fix: Prompt for biometric access on iOS during wallet creation - cp-7.65.0

[Cal-L]

Description

This PR addresses a regression on 7.65.0 where biometrics access is no longer prompted on wallet creation for iOS. The change here adds that back, which should result in a more intuitive user experience + makes it consistent with Android. This is an improvement relative to the code that was removed in #24496 since we're now detecting the auth type prior to the password being stored rather than triggering two storage actions.

Changelog

CHANGELOG entry:

Related issues

Fixes: #25998

Manual testing steps

Allowing biometrics

• Will be prompted ask for biometric access on wallet creation
• If allowed, unlock access control will be stored using biometrics
• Future unlock triggers biometrics

Rejecting biometrics

• Will be prompted ask for biometric access on wallet creation
• If rejected, unlock access control will not be stored, forcing user to use password
• Future unlock falls back to password entry

Screenshots/Recordings

Before

After

Allowing biometrics
https://github.com/user-attachments/assets/9a05e870-b1fe-465e-ba8c-6b565198ed9e

Rejecting biometrics
https://github.com/user-attachments/assets/9ce0be47-2aaf-4ce3-bf6e-c0386559546c

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches authentication method selection and keychain password storage/fallback paths used during onboarding/import/reset, so mistakes could impact how users are prompted and how unlock methods are persisted; changes are well-covered by updated tests but span multiple critical flows.

Overview
Restores an explicit iOS biometric prompt during wallet creation/import by introducing Authentication.requestBiometricsAccessControlForIOS and invoking it from ChoosePassword and ImportFromSecretRecoveryPhrase, falling back to PASSWORD when the user declines/cancels.

Refactors password persistence by removing updateAuthTypeStorageFlags and storePasswordWithFallback, making Authentication.storePassword public and adding an optional fallback-to-password retry used by newWalletAndKeychain/newWalletAndRestore/Reset Password. Updates OAuth rehydration and reset-password flows/tests accordingly, and adds/adjusts unit tests to cover iOS decline/success and fallback behavior.

^{Written by Cursor Bugbot for commit 5639099. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[ieow]

We also need similar hotfix for import SRP wallet
app/components/Views/ImportFromSecretRecoveryPhrase/index.js

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 95.45455% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 81.12%. Comparing base (fdc50e0) to head (8b806f4).
⚠️ Report is 112 commits behind head on main.

Files with missing lines	Patch %	Lines
app/components/Views/OAuthRehydration/index.tsx	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #26002      +/-   ##
==========================================
+ Coverage   80.70%   81.12%   +0.42%     
==========================================
  Files        4361     4387      +26     
  Lines      113120   113337     +217     
  Branches    24093    24339     +246     
==========================================
+ Hits        91296    91950     +654     
+ Misses      15476    15007     -469     
- Partials     6348     6380      +32     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ieow]

lgtm

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeWalletPlatform, SmokeIdentity
• Selected Performance tags: @PerformanceOnboarding, @PerformanceLogin
• Risk Level: high
• AI Confidence: 85%

click to see 🤖 AI reasoning details

E2E Test Selection:
This PR makes significant changes to the core Authentication service (app/core/Authentication/Authentication.ts), which is a critical component handling password storage, biometric authentication, and wallet creation/restoration flows.

Key changes:

1. Removed storePasswordWithFallback method - Consolidated into storePassword with a new fallbackToPassword parameter
2. Added requestBiometricsAccessControlForIOS - New method that prompts iOS users for biometrics access control before storing credentials
3. Modified wallet creation flows - newWalletAndKeychain and newWalletAndRestore now use the updated authentication approach
4. Deleted updateAuthTypeStorageFlags utility - Functionality moved into Authentication service

Affected UI components:

• ChoosePassword (wallet creation during onboarding)
• ImportFromSecretRecoveryPhrase (SRP import flow)
• ResetPassword (password reset flow)
• OAuthRehydration (OAuth authentication flow)

Selected tags rationale:

• SmokeAccounts: Tests account security, SRP protection flows, and wallet details - directly affected by authentication changes during account creation and management
• SmokeWalletPlatform: Tests wallet lifecycle analytics for new wallet creation and SRP import events - directly affected by the modified authentication flows
• SmokeIdentity: Tests account syncing features which depend on proper authentication - related to account management and multi-SRP flows

The changes are high risk because they modify the core authentication layer that handles password storage and biometric authentication for all wallet creation and import operations.

Performance Test Selection:
The authentication changes directly affect the onboarding flow (wallet creation and SRP import) and login/authentication mechanisms. The new requestBiometricsAccessControlForIOS method adds an additional biometric prompt step on iOS during wallet creation, which could impact onboarding performance. Changes to storePassword and the removal of storePasswordWithFallback could affect login performance as the password storage and retrieval mechanisms have been modified. These performance tests will help ensure the authentication changes don't introduce performance regressions in critical user flows.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
96.4% Coverage on New Code
3.3% Duplication on New Code

See analysis details on SonarQube Cloud

[metamaskbot]

Missing release label release-7.66.0 on PR. Adding release label release-7.66.0 on PR and removing other release labels(release-7.67.0), as PR was cherry-picked in branch 7.66.0.