oxen-io/session-ios
1
0
Fork 0
mirror of https://github.com/oxen-io/session-ios.git synced 2023-12-13 21:30:14 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'charlesmchen/profile10a'

Browse source
This commit is contained in:
Matthew Chen 2017-08-04 17:54:23 -04:00
parent fa1678f945 e01fbc247e
commit 98e6685304
6 changed files with 339 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

280
Signal/src/Profiles/OWSProfileManager.m
View file

@ -10,6 +10,7 @@
#import <SignalServiceKit/OWSMessageSender.h>
#import <SignalServiceKit/SecurityUtils.h>
#import <SignalServiceKit/TSGroupThread.h>
#import <SignalServiceKit/TSProfileAvatarUploadFormRequest.h>
#import <SignalServiceKit/TSSetProfileRequest.h>
#import <SignalServiceKit/TSStorageManager.h>
#import <SignalServiceKit/TSThread.h>
@ -112,6 +113,9 @@ static const NSInteger kProfileKeyLength = 16;
// This property should only be mutated on the main thread,
@property (nonatomic, readonly) NSCache<NSString *, UIImage *> *otherUsersProfileAvatarImageCache;
// This property should only be mutated on the main thread,
@property (atomic, readonly) NSMutableSet<NSString *> *currentAvatarDownloads;
@end
#pragma mark -
@ -159,6 +163,7 @@ static const NSInteger kProfileKeyLength = 16;
_userProfileWhitelistCache = [NSMutableDictionary new];
_groupProfileWhitelistCache = [NSMutableDictionary new];
_otherUsersProfileAvatarImageCache = [NSCache new];
_currentAvatarDownloads = [NSMutableSet new];
OWSSingletonAssert();
@ -272,6 +277,12 @@ static const NSInteger kProfileKeyLength = 16;
{
OWSAssert([NSThread isMainThread]);
if (!self.localCachedAvatarImage) {
if (self.localUserProfile.avatarFileName) {
self.localCachedAvatarImage = [self loadProfileAvatarWithFilename:self.localUserProfile.avatarFileName];
}
}
return self.localCachedAvatarImage;
}
@ -404,11 +415,164 @@ static const NSInteger kProfileKeyLength = 16;
// TODO:
NSString *avatarUrl = @"avatarUrl";
NSData *avatarDigest = [@"avatarDigest" dataUsingEncoding:NSUTF8StringEncoding];
if (YES) {
successBlock(avatarUrl, avatarDigest);
return;
}
failureBlock();
// See: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
TSProfileAvatarUploadFormRequest *formRequest = [TSProfileAvatarUploadFormRequest new];
[self.networkManager makeRequest:formRequest
success:^(NSURLSessionDataTask *task, id formResponseObject) {
if (![formResponseObject isKindOfClass:[NSDictionary class]]) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_response");
failureBlock();
return;
}
NSDictionary *responseMap = formResponseObject;
DDLogError(@"responseObject: %@", formResponseObject);
// acl = private;
// algorithm = "AWS4-HMAC-SHA256";
// credential =
// "AKIAINTYCHN42UH3LGRA/20170804/us-east-1/s3/aws4_request"; date =
// 20170804T193927Z; key = PtRO3iSkY6twBA; policy =
// eyAiZXhwaXJhdGlvbiI6ICIyMDE3LTA4LTA0VDIwOjA5OjI3LjMwMFoiLAogICJjb25kaXRpb25zIjogWwogICAgeyJidWNrZXQiOiAic2lnbmFsLXByb2ZpbGVzLXN0YWdpbmcifSwKICAgIHsia2V5IjogIlB0Uk8zaVNrWTZ0d0JBIn0sCiAgICB7ImFjbCI6ICJwcml2YXRlIn0sCiAgICBbInN0YXJ0cy13aXRoIiwgIiRDb250ZW50LVR5cGUiLCAiIl0sCgogICAgeyJ4LWFtei1jcmVkZW50aWFsIjogIkFLSUFJTlRZQ0hONDJVSDNMR1JBLzIwMTcwODA0L3VzLWVhc3QtMS9zMy9hd3M0X3JlcXVlc3QifSwKICAgIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwKICAgIHsieC1hbXotZGF0ZSI6ICIyMDE3MDgwNFQxOTM5MjdaIiB9CiAgXQp9;
// signature =
// 3608fdc9af8ca0d13c754c34eb37014c9995b058c2e0166550468de47b00f316;
// url = "profiles-staging.signal.org";
NSString *formUrl = responseMap[@"url"];
if (![formUrl isKindOfClass:[NSString class]] || formUrl.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_url");
failureBlock();
return;
}
NSString *formAcl = responseMap[@"acl"];
if (![formAcl isKindOfClass:[NSString class]] || formAcl.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_acl");
failureBlock();
return;
}
NSString *formKey = responseMap[@"key"];
if (![formKey isKindOfClass:[NSString class]] || formKey.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_key");
failureBlock();
return;
}
NSString *formPolicy = responseMap[@"policy"];
if (![formPolicy isKindOfClass:[NSString class]] || formPolicy.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_policy");
failureBlock();
return;
}
NSString *formAlgorithm = responseMap[@"algorithm"];
if (![formAlgorithm isKindOfClass:[NSString class]] || formAlgorithm.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_algorithm");
failureBlock();
return;
}
NSString *formCredential = responseMap[@"credential"];
if (![formCredential isKindOfClass:[NSString class]] || formCredential.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_credential");
failureBlock();
return;
}
NSString *formDate = responseMap[@"date"];
if (![formDate isKindOfClass:[NSString class]] || formDate.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_date");
failureBlock();
return;
}
NSString *formSignature = responseMap[@"signature"];
if (![formSignature isKindOfClass:[NSString class]] || formSignature.length < 1) {
OWSProdFail(@"profile_manager_error_avatar_upload_form_invalid_signature");
failureBlock();
return;
}
NSDictionary<NSString *, NSString *> *parameters = @{
@"acl" : formAcl,
@"x-amz-algorithm" : formAlgorithm,
@"x-amz-credential" : formCredential,
@"x-amz-date" : formDate,
@"key" : formKey,
@"policy" : formPolicy,
@"x-amz-signature" : formSignature,
};
NSString *filePath = [self.profileAvatarsDirPath stringByAppendingPathComponent:fileName];
NSInputStream *fileInputStream = [[NSInputStream alloc] initWithFileAtPath:filePath];
if (!fileInputStream) {
OWSProdFail(@"profile_manager_error_avatar_upload_invalid_file_stream");
failureBlock();
return;
}
NSError *error;
long long fileSize =
[[[NSFileManager defaultManager] attributesOfItemAtPath:filePath error:&error][NSFileSize]
longLongValue];
if (error || fileSize <= 0) {
OWSProdFail(@"profile_manager_error_avatar_upload_invalid_file_size");
failureBlock();
return;
}
NSMutableURLRequest *uploadRequest = [[AFHTTPRequestSerializer serializer]
multipartFormRequestWithMethod:@"post"
URLString:[@"https://" stringByAppendingString:formUrl]
parameters:parameters
constructingBodyWithBlock:^(id<AFMultipartFormData> formData) {
// [formData appendPartWithFormData:<#(nonnull NSData *)#> name:@"acl"];
[formData appendPartWithInputStream:fileInputStream
name:@"file"
fileName:fileName
length:fileSize
mimeType:@"image/jpeg"];
}
error:&error];
if (error || !uploadRequest) {
OWSProdFail(@"profile_manager_error_avatar_upload_invalid_upload_request");
failureBlock();
return;
}
[uploadRequest setValue:@"Content-Type: text/html; charset=UTF-8" forHTTPHeaderField:@"Content-Type"];
// [uploadRequest setAllHTTPHeaderFields:headerDictionary];
// TODO: Should we use a special configuration as we do in TSNetworkManager?
// TODO: How does censorship circumvention fit in?
AFURLSessionManager *manager = [[AFURLSessionManager alloc]
initWithSessionConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
manager.responseSerializer = [AFXMLParserResponseSerializer new];
NSURLSessionUploadTask *uploadTask;
uploadTask = [manager uploadTaskWithStreamedRequest:uploadRequest
progress:^(NSProgress *_Nonnull uploadProgress) {
// This is not called back on the main queue.
// You are responsible for dispatching to the main queue for UI updates
DDLogVerbose(@"%@ Avatar upload progress: %f", self.tag, uploadProgress.fractionCompleted);
}
completionHandler:^(NSURLResponse *_Nonnull response,
id _Nullable uploadResponseObject,
NSError *_Nullable uploadError) {
if (uploadError) {
DDLogError(@"%@ Avatar upload failed: %@", self.tag, uploadError);
failureBlock();
} else {
DDLogVerbose(@"%@ Avatar upload succeeded", self.tag);
successBlock(avatarUrl, avatarDigest);
}
}];
[uploadTask resume];
}
failure:^(NSURLSessionDataTask *task, NSError *error) {
DDLogError(@"%@ Failed to get profile avatar upload form: %@", self.tag, error);
failureBlock();
}];
});
}
@ -575,6 +739,12 @@ static const NSInteger kProfileKeyLength = 16;
userProfile.profileKey = profileKey;
// Clear profile state.
userProfile.profileName = nil;
userProfile.avatarUrl = nil;
userProfile.avatarDigest = nil;
userProfile.avatarFileName = nil;
[self saveUserProfile:userProfile];
[self refreshProfileForRecipientId:recipientId ignoreThrottling:YES];
@ -620,18 +790,106 @@ static const NSInteger kProfileKeyLength = 16;
[self.otherUsersProfileAvatarImageCache setObject:image forKey:recipientId];
}
} else if (userProfile.avatarUrl) {
[self downloadProfileAvatarWithUrl:userProfile.avatarUrl recipientId:recipientId];
[self downloadAvatarForUserProfile:userProfile];
}
return image;
}
- (void)downloadProfileAvatarWithUrl:(NSString *)avatarUrl recipientId:(NSString *)recipientId
- (void)downloadAvatarForUserProfile:(UserProfile *)userProfile
{
OWSAssert(avatarUrl.length > 0);
OWSAssert(recipientId.length > 0);
OWSAssert([NSThread isMainThread]);
OWSAssert(userProfile);
// TODO:
if (userProfile.profileKey.length < 1 || userProfile.avatarUrl.length < 1) {
return;
}
NSData *profileKeyAtStart = userProfile.profileKey;
NSURL *url = [NSURL URLWithString:userProfile.avatarUrl];
if (!url) {
OWSFail(@"%@ Malformed avatar URL: %@", self.tag, userProfile.avatarUrl);
return;
}
NSString *_Nullable fileExtension = [[[url lastPathComponent] pathExtension] lowercaseString];
NSSet<NSString *> *validFileExtensions = [NSSet setWithArray:@[
@"jpg",
@"jpeg",
@"png",
@"gif",
]];
if (![validFileExtensions containsObject:fileExtension]) {
DDLogWarn(@"Ignoring avatar with invalid file extension: %@", userProfile.avatarUrl);
}
NSString *fileName = [[NSUUID UUID].UUIDString stringByAppendingPathExtension:fileExtension];
NSString *filePath = [self.profileAvatarsDirPath stringByAppendingPathComponent:fileName];
if ([self.currentAvatarDownloads containsObject:userProfile.recipientId]) {
// Download already in flight; ignore.
return;
}
[self.currentAvatarDownloads addObject:userProfile.recipientId];
NSString *tempDirectory = NSTemporaryDirectory();
NSString *tempFilePath = [tempDirectory stringByAppendingPathComponent:fileName];
// TODO: Should we use a special configuration as we do in TSNetworkManager?
// TODO: How does censorship circumvention fit in?
NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
AFURLSessionManager *manager = [[AFURLSessionManager alloc] initWithSessionConfiguration:configuration];
NSURLRequest *request = [NSURLRequest requestWithURL:url];
NSURLSessionDownloadTask *downloadTask = [manager downloadTaskWithRequest:request
progress:nil
destination:^NSURL *(NSURL *targetPath, NSURLResponse *response) {
return [NSURL fileURLWithPath:tempFilePath];
}
completionHandler:^(NSURLResponse *response, NSURL *filePathParam, NSError *error) {
OWSAssert([[NSURL fileURLWithPath:tempFilePath] isEqual:filePathParam]);
// Ensure disk IO and decryption occurs off the main thread.
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
NSData *_Nullable encryptedData = (error ? nil : [NSData dataWithContentsOfFile:tempFilePath]);
NSData *_Nullable decryptedData =
[OWSProfileManager decryptProfileData:encryptedData profileKey:profileKeyAtStart];
UIImage *_Nullable image = nil;
if (decryptedData) {
// TODO: Verify avatar digest.
BOOL success = [decryptedData writeToFile:filePath atomically:YES];
if (success) {
image = [UIImage imageWithContentsOfFile:filePath];
}
}
dispatch_async(dispatch_get_main_queue(), ^{
[self.currentAvatarDownloads removeObject:userProfile.recipientId];
UserProfile *currentUserProfile =
[self getOrBuildUserProfileForRecipientId:userProfile.recipientId];
if (currentUserProfile.profileKey.length < 1
|| ![currentUserProfile.profileKey isEqual:userProfile.profileKey]) {
DDLogWarn(@"%@ Ignoring avatar download for obsolete user profile.", self.tag);
} else if (error) {
DDLogError(@"%@ avatar download failed: %@", self.tag, error);
} else if (!encryptedData) {
DDLogError(@"%@ avatar encrypted data could not be read.", self.tag);
} else if (!decryptedData) {
DDLogError(@"%@ avatar data could not be decrypted.", self.tag);
} else if (!image) {
DDLogError(@"%@ avatar image could not be loaded: %@", self.tag, error);
} else {
[self.otherUsersProfileAvatarImageCache setObject:image forKey:userProfile.recipientId];
userProfile.avatarFileName = fileName;
[self saveUserProfile:userProfile];
}
});
});
}];
[downloadTask resume];
}
- (void)refreshProfileForRecipientId:(NSString *)recipientId
@ -709,7 +967,7 @@ static const NSInteger kProfileKeyLength = 16;
[self.otherUsersProfileAvatarImageCache removeObjectForKey:recipientId];
if (avatarUrl) {
[self downloadProfileAvatarWithUrl:avatarUrl recipientId:recipientId];
[self downloadAvatarForUserProfile:userProfile];
}
}

15
Signal/src/util/ThreadUtil.m
View file

@ -340,6 +340,8 @@ NS_ASSUME_NONNULL_BEGIN
shouldHaveAddToContactsOffer = NO;
// Only create block offers for users which are not already blocked.
shouldHaveBlockOffer = NO;
// Don't create profile whitelist offers for users which are not already blocked.
shouldHaveAddToProfileWhitelistOffer = NO;
}
SignalAccount *signalAccount = contactsManager.signalAccountMap[recipientId];
@ -374,6 +376,19 @@ NS_ASSUME_NONNULL_BEGIN
// Don't show offer if thread is local user hasn't configured their profile.
// Don't show offer if thread is already in profile whitelist.
shouldHaveAddToProfileWhitelistOffer = NO;
} else if (thread.isGroupThread) {
BOOL hasUnwhitelistedMember = NO;
for (NSString *recipientId in thread.recipientIdentifiers) {
if (![OWSProfileManager.sharedManager isUserInProfileWhitelist:recipientId]) {
hasUnwhitelistedMember = YES;
break;
}
}
if (!hasUnwhitelistedMember) {
// Don't show offer in group thread if all members are already individually
// whitelisted.
hasUnwhitelistedMember = YES;
}
}
// We use these offset to control the ordering of the offers and indicators.

3
SignalServiceKit/src/Messages/TSMessagesManager.m
View file

@ -702,6 +702,9 @@ NS_ASSUME_NONNULL_BEGIN
// user, we can infer that that user belongs in our profile whitelist.
id<ProfileManagerProtocol> profileManager = [TextSecureKitEnv sharedEnv].profileManager;
[profileManager addUserToProfileWhitelist:destination];
// TODO: Can we also infer when groups are added to the whitelist
// from sent messages to groups?
}
if ([self isDataMessageGroupAvatarUpdate:syncMessage.sent.message]) {

17
SignalServiceKit/src/Network/API/Requests/TSProfileAvatarUploadFormRequest.h Normal file
View file

@ -0,0 +1,17 @@
//
// Copyright (c) 2017 Open Whisper Systems. All rights reserved.
//
#import "TSRequest.h"
NS_ASSUME_NONNULL_BEGIN
@interface TSProfileAvatarUploadFormRequest : TSRequest
- (nullable instancetype)init;
- (instancetype)init NS_UNAVAILABLE;
@end
NS_ASSUME_NONNULL_END

23
SignalServiceKit/src/Network/API/Requests/TSProfileAvatarUploadFormRequest.m Normal file
View file

@ -0,0 +1,23 @@
//
// Copyright (c) 2017 Open Whisper Systems. All rights reserved.
//
#import "TSProfileAvatarUploadFormRequest.h"
#import "TSConstants.h"
NS_ASSUME_NONNULL_BEGIN
@implementation TSProfileAvatarUploadFormRequest
- (nullable instancetype)init
{
self = [super initWithURL:[NSURL URLWithString:textSecureProfileAvatarFormAPI]];
self.HTTPMethod = @"GET";
return self;
}
@end
NS_ASSUME_NONNULL_END

12
SignalServiceKit/src/Protocols/ProtoBuf+OWS.m
View file

@ -50,6 +50,13 @@ NS_ASSUME_NONNULL_BEGIN
if ([self shouldMessageHaveLocalProfileKey:thread recipientId:recipientId]) {
[self setProfileKey:self.localProfileKey];
if (recipientId.length > 0) {
// Once we've shared our profile key with a user (perhaps due to being
// a member of a whitelisted group), make sure they're whitelisted.
id<ProfileManagerProtocol> profileManager = [TextSecureKitEnv sharedEnv].profileManager;
[profileManager addUserToProfileWhitelist:recipientId];
}
}
}
@ -66,6 +73,11 @@ NS_ASSUME_NONNULL_BEGIN
if ([self shouldMessageHaveLocalProfileKey:thread recipientId:recipientId]) {
[self setProfileKey:self.localProfileKey];
// Once we've shared our profile key with a user (perhaps due to being
// a member of a whitelisted group), make sure they're whitelisted.
id<ProfileManagerProtocol> profileManager = [TextSecureKitEnv sharedEnv].profileManager;
[profileManager addUserToProfileWhitelist:recipientId];
}
}