Merge branch 'feature/6759_remove_hash_server_validation' into 'develop'

feat: remove hash server validation (MESSENGER-6759) See merge request bwmessenger/bundesmessenger/bundesmessenger-ios!428
2026-04-16 06:28:27 +02:00 · 2025-03-12 07:58:11 +00:00
parent af1acadda3 900431c9cf
commit 66f0fcb9ae
7 changed files with 2 additions and 138 deletions
--- a/Config/BWIBuildSettings.swift
+++ b/Config/BWIBuildSettings.swift
@@ -170,65 +170,6 @@ class BWIBuildSettings: NSObject {
    
    var bwiEnableLoginProtection = true

-    var bwiHashes = [ "a3f65e35a7476799afe8d80282fb3c45b39dab06d1d8c70dc98e45ab7d8e93a9",
-                      "2fda1a831655c22a5e6096d7cfbff4429fbf27891141e191b46adbf168142a11",
-                      "4f8cbb3fef885f7284d0477d797d7007f0e1ba76221834132752f4d645796e28",
-                       "24c2ec541e61e8e68944b96dc45ed5df12f6bdbda283cb0b3a522742aa970256",
-                       "1be0b314a6c915d4475290522baef5b642db1b6d68937792b8e0eb5b7b0d6666",
-                      "3deb73db8cafcd1d5a59e25e251c35816162e1f6ee67b5d7d011da0e8d6ef931",
-                      "42e57985d61202c2c7dd87d898cef9bdce020877a4c7a8c7cd699f6a28f58c0c",
-                      "e1c3c7cac12bd65bd48de79a2677187d2e768d2769377627534023588b8d7a33",
-                      "300f100961520d2909686f405bf97f53273f8ea82fa5359d981af8bf755f56ea",
-                      "642e9a5b1276d65cd12f913b96a3d05fe022489f5481e0c888dfd0654b25177d",
-                      "f7b8efdec2f424dbc912f4592d2489cc26232a621feecade73c33205a0a5cd8a",
-                      "7cfd1c9b9405146681e43f6339ea487f083a3a12cea7cf669810ea160407781a",
-                      "72d9a018893555073840bd90d80301417d2caa8b6ada7973d3365bcf929d6321",
-                      "28e0940e355717de28a9b48add20ebb7ed178875937015033d394129d9356cb3",
-                      "58077bffe53341e53ad18363dafc09498c314dd05a4fbaa2150c48dbd5d35e09",
-                      "74c038bb4e26fb1d0fcc14474ec9ff6fe3ec158e13286a787b90a22ee638ac18",
-                      "3740163f98aeda7dba285d2af1bfc351db395868268e2759ca701f926a6605a5",
-                      "240b05d9a54999140d23f21d104109fbc5e5179366ba3a7e58c8fad763aa88bd",
-                      "4d5b6dcf02396274be58a69c4bbeba175b529f6b19c504fc99a37892ee1cf0b5",
-                      "0d157119821bd9d76ac4f24c7f14f56e6bb5b766a6d5ee7dad6634420e79271a",
-                      "e3573fe09d518cce80cececedf80f8e0020cbc150f22db8b64827bff2e27abd9",
-                      "b76a62ccd8ea70d01c3a35ec3839e49ed2c83c8e3276f40a1b2c2cdf7cd77d01",
-                      "4a610a4d5fd3d8a1e1fd5669abdf1e0c5f7f5ff0c6b559e0f360cfa092ecb115",
-                      "32752f6d21f3005587941415cd64812ee28c19e6e01ed307edf9ddf4f6a91583",
-                      "704c6eaa107b13ef0694eb7ddd041bb6f595b53670a2e0c3c16e199947a9e013",
-                      "6921f031357cf63fb8538d9a1d1971efae95899907fdbf05a05082b6d1a6d0fb",
-                      "9f960fc663f5eaae67eecff75b131dea130b3ab1cf889c45fc74c688a48aea30",
-                      "160c35279484a027031b131183f3f203b1166306bab214355b00cf28502bce11",
-                      "d5a7298dde23aa0269c4cbd3b2a543e6ede94ce78fc20e4bfb888eb6057b5c52",
-                      "00136d830dd2acd5047efcf8419e939ef7ef97a84bef1930df86aace3f855265",
-                      "64cbbeea37237814445b35c941d010b9d5d024e4c584a476864b00c7c9909bce",
-                      "e79f4ce0f3c2772b45fd492a9c11e4e10e869ca21af68f13ff48c9c3bbd446ea",
-                      "2d582bed323f226a0e18b6b7104c0d28ccc36423833220a7b5fd2854262ab27e",
-                      "c56904235e283557626c327f8013c3b1c654eae86a5e314531e3a6fcb200ff92",
-                      "202bbbaa7c5cd665106d14012c29bcda8217a4b3606cce83e6e6ea0d30733229",
-                      "cca10f6b4b583da69bbd3815ee0fccd193cf0cfd046aee1aeffaa7b5245e8f83",
-                      "36a9ec7368bddedd9deb1e2d1c627bd7304865135c9be30b1979659e3ac9ad07",
-                      "dbaf8618e8a2f8d681591dfbcc73243c921c10dec69a2e5ee50bc91ca7dedcda",
-                      "ed1af0fd873ec749f17c3b61ce4e481ab1644c132003f97a9c4e36516325788a",
-                      "081e6ef90ba86102d678756fd13b07ca744340ad4d58a340e1956dca992f18e3",
-                      "40b22592f2417c8031a0c38098c83dd0bfd28dee4c77ed1e9a022556c6ec0ded",
-                      "098d7b8e7487c2228e6848c1baf6b5fec716b8d94d0210c22bad6adba5a332bf",
-                      "bce875bbf120c13246f2591af8681bbc554068d0b0cbf3837604607fdf99001e",
-                      "8362cb3205fb58345f1cc43115023027ea420b589da099271e127b9e9addb06c",
-                      "2ae47272786b03f790ffef1331dc92b114f65bc2fc321f82ca78a32ae471043e",
-                      "224185dd537000a0f5be5e09be1bd39103363b38bb8e49719d14f680a4d5e5ee",
-                      "8bab8d8d993259213d7ef2295e3494382b4611f2d68596a120e7cdfbb33485d2",
-                      "b9aa60d0067f63aa81eb6521af2120f2405e4bde4963b060ac34890e41734937",
-                      "2fd5548d873cdd2b48691593d3a3121b452e4f990d2b0eddfca2bc44255ccb46",
-                      "05a294b2e2214e326d9dc55a5ae4b1d91d0bd0e95177e59159c42ebaf8dae243",
-                      "983a96007faae2d5321aadf10198bf1a568d4166eec24f9c878de12ad5da8b85",
-                      "09940562c6e5d1b4071873c1be36dfe526c33a9c87bce30935c43ed451a67d72",
-                      "c58c1892ba63b2a482a2ad72d563d523eff08759e6026b8630d64d41b48e7ae0",
-                      "db0c9012e0886da4cbbaf4fae3d4c8d345a95fcc004c0fa8132b5f718963750d",
-                      "e4920edcf64870e0d86a8e511ad3ba0dc91f7208c891329d6ee9a64b4b7a07e6",
-                      "9f60d10d6ee4d1be2a5f301c57aae3224a3d010564c302346395ab1a7e2aa35f",
-                      "ddf38402e479dcfe29066efd81fde1fdd2e767b1780d1736bdb8def2753065d1",
-                      "6e9020ced31422578601a91bc96474c1e36c1b0c2f4a4193c9c49f1bde6749fb"
-    ]
    // bwi #6162 login protection with jwt tokens
    var bwiEnableTokenizedLoginProtection = false
    
--- a/Riot/Modules/Application/LegacyAppDelegate.m
+++ b/Riot/Modules/Application/LegacyAppDelegate.m
@@ -4367,7 +4367,6 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
 - (void)checkUrlSavetyWithURL:(NSString *)serverURL {
    if (BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection) {
        LoginProtectionService *protectionService = [LoginProtectionService new];
-        protectionService.hashes = BWIBuildSettings.shared.bwiHashes;
        
        MXWeakify(self);
        [protectionService isValid:serverURL ignoreNetworkConnectionLost:YES completionHandler:^(BOOL isVaild) {
--- a/RiotSwiftUI/Modules/Authentication/Common/AuthenticationModels.swift
+++ b/RiotSwiftUI/Modules/Authentication/Common/AuthenticationModels.swift
@@ -85,6 +85,8 @@ class HomeserverAddress: NSObject {
        
        if !address.contains("://") {
            address = "https://\(address)"
+        } else if address.contains("http") && !address.contains("https") {
+            address = address.replacingOccurrences(of: "http://", with: "https://")
        }
        
        address = address.trimmingCharacters(in: CharacterSet(charactersIn: "/"))
--- a/RiotSwiftUI/Modules/Authentication/ServerSelection/Coordinator/AuthenticationServerSelectionCoordinator.swift
+++ b/RiotSwiftUI/Modules/Authentication/ServerSelection/Coordinator/AuthenticationServerSelectionCoordinator.swift
@@ -165,7 +165,6 @@ final class AuthenticationServerSelectionCoordinator: Coordinator, Presentable {
               
       if BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection {
           let protectionService = LoginProtectionService()
-           protectionService.hashes = BWIBuildSettings.shared.bwiHashes
           
           return await protectionService.isValid(homeserverAddress)
       }
--- a/bwi/AppConfig/AppConfigService.swift
+++ b/bwi/AppConfig/AppConfigService.swift
@@ -79,7 +79,6 @@ extension UserDefaults
    private func checkUrlSavety(_ serverUrl: String) async -> Bool {
        if BWIBuildSettings.shared.bwiEnableLoginProtection {
            let protectionService = LoginProtectionService()
-            protectionService.hashes = BWIBuildSettings.shared.bwiHashes
            
            return await protectionService.isValid(serverUrl)
        } else {
--- a/bwi/LoginProtection/LoginProtectionService.swift
+++ b/bwi/LoginProtection/LoginProtectionService.swift
@@ -19,7 +19,6 @@ import Foundation
 import CryptoKit

@objcMembers class LoginProtectionService : NSObject {
-    var hashes: [String]?
    
    @objc func isValid(_ homeserverAddress: String, ignoreNetworkConnectionLost: Bool = false) async -> Bool {
        // bwi #6162 a homeserveraddress is valid when there is either
@@ -45,15 +44,6 @@ import CryptoKit
            }
        }
        
-        if BWIBuildSettings.shared.bwiEnableLoginProtection && !validHomeserver {
-            if let hashes = hashes {
-                let string = self.normalizeLoginUrl(homeserverAddress)
-                let hashedString = self.hashedString(string)
-                
-                validHomeserver = hashes.contains(hashedString)
-            }
-        }
-        
        return validHomeserver
    }
    
@@ -63,10 +53,4 @@ import CryptoKit
        
        return tmpString
    }
-    
-    private func hashedString(_ string: String) -> String {
-        let data = Data(string.utf8)
-        let hash = SHA256.hash(data: data)
-        return hash.compactMap { String(format: "%02x", $0) }.joined()
-    }
 }
--- a/bwi/Tests/LoginProtectionTests.swift
+++ b/bwi/Tests/LoginProtectionTests.swift
@@ -1,60 +0,0 @@
-//
-/*
- * Copyright (c) 2022 BWI GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import XCTest
-@testable import Element
-
-class LoginProtectionTests: XCTestCase {
-
-    let hashes = ["34f2dfdb69edeef64ae9f53cea21c7e27db19566d440174c5bc3949d87ae90f6",
-                  "04feebbb6cc530f26db673ee7d781c57870cfc7c6d1814d63dc703a3da522619"
-    ]
-
-    func testValidURL() throws {
-        let service = LoginProtectionService()
-        service.hashes = hashes
-        
-        XCTAssertTrue(service.isValid("https://www.wellbehaved.de"))
-    }
-
-    func testInvalidURL() throws {
-        let service = LoginProtectionService()
-        service.hashes = hashes
-         
-        XCTAssertFalse(service.isValid("https://www.unknown.org"))
-    }
-    
-    func testSimpleURL() throws {
-        let service = LoginProtectionService()
-        service.hashes = hashes
-         
-        XCTAssertTrue(service.isValid("www.simple.com"))
-    }
-    
-    func testMalformatedURL() throws {
-        let service = LoginProtectionService()
-        service.hashes = hashes
-         
-        XCTAssertFalse(service.isValid("ur%%l@blalalal"))
-    }
-
-    func testNoHashlist() throws {
-        let service = LoginProtectionService()
-         
-        XCTAssertFalse(service.isValid("https://www.wellbehaved.de"))
-    }
-}