felixfoertsch/bundesmessenger-ios
1
0
Fork 0
mirror of https://gitlab.opencode.de/bwi/bundesmessenger/clients/bundesmessenger-ios.git synced 2026-04-16 06:28:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: check jwt token on app start (MESSENGER-6790)

Browse Source
This commit is contained in:
Jan Niklas Grabowski
2025-02-11 14:49:54 +01:00
parent db3a62131a
commit f5d67f6909
5 changed files with 93 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Riot/Modules/Application/LegacyAppDelegate.h
View File

@@ -72,6 +72,10 @@ UINavigationControllerDelegate
@property (strong, nonatomic) UIAlertController *errorNotification;
// BWI: #6790
@property (strong, nonatomic) UIAlertController *serverNotAllowedAlertController;
// BWI #6790 END
@property (strong, nonatomic) NSString *appVersion;
@property (strong, nonatomic) NSString *build;

74
Riot/Modules/Application/LegacyAppDelegate.m
View File

@@ -505,6 +505,18 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
[self setupAppConfig];
// BWI: #6790 check if active session is available
if ([self.mxSessions count] > 0)
{
// Check url savety for homeserver url
NSString *homeServerURL = [[[self.mxSessions firstObject] matrixRestClient] homeserver];
if (homeServerURL)
{
[self checkUrlSavetyWithURL: homeServerURL];
}
}
// BWI #6790 END
return YES;
}
@@ -533,6 +545,14 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
self.errorNotification = nil;
}
// BWI: #6790
if (self.serverNotAllowedAlertController)
{
[self.serverNotAllowedAlertController dismissViewControllerAnimated:NO completion:nil];
self.serverNotAllowedAlertController = nil;
}
// BWI #6790 END
if (accountPicker)
{
[accountPicker dismissViewControllerAnimated:NO completion:nil];
@@ -4342,6 +4362,60 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
}
}
#pragma mark - App login protection
// BWI: #6790 Check url savety for homeserver url on app start
- (void)checkUrlSavetyWithURL:(NSString *)serverURL {
if (BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection) {
LoginProtectionService *protectionService = [LoginProtectionService new];
protectionService.hashes = BWIBuildSettings.shared.bwiHashes;
MXWeakify(self);
[protectionService isValid:serverURL ignoreNetworkConnectionLost:YES completionHandler:^(BOOL isVaild) {
if (!isVaild) {
dispatch_async(dispatch_get_main_queue(), ^{
MXStrongifyAndReturnIfNil(self);
if (self.setPinCoordinatorBridgePresenter)
{
[self.setPinCoordinatorBridgePresenter dismissWithMainAppWindow:self.window];
self.setPinCoordinatorBridgePresenter = nil;
}
// Force logout
[self logoutWithConfirmation:NO completion:^(BOOL isLoggedOut) {
if (isLoggedOut)
{
// Show error Alert
[self->_serverNotAllowedAlertController dismissViewControllerAnimated:NO completion:nil];
self->_serverNotAllowedAlertController = [UIAlertController alertControllerWithTitle:[BWIL10n authenticationServerSelectionServerDeniedTitle] message:[BWIL10n authenticationServerSelectionServerDeniedMessage] preferredStyle:UIAlertControllerStyleAlert];
// Open bum advertizementURL
[self->_serverNotAllowedAlertController addAction:[UIAlertAction actionWithTitle:[BWIL10n authenticationServerSelectionServerDeniedAdvertizementWebsiteButton]
style:UIAlertActionStyleDefault
handler:^(UIAlertAction * action) {
NSURL *url = [[NSURL alloc] initWithString:BWIBuildSettings.shared.bumAdvertizementURLString];
[[UIApplication sharedApplication] vc_open:url completionHandler:nil];
}]];
// Close dialog
[self->_serverNotAllowedAlertController addAction:[UIAlertAction actionWithTitle:[VectorL10n ok]
style:UIAlertActionStyleDefault
handler:^(UIAlertAction * action) {
[AppDelegate theDelegate].errorNotification = nil;
}]];
[self->_serverNotAllowedAlertController mxk_setAccessibilityIdentifier:@"AppDelegateErrorAlertServerVerificationFailed"];
[self showNotificationAlert:self->_serverNotAllowedAlertController];
}
}];
});
}
}];
}
}
// BWI #6790 END
#pragma mark - App version management
- (void)checkAppVersion

2
bwi/AppConfig/AppConfigService.swift
View File

@@ -120,7 +120,7 @@ extension UserDefaults
func handleAppConfig() async {
if let dict = UserDefaults.standard.dictionary(forKey: configKey) {
// only compute if serverURL has not changed (this may need to be changed on Adminportal integration
// only compute if serverURL has changed (this may need to be changed on Adminportal integration
if !isSameConfig(dict: dict) {
var config = AppConfig()

10
bwi/LoginProtection/LoginProtectionService.swift
View File

@@ -21,7 +21,7 @@ import CryptoKit
@objcMembers class LoginProtectionService : NSObject {
var hashes: [String]?
@objc func isValid(_ homeserverAddress: String) async -> Bool {
@objc func isValid(_ homeserverAddress: String, ignoreNetworkConnectionLost: Bool = false) async -> Bool {
// bwi #6162 a homeserveraddress is valid when there is either
// a) no homeserver protection (bwm)
// b) tokenized protection and there is a valid token
@@ -36,8 +36,12 @@ import CryptoKit
let tokens = await tokenVerificator.fetchToken(baseURL: homeserverAddress)
if let tokens = tokens {
validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, tokens: tokens)
if tokens == nil && ignoreNetworkConnectionLost {
validHomeserver = true
} else {
if let tokens = tokens, !tokens.isEmpty {
validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, tokens: tokens)
}
}
}

11
bwi/TokenVerification/TokenVerificator.swift
View File

@@ -21,8 +21,8 @@ import SwiftJWT
struct ServerTokenClaims: Claims {
let issuer: String
let sub: String
let exp: Int
let iat: Int
let exp: Date?
let iat: Date?
let jti: String
let version: Int
}
@@ -80,8 +80,11 @@ struct ServerTokenVerificator {
let fetchedStrings = try JSONDecoder().decode([String].self, from: data)
return fetchedStrings
} catch {
return nil
} catch (let error) {
if let error = error as? URLError, error.code == .notConnectedToInternet {
return nil
}
return [String]()
}
}