Merge pull request #1094 from tchapgouv/1089-mettre-en-place-le-nouve…

…au-flow-sso

1089 mettre en place le nouveau flow sso

Btchap/Config/BuildSettings.swift

@@ -123,7 +123,8 @@ final class BuildSettings: NSObject {
     static let applicationHelpUrlString = "https://www.beta.tchap.gouv.fr/faq"
     static let applicationServicesStatusUrlString = "https://status.tchap.numerique.gouv.fr/"
     static let applicationAcceptableUsePolicyUrlString = ""
-
+    static let proConnectInfoUrlString = "https://proconnect.gouv.fr/"
+
     // MARK: - Matrix permalinks
     // Hosts/Paths for URLs that will considered as valid permalinks. Those permalinks are opened within the app.
     static let permalinkSupportedHosts: [String: [String]] = [

DevTchap/Config/BuildSettings.swift

@@ -97,7 +97,7 @@ final class BuildSettings: NSObject {
     static let serverUrlPrefix = "https://matrix."
     static let preferredIdentityServerNames = [
         "dev01.tchap.incubateur.net",
-        "dev02.tchap.incubateur.net"
+//        "dev02.tchap.incubateur.net"
     ]
     static let otherIdentityServerNames: [String] = [
         "ext01.tchap.incubateur.net"
@@ -123,7 +123,7 @@ final class BuildSettings: NSObject {
     static let applicationHelpUrlString = "https://www.tchap.incubateur.net/faq"
     static let applicationServicesStatusUrlString = "https://status.tchap.numerique.gouv.fr/"
     static let applicationAcceptableUsePolicyUrlString = ""
-
+    static let proConnectInfoUrlString = "https://proconnect.gouv.fr/"
 
     // MARK: - Matrix permalinks
     // Hosts/Paths for URLs that will considered as valid permalinks. Those permalinks are opened within the app.

Riot/Assets/fr.lproj/Vector.strings

@@ -2299,7 +2299,7 @@
 "authentication_verify_email_waiting_hint" = "Vous n’avez pas reçu l’e-mail ?";
 /* The placeholder will show the email address that was entered. */
 "authentication_verify_email_waiting_message" = "Suivez les instructions envoyées à %@";
-"authentication_verify_email_text_field_placeholder" = "Adresse mail"; // Tchap
+"authentication_verify_email_text_field_placeholder" = "Adresse mail professionnelle"; // Tchap
 /* The placeholder will show the homeserver's domain */
 "authentication_verify_email_input_message" = "%@ doit vérifier votre compte";
 "authentication_verify_email_input_title" = "Entrez votre e-mail";

Riot/Modules/Authentication/AuthenticationCoordinator.swift

@@ -32,7 +32,9 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
 
     enum EntryPoint {
         case registration
-        case login
+        // Tchap: allow override home server's preferred login mode
+//        case login
+        case login(LoginMode? = nil)
     }
 
     // MARK: - Properties
@@ -88,9 +90,17 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
 
     // MARK: - Public
 
+    // Tchap: allow override home server's preferred login mode
     func start() {
+        start(forcedAuthenticationMode: nil)
+    }
+
+    // Tchap: allow override home server's preferred login mode
+    func start(forcedAuthenticationMode: LoginMode? = nil) {
         Task { @MainActor in
-            await startAuthenticationFlow()
+            // Tchap: allow override home server's preferred login mode
+//            await startAuthenticationFlow()
+            await startAuthenticationFlow(forcedAuthenticationMode: forcedAuthenticationMode)
             callback?(.didStart)
             authenticationService.delegate = self
         }
@@ -114,7 +124,9 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
     // MARK: - Private
 
     /// Starts the authentication flow.
-    @MainActor private func startAuthenticationFlow() async {
+    // Tchap: allow override home server's preferred login mode
+//    @MainActor private func startAuthenticationFlow() async {
+    @MainActor private func startAuthenticationFlow(forcedAuthenticationMode: LoginMode? = nil) async {
         if let softLogoutCredentials = authenticationService.softLogoutCredentials,
            let homeserverAddress = softLogoutCredentials.homeServer {
             do {
@@ -129,22 +141,31 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
             return
         }
 
-        let flow: AuthenticationFlow = initialScreen == .login ? .login : .register
+        // Tchap: allow override home server's preferred login mode
+        //        let flow: AuthenticationFlow = initialScreen == .login ? .login : .register
+        let flow: AuthenticationFlow = {
+            if case .login(_) = initialScreen {
+                return .login
+            } else {
+                return .register
+            }
+        }()
 
         // Check if the user must select a server
         if BuildSettings.forceHomeserverSelection, authenticationService.provisioningLink?.homeserverUrl == nil {
             showServerSelectionScreen(for: flow)
             return
         }
 
-        do {
-            // Start the flow (if homeserverAddress is nil, the default server will be used).
-            try await authenticationService.startFlow(flow)
-        } catch {
-            MXLog.error("[AuthenticationCoordinator] start: Failed to start, showing server selection.")
-            showServerSelectionScreen(for: flow)
-            return
-        }
+        // Tchap: Don't use default home server
+//        do {
+//            // Start the flow (if homeserverAddress is nil, the default server will be used).
+//            try await authenticationService.startFlow(flow)
+//        } catch {
+//            MXLog.error("[AuthenticationCoordinator] start: Failed to start, showing server selection.")
+//            showServerSelectionScreen(for: flow)
+//            return
+//        }
 
         switch initialScreen {
         case .registration:
@@ -153,13 +174,15 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
             } else {
                 // Tchap: force email registration mode
 //                showRegistrationScreen()
-                TchapShowVerifyEmailScreen()
+                await TchapShowVerifyEmailScreen()
             }
         case .login:
             if authenticationService.state.homeserver.needsLoginFallback {
                 showFallback(for: flow)
             } else {
-                showLoginScreen()
+                // Tchap: allow override home server's preferred login mode
+//                showLoginScreen()
+                showLoginScreen(forcedAuthenticationMode: forcedAuthenticationMode)
             }
         }
     }
@@ -262,13 +285,17 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
     // MARK: - Login
 
     /// Shows the login screen.
-    @MainActor private func showLoginScreen() {
+    // Tchap: allow override home server's preferred login mode
+//    @MainActor private func showLoginScreen() {
+    @MainActor private func showLoginScreen(forcedAuthenticationMode: LoginMode? = nil) {
         MXLog.debug("[AuthenticationCoordinator] showLoginScreen")
 
         let homeserver = authenticationService.state.homeserver
         let parameters = AuthenticationLoginCoordinatorParameters(navigationRouter: navigationRouter,
                                                                   authenticationService: authenticationService,
-                                                                  loginMode: homeserver.preferredLoginMode)
+                                                                  // Tchap: allow override home server's preferred login mode
+                                                                  // loginMode: homeserver.preferredLoginMode)
+                                                                  loginMode: forcedAuthenticationMode ?? homeserver.preferredLoginMode)
         let coordinator = AuthenticationLoginCoordinator(parameters: parameters)
         coordinator.callback = { [weak self, weak coordinator] result in
             guard let self = self, let coordinator = coordinator else { return }
@@ -383,9 +410,12 @@ final class AuthenticationCoordinator: NSObject, AuthenticationCoordinatorProtoc
 
     // Tchap: start Registration with VerifyEmail screen
     /// Shows the login screen.
-    @MainActor private func TchapShowVerifyEmailScreen() {
+    @MainActor private func TchapShowVerifyEmailScreen() async {
         MXLog.debug("[AuthenticationCoordinator] TchapShowVerifyEmailScreen")
 
+        // Call `startFlow` here to get `registrationWizard` initialized.
+        try? await authenticationService.startFlow(.register)
+
         guard let registrationWizard = authenticationService.registrationWizard else {
             MXLog.failure("[AuthenticationCoordinator] showStage: Missing the RegistrationWizard needed to complete the stage.")
             displayError(message: VectorL10n.errorCommonMessage)

Riot/Modules/CrossSigning/Setup/CrossSigningSetupCoordinator.swift

@@ -45,7 +45,11 @@ final class CrossSigningSetupCoordinator: CrossSigningSetupCoordinatorType {
     // MARK: - Public methods
 
     func start() {
-        self.showReauthentication()
+        // Tchap: launch classic crossiging without authentication parameters
+        // to trigger real requets to backend, with real keys.
+        // This will trigger a 401 reponse that will launch the SSO reauthentication.
+//        self.showReauthentication()
+        self.setupCrossSigning(with: [:])
     }
 
     func toPresentable() -> UIViewController {
@@ -71,6 +75,24 @@ final class CrossSigningSetupCoordinator: CrossSigningSetupCoordinatorType {
         coordinator.start()
     }
 
+    // Tchap: reauthenticate with session information (used by SSO reauthentication)
+    private func showReauthentication(with session: MXAuthenticationSession) {
+
+        let setupCrossSigningRequest = self.crossSigningService.setupCrossSigningRequest()
+
+        let reauthenticationParameters = ReauthenticationCoordinatorParameters(session: parameters.session,
+                                                                               presenter: parameters.presenter,
+                                                                               title: parameters.title,
+                                                                               message: parameters.message,
+                                                                               authenticationSession: session)
+
+        let coordinator = ReauthenticationCoordinator(parameters: reauthenticationParameters)
+        coordinator.delegate = self
+        self.add(childCoordinator: coordinator)
+
+        coordinator.start()
+    }
+
     private func setupCrossSigning(with authenticationParameters: [String: Any]) {
         guard let crossSigning = self.parameters.session.crypto?.crossSigning else {
             return
@@ -85,7 +107,18 @@ final class CrossSigningSetupCoordinator: CrossSigningSetupCoordinatorType {
             guard let self = self else {
                 return
             }
-            self.delegate?.crossSigningSetupCoordinator(self, didFailWithError: error)
+
+            // Tchap: handle 'authentication requested' error (401) from backend
+//            self.delegate?.crossSigningSetupCoordinator(self, didFailWithError: error)
+            let nsError = error as NSError
+            if let jsonResponse = nsError.userInfo[MXHTTPClientErrorResponseDataKey] as? [AnyHashable: Any],
+               let authenticationSession = MXAuthenticationSession(fromJSON: jsonResponse) {
+                self.showReauthentication(with: authenticationSession)
+            }
+            else {
+                self.delegate?.crossSigningSetupCoordinator(self, didFailWithError: error)
+            }
+
         }
     }
 }

Riot/Modules/LaunchLoading/LaunchLoadingView.swift

@@ -56,14 +56,33 @@ final class LaunchLoadingView: UIView, NibLoadable, Themable {
         animationTimeline.play()
         self.animationTimeline = animationTimeline
 
+        // Tchap: setup custom loading view.
+        tchapSetupLoadingView()
+
         progressContainer.isHidden = true
     }
 
+    // Tchap: replace Element logo loadng animation by a simple UIActivityIndicatorView.
+    private func tchapSetupLoadingView() {
+        let tchapAnimationView = UIActivityIndicatorView(style: .large)
+        self.addSubview(tchapAnimationView)
+        tchapAnimationView.translatesAutoresizingMaskIntoConstraints = false
+        tchapAnimationView.centerXAnchor.constraint(equalTo: self.centerXAnchor).isActive = true
+        tchapAnimationView.centerYAnchor.constraint(equalTo: self.centerYAnchor).isActive = true
+        tchapAnimationView.startAnimating()
+
+        // Hide Element aninmated logo.
+        animationView.isHidden = true
+    }
+
     // MARK: - Public
 
     func update(theme: Theme) {
         self.backgroundColor = theme.backgroundColor
         self.animationView.backgroundColor = theme.backgroundColor
+
+        // Tchap: Set progress view to Tchap color.
+        progressView.progressTintColor = theme.tintColor
     }
 }
 

Riot/Modules/MatrixKit/Controllers/MXKWebViewViewController.h

@@ -66,4 +66,7 @@
  */
 @property (nonatomic) NSString *localHTMLFile;
 
+// Tchap: give access to backButton to allow a 'Cancel' functionnality.
+- (void)setBackButton:(UIBarButtonItem *)button;
+
 @end

Riot/Modules/MatrixKit/Controllers/MXKWebViewViewController.m

@@ -230,6 +230,11 @@ - (void)goBack
     }
 }
 
+// Tchap: give access to backButton to allow a 'Cancel' functionnality.
+- (void)setBackButton:(UIBarButtonItem *)button {
+    backButton = button;
+}
+
 #pragma mark - WKNavigationDelegate
 
 - (void)webView:(WKWebView *)webView didFinishNavigation:(WKNavigation *)navigation