Tw 1900: IOS is forced to log out many times (#1921)

* TW-1900: create method for reading KeychainSharingRestoreToken * TW-1900: change keychain accessibility from unlocked to first_unlock_this_device * TW-1900: only update KeychainSharingRestoreToken when necessary and add try/catch for read/write keychain data
linagora · Jul 9, 2024 · 4fb3d41 · 4fb3d41
1 parent 789aa47
commit 4fb3d41
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 22 deletions.
diff --git a/lib/domain/keychain_sharing/keychain_sharing_manager.dart b/lib/domain/keychain_sharing/keychain_sharing_manager.dart
@@ -3,12 +3,15 @@ import 'dart:convert';
 import 'package:fluffychat/config/app_config.dart';
 import 'package:fluffychat/domain/keychain_sharing/keychain_sharing_restore_token.dart';
 import 'package:flutter_secure_storage/flutter_secure_storage.dart';
+import 'package:matrix/matrix.dart';
 
 class KeychainSharingManager {
   static FlutterSecureStorage get _secureStorage => const FlutterSecureStorage(
         iOptions: IOSOptions(
           groupId: AppConfig.iOSKeychainSharingId,
           accountName: AppConfig.iOSKeychainSharingAccount,
+          synchronizable: true,
+          accessibility: KeychainAccessibility.first_unlock_this_device,
         ),
       );
 
@@ -17,6 +20,21 @@ class KeychainSharingManager {
         value: jsonEncode(token.toJson()),
       );
 
+  static Future<KeychainSharingRestoreToken?> read({
+    required String userId,
+  }) async {
+    try {
+      final token = await _secureStorage.read(key: userId);
+      if (token != null) {
+        return KeychainSharingRestoreToken.fromJson(jsonDecode(token));
+      }
+    } catch (e, s) {
+      Logs().e('Unable to read token from Secure storage: $e $s');
+      return null;
+    }
+    return null;
+  }
+
   static Future delete({required String? userId}) {
     if (userId != null) {
       return _secureStorage.delete(key: userId);

diff --git a/lib/utils/matrix_sdk_extensions/flutter_hive_collections_database.dart b/lib/utils/matrix_sdk_extensions/flutter_hive_collections_database.dart
@@ -181,17 +181,12 @@ class FlutterHiveCollectionsDatabase extends HiveCollectionsDatabase {
     String? prevBatch,
     String? olmAccount,
   ) async {
-    if (PlatformInfos.isIOS) {
-      final restoreToken = KeychainSharingRestoreToken(
-        session: KeychainSharingSession(
-          accessToken: token,
-          userId: userId,
-          deviceId: deviceId ?? "",
-          homeserverUrl: homeserverUrl,
-        ),
-      );
-      await KeychainSharingManager.save(restoreToken);
-    }
+    await _updateIOSKeychainSharingRestoreToken(
+      homeserverUrl: homeserverUrl,
+      token: token,
+      userId: userId,
+      deviceId: deviceId,
+    );
     return super.updateClient(
       homeserverUrl,
       token,
@@ -203,6 +198,37 @@ class FlutterHiveCollectionsDatabase extends HiveCollectionsDatabase {
     );
   }
 
+  Future<void> _updateIOSKeychainSharingRestoreToken({
+    required String homeserverUrl,
+    required String token,
+    required String userId,
+    required String? deviceId,
+  }) async {
+    if (!PlatformInfos.isIOS) {
+      return;
+    }
+    try {
+      final oldToken = await KeychainSharingManager.read(userId: userId);
+      if (oldToken?.session.accessToken != token ||
+          oldToken?.session.userId != userId ||
+          oldToken?.session.homeserverUrl != homeserverUrl ||
+          oldToken?.session.deviceId != deviceId) {
+        final restoreToken = KeychainSharingRestoreToken(
+          session: KeychainSharingSession(
+            accessToken: token,
+            userId: userId,
+            deviceId: deviceId ?? "",
+            homeserverUrl: homeserverUrl,
+          ),
+        );
+        await KeychainSharingManager.save(restoreToken);
+      }
+    } catch (e) {
+      Logs().w('insertClient::current token: $token');
+      Logs().w('insertClient::Unable to save restore token', e);
+    }
+  }
+
   @override
   Future<int> insertClient(
     String name,
@@ -214,17 +240,12 @@ class FlutterHiveCollectionsDatabase extends HiveCollectionsDatabase {
     String? prevBatch,
     String? olmAccount,
   ) async {
-    if (PlatformInfos.isIOS) {
-      final restoreToken = KeychainSharingRestoreToken(
-        session: KeychainSharingSession(
-          accessToken: token,
-          userId: userId,
-          deviceId: deviceId ?? "",
-          homeserverUrl: homeserverUrl,
-        ),
-      );
-      await KeychainSharingManager.save(restoreToken);
-    }
+    await _updateIOSKeychainSharingRestoreToken(
+      homeserverUrl: homeserverUrl,
+      token: token,
+      userId: userId,
+      deviceId: deviceId,
+    );
     return super.insertClient(
       name,
       homeserverUrl,