Skip to content

fix: remove pin from backup and reset pin settings on restore #305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jvsena42 merged 2 commits into from
Jan 7, 2026
Merged

fix: remove pin from backup and reset pin settings on restore #305

jvsena42 merged 2 commits into from
Jan 7, 2026

Conversation

@jvsena42
Copy link
Member

@jvsena42 jvsena42 commented Jan 7, 2026
edited
Loading

Description

PIN settings (useBiometrics, requirePinForPayments) were being backed up but PIN wasn't. This created an impossible authentication state after restore

Solution: Don't backup pin settings and always reset pin settings on restore

OBS: Android already implemented this same solution

Linked Issues/Tasks

Close #304

Screenshot / Video

reset-pin.mp4

@jvsena42 jvsena42 self-assigned this Jan 7, 2026
@jvsena42 jvsena42 requested review from Copilot and pwltr January 7, 2026 11:28
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a critical security issue where PIN-related settings (biometric authentication and PIN requirement for payments) were being backed up without the actual PIN, creating an impossible authentication state after restore. The solution removes PIN settings from the backup configuration and ensures these settings are always reset during the restore process.

Key Changes:

  • Removed PIN-related settings from backup configuration to prevent authentication state mismatch
  • Added automatic PIN settings reset during the restore process
  • Aligned iOS behavior with existing Android implementation

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
Bitkit/Models/SettingsBackupConfig.swift Removed useBiometrics and requirePinForPayments from backup mappings with explanatory comment
Bitkit/Services/BackupService.swift Added PIN settings reset call after successful restore operation

@jvsena42 jvsena42 requested a review from ben-kaufman January 7, 2026 11:29
@jvsena42 jvsena42 enabled auto-merge January 7, 2026 11:35
@jvsena42 jvsena42 mentioned this pull request Jan 7, 2026
Open
@jvsena42 jvsena42 merged commit 39679e3 into master Jan 7, 2026
11 of 13 checks passed
@jvsena42 jvsena42 deleted the fix/pin-not-accepted branch January 7, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ben-kaufman ben-kaufman ben-kaufman approved these changes

@pwltr pwltr Awaiting requested review from pwltr

Assignees

@jvsena42 jvsena42

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pin not accepted after wallet reset

3 participants

@jvsena42 @ben-kaufman