codingzeal / redux-persist-sensitive-storage Goto Github PK
View Code? Open in Web Editor NEWredux-persist storage engine for react-native-sensitive-info
License: MIT License
redux-persist storage engine for react-native-sensitive-info
License: MIT License
The docs for react-native-sensitive-info
, on which this package relies, suggests that the user has to provide authentication info before it allows access to the keychain or shared preferences (eg. fingerprint, touch ID, face recognition). I've deployed this to various devices through testfairy and never get prompted to further authenticate, so am puzzled as to when and why this extra layer of security would kick in. Some clarification would be useful, we'd have to advise our users what to expect if we rolled this out to the stores.
I'm slightly scared where the docs say "Every time the app wants to access the protected keychain item, a prompt by iOS will show up." - we wouldn't want to annoy our users by them having to respond to repeated prompts.
hi, i want to reset my App, how can i clear all of my data in redux-persist-sensitive-storage ?
You mention in the README that there is a branch which is more secure for Android.
What is the reasoning for it not being the standard?
Thanks in advance,
Alberto
redux-persist just switched to requiring promise based storage in v5.0.0-beta.13
Unfortunately it is going to be a pain to get everyone updated. Technically the storage can support both (like AsyncStorage and localforage) but since this module is specific to redux-persist may was well just go 100% promises and make the peer dep be redux-persist@5
This library is great and works well, but it seems doesn't handle pre-existing state (persisted with standard redux-persist) on first use after deployment. This is a big issue for us because we don't want to have to force users to enter pre-login account info again. Are there any guidelines to help with migrating pre-existing state?
Because I only want secure storage one one of my keys, I've moved to using nested persists - could that be the reason I'm losing pre-existing state or is this a generic issue?
Apparently v6 (alpha) is the official version that supports keystore on Android:
https://mcodex.dev/react-native-sensitive-info/docs/
If it works you need to update the readme of this repo.
From the docs on v6:
This version uses by default keystore to encrypt/decrypt data on Android.
This should mean that using the keystore branch is no longer necessary.
The upgrade should include a major version update of this package, as it is not backwards compatible.
react-native-sensitive-info manages all data stored in Android Shared Preferences like AsyncStorage.. so what is different?
thanks in advance
Hey,
I just want to clarify that react-native-sensitive-info
actually uses the Android keystore. Check also: mCodex/react-native-sensitive-info#59
โ๏ธ
Hi, been using this package alongside redux-persist for a while now... Was working great until recently...
In the last couple of days I've noticed that during hydration all of the data is missing. This occurs infrequently. Usually have to force quit the app over a couple of minutes to reproduce. Not really sure what's causing it - switched to Asyncstorage and everything working fine - so I think it might be something to do with react-persist-sensitive-storage
.
Package:
react-native-sensitive-info
: 5.5.1
redux-persist
: 6.0.0
"redux": "^4.0.4"
Here's what my store looks like:
import {createStore, applyMiddleware, compose} from 'redux';
import {persistStore, persistReducer} from 'redux-persist';
import createSensitiveStorage from 'redux-persist-sensitive-storage';
import thunk from 'redux-thunk';
import reducer from './src/reducers';
const initialState = {};
const middleware = [thunk];
const composeEnhancers = window.__REDUX_DEVTOOLS_EXTENSION_COMPOSE__ || compose;
const storage = createSensitiveStorage({
keychainService: 'appNameKeychain',
sharedPreferencesName: 'appNameKeystore',
});
const persistConfig = {
key: 'root',
storage,
};
const pReducer = persistReducer(persistConfig, reducer);
export const store = createStore(
pReducer,
initialState,
composeEnhancers(applyMiddleware(...middleware)),
);
export const pStore = persistStore(store);
and my App.js (entry point):
...
const App: () => React$Node = () => {
return (
<>
<Provider store={store}>
<PersistGate loading={null} persistor={pStore}>
<Navigation />
</PersistGate>
</Provider>
</>
);
};
and my root reducer looks something like this:
import {combineReducers} from 'redux';
import xreducer from './xreducer';
import xreducer1 from './xreducer1';
export default combineReducers({
xreducer,
xreducer1
});
Any help with diagnosing this issue would be welcome.
The readme suggests specific values for keyChainService
and sharedPreferencesName
:
const storage = createSensitiveStorage({
keychainService: "myKeychain",
sharedPreferencesName: "mySharedPrefs"
});
But offers no reasoning for these values and whether you should consider changing them, and to what. For those like myself that is not familiar with keychain, it could do with some explanation. I've also seen some examples in the issues where encrypt: true
is included in the object passed into this function - is that documented anywhere?
Another question: in running this in debug mode on a macbook what (if anything) is used instead of keychain? I certainly can't see any new keys added to the mac's keychain.
Hi,
I don't know if that's a common issue or not but I had a few users reporting a total loss of their data on IOs after updating the OS or updating apps.
It might be something in my code but maybe you get similar problems in the past and is a known issue.
I'm not sure if this library is still alive...
When using this library in a react-native project that uses Jest for testing, I had to ensure that this module gets transpiled by Jest using its transformIgnorePatterns
setting.
There are a number of other libraries that have the same problem, but it should be possible to make this library more universally-usable, perhaps using the module
key in package.json
. I'm not (yet) clear on the details, but I know there are a number of articles and blog posts around about how to do this well.
import { combineReducers } from 'redux'
import { persistReducer } from 'redux-persist'
import AsyncStorage from '@react-native-community/async-storage'
import AuthReducer from '@redux-sections/auth/reducer'
import ProfileReducer from '@redux-sections/profile/reducer'
import createSensitiveStorage from 'redux-persist-sensitive-storage'
const sensitiveStorage = createSensitiveStorage({
keychainService: 'myAppKeychain',
sharedPreferencesName: 'myAppPrefs',
})
const mainPersistConfig = {
key: 'mainPersist',
storage: AsyncStorage,
whitelist: ['profile'],
}
const securePersistConfig = {
key: 'securePersist',
storage: sensitiveStorage,
}
const rootReducer = combineReducers({
auth: persistReducer(securePersistConfig, AuthReducer),
profile: persistReducer(mainPersistConfig, ProfileReducer),
})
export default rootReducer
Hello,
What is the best pratices to implement the library.
There @randy Coulman said
We only store API tokens in sensitive storage. Everything else goes in normal storage (AsyncStorage in react-native, for example). You can call redux-persist's
persistStore
function multiple times. Unfortunately, I don't have a code example I can share quickly, but if you could create an issue on the repo, that's something we can look at adding to the documentation.
I want to store 2 tokens, here is my redux/index.js
import { combineReducers } from 'redux'
import configureStore from './CreateStore'
import rootSaga from '../Sagas/'
import { persistReducer } from 'redux-persist'
import createSensitiveStorage from "redux-persist-sensitive-storage";
const tokenPersistConfig = {
key: 'token',
storage: createSensitiveStorage({
keychainService: "myKeychain",
sharedPreferencesName: "mySharedPrefs",
encrypt: true
})
};
export default () => {
/* ------------- Assemble The Reducers ------------- */
const rootReducer = combineReducers({
nav: require('./NavigationRedux').reducer,
github: require('./GithubRedux').reducer,
login: require('./LoginRedux').reducer,
search: require('./SearchRedux').reducer,
filter: require ('./FilterRedux').reducer,
map: require ('./MapRedux').reducer,
token: persistReducer(tokenPersistConfig, require('./TokenRedux').reducer),
});
return configureStore(rootReducer, rootSaga)
}
Here's my package.json
"react": "16.0.0",
"react-native": "0.50.4",
"react-native-sensitive-info": "git://github.com/mCodex/react-native-sensitive-info.git#keystore",
"redux-persist": "^5.4.0",
"redux-persist-sensitive-storage": "^1.0.0",
Regarding [React Native Sensitive Info](React Native Sensitive Info)
Do I use anywhere setItem getItem deleteItem getAllItems ?
How do I know the encrypt worked?
Where the data are stored exactly?
Can you please help me understand as to what happens to the data when the app is uninstalled. Does redux-persist-sensitive-storage keep the data or does it just destroy it ??
redux-persist v5.x has changed the API, so the example in our README is now outdated. We need to update the example to match the latest version.
Add an example to the README of how to persist some state to regular storage, and other state to sensitive storage.
I just checked over there and the readme is the only thing to merge from the keystore
branch, which is ~60 commits behind master, so the note about android incompatibility is a little outdated now :)
Im looking at the different branch of react-native-sensitive-info
but I can't figure out how to use that with this module. Additionally, that branch examples' seem to continue using sharedPrefs
- how can I use the android keystore with this?
I have the following code.
import createSensitiveStorage from 'redux-persist-sensitive-storage';
const storage = createSensitiveStorage();
Note that I haven't passed any configuration options to the createSensitiveStorage() function.
What happens if I don't pass the configuration? Will I still get secured storage by default or do I get an unsecured one?
Hi,
Using this library crashes my Android release build at the opening of the app.
"react": "16.3.1",
"react-native": "0.55.4",
"react-native-sensitive-info": "^5.2.4",
"redux-persist-sensitive-storage": "^1.0.0",
It works fine on the emulator and also when I connect my phone directly to the computer.
I tried using assemble debug which also works but release does not work at all.
Used this redux-persist-sensitive-storage library and faced the above issue while running the test cases.
Tests suite failed to run
TypeError: (0 , _reduxPersistSensitiveStorage.default) is not a function
Using @testing-library/react-native
How to resolve this issue? Please let me know.
Thank you
Hey!
I followed the README and used the secured storage.
But how can I be sure it is working correctly?
Regards
Hi,
I am receiving this exception at some point.
Error storing data TypeError: Cannot read property 'setItem' of undefined.
store.js
**
* Storage config for authReducer
*/
const sensitiveStorage = createSensitiveStorage({
keychainService: 'myKeychain',
sharedPreferencesName: 'mySharedPrefs'
});
const tokenPersistConfig = {
key: 'token',
storage: sensitiveStorage,
whitelist: ['authReducer']
};
export default (initialState) => {
let reducer = persistReducer(tokenPersistConfig, reducers);
let enhancer;
if (__DEV__) {
enhancer = compose(applyMiddleware(thunk, logger));
} else {
enhancer = compose(applyMiddleware(thunk));
}
const store = createStore(reducer, initialState, enhancer);
return store;
};
package.json
"react": "16.0.0",
"react-native": "0.51.0",
"redux-persist": "^5.9.1",
"redux-persist-sensitive-storage": "^1.0.0",
"react-native-sensitive-info": "^5.1.0"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.