1089 mettre en place le nouveau flow sso

Btchap/Config/BuildSettings.swift

@@ -123,7 +123,8 @@ final class BuildSettings: NSObject {
     static let applicationHelpUrlString = "https://www.beta.tchap.gouv.fr/faq"
     static let applicationServicesStatusUrlString = "https://status.tchap.numerique.gouv.fr/"
     static let applicationAcceptableUsePolicyUrlString = ""
-
+    static let proConnectInfoUrlString = "https://proconnect.gouv.fr/"
+
     // MARK: - Matrix permalinks
     // Hosts/Paths for URLs that will considered as valid permalinks. Those permalinks are opened within the app.
     static let permalinkSupportedHosts: [String: [String]] = [

DevTchap/Config/BuildSettings.swift

@@ -97,7 +97,7 @@ final class BuildSettings: NSObject {
     static let serverUrlPrefix = "https://matrix."
     static let preferredIdentityServerNames = [
         "dev01.tchap.incubateur.net",
-        "dev02.tchap.incubateur.net"
+//        "dev02.tchap.incubateur.net"
     ]
     static let otherIdentityServerNames: [String] = [
         "ext01.tchap.incubateur.net"
@@ -123,7 +123,7 @@ final class BuildSettings: NSObject {
     static let applicationHelpUrlString = "https://www.tchap.incubateur.net/faq"
     static let applicationServicesStatusUrlString = "https://status.tchap.numerique.gouv.fr/"
     static let applicationAcceptableUsePolicyUrlString = ""
-
+    static let proConnectInfoUrlString = "https://proconnect.gouv.fr/"
 
     // MARK: - Matrix permalinks
     // Hosts/Paths for URLs that will considered as valid permalinks. Those permalinks are opened within the app.

Podfile.lock

@@ -20,7 +20,7 @@ PODS:
   - Down (0.11.0)
   - DSBottomSheet (0.3.0)
   - DSWaveformImage (6.1.1)
-  - FLEX (4.5.0)
+  - FLEX (5.22.10)
   - FlowCommoniOS (1.12.2)
   - GBDeviceInfo (7.1.0):
     - GBDeviceInfo/Core (= 7.1.0)
@@ -39,17 +39,17 @@ PODS:
   - LoggerAPI (1.9.200):
     - Logging (~> 1.1)
   - Logging (1.4.0)
-  - MatrixSDK (0.27.10):
-    - MatrixSDK/Core (= 0.27.10)
-  - MatrixSDK/Core (0.27.10):
+  - MatrixSDK (0.27.11):
+    - MatrixSDK/Core (= 0.27.11)
+  - MatrixSDK/Core (0.27.11):
     - AFNetworking (~> 4.0.0)
     - GZIP (~> 1.3.0)
     - libbase58 (~> 0.1.4)
     - MatrixSDKCrypto (= 0.4.2)
     - OLMKit (~> 3.2.5)
     - Realm (= 10.27.0)
     - SwiftyBeaver (= 1.9.5)
-  - MatrixSDK/JingleCallStack (0.27.10):
+  - MatrixSDK/JingleCallStack (0.27.11):
     - JitsiMeetSDKLite (= 8.1.2-lite)
     - MatrixSDK/Core
   - MatrixSDKCrypto (0.4.2)
@@ -96,7 +96,7 @@ DEPENDENCIES:
   - Down (~> 0.11.0)
   - DSBottomSheet (~> 0.3)
   - DSWaveformImage (~> 6.1.1)
-  - FLEX (~> 4.5.0)
+  - FLEX (~> 5.22.10)
   - FlowCommoniOS (~> 1.12.0)
   - GBDeviceInfo (~> 7.1.0)
   - Introspect (~> 0.1)
@@ -179,7 +179,7 @@ SPEC CHECKSUMS:
   Down: b6ba1bc985c9d2f4e15e3b293d2207766fa12612
   DSBottomSheet: ca0ac37eb5af2dd54663f86b84382ed90a59be2a
   DSWaveformImage: 3c718a0cf99291887ee70d1d0c18d80101d3d9ce
-  FLEX: e51461dd6f0bfb00643c262acdfea5d5d12c596b
+  FLEX: f21ee4f498eed3f8a1eded66b21939fd3b7a22ce
   FlowCommoniOS: ca92071ab526dc89905495a37844fd7e78d1a7f2
   GBDeviceInfo: 5d62fa85bdcce3ed288d83c28789adf1173e4376
   GZIP: 3c0abf794bfce8c7cb34ea05a1837752416c8868
@@ -193,7 +193,7 @@ SPEC CHECKSUMS:
   libPhoneNumber-iOS: 0a32a9525cf8744fe02c5206eb30d571e38f7d75
   LoggerAPI: ad9c4a6f1e32f518fdb43a1347ac14d765ab5e3d
   Logging: beeb016c9c80cf77042d62e83495816847ef108b
-  MatrixSDK: c805f9306d60955215f4b15043ed0f96fd4867b3
+  MatrixSDK: 7c29e5cc8934cfc1f81f83fcfa17cd652612086d
   MatrixSDKCrypto: 736069ee0a5ec12852ab3498bf2242acecc443fc
   OLMKit: da115f16582e47626616874e20f7bb92222c7a51
   PostHog: 660ec6c9d80cec17b685e148f17f6785a88b597d
@@ -215,6 +215,6 @@ SPEC CHECKSUMS:
   zxcvbn-ios: fef98b7c80f1512ff0eec47ac1fa399fc00f7e3c
   ZXingObjC: 8898711ab495761b2dbbdec76d90164a6d7e14c5
 
-PODFILE CHECKSUM: 971cd7529e2d127b237469afa2c18e6dced151ec
+PODFILE CHECKSUM: 4c754458cc7f3e4e8d97c36fe5692f5b82807db2
 
 COCOAPODS: 1.14.3

Riot/Assets/fr.lproj/Vector.strings

@@ -2299,7 +2299,7 @@
 "authentication_verify_email_waiting_hint" = "Vous n’avez pas reçu l’e-mail ?";
 /* The placeholder will show the email address that was entered. */
 "authentication_verify_email_waiting_message" = "Suivez les instructions envoyées à %@";
-"authentication_verify_email_text_field_placeholder" = "Adresse mail"; // Tchap
+"authentication_verify_email_text_field_placeholder" = "Adresse mail professionnelle"; // Tchap
 /* The placeholder will show the homeserver's domain */
 "authentication_verify_email_input_message" = "%@ doit vérifier votre compte";
 "authentication_verify_email_input_title" = "Entrez votre e-mail";

Riot/Modules/Authentication/AuthenticationCoordinator.swift

@@ -32,7 +32,9 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
 
     enum EntryPoint {
         case registration
-        case login
+        // Tchap: allow override home server's preferred login mode
+//        case login
+        case login(LoginMode? = nil)
     }
 
     // MARK: - Properties
@@ -88,9 +90,17 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
 
     // MARK: - Public
 
+    // Tchap: allow override home server's preferred login mode
     func start() {
+        start(forcedAuthenticationMode: nil)
+    }
+
+    // Tchap: allow override home server's preferred login mode
+    func start(forcedAuthenticationMode: LoginMode? = nil) {
         Task { @MainActor in
-            await startAuthenticationFlow()
+            // Tchap: allow override home server's preferred login mode
+//            await startAuthenticationFlow()
+            await startAuthenticationFlow(forcedAuthenticationMode: forcedAuthenticationMode)
             callback?(.didStart)
             authenticationService.delegate = self
         }
@@ -114,7 +124,9 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
     // MARK: - Private
 
     /// Starts the authentication flow.
-    @MainActor private func startAuthenticationFlow() async {
+    // Tchap: allow override home server's preferred login mode
+//    @MainActor private func startAuthenticationFlow() async {
+    @MainActor private func startAuthenticationFlow(forcedAuthenticationMode: LoginMode? = nil) async {
         if let softLogoutCredentials = authenticationService.softLogoutCredentials,
            let homeserverAddress = softLogoutCredentials.homeServer {
             do {
@@ -129,22 +141,31 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
             return
         }
 
-        let flow: AuthenticationFlow = initialScreen == .login ? .login : .register
+        // Tchap: allow override home server's preferred login mode
+        //        let flow: AuthenticationFlow = initialScreen == .login ? .login : .register
+        let flow: AuthenticationFlow = {
+            if case .login(_) = initialScreen {
+                return .login
+            } else {
+                return .register
+            }
+        }()
 
         // Check if the user must select a server
         if BuildSettings.forceHomeserverSelection, authenticationService.provisioningLink?.homeserverUrl == nil {
             showServerSelectionScreen(for: flow)
             return
         }
 
-        do {
-            // Start the flow (if homeserverAddress is nil, the default server will be used).
-            try await authenticationService.startFlow(flow)
-        } catch {
-            MXLog.error("[AuthenticationCoordinator] start: Failed to start, showing server selection.")
-            showServerSelectionScreen(for: flow)
-            return
-        }
+        // Tchap: Don't use default home server
+//        do {
+//            // Start the flow (if homeserverAddress is nil, the default server will be used).
+//            try await authenticationService.startFlow(flow)
+//        } catch {
+//            MXLog.error("[AuthenticationCoordinator] start: Failed to start, showing server selection.")
+//            showServerSelectionScreen(for: flow)
+//            return
+//        }
 
         switch initialScreen {
         case .registration:
@@ -153,13 +174,15 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
             } else {
                 // Tchap: force email registration mode
 //                showRegistrationScreen()
-                TchapShowVerifyEmailScreen()
+                await TchapShowVerifyEmailScreen()
             }
         case .login:
             if authenticationService.state.homeserver.needsLoginFallback {
                 showFallback(for: flow)
             } else {
-                showLoginScreen()
+                // Tchap: allow override home server's preferred login mode
+//                showLoginScreen()
+                showLoginScreen(forcedAuthenticationMode: forcedAuthenticationMode)
             }
         }
     }
@@ -262,13 +285,17 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
     // MARK: - Login
 
     /// Shows the login screen.
-    @MainActor private func showLoginScreen() {
+    // Tchap: allow override home server's preferred login mode
+//    @MainActor private func showLoginScreen() {
+    @MainActor private func showLoginScreen(forcedAuthenticationMode: LoginMode? = nil) {
         MXLog.debug("[AuthenticationCoordinator] showLoginScreen")
 
         let homeserver = authenticationService.state.homeserver
         let parameters = AuthenticationLoginCoordinatorParameters(navigationRouter: navigationRouter,
                                                                   authenticationService: authenticationService,
-                                                                  loginMode: homeserver.preferredLoginMode)
+                                                                  // Tchap: allow override home server's preferred login mode
+                                                                  // loginMode: homeserver.preferredLoginMode)
+                                                                  loginMode: forcedAuthenticationMode ?? homeserver.preferredLoginMode)
         let coordinator = AuthenticationLoginCoordinator(parameters: parameters)
         coordinator.callback = { [weak self, weak coordinator] result in
             guard let self = self, let coordinator = coordinator else { return }
@@ -383,9 +410,12 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
 
     // Tchap: start Registration with VerifyEmail screen
     /// Shows the login screen.
-    @MainActor private func TchapShowVerifyEmailScreen() {
+    @MainActor private func TchapShowVerifyEmailScreen() async {
         MXLog.debug("[AuthenticationCoordinator] TchapShowVerifyEmailScreen")
 
+        // Call `startFlow` here to get `registrationWizard` initialized.
+        try? await authenticationService.startFlow(.register)
+
         guard let registrationWizard = authenticationService.registrationWizard else {
             MXLog.failure("[AuthenticationCoordinator] showStage: Missing the RegistrationWizard needed to complete the stage.")
             displayError(message: VectorL10n.errorCommonMessage)

Riot/Modules/CrossSigning/Setup/CrossSigningSetupCoordinator.swift

@@ -45,7 +45,11 @@ final class CrossSigningSetupCoordinator: CrossSigningSetupCoordinatorType {
     // MARK: - Public methods
 
     func start() {
-        self.showReauthentication()
+        // Tchap: launch classic crossiging without authentication parameters
+        // to trigger real requets to backend, with real keys.
+        // This will trigger a 401 reponse that will launch the SSO reauthentication.
+//        self.showReauthentication()
+        self.setupCrossSigning(with: [:])
     }
 
     func toPresentable() -> UIViewController {
@@ -71,6 +75,24 @@ final class CrossSigningSetupCoordinator: CrossSigningSetupCoordinatorType {
         coordinator.start()
     }
 
+    // Tchap: reauthenticate with session information (used by SSO reauthentication)
+    private func showReauthentication(with session: MXAuthenticationSession) {
+
+        let setupCrossSigningRequest = self.crossSigningService.setupCrossSigningRequest()
+
+        let reauthenticationParameters = ReauthenticationCoordinatorParameters(session: parameters.session,
+                                                                               presenter: parameters.presenter,
+                                                                               title: parameters.title,
+                                                                               message: parameters.message,
+                                                                               authenticationSession: session)
+
+        let coordinator = ReauthenticationCoordinator(parameters: reauthenticationParameters)
+        coordinator.delegate = self
+        self.add(childCoordinator: coordinator)
+
+        coordinator.start()
+    }
+
     private func setupCrossSigning(with authenticationParameters: [String: Any]) {
         guard let crossSigning = self.parameters.session.crypto?.crossSigning else {
             return
@@ -85,7 +107,18 @@ final class CrossSigningSetupCoordinator: CrossSigningSetupCoordinatorType {
             guard let self = self else {
                 return
             }
-            self.delegate?.crossSigningSetupCoordinator(self, didFailWithError: error)
+
+            // Tchap: handle 'authentication requested' error (401) from backend
+//            self.delegate?.crossSigningSetupCoordinator(self, didFailWithError: error)
+            let nsError = error as NSError
+            if let jsonResponse = nsError.userInfo[MXHTTPClientErrorResponseDataKey] as? [AnyHashable: Any],
+               let authenticationSession = MXAuthenticationSession(fromJSON: jsonResponse) {
+                self.showReauthentication(with: authenticationSession)
+            }
+            else {
+                self.delegate?.crossSigningSetupCoordinator(self, didFailWithError: error)
+            }
+
         }
     }
 }