From 0b1eb319f02cc72c9fdecb57d8bb46abb640af61 Mon Sep 17 00:00:00 2001
From: Yoan Pintas <yoan@pintas.bzh>
Date: Thu, 19 Dec 2024 14:05:23 +0100
Subject: [PATCH 1/3] Add password policy to export keys (#1145)

---
 changelog.d/1145.misc                         |  1 +
 .../app/features/crypto/keys/KeysExporter.kt  | 33 +++++++++++++++++++
 .../onboarding/OnboardingViewModel.kt         | 18 +++++-----
 3 files changed, 43 insertions(+), 9 deletions(-)
 create mode 100644 changelog.d/1145.misc

diff --git a/changelog.d/1145.misc b/changelog.d/1145.misc
new file mode 100644
index 0000000000..12b6be1858
--- /dev/null
+++ b/changelog.d/1145.misc
@@ -0,0 +1 @@
+Ajout d'une politique de mot de passe sur l'export manuel des clés.
\ No newline at end of file
diff --git a/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt b/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt
index 556d9bcec3..6a84875b6e 100644
--- a/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt
+++ b/vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt
@@ -20,11 +20,19 @@ import android.content.Context
 import android.net.Uri
 import im.vector.app.core.dispatchers.CoroutineDispatchers
 import im.vector.app.core.extensions.safeOpenOutputStream
+import im.vector.app.core.resources.StringProvider
+import im.vector.lib.strings.CommonStrings
 import kotlinx.coroutines.withContext
+import org.matrix.android.sdk.api.auth.AuthenticationService
+import org.matrix.android.sdk.api.extensions.tryOrNull
+import org.matrix.android.sdk.api.failure.Failure
+import org.matrix.android.sdk.api.failure.MatrixError
 import org.matrix.android.sdk.api.session.Session
 import javax.inject.Inject
 
 class KeysExporter @Inject constructor(
+        private val authenticationService: AuthenticationService,
+        private val stringProvider: StringProvider,
         private val session: Session,
         private val context: Context,
         private val dispatchers: CoroutineDispatchers
@@ -34,6 +42,7 @@ class KeysExporter @Inject constructor(
      */
     suspend fun export(password: String, uri: Uri) {
         withContext(dispatchers.io) {
+            checkPasswordPolicy(password)
             val data = session.cryptoService().exportRoomKeys(password)
             context.safeOpenOutputStream(uri)
                     ?.use { it.write(data) }
@@ -56,6 +65,30 @@ class KeysExporter @Inject constructor(
             }
         }
     }
+
+    // TCHAP add policy on the password to export keys
+    private suspend fun checkPasswordPolicy(password: String) {
+        val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(session.sessionParams.homeServerConnectionConfig) }
+        val isValid = passwordPolicy?.let { policy ->
+            val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true
+            val hasDigit = policy.requireDigit == null || password.any { it.isDigit() }
+            val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() }
+            val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() }
+            val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() }
+
+            minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol
+        } ?: true
+
+        if (!isValid) {
+            throw Failure.ServerError(
+                    error = MatrixError(
+                            code = MatrixError.M_WEAK_PASSWORD,
+                            message = stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error)
+                    ),
+                    httpCode = 400
+            )
+        }
+    }
 }
 
 class UnexpectedExportKeysFileSizeException(expectedFileSize: Long, actualFileSize: Long) : IllegalStateException(
diff --git a/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt b/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt
index 7f8bdb7a5b..9169e9686e 100644
--- a/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt
+++ b/vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt
@@ -1033,15 +1033,15 @@ class OnboardingViewModel @AssistedInject constructor(
             } else {
                 currentJob = viewModelScope.launch {
                     val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(homeServerConnectionConfig) }
-                    val isValid = if (passwordPolicy != null) {
-                        passwordPolicy.minLength?.let { it <= password.length } ?: true &&
-                                passwordPolicy.requireDigit?.let { it && password.any { char -> char.isDigit() } } ?: true &&
-                                passwordPolicy.requireLowercase?.let { it && password.any { char -> char.isLetter() && char.isLowerCase() } } ?: true &&
-                                passwordPolicy.requireUppercase?.let { it && password.any { char -> char.isLetter() && char.isUpperCase() } } ?: true &&
-                                passwordPolicy.requireSymbol?.let { it && password.any { char -> !char.isLetter() && !char.isDigit() } } ?: true
-                    } else {
-                        true
-                    }
+                    val isValid = passwordPolicy?.let { policy ->
+                        val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true
+                        val hasDigit = policy.requireDigit == null || password.any { it.isDigit() }
+                        val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() }
+                        val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() }
+                        val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() }
+
+                        minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol
+                    } ?: true
 
                     if (!isValid) {
                         _viewEvents.post(OnboardingViewEvents.Failure(Throwable(stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error))))

From a3ddd7e32fc0a92e65d14ca1d09b962153c8bc65 Mon Sep 17 00:00:00 2001
From: Yoan Pintas <yoan@pintas.bzh>
Date: Mon, 23 Dec 2024 11:09:54 +0100
Subject: [PATCH 2/3] Add posthogdev exception (#1146)

---
 changelog.d/1146.bugfix                                    | 1 +
 towncrier.toml                                             | 2 +-
 vector-app/build.gradle                                    | 2 +-
 vector/src/withpinning/res/xml/network_security_config.xml | 1 +
 4 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 changelog.d/1146.bugfix

diff --git a/changelog.d/1146.bugfix b/changelog.d/1146.bugfix
new file mode 100644
index 0000000000..c9987b06b2
--- /dev/null
+++ b/changelog.d/1146.bugfix
@@ -0,0 +1 @@
+Ajout d'une exception pour les requêtes posthog
\ No newline at end of file
diff --git a/towncrier.toml b/towncrier.toml
index 2918d1dd7e..8b5f9ff767 100644
--- a/towncrier.toml
+++ b/towncrier.toml
@@ -1,5 +1,5 @@
 [tool.towncrier]
-    version = "2.15.0"
+    version = "2.15.1"
     directory = "changelog.d"
     filename = "TCHAP_CHANGES.md"
     name = "Changes in Tchap"
diff --git a/vector-app/build.gradle b/vector-app/build.gradle
index 79a6c11bd4..228fde72da 100644
--- a/vector-app/build.gradle
+++ b/vector-app/build.gradle
@@ -37,7 +37,7 @@ ext.versionMinor = 15
 // Note: even values are reserved for regular release, odd values for hotfix release.
 // When creating a hotfix, you should decrease the value, since the current value
 // is the value for the next regular release.
-ext.versionPatch = 0
+ext.versionPatch = 1
 
 static def getGitTimestamp() {
     def cmd = 'git show -s --format=%ct'
diff --git a/vector/src/withpinning/res/xml/network_security_config.xml b/vector/src/withpinning/res/xml/network_security_config.xml
index d4059276fa..60cdb35b9b 100644
--- a/vector/src/withpinning/res/xml/network_security_config.xml
+++ b/vector/src/withpinning/res/xml/network_security_config.xml
@@ -13,6 +13,7 @@
     <!-- Allow system certificates for firebase if used. No effect on FDroid variant -->
     <domain-config cleartextTrafficPermitted="false">
         <domain includeSubdomains="false">firebaseinstallations.googleapis.com</domain>
+        <domain includeSubdomains="false">posthogdev.tchap.incubateur.net</domain>
         <trust-anchors>
             <certificates src="system" />
         </trust-anchors>

From fee319b3d3fead65a973e38d91d191cd8e1532c0 Mon Sep 17 00:00:00 2001
From: yostyle <y.pintas@gmail.com>
Date: Mon, 23 Dec 2024 11:12:39 +0100
Subject: [PATCH 3/3] Update changes

---
 TCHAP_CHANGES.md        | 11 +++++++++++
 changelog.d/1145.misc   |  1 -
 changelog.d/1146.bugfix |  1 -
 3 files changed, 11 insertions(+), 2 deletions(-)
 delete mode 100644 changelog.d/1145.misc
 delete mode 100644 changelog.d/1146.bugfix

diff --git a/TCHAP_CHANGES.md b/TCHAP_CHANGES.md
index b0de5ce930..516f709f78 100644
--- a/TCHAP_CHANGES.md
+++ b/TCHAP_CHANGES.md
@@ -1,3 +1,14 @@
+Changes in Tchap 2.15.1 (2024-12-23)
+====================================
+
+Bugfixes 🐛
+----------
+ - Ajout d'une exception pour les requêtes posthog ([#1146](https://github.com/tchapgouv/tchap-android/issues/1146))
+
+Other changes
+-------------
+ - Ajout d'une politique de mot de passe sur l'export manuel des clés. ([#1145](https://github.com/tchapgouv/tchap-android/issues/1145))
+
 Changes in Tchap 2.15.0 (2024-12-16)
 ====================================
 
diff --git a/changelog.d/1145.misc b/changelog.d/1145.misc
deleted file mode 100644
index 12b6be1858..0000000000
--- a/changelog.d/1145.misc
+++ /dev/null
@@ -1 +0,0 @@
-Ajout d'une politique de mot de passe sur l'export manuel des clés.
\ No newline at end of file
diff --git a/changelog.d/1146.bugfix b/changelog.d/1146.bugfix
deleted file mode 100644
index c9987b06b2..0000000000
--- a/changelog.d/1146.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Ajout d'une exception pour les requêtes posthog
\ No newline at end of file