使用 Sirikit 提高支付的安全性
Increasing security for payment with Sirikit
我正在尝试提高与 Siri 集成的支付应用程序的安全性。
我使用了这个 link 中的 Apple 示例代码,并且我调整了以下内容以在执行支付之前实现触摸 ID 身份验证:
(新增touch ID认证函数"authenticate",在handle函数中调用)
func handle(sendPayment intent: INSendPaymentIntent, completion: @escaping (INSendPaymentIntentResponse) -> Void) {
self.authenticate(successAuth: {
guard let payee = intent.payee,
let payeeHandle = payee.personHandle,
let currencyAmount = intent.currencyAmount,
let amount = currencyAmount.amount,
let currencyCode = currencyAmount.currencyCode
else {
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
self.contactLookup.lookup(emailAddress: payeeHandle.value) { contact in
guard let contact = contact else {
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
let payment = Payment(contact: contact, amount: amount, currencyCode: currencyCode)
self.paymentProvider.send(payment) { success, _, _ in
guard success else {
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
let response = INSendPaymentIntentResponse(code: .success, userActivity: nil)
response.paymentRecord = self.makePaymentRecord(for: intent)
completion(response)
}
}
}) { (error) in
print("error in authentication")
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
}
func authenticate(successAuth: @escaping () -> Void, failure: @escaping (NSError?) -> Void) {
// 1. Create a authentication context
let authenticationContext = LAContext()
var error:NSError?
guard authenticationContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else {
failure(error)
return
}
// 3. Check the fingerprint
authenticationContext.evaluatePolicy(
.deviceOwnerAuthenticationWithBiometrics,
localizedReason: "Unlock to send the money",
reply: { [unowned self] (success, error) -> Void in
if( success ) {
successAuth()
}else {
let message = self.errorMessageForLAErrorCode(errorCode: (error! as NSError).code)
print(message)
failure(error! as NSError)
}
})
successAuth()
}
问题是 Siri 说:“抱歉,您需要在应用程序中继续”
经过仔细调试,我发现问题只发生在Siri提示最后收款人或最后货币金额时,所以我在resolvePayee和resolveCurrencyAmount中注释了这些部分,流程完美运行!确认付款后,它会要求进行触摸 ID 身份验证,然后发送付款。谢谢大家!
我正在尝试提高与 Siri 集成的支付应用程序的安全性。
我使用了这个 link 中的 Apple 示例代码,并且我调整了以下内容以在执行支付之前实现触摸 ID 身份验证:
(新增touch ID认证函数"authenticate",在handle函数中调用)
func handle(sendPayment intent: INSendPaymentIntent, completion: @escaping (INSendPaymentIntentResponse) -> Void) {
self.authenticate(successAuth: {
guard let payee = intent.payee,
let payeeHandle = payee.personHandle,
let currencyAmount = intent.currencyAmount,
let amount = currencyAmount.amount,
let currencyCode = currencyAmount.currencyCode
else {
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
self.contactLookup.lookup(emailAddress: payeeHandle.value) { contact in
guard let contact = contact else {
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
let payment = Payment(contact: contact, amount: amount, currencyCode: currencyCode)
self.paymentProvider.send(payment) { success, _, _ in
guard success else {
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
let response = INSendPaymentIntentResponse(code: .success, userActivity: nil)
response.paymentRecord = self.makePaymentRecord(for: intent)
completion(response)
}
}
}) { (error) in
print("error in authentication")
completion(INSendPaymentIntentResponse(code: .failure, userActivity: nil))
return
}
}
func authenticate(successAuth: @escaping () -> Void, failure: @escaping (NSError?) -> Void) {
// 1. Create a authentication context
let authenticationContext = LAContext()
var error:NSError?
guard authenticationContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else {
failure(error)
return
}
// 3. Check the fingerprint
authenticationContext.evaluatePolicy(
.deviceOwnerAuthenticationWithBiometrics,
localizedReason: "Unlock to send the money",
reply: { [unowned self] (success, error) -> Void in
if( success ) {
successAuth()
}else {
let message = self.errorMessageForLAErrorCode(errorCode: (error! as NSError).code)
print(message)
failure(error! as NSError)
}
})
successAuth()
}
问题是 Siri 说:“抱歉,您需要在应用程序中继续”
经过仔细调试,我发现问题只发生在Siri提示最后收款人或最后货币金额时,所以我在resolvePayee和resolveCurrencyAmount中注释了这些部分,流程完美运行!确认付款后,它会要求进行触摸 ID 身份验证,然后发送付款。谢谢大家!