From d772f212f3984d3ffeadaea201d8b4acc9c17c1b Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Wed, 21 Aug 2019 12:03:52 +0200 Subject: [PATCH 1/7] AuthInputsView: Take into account MXIdentityService identity server URL when MSISDN is validated. --- .../Authentication/Views/AuthInputsView.m | 43 ++++++++++++------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/Riot/Modules/Authentication/Views/AuthInputsView.m b/Riot/Modules/Authentication/Views/AuthInputsView.m index 64341f17d9..eaaedd46b6 100644 --- a/Riot/Modules/Authentication/Views/AuthInputsView.m +++ b/Riot/Modules/Authentication/Views/AuthInputsView.m @@ -611,13 +611,15 @@ - (void)prepareParameters:(void (^)(NSDictionary *parameters, NSError *error))ca // Launch email validation submittedEmail = [[MXK3PID alloc] initWithMedium:kMX3PIDMediumEmail andAddress:self.emailTextField.text]; + + NSString *identityServer = restClient.identityServer; // Create the next link that is common to all Vector.im clients NSString *nextLink = [NSString stringWithFormat:@"%@/#/register?client_secret=%@&hs_url=%@&is_url=%@&session_id=%@", [Tools webAppUrl], [submittedEmail.clientSecret stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]], [restClient.homeserver stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]], - [restClient.identityServer stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]], + [identityServer stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]], [currentSession.session stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]]]; [submittedEmail requestValidationTokenWithMatrixRestClient:restClient @@ -626,7 +628,7 @@ - (void)prepareParameters:(void (^)(NSDictionary *parameters, NSError *error))ca success:^ { - NSURL *identServerURL = [NSURL URLWithString:restClient.identityServer]; + NSURL *identServerURL = [NSURL URLWithString:identityServer]; NSDictionary *parameters; parameters = @{ @"auth": @{@"session":currentSession.session, @"threepid_creds": @{@"client_secret": submittedEmail.clientSecret, @"id_server": identServerURL.host, @"sid": submittedEmail.sid}, @"type": kMXLoginFlowTypeEmailIdentity}, @@ -1646,25 +1648,34 @@ - (void)showValidationMSISDNDialogToPrepareParameters:(void (^)(NSDictionary *pa { [self->submittedMSISDN submitValidationToken:smsCode success:^{ - // Retrieve the REST client from delegate - MXRestClient *restClient; + // Retrieve the identity service from delegate + MXIdentityService *identityService; - if (self.delegate && [self.delegate respondsToSelector:@selector(authInputsViewThirdPartyIdValidationRestClient:)]) + if (self.delegate && [self.delegate respondsToSelector:@selector(authInputsViewThirdPartyIdValidationIdentityService:)]) { - restClient = [self.delegate authInputsViewThirdPartyIdValidationRestClient:self]; + identityService = [self.delegate authInputsViewThirdPartyIdValidationIdentityService:self]; } - NSURL *identServerURL = [NSURL URLWithString:restClient.identityServer]; - NSDictionary *parameters; - parameters = @{ - @"auth": @{@"session":self->currentSession.session, @"threepid_creds": @{@"client_secret": self->submittedMSISDN.clientSecret, @"id_server": identServerURL.host, @"sid": self->submittedMSISDN.sid}, @"type": kMXLoginFlowTypeMSISDN}, - @"username": self.userLoginTextField.text, - @"password": self.passWordTextField.text, - @"bind_msisdn": @(YES), - @"bind_email": @([self isFlowCompleted:kMXLoginFlowTypeEmailIdentity]) - }; + NSString *identityServer = identityService.identityServer; - callback(parameters, nil); + if (identityServer) + { + NSURL *identServerURL = [NSURL URLWithString:identityServer]; + NSDictionary *parameters; + parameters = @{ + @"auth": @{@"session":self->currentSession.session, @"threepid_creds": @{@"client_secret": self->submittedMSISDN.clientSecret, @"id_server": identServerURL.host, @"sid": self->submittedMSISDN.sid}, @"type": kMXLoginFlowTypeMSISDN}, + @"username": self.userLoginTextField.text, + @"password": self.passWordTextField.text, + @"bind_msisdn": @(YES), + @"bind_email": @([self isFlowCompleted:kMXLoginFlowTypeEmailIdentity]) + }; + + callback(parameters, nil); + } + else + { + NSLog(@"[AuthInputsView] Failed to retrieve identity server URL"); + } } failure:^(NSError *error) { From f6b53314f5e397942ea27e3d77854f21263235c6 Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Wed, 21 Aug 2019 12:05:33 +0200 Subject: [PATCH 2/7] AppDelegate: Use MXIdentityService for email validation. --- Riot/AppDelegate.m | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Riot/AppDelegate.m b/Riot/AppDelegate.m index 9e6cf8f5b4..fdaf36a8d9 100644 --- a/Riot/AppDelegate.m +++ b/Riot/AppDelegate.m @@ -2106,14 +2106,14 @@ - (BOOL)handleUniversalLink:(NSUserActivity*)userActivity { // Validate the email on the passed identity server NSString *identityServer = [NSString stringWithFormat:@"%@://%@", webURL.scheme, webURL.host]; - MXRestClient *identityRestClient = [[MXRestClient alloc] initWithHomeServer:identityServer andOnUnrecognizedCertificateBlock:nil]; + MXIdentityService *identityService = [[MXIdentityService alloc] initWithIdentityServer:identityServer]; // Extract required parameters from the link NSArray *pathParams; NSMutableDictionary *queryParams; [self parseUniversalLinkFragment:webURL.absoluteString outPathParams:&pathParams outQueryParams:&queryParams]; - [identityRestClient submit3PIDValidationToken:queryParams[@"token"] medium:kMX3PIDMediumEmail clientSecret:queryParams[@"client_secret"] sid:queryParams[@"sid"] success:^{ + [identityService submit3PIDValidationToken:queryParams[@"token"] medium:kMX3PIDMediumEmail clientSecret:queryParams[@"client_secret"] sid:queryParams[@"sid"] success:^{ NSLog(@"[AppDelegate] handleUniversalLink. Email successfully validated."); From f4e44abbb1e6be718cb3194477d1135c905057e5 Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Wed, 21 Aug 2019 12:05:40 +0200 Subject: [PATCH 3/7] Update strings --- Riot/Generated/Strings.swift | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Riot/Generated/Strings.swift b/Riot/Generated/Strings.swift index a5e541b5f0..a95bb7586e 100644 --- a/Riot/Generated/Strings.swift +++ b/Riot/Generated/Strings.swift @@ -74,7 +74,7 @@ internal enum VectorL10n { internal static var authForgotPassword: String { return VectorL10n.tr("Vector", "auth_forgot_password") } - /// No Identity Server is configured: add one to reset your password. + /// No identity server is configured: add one to reset your password. internal static var authForgotPasswordErrorNoConfiguredIdentityServer: String { return VectorL10n.tr("Vector", "auth_forgot_password_error_no_configured_identity_server") } @@ -1502,7 +1502,7 @@ internal enum VectorL10n { internal static var roomCreationAppearancePicture: String { return VectorL10n.tr("Vector", "room_creation_appearance_picture") } - /// No Identity Server is configured so you cannot add a participant with an email. + /// No identity server is configured so you cannot add a participant with an email. internal static var roomCreationErrorInviteUserByEmailWithoutIdentityServer: String { return VectorL10n.tr("Vector", "room_creation_error_invite_user_by_email_without_identity_server") } @@ -2126,7 +2126,7 @@ internal enum VectorL10n { internal static var roomParticipantsRemoveThirdPartyInviteMsg: String { return VectorL10n.tr("Vector", "room_participants_remove_third_party_invite_msg") } - /// No Identity Server is configured so you cannot start a chat with a contact using an email. + /// No identity server is configured so you cannot start a chat with a contact using an email. internal static var roomParticipantsStartNewChatErrorUsingUserEmailWithoutIdentityServer: String { return VectorL10n.tr("Vector", "room_participants_start_new_chat_error_using_user_email_without_identity_server") } From 5b73eab6dab6a54b25ea0e0df951d04c1f3e7e6d Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Wed, 21 Aug 2019 14:21:40 +0200 Subject: [PATCH 4/7] Update changes --- CHANGES.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.rst b/CHANGES.rst index 5da0df8661..8dc21c6142 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,6 +3,7 @@ Changes in 0.9.3 (2019-08-) Improvements: * Prompt to accept integration manager policies on use (#2600). + * Use MXIdentityService to perform identity server requests (#2647). Changes in 0.9.2 (2019-08-08) =============================================== From a6cd9e32f1a6b17e3d92b34e3f7ec900ed51719b Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Wed, 21 Aug 2019 16:00:53 +0200 Subject: [PATCH 5/7] AuthInputsView: Check identity server presence before email registration. --- Riot/Modules/Authentication/Views/AuthInputsView.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Riot/Modules/Authentication/Views/AuthInputsView.m b/Riot/Modules/Authentication/Views/AuthInputsView.m index eaaedd46b6..4e8d32116b 100644 --- a/Riot/Modules/Authentication/Views/AuthInputsView.m +++ b/Riot/Modules/Authentication/Views/AuthInputsView.m @@ -604,7 +604,7 @@ - (void)prepareParameters:(void (^)(NSDictionary *parameters, NSError *error))ca restClient = [self.delegate authInputsViewThirdPartyIdValidationRestClient:self]; } - if (restClient) + if (restClient && restClient.identityServer) { // Check whether a second 3pid is available _isThirdPartyIdentifierPending = (nbPhoneNumber && ![self isFlowCompleted:kMXLoginFlowTypeMSISDN]); From ace66b7225e595eec322c3954959c28172bd0561 Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Fri, 30 Aug 2019 11:15:06 +0200 Subject: [PATCH 6/7] AppDelegate: Support identity server v2 API email validation and prompt to accept identity server policies on first use. --- Riot/AppDelegate.m | 86 ++++++++++++++++++- ...TermsModalCoordinatorBridgePresenter.swift | 4 + 2 files changed, 87 insertions(+), 3 deletions(-) diff --git a/Riot/AppDelegate.m b/Riot/AppDelegate.m index fdaf36a8d9..688d76eb60 100644 --- a/Riot/AppDelegate.m +++ b/Riot/AppDelegate.m @@ -84,7 +84,7 @@ NSString *const kAppDelegateDidTapStatusBarNotification = @"kAppDelegateDidTapStatusBarNotification"; NSString *const kAppDelegateNetworkStatusDidChangeNotification = @"kAppDelegateNetworkStatusDidChangeNotification"; -@interface AppDelegate () +@interface AppDelegate () { /** Reachability observer @@ -233,6 +233,8 @@ The current call view controller (if any). @property (weak, nonatomic) UIAlertController *gdprConsentNotGivenAlertController; @property (weak, nonatomic) UIViewController *gdprConsentController; +@property (nonatomic, strong) ServiceTermsModalCoordinatorBridgePresenter *serviceTermsModalCoordinatorBridgePresenter; + /** Used to manage on boarding steps, like create DM with riot bot */ @@ -647,6 +649,9 @@ - (void)applicationDidBecomeActive:(UIApplication *)application // Register to GDPR consent not given notification [self registerUserConsentNotGivenNotification]; + // Register to identity server terms not signed notification + [self registerIdentityServiceTermsNotSignedNotification]; + // Start monitoring reachability [[AFNetworkReachabilityManager sharedManager] setReachabilityStatusChangeBlock:^(AFNetworkReachabilityStatus status) { @@ -2101,12 +2106,30 @@ - (BOOL)handleUniversalLink:(NSUserActivity*)userActivity // iOS Patch: fix vector.im urls before using it webURL = [Tools fixURLWithSeveralHashKeys:webURL]; + NSString *validateEmailSubmitTokenPath = @"validate/email/submitToken"; + + NSString *validateEmailSubmitTokenAPIPathV1 = [NSString stringWithFormat:@"/%@/%@", kMXIdentityAPIPrefixPathV1, validateEmailSubmitTokenPath]; + NSString *validateEmailSubmitTokenAPIPathV2 = [NSString stringWithFormat:@"/%@/%@", kMXIdentityAPIPrefixPathV2, validateEmailSubmitTokenPath]; + // Manage email validation link - if ([webURL.path isEqualToString:@"/_matrix/identity/api/v1/validate/email/submitToken"]) + if ([webURL.path isEqualToString:validateEmailSubmitTokenAPIPathV1] || [webURL.path isEqualToString:validateEmailSubmitTokenAPIPathV2]) { // Validate the email on the passed identity server NSString *identityServer = [NSString stringWithFormat:@"%@://%@", webURL.scheme, webURL.host]; - MXIdentityService *identityService = [[MXIdentityService alloc] initWithIdentityServer:identityServer]; + + MXSession *mainSession = self.mxSessions.firstObject; + MXRestClient *homeserverRestClient; + + if (mainSession.matrixRestClient) + { + homeserverRestClient = mainSession.matrixRestClient; + } + else + { + homeserverRestClient = [[MXRestClient alloc] initWithHomeServer:identityServer andOnUnrecognizedCertificateBlock:nil]; + } + + MXIdentityService *identityService = [[MXIdentityService alloc] initWithIdentityServer:identityServer andHomeserverRestClient:homeserverRestClient]; // Extract required parameters from the link NSArray *pathParams; @@ -4626,6 +4649,63 @@ - (void)gdprConsentViewControllerDidConsentToGDPRWithSuccess:(GDPRConsentViewCon }]; } +#pragma mark - Identity server service terms + +// Observe identity server terms not signed notification +- (void)registerIdentityServiceTermsNotSignedNotification +{ + [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(handleIdentityServiceTermsNotSignedNotification:) name:MXIdentityServiceTermsNotSignedNotification object:nil]; +} + +- (void)handleIdentityServiceTermsNotSignedNotification:(NSNotification*)notification +{ + NSString *baseURL; + NSString *accessToken; + + MXJSONModelSetString(baseURL, notification.userInfo[MXIdentityServiceNotificationIdentityServerKey]); + MXJSONModelSetString(accessToken, notification.userInfo[MXIdentityServiceNotificationAccessTokenKey]); + + [self presentIdentityServerTermsWithBaseURL:baseURL andAccessToken:accessToken]; +} + +- (void)presentIdentityServerTermsWithBaseURL:(NSString*)baseURL andAccessToken:(NSString*)accessToken +{ + MXSession *mxSession = self.mxSessions.firstObject; + + if (!mxSession || !baseURL || !accessToken || self.serviceTermsModalCoordinatorBridgePresenter.isPresenting) + { + return; + } + + ServiceTermsModalCoordinatorBridgePresenter *serviceTermsModalCoordinatorBridgePresenter = [[ServiceTermsModalCoordinatorBridgePresenter alloc] initWithSession:mxSession + baseUrl:baseURL + serviceType:MXServiceTypeIdentityService + accessToken:accessToken]; + + serviceTermsModalCoordinatorBridgePresenter.delegate = self; + + UIViewController *presentingViewController = self.window.rootViewController.presentedViewController ?: self.window.rootViewController; + + [serviceTermsModalCoordinatorBridgePresenter presentFrom:presentingViewController animated:YES]; + self.serviceTermsModalCoordinatorBridgePresenter = serviceTermsModalCoordinatorBridgePresenter; +} + +- (void)serviceTermsModalCoordinatorBridgePresenterDelegateDidAccept:(ServiceTermsModalCoordinatorBridgePresenter * _Nonnull)coordinatorBridgePresenter +{ + [coordinatorBridgePresenter dismissWithAnimated:YES completion:^{ + + }]; + self.serviceTermsModalCoordinatorBridgePresenter = nil; +} + +- (void)serviceTermsModalCoordinatorBridgePresenterDelegateDidCancel:(ServiceTermsModalCoordinatorBridgePresenter * _Nonnull)coordinatorBridgePresenter +{ + [coordinatorBridgePresenter dismissWithAnimated:YES completion:^{ + + }]; + self.serviceTermsModalCoordinatorBridgePresenter = nil; +} + #pragma mark - Settings - (void)setupUserDefaults diff --git a/Riot/Modules/ServiceTerms/Modal/ServiceTermsModalCoordinatorBridgePresenter.swift b/Riot/Modules/ServiceTerms/Modal/ServiceTermsModalCoordinatorBridgePresenter.swift index 22cda942b7..5802b90eb8 100644 --- a/Riot/Modules/ServiceTerms/Modal/ServiceTermsModalCoordinatorBridgePresenter.swift +++ b/Riot/Modules/ServiceTerms/Modal/ServiceTermsModalCoordinatorBridgePresenter.swift @@ -42,6 +42,10 @@ final class ServiceTermsModalCoordinatorBridgePresenter: NSObject { weak var delegate: ServiceTermsModalCoordinatorBridgePresenterDelegate? + var isPresenting: Bool { + return self.coordinator != nil + } + // MARK: - Setup init(session: MXSession, baseUrl: String, serviceType: MXServiceType, accessToken: String) { From cc41f6a09f08a4fcf592788c0cc7e27d420c950e Mon Sep 17 00:00:00 2001 From: SBiOSoftWhare Date: Fri, 30 Aug 2019 11:17:05 +0200 Subject: [PATCH 7/7] Update changes --- CHANGES.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 8dc21c6142..1aa5b795bc 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -4,6 +4,9 @@ Changes in 0.9.3 (2019-08-) Improvements: * Prompt to accept integration manager policies on use (#2600). * Use MXIdentityService to perform identity server requests (#2647). + * Support identity server v2 API authentication (#2603). + * Use the hashed v2 lookup API for 3PIDs (#2652). + * Prompt to accept identity server policies on firt use (#2602). Changes in 0.9.2 (2019-08-08) ===============================================