Introduce AuthorizePinUseCase

This breaks the dependency between PinRepository and AuthorizationRepository

Author: Wavesonics

app/src/main/kotlin/com/darkrockstudios/app/securecamera/AppModule.kt

@@ -38,7 +38,6 @@ val appModule = module {
 	single {
 		AuthorizationRepository(
 			preferences = get(),
-			pinRepository = get(),
 			encryptionScheme = get(),
 			context = get(),
 			clock = get()
@@ -77,6 +76,7 @@ val appModule = module {
 	factoryOf(::SecurityResetUseCase)
 	factoryOf(::PinStrengthCheckUseCase)
 	factoryOf(::VerifyPinUseCase)
+	factoryOf(::AuthorizePinUseCase)
 	factoryOf(::CreatePinUseCase)
 	factoryOf(::PinSizeUseCase)
 	factoryOf(::RemovePoisonPillIUseCase)

app/src/main/kotlin/com/darkrockstudios/app/securecamera/auth/AuthorizationRepository.kt

@@ -3,7 +3,6 @@ package com.darkrockstudios.app.securecamera.auth
 import android.content.Context
 import com.darkrockstudios.app.securecamera.preferences.AppPreferencesDataSource
 import com.darkrockstudios.app.securecamera.preferences.HashedPin
-import com.darkrockstudios.app.securecamera.security.pin.PinRepository
 import com.darkrockstudios.app.securecamera.security.schemes.EncryptionScheme
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
@@ -19,7 +18,6 @@ import kotlin.time.Instant
  */
 class AuthorizationRepository(
 	private val preferences: AppPreferencesDataSource,
-	private val pinRepository: PinRepository,
 	private val encryptionScheme: EncryptionScheme,
 	private val context: Context,
 	private val clock: Clock,
@@ -115,29 +113,11 @@ class AuthorizationRepository(
 		return true
 	}
 
-	/**
-	 * Verifies the PIN and updates the authorization state if successful.
-	 * @param pin The PIN entered by the user
-	 * @return True if the PIN is correct, false otherwise
-	 */
-	suspend fun verifyPin(pin: String): HashedPin? {
-		val hashedPin = pinRepository.getHashedPin()
-		val isValid = pinRepository.verifySecurityPin(pin)
-		return if (isValid && hashedPin != null) {
-			authorizeSession()
-			// Reset failed attempts counter on successful verification
-			resetFailedAttempts()
-			hashedPin
-		} else {
-			null
-		}
-	}
-
 	/**
 	 * Marks the current session as authorized and updates the last authentication time.
 	 * Also starts the SessionService to monitor session validity.
 	 */
-	private fun authorizeSession() {
+	fun authorizeSession() {
 		lastAuthTimeMs = clock.now()
 		_isAuthorized.value = true
 		startSessionService()

app/src/main/kotlin/com/darkrockstudios/app/securecamera/usecases/AuthorizePinUseCase.kt

@@ -0,0 +1,28 @@
+package com.darkrockstudios.app.securecamera.usecases
+
+import com.darkrockstudios.app.securecamera.auth.AuthorizationRepository
+import com.darkrockstudios.app.securecamera.preferences.HashedPin
+import com.darkrockstudios.app.securecamera.security.pin.PinRepository
+
+class AuthorizePinUseCase(
+	private val authManager: AuthorizationRepository,
+	private val pinRepository: PinRepository,
+) {
+	/**
+	 * Authorizes user by verifying the PIN and updates the authorization state if successful.
+	 * @param pin The PIN entered by the user
+	 * @return True if the PIN is correct, false otherwise
+	 */
+	suspend fun authorizePin(pin: String): HashedPin? {
+		val hashedPin = pinRepository.getHashedPin()
+		val isValid = pinRepository.verifySecurityPin(pin)
+		return if (isValid && hashedPin != null) {
+			authManager.authorizeSession()
+			// Reset failed attempts counter on successful verification
+			authManager.resetFailedAttempts()
+			hashedPin
+		} else {
+			null
+		}
+	}
+}

app/src/main/kotlin/com/darkrockstudios/app/securecamera/usecases/CreatePinUseCase.kt

@@ -11,10 +11,11 @@ class CreatePinUseCase(
 	private val encryptionScheme: EncryptionScheme,
 	private val pinRepository: PinRepository,
 	private val preferencesDataSource: AppPreferencesDataSource,
+	private val authorizePinUseCase: AuthorizePinUseCase
 ) {
 	suspend fun createPin(pin: String, schemeConfig: SchemeConfig): Boolean {
 		pinRepository.setAppPin(pin, schemeConfig)
-		val hashedPin = authorizationRepository.verifyPin(pin)
+		val hashedPin = authorizePinUseCase.authorizePin(pin)
 		return if (hashedPin != null) {
 			authorizationRepository.createKey(pin, hashedPin)
 			encryptionScheme.deriveAndCacheKey(pin, hashedPin)

app/src/main/kotlin/com/darkrockstudios/app/securecamera/usecases/VerifyPinUseCase.kt

@@ -11,6 +11,7 @@ class VerifyPinUseCase(
 	private val pinRepository: PinRepository,
 	private val encryptionScheme: EncryptionScheme,
 	private val migratePinHash: MigratePinHash,
+	private val authorizePinUseCase: AuthorizePinUseCase,
 ) {
 	suspend fun verifyPin(pin: String): Boolean {
 		migratePinHash.runMigration(pin)
@@ -21,7 +22,7 @@ class VerifyPinUseCase(
 			pinRepository.activatePoisonPill()
 		}
 
-		val hashedPin = authManager.verifyPin(pin)
+		val hashedPin = authorizePinUseCase.authorizePin(pin)
 		return if (hashedPin != null) {
 			encryptionScheme.deriveAndCacheKey(pin, hashedPin)
 			authManager.resetFailedAttempts()

app/src/test/kotlin/com/darkrockstudios/app/securecamera/TestClock.kt

@@ -1,8 +1,13 @@
 package com.darkrockstudios.app.securecamera
 
 import kotlin.time.Clock
+import kotlin.time.Duration
 import kotlin.time.Instant
 
 class TestClock(var fixedInstant: Instant) : Clock {
 	override fun now(): Instant = fixedInstant
+
+	fun advanceBy(duration: Duration) {
+		fixedInstant += duration
+	}
 }

app/src/test/kotlin/com/darkrockstudios/app/securecamera/auth/AuthorizationManagerTest.kt

@@ -10,6 +10,7 @@ import com.darkrockstudios.app.securecamera.preferences.HashedPin
 import com.darkrockstudios.app.securecamera.security.SoftwareSchemeConfig
 import com.darkrockstudios.app.securecamera.security.pin.PinRepository
 import com.darkrockstudios.app.securecamera.security.schemes.EncryptionScheme
+import com.darkrockstudios.app.securecamera.usecases.AuthorizePinUseCase
 import io.mockk.coEvery
 import io.mockk.coVerify
 import io.mockk.mockk
@@ -24,6 +25,7 @@ import org.junit.Test
 import testutil.FakeDataStore
 import java.util.concurrent.TimeUnit
 import kotlin.time.Duration.Companion.milliseconds
+import kotlin.time.Duration.Companion.seconds
 import kotlin.time.Instant
 
 @ExperimentalCoroutinesApi
@@ -32,9 +34,10 @@ class AuthorizationManagerTest {
 	private lateinit var context: Context
 	private lateinit var preferencesManager: AppPreferencesDataSource
 	private lateinit var authManager: AuthorizationRepository
+	private lateinit var authorizePinUseCase: AuthorizePinUseCase
+	private lateinit var pinRepository: PinRepository
 	private lateinit var dataStore: DataStore<Preferences>
 	private lateinit var encryptionManager: EncryptionScheme
-	private lateinit var pinRepository: PinRepository
 	private lateinit var clock: TestClock
 
 	private val configJson = Json.encodeToString(SoftwareSchemeConfig)
@@ -45,49 +48,15 @@ class AuthorizationManagerTest {
 		dataStore = FakeDataStore(emptyPreferences())
 		preferencesManager = spyk(AppPreferencesDataSource(context, dataStore))
 		encryptionManager = mockk(relaxed = true)
-		pinRepository = mockk()
 		clock = TestClock(Instant.fromEpochSeconds(1))
 
-		// Default mocks for PinRepository methods
+		authManager = AuthorizationRepository(preferencesManager, encryptionManager, context, clock)
+
+		pinRepository = mockk()
 		coEvery { pinRepository.getHashedPin() } returns HashedPin("hashed_pin", "salt")
 		coEvery { pinRepository.verifySecurityPin(any()) } returns true
-		coEvery { pinRepository.activatePoisonPill() } returns Unit
-		coEvery { pinRepository.verifyPoisonPillPin(any()) } returns true
-		coEvery { pinRepository.hasPoisonPillPin() } returns true
-
-		authManager = AuthorizationRepository(preferencesManager, pinRepository, encryptionManager, context, clock)
-	}
 
-	@Test
-	fun `verifyPin should update authorization state when PIN is valid`() = runTest {
-		// Given
-		val pin = "1234"
-		preferencesManager.setAppPin(pin, configJson)
-
-		// When
-		val result = authManager.verifyPin(pin)
-
-		// Then
-		assertNotNull(result)
-		assertTrue(authManager.isAuthorized.first())
-	}
-
-	@Test
-	fun `verifyPin should not update authorization state when PIN is invalid`() = runTest {
-		// Given
-		val correctPin = "1234"
-		val incorrectPin = "5678"
-		preferencesManager.setAppPin(correctPin, configJson)
-
-		// Mock verifySecurityPin to return false for incorrect PIN
-		coEvery { pinRepository.verifySecurityPin(incorrectPin) } returns false
-
-		// When
-		val result = authManager.verifyPin(incorrectPin)
-
-		// Then
-		assertNull(result)
-		assertFalse(authManager.isAuthorized.first())
+		authorizePinUseCase = AuthorizePinUseCase(authManager, pinRepository)
 	}
 
 	@Test
@@ -108,7 +77,7 @@ class AuthorizationManagerTest {
 		// Given
 		val pin = "1234"
 		preferencesManager.setAppPin(pin, configJson)
-		authManager.verifyPin(pin)
+		authorizePinUseCase.authorizePin(pin)
 
 		// When
 		val result = authManager.checkSessionValidity()
@@ -124,15 +93,12 @@ class AuthorizationManagerTest {
 		val pin = "1234"
 		preferencesManager.setAppPin(pin, configJson)
 
-		coEvery { pinRepository.getHashedPin() } returns null
-
 		// Set a very small session timeout (1 millisecond)
 		preferencesManager.setSessionTimeout(1L)
 
-		authManager.verifyPin(pin)
+		authorizePinUseCase.authorizePin(pin)
 
-		// Wait for the session to expire
-		Thread.sleep(10)
+		clock.advanceBy(1.seconds)
 
 		// When
 		val result = authManager.checkSessionValidity()
@@ -147,7 +113,7 @@ class AuthorizationManagerTest {
 		// Given
 		val pin = "1234"
 		preferencesManager.setAppPin(pin, configJson)
-		authManager.verifyPin(pin)
+		authorizePinUseCase.authorizePin(pin)
 		assertTrue(authManager.isAuthorized.first())
 
 		// When
@@ -166,7 +132,7 @@ class AuthorizationManagerTest {
 		preferencesManager.setSessionTimeout(customTimeout)
 
 		// When
-		authManager.verifyPin(pin)
+		authorizePinUseCase.authorizePin(pin)
 
 		// Then
 		assertTrue(authManager.checkSessionValidity())
@@ -232,22 +198,6 @@ class AuthorizationManagerTest {
 		assertEquals(0L, preferencesManager.getLastFailedAttemptTimestamp())
 	}
 
-	@Test
-	fun `verifyPin should reset failed attempts when PIN is valid`() = runTest {
-		// Given
-		val pin = "1234"
-		preferencesManager.setAppPin(pin, configJson)
-		preferencesManager.setFailedPinAttempts(3)
-		preferencesManager.setLastFailedAttemptTimestamp(1000L)
-
-		// When
-		val result = authManager.verifyPin(pin)
-
-		// Then
-		assertNotNull(result)
-		assertEquals(0, preferencesManager.getFailedPinAttempts())
-		assertEquals(0L, preferencesManager.getLastFailedAttemptTimestamp())
-	}
 
 	@Test
 	fun `getLastFailedAttemptTimestamp should return the timestamp from preferences`() = runTest {
@@ -311,9 +261,9 @@ class AuthorizationManagerTest {
 		// Given
 		val pin = "1234"
 
-		// Create a new spy for preferencesManager for this test
+		// Create a new AuthorizationRepository for this test
 		val testAuthManager =
-			AuthorizationRepository(preferencesManager, pinRepository, encryptionManager, context, clock)
+			AuthorizationRepository(preferencesManager, encryptionManager, context, clock)
 
 		// Set up initial state
 		preferencesManager.setAppPin(pin, configJson)
@@ -331,21 +281,6 @@ class AuthorizationManagerTest {
 		coVerify { preferencesManager.securityFailureReset() }
 	}
 
-	@Test
-	fun `verifyPin should not update authorization state when PIN is valid but hashedPin is null`() = runTest {
-		// Given
-		val pin = "1234"
-		coEvery { pinRepository.verifySecurityPin(pin) } returns true
-		coEvery { pinRepository.getHashedPin() } returns null
-
-		// When
-		val result = authManager.verifyPin(pin)
-
-		// Then
-		assertNull(result)
-		assertFalse(authManager.isAuthorized.first())
-		coVerify { pinRepository.verifySecurityPin(pin) }
-	}
 
 	@Test
 	fun `calculateRemainingBackoffSeconds should return 0 when elapsed time exceeds backoff time`() = runTest {
@@ -379,7 +314,7 @@ class AuthorizationManagerTest {
 		clock.fixedInstant = initialTime
 
 		// Authorize the session
-		authManager.verifyPin(pin)
+		authorizePinUseCase.authorizePin(pin)
 		assertTrue(authManager.isAuthorized.first())
 
 		// Advance time by half the session timeout