Add Signal API implementation (Provider)

[neelanshsahai]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @neelanshsahai, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the implementation of the Android Credential Provider Events API (Signal API) into the MyVault application. This allows the credential provider to receive and respond to various signals from the Android system, such as requests to hide/unhide specific credentials or update user details associated with credentials. The changes include integrating new dependencies, defining a dedicated service to handle these signals, updating the data layer to manage credential visibility, and enhancing the UI to reflect these changes, along with notification support.

Highlights

• Signal API Integration: The pull request integrates the Android Credential Provider Events API, enabling the MyVault application to receive and process various signals from the Android system's credential manager. This includes handling requests to hide/unhide credentials and update user details.
• Credential Visibility Management: A new 'hidden' flag has been introduced for 'PasskeyItem's, allowing the credential provider to manage the visibility of credentials. This enables the system to instruct the provider to hide or unhide specific credentials from the user's view.
• Dynamic User Detail Updates: The implementation now supports updating user details, such as username and display name, for passkeys in response to 'SignalCurrentUserDetailsRequest' events, ensuring credential information remains current.
• Notification Support: A notification system has been added to provide immediate feedback to the user when a Signal API event is successfully processed by the credential provider, enhancing transparency.
• Database and UI Updates: The local database schema has been updated to accommodate the new 'hidden' status for passkeys, and the UI components have been modified to filter and display only non-hidden passkeys, ensuring a consistent user experience.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds the Signal API implementation to the credential provider, allowing it to react to events from relying parties, such as credential updates or deletions. The changes include a new service to handle these signals, UI updates to reflect credential state, and necessary database modifications. My review has identified a critical performance issue due to blocking the main thread, a logic bug in a database query, and some leftover debugging code that should be cleaned up.

[gemini-code-assist]

Using runBlocking here will block the main thread, as onSignalCredentialStateRequest is called on the main thread. This can cause Application Not Responding (ANR) errors and should be avoided.

This function should be converted to a suspend function and called from a coroutine that runs on a background dispatcher (like Dispatchers.IO). You can create a CoroutineScope in your service and launch a coroutine from onSignalCredentialStateRequest to handle the work asynchronously.

Suggested change

	private fun handleUnknownCredentialRequest(requestJson: String) = runBlocking {
	private suspend fun handleUnknownCredentialRequest(requestJson: String) {

[gemini-code-assist]

Similar to handleUnknownCredentialRequest, this function uses runBlocking on the main thread, which can cause ANRs. It should be converted to a suspend function and executed on a background thread.

Suggested change

	private fun handleAcceptedCredentialsRequest(requestJson: String) = runBlocking {
	private suspend fun handleAcceptedCredentialsRequest(requestJson: String) {

[gemini-code-assist]

Similar to the other handlers, this function uses runBlocking on the main thread, which can cause ANRs. It should be converted to a suspend function and executed on a background thread.

    private suspend fun handleCurrentUserDetailRequest(requestJson: String) {

[gemini-code-assist]

The query for getPasskeysForUser filters for hidden = false. However, the logic in CredentialProviderService.handleAcceptedCredentialsRequest needs to retrieve all passkeys for a user, including hidden ones, to determine which ones to un-hide. With the current query, a hidden passkey will never be part of the result set and thus can never be un-hidden.

Suggested change

	@Query("SELECT * from passkeys WHERE uid = :userId and hidden = false")
	fun getPasskeysForUser(userId: String): List<PasskeyItem>?
	@Query("SELECT * from passkeys WHERE uid = :userId")
	fun getPasskeysForUser(userId: String): List<PasskeyItem>?

[gemini-code-assist]

The for-loop to extract strings from the JSONArray can be written more idiomatically and safely in Kotlin.

                for (i in 0 until value.length()) {
                    value.optString(i)?.let { listAllAcceptedCredIds.add(it) }
                }