felixfoertsch/bundesmessenger-ios
1
0
Fork 0
mirror of https://gitlab.opencode.de/bwi/bundesmessenger/clients/bundesmessenger-ios.git synced 2026-04-17 23:18:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add server selection protection with jwt (MESSENGER-6162)

Browse Source
This commit is contained in:
Frank Rotermund
2024-07-24 15:54:45 +02:00
parent 579e7ddd3c
commit bb60e8f85d
14 changed files with 219 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
RiotSwiftUI/Modules/Authentication/ServerSelection/Coordinator/AuthenticationServerSelectionCoordinator.swift
View File

@@ -122,23 +122,6 @@ final class AuthenticationServerSelectionCoordinator: Coordinator, Presentable {
let homeserverAddress = HomeserverAddress.sanitized(homeserverAddress)
if BWIBuildSettings.shared.bwiEnableLoginProtection {
let protectionService = LoginProtectionService()
protectionService.hashes = BWIBuildSettings.shared.bwiHashes
guard protectionService.isValid(homeserverAddress) else {
stopLoading()
let primaryButtonCompletion: (() -> Void)? = { () in
if let url = URL(string: BWIBuildSettings.shared.bumAdvertizementURLString) {
UIApplication.shared.vc_open(url, completionHandler: nil)
}
}
authenticationServerSelectionViewModel.displayInfo(BWIL10n.bwiLoginProtectionInfoMessage(AppInfo.current.displayName, AppInfo.current.displayName), buttonTitle: BWIL10n.bwiLoginProtectionInfoButton, completion: primaryButtonCompletion)
return
}
}
Task {
do {
try await authenticationService.startFlow(parameters.flow, for: homeserverAddress)

48
RiotSwiftUI/Modules/Authentication/ServerSelection/View/AuthenticationServerSelectionScreen.swift
View File

@@ -212,23 +212,51 @@ struct AuthenticationServerSelectionScreen: View {
private func submit() {
guard !viewModel.viewState.hasValidationError else { return }
if isHomeserverAddressValid(viewModel.homeserverAddress) {
viewModel.send(viewAction: .confirm)
} else {
isInvalidServerAlert = true
showAlert = true
// bwi #6162 homeserver validation is async now, due to server calls for token validation
Task {
let verified = await isHomeserverAddressValid(viewModel.homeserverAddress)
if verified {
viewModel.send(viewAction: .confirm)
} else {
isInvalidServerAlert = true
showAlert = true
}
}
}
private func isHomeserverAddressValid(_ homeserverAddress: String) -> Bool {
if BWIBuildSettings.shared.bwiEnableLoginProtection {
private func isHomeserverAddressValid(_ homeserverAddress: String) async -> Bool {
// bwi #6162 a homeserveraddress is valid when there is either
// a) no homeserver protection (bwm)
// b) tokenized protection and there is a valid token
// c) hashed protection and there is a valid hash (this will be disabled soon)
// d) b) && c) can be combined for now
if !BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection && !BWIBuildSettings.shared.bwiEnableLoginProtection {
return true
}
var validHomeserver = false
if BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection {
let tokenVerificator = ServerTokenVerificator()
let token = await tokenVerificator.fetchToken(baseURL: homeserverAddress)
if let token = token {
validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, token: token)
}
}
if BWIBuildSettings.shared.bwiEnableLoginProtection && !validHomeserver {
let protectionService = LoginProtectionService()
protectionService.hashes = BWIBuildSettings.shared.bwiHashes
return protectionService.isValid(homeserverAddress)
} else {
return true
validHomeserver = protectionService.isValid(homeserverAddress)
}
return validHomeserver
}
/// bwi: jump directly into the iOS settings app to allow camera access