fix: dynamic_pointer_cast for HybridStorage weak_ptr + replace deprecated kSecUseAuthenticationUIFail

- Use dynamic_pointer_cast instead of static_pointer_cast when capturing
  shared_from_this() as weak_ptr<HybridStorage> — required because HybridObject
  is a virtual base class and static_pointer_cast is ill-formed in that case.
- Replace all 6 usages of kSecUseAuthenticationUIFail (deprecated iOS 14) with
  a disableKeychainInteraction() helper using LAContext.interactionNotAllowed=YES
  + kSecUseAuthenticationContext to suppress auth prompts without deprecated API.

Author: JoaoPauloCMarra

packages/react-native-nitro-storage/cpp/bindings/HybridStorage.cpp

@@ -277,7 +277,7 @@ std::function<void()> HybridStorage::addOnChange(
         listeners_[intScope].push_back({listenerId, callback});
     }
 
-    std::weak_ptr<HybridStorage> weakSelf = std::static_pointer_cast<HybridStorage>(shared_from_this());
+    std::weak_ptr<HybridStorage> weakSelf = std::dynamic_pointer_cast<HybridStorage>(shared_from_this());
     return [weakSelf, intScope, listenerId]() {
         auto self = weakSelf.lock();
         if (!self) return;  // HybridStorage was destroyed — safe no-op

packages/react-native-nitro-storage/ios/IOSStorageAdapterCpp.mm

@@ -16,6 +16,14 @@
     return defaults ?: [NSUserDefaults standardUserDefaults];
 }
 
+// Prevents the Keychain from showing auth UI. On iOS 14+ kSecUseAuthenticationUIFail is
+// deprecated; the correct replacement is an LAContext with interactionNotAllowed = YES.
+static void disableKeychainInteraction(NSMutableDictionary* query) {
+    LAContext* ctx = [[LAContext alloc] init];
+    ctx.interactionNotAllowed = YES;
+    query[(__bridge id)kSecUseAuthenticationContext] = ctx;
+}
+
 static CFStringRef accessControlAttr(int level) {
     switch (level) {
         case 1: return kSecAttrAccessibleAfterFirstUnlock;
@@ -178,7 +186,7 @@ static CFStringRef accessControlAttr(int level) {
 
 static std::vector<std::string> keychainAccountsForService(NSString* service, NSString* accessGroup) {
     NSMutableDictionary* query = allAccountsQuery(service, accessGroup);
-    query[(__bridge id)kSecUseAuthenticationUI] = (__bridge id)kSecUseAuthenticationUIFail;
+    disableKeychainInteraction(query);
     CFTypeRef result = NULL;
     std::vector<std::string> keys;
     OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &result);
@@ -274,7 +282,7 @@ static CFStringRef accessControlAttr(int level) {
     NSMutableDictionary* query = baseKeychainQuery(nsKey, kKeychainService, group);
     query[(__bridge id)kSecReturnData] = @YES;
     query[(__bridge id)kSecMatchLimit] = (__bridge id)kSecMatchLimitOne;
-    query[(__bridge id)kSecUseAuthenticationUI] = (__bridge id)kSecUseAuthenticationUIFail;
+    disableKeychainInteraction(query);
 
     CFTypeRef result = NULL;
     OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &result);
@@ -334,12 +342,12 @@ static CFStringRef accessControlAttr(int level) {
     }
     NSString* group = groupStr.empty() ? nil : [NSString stringWithUTF8String:groupStr.c_str()];
     NSMutableDictionary* secureQuery = baseKeychainQuery(nsKey, kKeychainService, group);
-    secureQuery[(__bridge id)kSecUseAuthenticationUI] = (__bridge id)kSecUseAuthenticationUIFail;
+    disableKeychainInteraction(secureQuery);
     if (SecItemCopyMatching((__bridge CFDictionaryRef)secureQuery, NULL) == errSecSuccess) {
         return true;
     }
     NSMutableDictionary* biometricQuery = baseKeychainQuery(nsKey, kBiometricKeychainService, group);
-    biometricQuery[(__bridge id)kSecUseAuthenticationUI] = (__bridge id)kSecUseAuthenticationUIFail;
+    disableKeychainInteraction(biometricQuery);
     return SecItemCopyMatching((__bridge CFDictionaryRef)biometricQuery, NULL) == errSecSuccess;
 }
 
@@ -484,13 +492,13 @@ static CFStringRef accessControlAttr(int level) {
     }
     NSString* group = groupStr.empty() ? nil : [NSString stringWithUTF8String:groupStr.c_str()];
 
-    // Capture backup before delete — use kSecUseAuthenticationUIFail to avoid prompting
+    // Capture backup before delete — must not prompt for auth
     std::optional<std::string> backup = std::nullopt;
     {
         NSMutableDictionary* backupQuery = baseKeychainQuery(nsKey, kBiometricKeychainService, group);
         backupQuery[(__bridge id)kSecReturnData] = @YES;
         backupQuery[(__bridge id)kSecMatchLimit] = (__bridge id)kSecMatchLimitOne;
-        backupQuery[(__bridge id)kSecUseAuthenticationUI] = (__bridge id)kSecUseAuthenticationUIFail;
+        disableKeychainInteraction(backupQuery);
         CFTypeRef backupResult = NULL;
         if (SecItemCopyMatching((__bridge CFDictionaryRef)backupQuery, &backupResult) == errSecSuccess && backupResult) {
             NSData* bData = (__bridge_transfer NSData*)backupResult;
@@ -606,7 +614,7 @@ static CFStringRef accessControlAttr(int level) {
     }
     NSString* group = groupStr.empty() ? nil : [NSString stringWithUTF8String:groupStr.c_str()];
     NSMutableDictionary* query = baseKeychainQuery(nsKey, kBiometricKeychainService, group);
-    query[(__bridge id)kSecUseAuthenticationUI] = (__bridge id)kSecUseAuthenticationUIFail;
+    disableKeychainInteraction(query);
     return SecItemCopyMatching((__bridge CFDictionaryRef)query, NULL) == errSecSuccess;
 }