apple-localauthentication 0.3.5

Safe Rust bindings for Apple's LocalAuthentication framework — contexts, rights, persisted secrets, keys, and credentials on macOS
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

//! `LARight` wrappers.

use crate::ffi;
use crate::la_authentication_requirement::LAAuthenticationRequirement;
use crate::la_error::{LAError, Result};
use crate::private::{bridge_i32, bridge_i64, bridge_ptr, bridge_unit, cstring, OwnedHandle};

/// Possible authorization states for a `LARight`.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[non_exhaustive]
pub enum LARightState {
    Unknown,
    Authorizing,
    Authorized,
    NotAuthorized,
    UnknownValue(i32),
}

impl LARightState {
    #[must_use]
    pub const fn from_ffi(value: i32) -> Self {
        match value {
            ffi::la_right::STATE_UNKNOWN => Self::Unknown,
            ffi::la_right::STATE_AUTHORIZING => Self::Authorizing,
            ffi::la_right::STATE_AUTHORIZED => Self::Authorized,
            ffi::la_right::STATE_NOT_AUTHORIZED => Self::NotAuthorized,
            other => Self::UnknownValue(other),
        }
    }
}

/// Managed wrapper around Apple's `LARight`.
#[derive(Debug)]
pub struct LARight {
    handle: OwnedHandle,
}

impl LARight {
    pub(crate) const fn as_ptr(&self) -> *mut core::ffi::c_void {
        self.handle.as_ptr()
    }

    /// Create a right with the framework's default authentication requirement.
    ///
    /// # Errors
    ///
    /// Returns an error if the API is unavailable or the Swift bridge rejects the request.
    pub fn new() -> Result<Self> {
        let raw =
            bridge_ptr(|out, error_out| unsafe { ffi::la_right::la_right_new(out, error_out) })?;
        Ok(Self {
            handle: OwnedHandle::new(raw, ffi::la_right::la_right_release),
        })
    }

    /// Create a right with an explicit authentication requirement.
    ///
    /// # Errors
    ///
    /// Returns an error if the API is unavailable or the Swift bridge rejects the request.
    pub fn new_with_requirement(requirement: &LAAuthenticationRequirement) -> Result<Self> {
        let raw = bridge_ptr(|out, error_out| unsafe {
            ffi::la_right::la_right_new_with_requirement(requirement.as_ptr(), out, error_out)
        })?;
        Ok(Self {
            handle: OwnedHandle::new(raw, ffi::la_right::la_right_release),
        })
    }

    /// The current authorization state.
    ///
    /// # Errors
    ///
    /// Returns an error if the Swift bridge rejects the request.
    pub fn state(&self) -> Result<LARightState> {
        let raw = bridge_i32(|out, error_out| unsafe {
            ffi::la_right::la_right_get_state(self.handle.as_ptr(), out, error_out)
        })?;
        Ok(LARightState::from_ffi(raw))
    }

    /// Application-controlled integer tag.
    ///
    /// # Errors
    ///
    /// Returns an error if the Swift bridge rejects the request.
    pub fn tag(&self) -> Result<i64> {
        bridge_i64(|out, error_out| unsafe {
            ffi::la_right::la_right_get_tag(self.handle.as_ptr(), out, error_out)
        })
    }

    /// Update the application-controlled integer tag.
    ///
    /// # Errors
    ///
    /// Returns an error if the Swift bridge rejects the request.
    pub fn set_tag(&self, tag: i64) -> Result<()> {
        bridge_unit(|error_out| unsafe {
            ffi::la_right::la_right_set_tag(self.handle.as_ptr(), tag, error_out)
        })
    }

    /// Attempt to authorize the right.
    ///
    /// # Errors
    ///
    /// Returns a mapped framework or bridge error when authorization fails.
    pub fn authorize(&self, localized_reason: &str) -> Result<()> {
        if localized_reason.is_empty() {
            return Err(LAError::InvalidArgument(
                "localized reason must not be empty".to_owned(),
            ));
        }
        let localized_reason = cstring(localized_reason)?;
        bridge_unit(|error_out| unsafe {
            ffi::la_right::la_right_authorize(
                self.handle.as_ptr(),
                localized_reason.as_ptr(),
                error_out,
            )
        })
    }

    /// Preflight whether the right can eventually be authorized.
    ///
    /// # Errors
    ///
    /// Returns a mapped framework or bridge error when authorization is not possible.
    pub fn check_can_authorize(&self) -> Result<()> {
        bridge_unit(|error_out| unsafe {
            ffi::la_right::la_right_check_can_authorize(self.handle.as_ptr(), error_out)
        })
    }

    /// Deauthorize the right.
    ///
    /// # Errors
    ///
    /// Returns an error if the Swift bridge rejects the request.
    pub fn deauthorize(&self) -> Result<()> {
        bridge_unit(|error_out| unsafe {
            ffi::la_right::la_right_deauthorize(self.handle.as_ptr(), error_out)
        })
    }
}