feat: check jwt token on app start (MESSENGER-6790)

2026-04-26 19:34:25 +02:00 · 2025-02-11 14:49:54 +01:00
parent db3a62131a
commit f5d67f6909
5 changed files with 93 additions and 8 deletions
@@ -72,6 +72,10 @@ UINavigationControllerDelegate

@property (strong, nonatomic) UIAlertController *errorNotification;

+// BWI: #6790
+@property (strong, nonatomic) UIAlertController *serverNotAllowedAlertController;
+// BWI #6790 END
+
@property (strong, nonatomic) NSString *appVersion;
@property (strong, nonatomic) NSString *build;

@@ -505,6 +505,18 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
    
    [self setupAppConfig];
    
+    // BWI: #6790 check if active session is available
+    if ([self.mxSessions count] > 0)
+    {
+        // Check url savety for homeserver url
+        NSString *homeServerURL = [[[self.mxSessions firstObject] matrixRestClient] homeserver];
+        if (homeServerURL)
+        {
+            [self checkUrlSavetyWithURL: homeServerURL];
+        }
+    }
+    // BWI #6790 END
+    
    return YES;
 }

@@ -533,6 +545,14 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
        self.errorNotification = nil;
    }
    
+    // BWI: #6790
+    if (self.serverNotAllowedAlertController)
+    {
+        [self.serverNotAllowedAlertController dismissViewControllerAnimated:NO completion:nil];
+        self.serverNotAllowedAlertController = nil;
+    }
+    // BWI #6790 END
+
    if (accountPicker)
    {
        [accountPicker dismissViewControllerAnimated:NO completion:nil];
@@ -4342,6 +4362,60 @@ NSString *const AppDelegateUniversalLinkDidChangeNotification = @"AppDelegateUni
    }
 }

+#pragma mark - App login protection
+// BWI: #6790 Check url savety for homeserver url on app start
+- (void)checkUrlSavetyWithURL:(NSString *)serverURL {
+    if (BWIBuildSettings.shared.bwiEnableLoginProtection || BWIBuildSettings.shared.bwiEnableTokenizedLoginProtection) {
+        LoginProtectionService *protectionService = [LoginProtectionService new];
+        protectionService.hashes = BWIBuildSettings.shared.bwiHashes;
+        
+        MXWeakify(self);
+        [protectionService isValid:serverURL ignoreNetworkConnectionLost:YES completionHandler:^(BOOL isVaild) {
+            if (!isVaild) {
+                dispatch_async(dispatch_get_main_queue(), ^{
+                    MXStrongifyAndReturnIfNil(self);
+                    
+                    if (self.setPinCoordinatorBridgePresenter)
+                    {
+                        [self.setPinCoordinatorBridgePresenter dismissWithMainAppWindow:self.window];
+                        self.setPinCoordinatorBridgePresenter = nil;
+                    }
+                    
+                    // Force logout
+                    [self logoutWithConfirmation:NO completion:^(BOOL isLoggedOut) {
+                        if (isLoggedOut)
+                        {
+                            // Show error Alert
+                            [self->_serverNotAllowedAlertController dismissViewControllerAnimated:NO completion:nil];
+
+                            self->_serverNotAllowedAlertController = [UIAlertController alertControllerWithTitle:[BWIL10n authenticationServerSelectionServerDeniedTitle] message:[BWIL10n authenticationServerSelectionServerDeniedMessage] preferredStyle:UIAlertControllerStyleAlert];
+                            
+                            // Open bum advertizementURL
+                            [self->_serverNotAllowedAlertController addAction:[UIAlertAction actionWithTitle:[BWIL10n authenticationServerSelectionServerDeniedAdvertizementWebsiteButton]
+                                                                                   style:UIAlertActionStyleDefault
+                                                                                 handler:^(UIAlertAction * action) {
+                                NSURL *url = [[NSURL alloc] initWithString:BWIBuildSettings.shared.bumAdvertizementURLString];
+                                [[UIApplication sharedApplication] vc_open:url completionHandler:nil];
+                            }]];
+                            
+                            // Close dialog
+                            [self->_serverNotAllowedAlertController addAction:[UIAlertAction actionWithTitle:[VectorL10n ok]
+                                                                                   style:UIAlertActionStyleDefault
+                                                                                       handler:^(UIAlertAction * action) {
+                                [AppDelegate theDelegate].errorNotification = nil;
+                            }]];
+                            
+                            [self->_serverNotAllowedAlertController mxk_setAccessibilityIdentifier:@"AppDelegateErrorAlertServerVerificationFailed"];
+                            [self showNotificationAlert:self->_serverNotAllowedAlertController];
+                        }
+                    }];
+                });
+            }
+        }];
+    }
+}
+// BWI #6790 END
+
 #pragma mark - App version management

 - (void)checkAppVersion