bug: fix token fetching to consider arrays of tokens (MESSENGER-6687)

bwi/LoginProtection/LoginProtectionService.swift

@@ -34,10 +34,10 @@ import CryptoKit
             
             let tokenVerificator = ServerTokenVerificator()
             
-            let token = await tokenVerificator.fetchToken(baseURL: homeserverAddress)
+            let tokens = await tokenVerificator.fetchToken(baseURL: homeserverAddress)
             
-            if let token = token {
-                validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, token: token)
+            if let tokens = tokens {
+                validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, tokens: tokens)
             }
         }
         

bwi/TokenVerification/TokenVerificator.swift

@@ -31,7 +31,7 @@ struct ServerTokenClaims: Claims {
 struct ServerTokenVerificator {
       
     // takes a token and the selected server url, returns true if token is valid for at least one public key in the subfolder publickeys. Additionally the token needs to be valid (inside the valid timestamp) and contain a matching homeserver
-    func verifyToken( baseURL: String, token: String ) -> Bool {
+    func verifyToken( baseURL: String, tokens: [String] ) -> Bool {
         let publicKeys = publicKeys(folder: Bundle.main.resourcePath! + "/publickeys" )
  
         let homeServerURL = baseURL.replacingOccurrences(of: "https://", with: "")
@@ -44,12 +44,14 @@ struct ServerTokenVerificator {
             // only one public key needs to be fine
             let jwtVerifier = JWTVerifier.ps512(publicKey: keyData)
             do {
-                let verified = JWT<ServerTokenClaims>.verify(token, using: jwtVerifier)
-                let verifiedJWT = try JWT<ServerTokenClaims>(jwtString: token, verifier: jwtVerifier)
-                let validated = verifiedJWT.validateClaims()
-                let matchingHomeServer = verifiedJWT.claims.sub == homeServerURL
-                if verified && (validated == .success) && matchingHomeServer {
-                    return true
+                for token in tokens {
+                    let verified = JWT<ServerTokenClaims>.verify(token, using: jwtVerifier)
+                    let verifiedJWT = try JWT<ServerTokenClaims>(jwtString: token, verifier: jwtVerifier)
+                    let validated = verifiedJWT.validateClaims()
+                    let matchingHomeServer = verifiedJWT.claims.sub == homeServerURL
+                    if verified && (validated == .success) && matchingHomeServer {
+                        return true
+                    }
                 }
             } catch {
                 // counts like an unverified Token
@@ -61,7 +63,7 @@ struct ServerTokenVerificator {
     }
     
     // fetch the current token from the new endpoint,
-    func fetchToken( baseURL: String ) async -> String? {
+    func fetchToken( baseURL: String ) async -> [String]? {
         let path = "/_bum/client/v1/verify"
         
         guard let url = URL(string: baseURL + path) else {
@@ -75,15 +77,12 @@ struct ServerTokenVerificator {
             
             let (data, _) = try await session.data(from: url)
             
-            // the token may have additional endlines
-            if let str = String(data: data, encoding: .utf8) {
-                return str.trimmingCharacters(in: .whitespacesAndNewlines)
-            }
+            let fetchedStrings = try JSONDecoder().decode([String].self, from: data)
+            
+            return fetchedStrings
         } catch {
             return nil
         }
-
-        return nil
     }
     
     // reads the current public key folder into a string array of public keys