(settings): Enhance authentication checks in Greeter & LockScreen tabs

2026-04-04 04:42:05 -04:00 · 2026-03-11 16:58:15 -04:00
parent 78357d45bb
commit 62c2e858ef
3 changed files with 73 additions and 10 deletions
--- a/quickshell/Modules/Settings/GreeterTab.qml
+++ b/quickshell/Modules/Settings/GreeterTab.qml
@@ -14,6 +14,19 @@ import qs.Modules.Settings.Widgets
 Item {
    id: root

+    readonly property bool greeterFprintToggleAvailable: SettingsData.fprintdAvailable || SettingsData.greeterEnableFprint
+    readonly property bool greeterU2fToggleAvailable: SettingsData.u2fAvailable || SettingsData.greeterEnableU2f
+
+    function refreshAuthDetection() {
+        SettingsData.refreshAuthAvailability();
+    }
+
+    Component.onCompleted: refreshAuthDetection()
+    onVisibleChanged: {
+        if (visible)
+            refreshAuthDetection();
+    }
+
    ConfirmModal {
        id: greeterActionConfirm
    }
@@ -469,13 +482,16 @@ Item {
                    tags: ["greeter", "fingerprint", "fprintd", "login", "auth"]
                    text: I18n.tr("Enable fingerprint at login")
                    description: {
-                        if (!SettingsData.fprintdAvailable)
+                        if (!SettingsData.fprintdAvailable) {
+                            if (SettingsData.greeterEnableFprint)
+                                return I18n.tr("Enabled in settings, but fingerprint availability could not yet be confirmed. Re-open after enrolling fingerprints or reconnecting the reader.");
                            return I18n.tr("Not available — install fprintd and enroll fingerprints.");
+                        }
                        return SettingsData.greeterEnableFprint ? I18n.tr("Run Sync to apply. Fingerprint-only login may not unlock GNOME Keyring.") : I18n.tr("Only off for DMS-managed PAM lines. If greetd includes system-auth/common-auth/password-auth with pam_fprintd, fingerprint still stays enabled.");
                    }
                    descriptionColor: SettingsData.fprintdAvailable ? Theme.surfaceVariantText : Theme.warning
                    checked: SettingsData.greeterEnableFprint
-                    enabled: SettingsData.fprintdAvailable
+                    enabled: root.greeterFprintToggleAvailable
                    onToggled: checked => SettingsData.set("greeterEnableFprint", checked)
                }

@@ -484,13 +500,16 @@ Item {
                    tags: ["greeter", "u2f", "security", "key", "login", "auth"]
                    text: I18n.tr("Enable security key at login")
                    description: {
-                        if (!SettingsData.u2fAvailable)
+                        if (!SettingsData.u2fAvailable) {
+                            if (SettingsData.greeterEnableU2f)
+                                return I18n.tr("Enabled in settings, but security key availability could not yet be confirmed. Re-open after enrolling keys or updating pam_u2f.");
                            return I18n.tr("Not available — install pam_u2f and enroll keys.");
+                        }
                        return SettingsData.greeterEnableU2f ? I18n.tr("Run Sync to apply.") : I18n.tr("Disabled.");
                    }
                    descriptionColor: SettingsData.u2fAvailable ? Theme.surfaceVariantText : Theme.warning
                    checked: SettingsData.greeterEnableU2f
-                    enabled: SettingsData.u2fAvailable
+                    enabled: root.greeterU2fToggleAvailable
                    onToggled: checked => SettingsData.set("greeterEnableU2f", checked)
                }
            }
--- a/quickshell/Modules/Settings/LockScreenTab.qml
+++ b/quickshell/Modules/Settings/LockScreenTab.qml
@@ -8,6 +8,29 @@ import qs.Modules.Settings.Widgets
 Item {
    id: root

+    readonly property bool lockFprintToggleAvailable: SettingsData.fprintdAvailable || SettingsData.enableFprint
+    readonly property bool lockU2fToggleAvailable: SettingsData.u2fAvailable || SettingsData.enableU2f
+
+    function refreshAuthDetection() {
+        SettingsData.refreshAuthAvailability();
+    }
+
+    Component.onCompleted: refreshAuthDetection()
+    onVisibleChanged: {
+        if (visible)
+            refreshAuthDetection();
+    }
+
+    FileBrowserModal {
+        id: videoBrowserModal
+        browserTitle: I18n.tr("Select Video or Folder")
+        browserIcon: "movie"
+        browserType: "video"
+        showHiddenFiles: false
+        fileExtensions: ["*.mp4", "*.mkv", "*.webm", "*.mov", "*.avi", "*.m4v"]
+        onFileSelected: path => SettingsData.set("lockScreenVideoPath", path)
+    }
+
    DankFlickable {
        anchors.fill: parent
        clip: true
@@ -161,9 +184,16 @@ Item {
                    settingKey: "enableFprint"
                    tags: ["lock", "screen", "fingerprint", "authentication", "biometric", "fprint"]
                    text: I18n.tr("Enable fingerprint authentication")
-                    description: I18n.tr("Use fingerprint reader for lock screen authentication (requires enrolled fingerprints)")
+                    description: {
+                        if (SettingsData.fprintdAvailable)
+                            return I18n.tr("Use fingerprint reader for lock screen authentication (requires enrolled fingerprints)");
+                        if (SettingsData.enableFprint)
+                            return I18n.tr("Enabled in settings, but fingerprint availability could not yet be confirmed. Re-open after enrolling fingerprints or reconnecting the reader.");
+                        return I18n.tr("Not available — install fprintd and enroll fingerprints.");
+                    }
+                    descriptionColor: SettingsData.fprintdAvailable ? Theme.surfaceVariantText : Theme.warning
                    checked: SettingsData.enableFprint
-                    visible: SettingsData.fprintdAvailable
+                    enabled: root.lockFprintToggleAvailable
                    onToggled: checked => SettingsData.set("enableFprint", checked)
                }

@@ -171,10 +201,16 @@ Item {
                    settingKey: "enableU2f"
                    tags: ["lock", "screen", "u2f", "yubikey", "security", "key", "fido", "authentication", "hardware"]
                    text: I18n.tr("Enable security key authentication", "Enable FIDO2/U2F hardware security key for lock screen")
-                    description: SettingsData.u2fAvailable ? I18n.tr("Use a FIDO2/U2F security key (e.g. YubiKey) for lock screen authentication (requires enrolled keys)", "lock screen U2F security key setting") : I18n.tr("Not enrolled", "security key not detected status")
+                    description: {
+                        if (SettingsData.u2fAvailable)
+                            return I18n.tr("Use a FIDO2/U2F security key (e.g. YubiKey) for lock screen authentication (requires enrolled keys)", "lock screen U2F security key setting");
+                        if (SettingsData.enableU2f)
+                            return I18n.tr("Enabled in settings, but security key availability could not yet be confirmed. Re-open after enrolling keys or updating pam_u2f.");
+                        return I18n.tr("Not available — install pam_u2f and enroll keys.");
+                    }
                    descriptionColor: SettingsData.u2fAvailable ? Theme.surfaceVariantText : Theme.warning
                    checked: SettingsData.enableU2f
-                    enabled: SettingsData.u2fAvailable
+                    enabled: root.lockU2fToggleAvailable
                    onToggled: checked => SettingsData.set("enableU2f", checked)
                }

@@ -183,7 +219,7 @@ Item {
                    tags: ["lock", "screen", "u2f", "yubikey", "security", "key", "mode", "factor", "second"]
                    text: I18n.tr("Security key mode", "lock screen U2F security key mode setting")
                    description: I18n.tr("'Alternative' lets the key unlock on its own. 'Second factor' requires password or fingerprint first, then the key.", "lock screen U2F security key mode setting")
-                    visible: SettingsData.u2fAvailable && SettingsData.enableU2f
+                    visible: SettingsData.enableU2f
                    options: [I18n.tr("Alternative (OR)", "U2F mode option: key works as standalone unlock method"), I18n.tr("Second Factor (AND)", "U2F mode option: key required after password or fingerprint")]
                    currentValue: SettingsData.u2fMode === "and" ? I18n.tr("Second Factor (AND)", "U2F mode option: key required after password or fingerprint") : I18n.tr("Alternative (OR)", "U2F mode option: key works as standalone unlock method")
                    onValueChanged: value => {