diff --git a/Riot/Modules/Application/LegacyAppDelegate.h b/Riot/Modules/Application/LegacyAppDelegate.h index 6182062a5..5f3d079bd 100644 --- a/Riot/Modules/Application/LegacyAppDelegate.h +++ b/Riot/Modules/Application/LegacyAppDelegate.h @@ -72,6 +72,10 @@ UINavigationControllerDelegate @property (strong, nonatomic) UIAlertController *errorNotification; +// BWI: #6790 +@property (strong, nonatomic) UIAlertController *serverNotAllowedAlertController; +// BWI #6790 END + @property (strong, nonatomic) NSString *appVersion; @property (strong, nonatomic) NSString *build; diff --git a/Riot/Modules/Application/LegacyAppDelegate.m b/Riot/Modules/Application/LegacyAppDelegate.m index b66144ccb..8da0fe9d3 100644 --- a/Riot/Modules/Application/LegacyAppDelegate.m +++ b/Riot/Modules/Application/LegacyAppDelegate.m @@ -505,6 +505,18 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni [self setupAppConfig]; + // BWI: #6790 check if active session is available + if ([self.mxSessions count] > 0) + { + // Check url savety for homeserver url + NSString *homeServerURL = [[[self.mxSessions firstObject] matrixRestClient] homeserver]; + if (homeServerURL) + { + [self checkUrlSavetyWithURL: homeServerURL]; + } + } + // BWI #6790 END + return YES; } @@ -533,6 +545,14 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni self.errorNotification = nil; } + // BWI: #6790 + if (self.serverNotAllowedAlertController) + { + [self.serverNotAllowedAlertController dismissViewControllerAnimated:NO completion:nil]; + self.serverNotAllowedAlertController = nil; + } + // BWI #6790 END + if (accountPicker) { [accountPicker dismissViewControllerAnimated:NO completion:nil]; @@ -4342,6 +4362,60 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni } } +#pragma mark - App login protection +// BWI: #6790 Check url savety for homeserver url on app start +- (void)checkUrlSavetyWithURL:(NSString *)serverURL { + if (BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection) { + LoginProtectionService *protectionService = [LoginProtectionService new]; + protectionService.hashes = BWIBuildSettings.shared.bwiHashes; + + MXWeakify(self); + [protectionService isValid:serverURL ignoreNetworkConnectionLost:YES completionHandler:^(BOOL isVaild) { + if (!isVaild) { + dispatch_async(dispatch_get_main_queue(), ^{ + MXStrongifyAndReturnIfNil(self); + + if (self.setPinCoordinatorBridgePresenter) + { + [self.setPinCoordinatorBridgePresenter dismissWithMainAppWindow:self.window]; + self.setPinCoordinatorBridgePresenter = nil; + } + + // Force logout + [self logoutWithConfirmation:NO completion:^(BOOL isLoggedOut) { + if (isLoggedOut) + { + // Show error Alert + [self->_serverNotAllowedAlertController dismissViewControllerAnimated:NO completion:nil]; + + self->_serverNotAllowedAlertController = [UIAlertController alertControllerWithTitle:[BWIL10n authenticationServerSelectionServerDeniedTitle] message:[BWIL10n authenticationServerSelectionServerDeniedMessage] preferredStyle:UIAlertControllerStyleAlert]; + + // Open bum advertizementURL + [self->_serverNotAllowedAlertController addAction:[UIAlertAction actionWithTitle:[BWIL10n authenticationServerSelectionServerDeniedAdvertizementWebsiteButton] + style:UIAlertActionStyleDefault + handler:^(UIAlertAction * action) { + NSURL *url = [[NSURL alloc] initWithString:BWIBuildSettings.shared.bumAdvertizementURLString]; + [[UIApplication sharedApplication] vc_open:url completionHandler:nil]; + }]]; + + // Close dialog + [self->_serverNotAllowedAlertController addAction:[UIAlertAction actionWithTitle:[VectorL10n ok] + style:UIAlertActionStyleDefault + handler:^(UIAlertAction * action) { + [AppDelegate theDelegate].errorNotification = nil; + }]]; + + [self->_serverNotAllowedAlertController mxk_setAccessibilityIdentifier:@"AppDelegateErrorAlertServerVerificationFailed"]; + [self showNotificationAlert:self->_serverNotAllowedAlertController]; + } + }]; + }); + } + }]; + } +} +// BWI #6790 END + #pragma mark - App version management - (void)checkAppVersion diff --git a/bwi/AppConfig/AppConfigService.swift b/bwi/AppConfig/AppConfigService.swift index 981fe208c..0ea41f62e 100644 --- a/bwi/AppConfig/AppConfigService.swift +++ b/bwi/AppConfig/AppConfigService.swift @@ -120,7 +120,7 @@ extension UserDefaults func handleAppConfig() async { if let dict = UserDefaults.standard.dictionary(forKey: configKey) { - // only compute if serverURL has not changed (this may need to be changed on Adminportal integration + // only compute if serverURL has changed (this may need to be changed on Adminportal integration if !isSameConfig(dict: dict) { var config = AppConfig() diff --git a/bwi/LoginProtection/LoginProtectionService.swift b/bwi/LoginProtection/LoginProtectionService.swift index 7f9112ffa..3fb21d00e 100644 --- a/bwi/LoginProtection/LoginProtectionService.swift +++ b/bwi/LoginProtection/LoginProtectionService.swift @@ -21,7 +21,7 @@ import CryptoKit @objcMembers class LoginProtectionService : NSObject { var hashes: [String]? - @objc func isValid(_ homeserverAddress: String) async -> Bool { + @objc func isValid(_ homeserverAddress: String, ignoreNetworkConnectionLost: Bool = false) async -> Bool { // bwi #6162 a homeserveraddress is valid when there is either // a) no homeserver protection (bwm) // b) tokenized protection and there is a valid token @@ -36,8 +36,12 @@ import CryptoKit let tokens = await tokenVerificator.fetchToken(baseURL: homeserverAddress) - if let tokens = tokens { - validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, tokens: tokens) + if tokens == nil && ignoreNetworkConnectionLost { + validHomeserver = true + } else { + if let tokens = tokens, !tokens.isEmpty { + validHomeserver = tokenVerificator.verifyToken(baseURL: homeserverAddress, tokens: tokens) + } } } diff --git a/bwi/TokenVerification/TokenVerificator.swift b/bwi/TokenVerification/TokenVerificator.swift index c16c91abe..05798ed2a 100644 --- a/bwi/TokenVerification/TokenVerificator.swift +++ b/bwi/TokenVerification/TokenVerificator.swift @@ -21,8 +21,8 @@ import SwiftJWT struct ServerTokenClaims: Claims { let issuer: String let sub: String - let exp: Int - let iat: Int + let exp: Date? + let iat: Date? let jti: String let version: Int } @@ -80,8 +80,11 @@ struct ServerTokenVerificator { let fetchedStrings = try JSONDecoder().decode([String].self, from: data) return fetchedStrings - } catch { - return nil + } catch (let error) { + if let error = error as? URLError, error.code == .notConnectedToInternet { + return nil + } + return [String]() } }