feat: use the homeserver url from the wellknown file for JWT check (MESSENGER-6777)

RiotSwiftUI/Modules/Authentication/Common/Service/MatrixSDK/AuthenticationService.swift

@@ -205,6 +205,20 @@ class AuthenticationService: NSObject {
         delegate?.authenticationService(self, didReceive: token, with: transactionID) ?? false
     }
     
+    /// BWI: #6777 use baseURL for JWT handling
+    func getBaseURL(_ homeserverAddress: String) async -> String? {
+        guard let homeserverURL = URL(string: homeserverAddress) else {
+            return nil
+        }
+        
+        guard let wellKnown = try? await wellKnown(for: homeserverURL) else {
+            return nil
+        }
+        
+        return wellKnown.homeServer.baseUrl
+    }
+    /// BWI END
+    
     // MARK: - Private
     
     /// Query the supported login flows for the supplied homeserver.

RiotSwiftUI/Modules/Authentication/ServerSelection/AuthenticationServerSelectionModels.swift

@@ -62,6 +62,11 @@ struct AuthenticationServerSelectionBindings {
     var homeserverAddress: String
     /// Information describing the currently displayed alert.
     var alertInfo: AlertInfo<AuthenticationServerSelectionErrorType>?
+    /// BWI: #6777 Show error alerts
+    var showAlert = false
+    /// BWI: #6777 show info alert if the server is not supported
+    var isInvalidServerAlert = false
+    /// BWI END
 }
 
 enum AuthenticationServerSelectionViewAction {

RiotSwiftUI/Modules/Authentication/ServerSelection/Coordinator/AuthenticationServerSelectionCoordinator.swift

@@ -32,6 +32,9 @@ final class AuthenticationServerSelectionCoordinator: Coordinator, Presentable {
     
     private var indicatorPresenter: UserIndicatorTypePresenterProtocol
     private var loadingIndicator: UserIndicator?
+    // BWI: #6777 for accessing bindings
+    private let viewModel: AuthenticationServerSelectionViewModel
+    // BWI END
     
     /// The authentication service that will be updated with the new selection.
     var authenticationService: AuthenticationService { parameters.authenticationService }
@@ -54,9 +57,11 @@ final class AuthenticationServerSelectionCoordinator: Coordinator, Presentable {
         } else {
             homeserverAddress = homeserver.displayableAddress
         }
-        let viewModel = AuthenticationServerSelectionViewModel(homeserverAddress: homeserverAddress,
+        // BWI: #6777 for accessing bindings
+        viewModel = AuthenticationServerSelectionViewModel(homeserverAddress: homeserverAddress,
                                                                flow: parameters.authenticationService.state.flow,
                                                                hasModalPresentation: parameters.hasModalPresentation)
+        // BWI END
         let view = AuthenticationServerSelectionScreen(viewModel: viewModel.context)
         authenticationServerSelectionViewModel = viewModel
         authenticationServerSelectionHostingController = VectorHostingController(rootView: view)
@@ -87,7 +92,9 @@ final class AuthenticationServerSelectionCoordinator: Coordinator, Presentable {
             
             switch result {
             case .confirm(let homeserverAddress):
-                self.useHomeserver(homeserverAddress)
+                // BWI: #6777 check wellknown for base url, validate url with jwt and use homeserver
+                self.validateServer(homeserverAddress)
+                // BWI END
             case .dismiss:
                 self.callback?(.dismiss)
             }
@@ -132,4 +139,38 @@ final class AuthenticationServerSelectionCoordinator: Coordinator, Presentable {
             }
         }
     }
+    
+    // MARK: BWI
+    
+    /// BWI: #6777 use baseURL for JWT handling
+    /// Use baseURL from Wellknown to vaildate server with JWT
+    /// If valid use homeserver
+    @MainActor private func validateServer(_ homeServerAddress: String) {
+        // bwi #6162 homeserver validation is async now, due to server calls for token validation
+        Task {
+            let homeServerAddress = HomeserverAddress.sanitized(homeServerAddress)
+            let baseURL = await authenticationService.getBaseURL(homeServerAddress) ?? homeServerAddress
+            
+            let verified = await isHomeserverAddressValid(baseURL)
+            if verified {
+                useHomeserver(baseURL)
+            } else {
+                viewModel.context.isInvalidServerAlert = true
+                viewModel.context.showAlert = true
+            }
+        }
+    }
+    
+    private func isHomeserverAddressValid(_ homeserverAddress: String) async -> Bool {
+               
+       if BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection {
+           let protectionService = LoginProtectionService()
+           protectionService.hashes = BWIBuildSettings.shared.bwiHashes
+           
+           // check wellknown for base_url
+           return await protectionService.isValid(homeserverAddress)
+       }
+       
+       return true
+    }
 }

RiotSwiftUI/Modules/Authentication/ServerSelection/View/AuthenticationServerSelectionScreen.swift

@@ -24,8 +24,6 @@ struct AuthenticationServerSelectionScreen: View {
 
     // bwi #4976 show maintenance alert
     @State private var isFetchingDowntime = false
-    @State private var showAlert = false
-    @State private var isInvalidServerAlert = false
     @State private var activeAlert: ServerMaintenanceAlertType = .showInvalidAppVersionAlert
     
     private var textFieldFooterColor: Color {
@@ -84,8 +82,8 @@ struct AuthenticationServerSelectionScreen: View {
                 }
             }
         }
-        .alert(isPresented: $showAlert, content: {
-            if isInvalidServerAlert {
+        .alert(isPresented: $viewModel.showAlert, content: {
+            if viewModel.isInvalidServerAlert {
                 return self.invalidServerAlert()
             } else {
                 return ServerDowntimeDefaultService.shared.alert(alertType: activeAlert) {
@@ -202,30 +200,9 @@ struct AuthenticationServerSelectionScreen: View {
     /// Sends the `confirm` view action so long as the text field input is valid.
     private func submit() {
         guard !viewModel.viewState.hasValidationError else { return }
-        
-        // bwi #6162 homeserver validation is async now, due to server calls for token validation
-        Task {
-            let verified = await isHomeserverAddressValid(viewModel.homeserverAddress)
-            if verified {
-                viewModel.send(viewAction: .confirm)
-            } else {
-                isInvalidServerAlert = true
-                showAlert = true
-            }
-        }
-
-    }
-         
-    private func isHomeserverAddressValid(_ homeserverAddress: String) async -> Bool {
-                
-        if BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection {
-            let protectionService = LoginProtectionService()
-            protectionService.hashes = BWIBuildSettings.shared.bwiHashes
-            
-            return await protectionService.isValid(homeserverAddress)
-        }
-        
-        return true
+        // BWI: #6777 validate and use base url from wellknown
+        viewModel.send(viewAction: .confirm)
+        // BWI END
     }
     
     /// bwi: jump directly into the iOS settings app to allow camera access
@@ -259,14 +236,27 @@ struct AuthenticationServerSelectionScreen: View {
             return Alert(
                 title: Text(BWIL10n.authenticationServerSelectionServerDeniedTitle),
                 message: Text(BWIL10n.authenticationServerSelectionServerDeniedMessage),
-                primaryButton: .default(Text(BWIL10n.authenticationServerSelectionServerDeniedAdvertizementWebsiteButton), action: {UIApplication.shared.vc_open(url, completionHandler: nil)}),
-                secondaryButton: .default(Text(VectorL10n.ok)))
+                primaryButton: .default(Text(BWIL10n.authenticationServerSelectionServerDeniedAdvertizementWebsiteButton), action: {
+                    // BWI: #6777 reset isInvalidServerAlert on dismiss, otherwise server downtime errors are not displayed
+                    viewModel.isInvalidServerAlert = false
+                    // BWI END
+                    UIApplication.shared.vc_open(url, completionHandler: nil)
+                }),
+                secondaryButton: .default(Text(VectorL10n.ok), action:  {
+                    // BWI: #6777 reset isInvalidServerAlert on dismiss, otherwise server downtime errors are not displayed
+                    viewModel.isInvalidServerAlert = false
+                    // BWI END
+                }))
             
         } else {
             return Alert(
                 title: Text(BWIL10n.authenticationServerSelectionServerDeniedTitle),
                 message: Text(BWIL10n.authenticationServerSelectionServerDeniedMessage),
-                dismissButton: .default(Text(VectorL10n.ok)))
+                dismissButton: .default(Text(VectorL10n.ok), action:  {
+                    // BWI: #6777 reset isInvalidServerAlert on dismiss, otherwise server downtime errors are not displayed
+                    viewModel.isInvalidServerAlert = false
+                    // BWI END
+                }))
         }
     }
 
@@ -302,7 +292,9 @@ struct AuthenticationServerSelectionScreen: View {
     private func showAlertIfNeeded() {
         if ServerDowntimeDefaultService.shared.showAlert() {
             activeAlert = ServerDowntimeDefaultService.shared.alertType()
-            showAlert = true
+            // BWI: #6777 moved boolean to viewmodel bindings
+            viewModel.showAlert = true
+            // BWI END
         } else {
             self.submit()
         }