps on my PRs btw: I try to deslop comments, making them more concise.

[diegolmello]

probe

[diegolmello]

probe

[diegolmello]

probe

[diegolmello]

probe

[diegolmello]

Two-axis review (standards + spec vs develop), with the security-sensitive paths re-verified against the code. Inline comments below. Summary:

• High: the new UserCanceledError reject path is unhandled in two callers (sagas/init.js, sagas/login.js) — a benign superseded unlock during cold-boot can eject the user. See the inline note on localAuthentication.ts.
• Standards: banned JSDoc scaffolding in useDeferredModalSettle.ts; console.warn instead of the repo log() helper in Locked.tsx.
• Docs: ARCHITECTURE.md lists the wrong sentinel service value.
• Scope: the frequently-used-emoji crash fix and the deep-link cancellation handling are unrelated to the biometric vuln.

Note on the migration: I initially suspected the silent-bind grandfather path re-binds to an already-changed enrollment, but on re-reading the marker invariant (enroll() always sets the migration marker, so a later sentinel-gone state routes to reconciliation, never a silent re-bind) the silent enroll fires at most once on legitimate first upgrade. Not a bypass.