Credential Storage

How TheCompanyApp stores and protects user credentials (UserPass entity).

UserPass Entity

Purpose: Store user login credentials for each company.

Attributes:

companyID: UUID - Company this credential belongs to
userName: String - User's email or username
userPassword: String - User's password (see encryption below)
createdAt: Date - When credential was created

Relationships: None (isolated entity).

Privacy Architecture

Private Database Only

Core Data Configuration:

<!-- TheCompanyApp.xcdatamodel -->
<configuration name="Default" usedWithCloudKit="YES">
    <memberEntity name="UserPass"/>
    <!-- ... all other entities ... -->
</configuration>

<configuration name="Shared" usedWithCloudKit="YES">
    <!-- UserPass intentionally EXCLUDED -->
    <memberEntity name="Companies"/>
    <memberEntity name="InventoryItem"/>
    <!-- ... other shared entities ... -->
</configuration>

Result:

UserPass syncs to CloudKit Private Database (user's iCloud)
UserPass never syncs to Shared Database
Share participants cannot see owner's UserPass
Owner cannot see participants' UserPass

Per-User Credentials

Scenario: Alice owns Company A, shares it with Bob.

Alice's Device:

let alicePass = UserPass(context: viewContext)
alicePass.companyID = companyA.companyID
alicePass.userName = "[email protected]"
alicePass.userPassword = "AliceSecretPass"
try viewContext.save()
// → Saved to Alice's Private Store → Alice's Private Database

Bob's Device (after accepting share):

let bobPass = UserPass(context: viewContext)
bobPass.companyID = companyA.companyID // Same company!
bobPass.userName = "[email protected]"
bobPass.userPassword = "BobSecretPass"
try viewContext.save()
// → Saved to Bob's Private Store → Bob's Private Database

Isolation:

Alice's Private Database has only Alice's UserPass
Bob's Private Database has only Bob's UserPass
They both access Company A (via Shared Database), but each has their own login

Password Storage

Current Implementation: Plain text in Core Data (encrypted at rest by iOS).

iOS Data Protection:

SQLite file encrypted when device locked
Requires device passcode or biometric unlock
Decrypted when device unlocked

Limitation: Password readable in memory when app running.

Best Practice Enhancement

Recommended: Use Keychain for password storage.

Example Implementation:

import Security

func saveToKeychain(password: String, for account: String, service: String) {
    let data = password.data(using: .utf8)!
    let query: [String: Any] = [
        kSecClass as String: kSecClassGenericPassword,
        kSecAttrAccount as String: account,
        kSecAttrService as String: service,
        kSecValueData as String: data,
        kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
    ]
    
    SecItemDelete(query as CFDictionary) // Remove old
    SecItemAdd(query as CFDictionary, nil) // Add new
}

func retrieveFromKeychain(for account: String, service: String) -> String? {
    let query: [String: Any] = [
        kSecClass as String: kSecClassGenericPassword,
        kSecAttrAccount as String: account,
        kSecAttrService as String: service,
        kSecReturnData as String: true
    ]
    
    var result: AnyObject?
    let status = SecItemCopyMatching(query as CFDictionary, &result)
    
    guard status == errSecSuccess,
          let data = result as? Data,
          let password = String(data: data, encoding: .utf8) else {
        return nil
    }
    
    return password
}

Usage:

// Save UserPass entity without password
let userPass = UserPass(context: viewContext)
userPass.companyID = company.companyID
userPass.userName = "[email protected]"
// Don't set userPass.userPassword

// Store password in Keychain
saveToKeychain(
    password: actualPassword,
    for: "[email protected]",
    service: "TheCompanyApp-\(company.companyID)"
)

Benefits:

Password stored in Keychain (separate from SQLite)
Keychain can require biometric re-auth
More secure against memory dumps

Trade-off: Keychain doesn't sync via CloudKit (iCloud Keychain is different). User must re-enter password on each device.

Password Hashing

Current: Not implemented (plain text storage).

Recommended: Hash passwords before storage.

Example:

import CryptoKit

func hashPassword(_ password: String) -> String {
    let inputData = Data(password.utf8)
    let hashed = SHA256.hash(data: inputData)
    return hashed.compactMap { String(format: "%02x", $0) }.joined()
}

Usage:

userPass.userPassword = hashPassword(enteredPassword)

Login Verification:

func verifyPassword(entered: String, stored: String) -> Bool {
    return hashPassword(entered) == stored
}

Limitation: Hashing prevents password recovery (forgot password = must reset).

Multi-Factor Authentication (MFA)

Current: Not implemented.

Future Enhancement:

Add mfaSecret: String? to UserPass
Implement TOTP (Time-based One-Time Password)
Use library like SwiftOTP

Example:

import SwiftOTP

// Setup (user scans QR code)
let secret = "BASE32SECRET"
userPass.mfaSecret = secret

// Login verification
let totp = TOTP(secret: Data(base32Encoded: secret)!)
let currentCode = totp?.generate(time: Date())
if enteredCode == currentCode {
    // Allow login
}

Credential Expiration

Current: Credentials never expire.

Future Enhancement:

Add expiresAt: Date? to UserPass
Force password reset every 90 days
Notify user before expiration

Implementation:

extension UserPass {
    var isExpired: Bool {
        guard let expiresAt = self.expiresAt else { return false }
        return Date() > expiresAt
    }
}

Fetching Credentials

Secure Fetch:

func fetchUserPass(for companyID: UUID, userName: String) -> UserPass? {
    let request: NSFetchRequest<UserPass> = UserPass.fetchRequest()
    request.predicate = NSPredicate(
        format: "companyID == %@ AND userName == %@",
        companyID as CVarArg,
        userName
    )
    request.fetchLimit = 1
    
    return try? viewContext.fetch(request).first
}

Never Fetch All Passwords:

// WRONG: Don't do this
let allPasswords = try viewContext.fetch(UserPass.fetchRequest())

Fetch only the credential needed for current login.

Deletion

When Deleting Company:

func deleteCompany(_ company: Companies) {
    // Delete associated UserPass
    let passRequest: NSFetchRequest<UserPass> = UserPass.fetchRequest()
    passRequest.predicate = NSPredicate(format: "companyID == %@", company.companyID as CVarArg)
    
    if let userPassList = try? viewContext.fetch(passRequest) {
        for userPass in userPassList {
            viewContext.delete(userPass)
        }
    }
    
    // Delete company
    viewContext.delete(company)
    try? viewContext.save()
}

Result: Credential permanently deleted from Private Database.

Related: Security Model, Data Isolation, Login Flow

PreviousSecurity Model NextData Isolation

Last updated 1 hour ago

Good morning

hashtagUserPass Entity

hashtagPrivacy Architecture

hashtagPrivate Database Only

hashtagPer-User Credentials

hashtagPassword Storage

hashtagBest Practice Enhancement

hashtagPassword Hashing

hashtagMulti-Factor Authentication (MFA)

hashtagCredential Expiration

hashtagFetching Credentials

hashtagDeletion