Signal-iOS/SignalServiceKit/Profiles/OWSProfileManager.swift
2024-05-17 13:59:49 -07:00

1595 lines
66 KiB
Swift

//
// Copyright 2019 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only
//
import Foundation
import LibSignalClient
import SignalCoreKit
public class OWSProfileManagerSwiftValues {
fileprivate let pendingUpdateRequests = AtomicValue<[OWSProfileManager.ProfileUpdateRequest]>([], lock: .init())
public init() {}
}
extension OWSProfileManager: ProfileManager, Dependencies {
public func fetchLocalUsersProfile(authedAccount: AuthedAccount) -> Promise<FetchedProfile> {
return Promise.wrapAsync {
let profileFetcher = SSKEnvironment.shared.profileFetcherRef
let tsAccountManager = DependenciesBridge.shared.tsAccountManager
return try await profileFetcher.fetchProfile(
for: tsAccountManager.localIdentifiersWithMaybeSneakyTransaction(authedAccount: authedAccount).aci,
authedAccount: authedAccount
)
}
}
public func updateProfile(
address: OWSUserProfile.InsertableAddress,
decryptedProfile: DecryptedProfile?,
avatarUrlPath: OptionalChange<String?>,
avatarFileName: OptionalChange<String?>,
profileBadges: [OWSUserProfileBadgeInfo],
lastFetchDate: Date,
userProfileWriter: UserProfileWriter,
tx: SDSAnyWriteTransaction
) {
AssertNotOnMainThread()
let userProfile = OWSUserProfile.getOrBuildUserProfile(
for: address,
userProfileWriter: userProfileWriter,
tx: tx
)
var givenNameChange: OptionalChange<String> = .noChange
var familyNameChange: OptionalChange<String?> = .noChange
var bioChange: OptionalChange<String?> = .noChange
var bioEmojiChange: OptionalChange<String?> = .noChange
var isPhoneNumberSharedChange: OptionalChange<Bool?> = .noChange
if let decryptedProfile {
do {
if let nameComponents = try decryptedProfile.nameComponents.get() {
givenNameChange = .setTo(nameComponents.givenName)
familyNameChange = .setTo(nameComponents.familyName)
}
} catch {
Logger.warn("Couldn't decrypt profile name: \(error)")
}
do {
if let bio = try decryptedProfile.bio.get() {
bioChange = .setTo(bio)
}
} catch {
Logger.warn("Couldn't decrypt profile bio: \(error)")
}
do {
if let bioEmoji = try decryptedProfile.bioEmoji.get() {
bioEmojiChange = .setTo(bioEmoji)
}
} catch {
Logger.warn("Couldn't decrypt profile bio emoji: \(error)")
}
do {
if let phoneNumberSharing = try decryptedProfile.phoneNumberSharing.get() {
isPhoneNumberSharedChange = .setTo(phoneNumberSharing)
}
} catch {
Logger.warn("Couldn't decrypt phone number sharing: \(error)")
}
}
userProfile.update(
givenName: givenNameChange.map({ $0 as String? }),
familyName: familyNameChange,
bio: bioChange,
bioEmoji: bioEmojiChange,
avatarUrlPath: avatarUrlPath,
avatarFileName: avatarFileName,
lastFetchDate: .setTo(lastFetchDate),
badges: .setTo(profileBadges),
isPhoneNumberShared: isPhoneNumberSharedChange,
userProfileWriter: userProfileWriter,
transaction: tx,
completion: nil
)
}
// The main entry point for updating the local profile. It will:
//
// * Enqueue a service update.
// * Attempt that service update.
//
// The returned promise will fail if the service can't be updated
// (or in the unlikely fact that another error occurs) but this
// manager will continue to retry until the update succeeds.
public func updateLocalProfile(
profileGivenName: OptionalChange<OWSUserProfile.NameComponent>,
profileFamilyName: OptionalChange<OWSUserProfile.NameComponent?>,
profileBio: OptionalChange<String?>,
profileBioEmoji: OptionalChange<String?>,
profileAvatarData: OptionalAvatarChange<Data?>,
visibleBadgeIds: OptionalChange<[String]>,
unsavedRotatedProfileKey: OWSAES256Key?,
userProfileWriter: UserProfileWriter,
authedAccount: AuthedAccount,
tx: SDSAnyWriteTransaction
) -> Promise<Void> {
assert(CurrentAppContext().isMainApp)
let update = enqueueProfileUpdate(
profileGivenName: profileGivenName,
profileFamilyName: profileFamilyName,
profileBio: profileBio,
profileBioEmoji: profileBioEmoji,
profileAvatarData: profileAvatarData,
visibleBadgeIds: visibleBadgeIds,
userProfileWriter: userProfileWriter,
tx: tx
)
let (promise, future) = Promise<Void>.pending()
swiftValues.pendingUpdateRequests.update {
$0.append(ProfileUpdateRequest(
requestId: update.id,
requestParameters: .init(profileKey: unsavedRotatedProfileKey, future: future),
authedAccount: authedAccount
))
}
tx.addAsyncCompletionOnMain {
self._updateProfileOnServiceIfNecessary()
}
return promise
}
// This will re-upload the existing local profile state.
public func reuploadLocalProfile(
unsavedRotatedProfileKey: OWSAES256Key?,
mustReuploadAvatar: Bool,
authedAccount: AuthedAccount,
tx: DBWriteTransaction
) -> Promise<Void> {
Logger.info("")
let profileChanges = currentPendingProfileChanges(tx: SDSDB.shimOnlyBridge(tx))
return updateLocalProfile(
profileGivenName: .noChange,
profileFamilyName: .noChange,
profileBio: .noChange,
profileBioEmoji: .noChange,
profileAvatarData: mustReuploadAvatar ? .noChangeButMustReupload : .noChange,
visibleBadgeIds: .noChange,
unsavedRotatedProfileKey: unsavedRotatedProfileKey,
userProfileWriter: profileChanges?.userProfileWriter ?? .reupload,
authedAccount: authedAccount,
tx: SDSDB.shimOnlyBridge(tx)
)
}
// MARK: -
public func allWhitelistedAddresses(tx: SDSAnyReadTransaction) -> [SignalServiceAddress] {
var addresses = Set<SignalServiceAddress>()
for serviceIdString in whitelistedServiceIdsStore.allKeys(transaction: tx) {
addresses.insert(SignalServiceAddress(serviceIdString: serviceIdString))
}
for phoneNumber in whitelistedPhoneNumbersStore.allKeys(transaction: tx) {
addresses.insert(SignalServiceAddress.legacyAddress(serviceId: nil, phoneNumber: phoneNumber))
}
return Array(addresses)
}
public func allWhitelistedRegisteredAddresses(tx: SDSAnyReadTransaction) -> [SignalServiceAddress] {
return SignalRecipientFinder().signalRecipients(
for: allWhitelistedAddresses(tx: tx),
tx: tx
)
.lazy
.filter { $0.isRegistered }.map { $0.address }
}
// MARK: -
@objc
internal func rotateLocalProfileKeyIfNecessary() {
DispatchQueue.global().async {
self.databaseStorage.write { tx in
self.rotateProfileKeyIfNecessary(tx: tx)
}
}
}
private func rotateProfileKeyIfNecessary(tx: SDSAnyWriteTransaction) {
if CurrentAppContext().isNSE || !AppReadiness.isAppReady {
return
}
let tsRegistrationState = DependenciesBridge.shared.tsAccountManager.registrationState(tx: tx.asV2Read)
guard
tsRegistrationState.isRegisteredPrimaryDevice
else {
owsFailDebug("Not rotating profile key on unregistered and/or non-primary device")
return
}
let lastGroupProfileKeyCheckTimestamp = self.lastGroupProfileKeyCheckTimestamp(tx: tx)
let triggers = [
self.blocklistRotationTriggerIfNeeded(tx: tx),
self.recipientHidingTriggerIfNeeded(tx: tx),
self.leaveGroupTriggerIfNeeded(tx: tx)
].compacted()
guard !triggers.isEmpty else {
// No need to rotate the profile key.
if tsRegistrationState.isPrimaryDevice ?? true {
// But if it's been more than a week since we checked that our groups are up to date, schedule that.
if -(lastGroupProfileKeyCheckTimestamp?.timeIntervalSinceNow ?? 0) > kWeekInterval {
self.groupsV2.scheduleAllGroupsV2ForProfileKeyUpdate(transaction: tx)
self.setLastGroupProfileKeyCheckTimestamp(tx: tx)
tx.addAsyncCompletionOffMain {
self.groupsV2.processProfileKeyUpdates()
}
}
}
return
}
tx.addAsyncCompletionOffMain {
self.rotateProfileKey(triggers: triggers, authedAccount: AuthedAccount.implicit())
}
}
private enum RotateProfileKeyTrigger {
/// We need to rotate because one or more whitelist members is also on the blocklist.
/// Those members may be phone numbers, ACIs, PNIs, or groupIds, which are provided.
/// Once rotation is complete, these members should be removed from the whitelist;
/// their presence in the whitelist _and_ blocklist is what durably determines a rotation
/// is needed, so prematurely removing them and then failing to rotate means we won't retry.
case blocklistChange(BlocklistChange)
struct BlocklistChange {
let phoneNumbers: [String]
let serviceIds: [ServiceId]
let groupIds: [Data]
}
/// When we hide a recipient, we immediately update the whitelist and asynchronously
/// do a rotation. The date is when we set this trigger; if we _started_ a rotation
/// after this date, the condition is satisfied when the rotation completes. Otherwise
/// a rotation is needed.
case recipientHiding(Date)
/// When we leave a group, that group had a hidden/blocked recipient, and we have no
/// other groups in common with that recipient, we rotate (so they lose access to our latest
/// profile key).
/// The date is when we set this trigger; if we _started_ a rotation after this date, the
/// condition is satisfied when the rotation completes. Otherwise a rotation is needed.
case leftGroupWithHiddenOrBlockedRecipient(Date)
}
private func blocklistRotationTriggerIfNeeded(tx: SDSAnyReadTransaction) -> RotateProfileKeyTrigger? {
let victimPhoneNumbers = self.blockedPhoneNumbersInWhitelist(tx: tx)
let victimServiceIds = self.blockedServiceIdsInWhitelist(tx: tx)
let victimGroupIds = self.blockedGroupIDsInWhitelist(tx: tx)
if victimPhoneNumbers.isEmpty, victimServiceIds.isEmpty, victimGroupIds.isEmpty {
// No need to rotate the profile key.
return nil
}
return .blocklistChange(.init(
phoneNumbers: victimPhoneNumbers,
serviceIds: victimServiceIds,
groupIds: victimGroupIds
))
}
private func recipientHidingTriggerIfNeeded(tx: SDSAnyReadTransaction) -> RotateProfileKeyTrigger? {
// If it's not nil, we should rotate. After rotating, we always write nil (if it succeeded),
// so presence is the only trigger.
// The actual date value is only used to disambiguate if a _new_ trigger got added while rotating.
guard let triggerDate = self.recipientHidingTriggerTimestamp(tx: tx) else {
return nil
}
return .recipientHiding(triggerDate)
}
private func leaveGroupTriggerIfNeeded(tx: SDSAnyReadTransaction) -> RotateProfileKeyTrigger? {
// If it's not nil, we should rotate. After rotating, we always write nil (if it succeeded),
// so presence is the only trigger.
// The actual date value is only used to disambiguate if a _new_ trigger got added while rotating.
guard let triggerDate = self.leaveGroupTriggerTimestamp(tx: tx) else {
return nil
}
return .leftGroupWithHiddenOrBlockedRecipient(triggerDate)
}
@discardableResult
private func rotateProfileKey(
triggers: [RotateProfileKeyTrigger],
authedAccount: AuthedAccount
) -> Promise<Void> {
guard !isRotatingProfileKey else {
return .value(())
}
guard DependenciesBridge.shared.tsAccountManager.registrationStateWithMaybeSneakyTransaction.isRegisteredPrimaryDevice else {
return Promise(error: OWSAssertionError("tsAccountManager.isRegistered was unexpectedly false"))
}
isRotatingProfileKey = true
let rotationStartDate = Date()
Logger.info("Beginning profile key rotation.")
// The order of operations here is very important to prevent races between
// when we rotate our profile key and reupload our profile. It's essential
// we avoid a case where other devices are operating with a *new* profile
// key that we have yet to upload a profile for.
return Promise.wrapAsync {
Logger.info("Reuploading profile with new profile key")
// We re-upload our local profile with the new profile key *before* we
// persist it. This is safe, because versioned profiles allow other clients
// to continue using our old profile key with the old version of our
// profile. It is possible this operation will fail, in which case we will
// try to rotate your profile key again on the next app launch or blocklist
// change and continue to use the old profile key.
let newProfileKey = OWSAES256Key.generateRandom()
let uploadPromise = await self.databaseStorage.awaitableWrite { tx in
self.reuploadLocalProfile(
unsavedRotatedProfileKey: newProfileKey,
mustReuploadAvatar: true,
authedAccount: authedAccount,
tx: tx.asV2Write
)
}
try await uploadPromise.awaitable()
guard let localAci = DependenciesBridge.shared.tsAccountManager.localIdentifiersWithMaybeSneakyTransaction?.aci else {
throw OWSAssertionError("Missing localAci.")
}
Logger.info("Persisting rotated profile key and kicking off subsequent operations.")
let needsAnotherRotation = await self.databaseStorage.awaitableWrite { tx in
self.setLocalProfileKey(
newProfileKey,
userProfileWriter: .localUser,
transaction: tx
)
// Whenever a user's profile key changes, we need to fetch a new profile
// key credential for them.
self.versionedProfiles.clearProfileKeyCredential(for: AciObjC(localAci), transaction: tx)
// We schedule the updates here but process them below using
// processProfileKeyUpdates. It's more efficient to process them after the
// intermediary steps are done.
self.groupsV2.scheduleAllGroupsV2ForProfileKeyUpdate(transaction: tx)
var needsAnotherRotation = false
triggers.forEach { trigger in
switch trigger {
case .blocklistChange(let values):
self.didRotateProfileKeyFromBlocklistTrigger(values, tx: tx)
case .recipientHiding(let triggerDate):
needsAnotherRotation = needsAnotherRotation || self.didRotateProfileKeyFromHidingTrigger(
rotationStartDate: rotationStartDate,
triggerDate: triggerDate,
tx: tx
)
case .leftGroupWithHiddenOrBlockedRecipient(let triggerDate):
needsAnotherRotation = needsAnotherRotation || self.didRotateProfileKeyFromLeaveGroupTrigger(
rotationStartDate: rotationStartDate,
triggerDate: triggerDate,
tx: tx
)
}
}
return needsAnotherRotation
}
Logger.info("Updating account attributes after profile key rotation.")
try await DependenciesBridge.shared.accountAttributesUpdater.updateAccountAttributes(authedAccount: authedAccount)
Logger.info("Completed profile key rotation.")
self.groupsV2.processProfileKeyUpdates()
await MainActor.run {
self.isRotatingProfileKey = false
}
if needsAnotherRotation {
self.rotateLocalProfileKeyIfNecessary()
}
}
}
private func didRotateProfileKeyFromBlocklistTrigger(
_ trigger: RotateProfileKeyTrigger.BlocklistChange,
tx: SDSAnyWriteTransaction
) {
// It's absolutely essential that these values are persisted in the same transaction
// in which we persist our new profile key, since storing them is what marks the
// profile key rotation as "complete" (removing newly blocked users from the whitelist).
self.whitelistedPhoneNumbersStore.removeValues(
forKeys: trigger.phoneNumbers,
transaction: tx
)
self.whitelistedServiceIdsStore.removeValues(
forKeys: trigger.serviceIds.map { $0.serviceIdUppercaseString },
transaction: tx
)
self.whitelistedGroupsStore.removeValues(
forKeys: trigger.groupIds.map { self.groupKey(forGroupId: $0) },
transaction: tx
)
}
// Returns true if another rotation is needed.
private func didRotateProfileKeyFromHidingTrigger(
rotationStartDate: Date,
triggerDate: Date,
tx: SDSAnyWriteTransaction
) -> Bool {
// Fetch the latest trigger date, it might have changed if we triggered
// a rotation again.
guard let latestTriggerDate = self.recipientHidingTriggerTimestamp(tx: tx) else {
// If it's been wiped, we are good to go.
return false
}
if rotationStartDate > latestTriggerDate {
// We can wipe; we started rotating after the trigger came in.
self.setRecipientHidingTriggerTimestamp(nil, tx: tx)
return false
}
// We need another rotation.
return true
}
// Returns true if another rotation is needed.
private func didRotateProfileKeyFromLeaveGroupTrigger(
rotationStartDate: Date,
triggerDate: Date,
tx: SDSAnyWriteTransaction
) -> Bool {
// Fetch the latest trigger date, it might have changed if we triggered
// a rotation again.
guard let latestTriggerDate = self.leaveGroupTriggerTimestamp(tx: tx) else {
// If it's been wiped, we are good to go.
return false
}
if rotationStartDate > latestTriggerDate {
// We can wipe; we started rotating after the trigger came in.
self.setLeaveGroupTriggerTimestamp(nil, tx: tx)
return false
}
// We need another rotation.
return true
}
private func blockedPhoneNumbersInWhitelist(tx: SDSAnyReadTransaction) -> [String] {
let allWhitelistedNumbers = whitelistedPhoneNumbersStore.allKeys(transaction: tx)
return allWhitelistedNumbers.filter { candidate in
let address = SignalServiceAddress.legacyAddress(serviceId: nil, phoneNumber: candidate)
return blockingManager.isAddressBlocked(address, transaction: tx)
}
}
private func blockedServiceIdsInWhitelist(tx: SDSAnyReadTransaction) -> [ServiceId] {
let allWhitelistedServiceIds = whitelistedServiceIdsStore.allKeys(transaction: tx).compactMap {
try? ServiceId.parseFrom(serviceIdString: $0)
}
return allWhitelistedServiceIds.filter { candidate in
return blockingManager.isAddressBlocked(SignalServiceAddress(candidate), transaction: tx)
}
}
private func blockedGroupIDsInWhitelist(tx: SDSAnyReadTransaction) -> [Data] {
let allWhitelistedGroupKeys = whitelistedGroupsStore.allKeys(transaction: tx)
return allWhitelistedGroupKeys.lazy
.compactMap { self.groupIdForGroupKey($0) }
.filter { blockingManager.isGroupIdBlocked($0, transaction: tx) }
}
private func groupIdForGroupKey(_ groupKey: String) -> Data? {
guard let groupId = Data.data(fromHex: groupKey) else { return nil }
if GroupManager.isValidGroupIdOfAnyKind(groupId) {
return groupId
} else {
owsFailDebug("Parsed group id has unexpected length: \(groupId.hexadecimalString) (\(groupId.count))")
return nil
}
}
@objc
func swift_normalizeRecipientInProfileWhitelist(_ recipient: SignalRecipient, tx: SDSAnyWriteTransaction) {
Self.swift_normalizeRecipientInProfileWhitelist(
recipient,
serviceIdStore: whitelistedServiceIdsStore,
phoneNumberStore: whitelistedPhoneNumbersStore,
tx: tx.asV2Write
)
}
public static func swift_normalizeRecipientInProfileWhitelist(
_ recipient: SignalRecipient,
serviceIdStore: KeyValueStore,
phoneNumberStore: KeyValueStore,
tx: DBWriteTransaction
) {
// First, we figure out which identifiers are whitelisted.
let orderedIdentifiers: [(store: KeyValueStore, key: String, isInWhitelist: Bool)] = [
(serviceIdStore, recipient.aci?.serviceIdUppercaseString),
(phoneNumberStore, recipient.phoneNumber?.stringValue),
(serviceIdStore, recipient.pni?.serviceIdUppercaseString)
].compactMap { (store, key) -> (KeyValueStore, String, Bool)? in
guard let key else { return nil }
return (store, key, store.hasValue(key, transaction: tx))
}
guard let preferredIdentifier = orderedIdentifiers.first else {
return
}
// If any identifier is in the whitelist, make sure the preferred
// identifier is in the whitelist.
let isAnyInWhitelist = orderedIdentifiers.contains(where: { $0.isInWhitelist })
if isAnyInWhitelist {
if !preferredIdentifier.isInWhitelist {
preferredIdentifier.store.setBool(true, key: preferredIdentifier.key, transaction: tx)
}
} else {
if preferredIdentifier.isInWhitelist {
preferredIdentifier.store.removeValue(forKey: preferredIdentifier.key, transaction: tx)
}
}
// Always remove all the other identifiers from the whitelist. If the user
// should be in the whitelist, we add the preferred identifier above.
for remainingIdentifier in orderedIdentifiers.dropFirst() {
if remainingIdentifier.isInWhitelist {
remainingIdentifier.store.removeValue(forKey: remainingIdentifier.key, transaction: tx)
}
}
}
// This will re-upload the existing local profile state.
@objc
@available(swift, obsoleted: 1.0)
func reuploadLocalProfileWithSneakyTransaction(authedAccount: AuthedAccount) -> AnyPromise {
return AnyPromise(databaseStorage.write { tx in
reuploadLocalProfile(unsavedRotatedProfileKey: nil, mustReuploadAvatar: false, authedAccount: authedAccount, tx: tx.asV2Write)
})
}
@objc
class func updateStorageServiceIfNecessary() {
guard
CurrentAppContext().isMainApp,
DependenciesBridge.shared.tsAccountManager.registrationStateWithMaybeSneakyTransaction.isRegisteredPrimaryDevice
else {
return
}
let hasUpdated = databaseStorage.read { transaction in
storageServiceStore.getBool(Self.hasUpdatedStorageServiceKey,
defaultValue: false,
transaction: transaction)
}
guard !hasUpdated else {
return
}
if profileManager.localProfileAvatarData() != nil {
Logger.info("Scheduling a backup.")
// Schedule a backup.
storageServiceManager.recordPendingLocalAccountUpdates()
}
databaseStorage.write { transaction in
storageServiceStore.setBool(true,
key: Self.hasUpdatedStorageServiceKey,
transaction: transaction)
}
}
private static let storageServiceStore = SDSKeyValueStore(collection: "OWSProfileManager.storageServiceStore")
private static let hasUpdatedStorageServiceKey = "hasUpdatedStorageServiceKey"
// MARK: - Other User's Profiles
/// Updates the profile key, optionally fetching the latest profile.
public func setProfileKeyData(
_ profileKeyData: Data,
for serviceId: ServiceId,
onlyFillInIfMissing: Bool,
shouldFetchProfile: Bool,
userProfileWriter: UserProfileWriter,
localIdentifiers: LocalIdentifiers,
authedAccount: AuthedAccount,
tx: DBWriteTransaction
) {
let address = OWSUserProfile.insertableAddress(for: serviceId, localIdentifiers: localIdentifiers)
guard let profileKey = OWSAES256Key(data: profileKeyData) else {
owsFailDebug("Invalid profile key data for \(serviceId).")
return
}
let userProfile = OWSUserProfile.getOrBuildUserProfile(
for: address,
userProfileWriter: userProfileWriter,
tx: SDSDB.shimOnlyBridge(tx)
)
if onlyFillInIfMissing, userProfile.profileKey != nil {
return
}
if profileKey.keyData == userProfile.profileKey?.keyData {
return
}
if let aci = serviceId as? Aci {
// Whenever a user's profile key changes, we need to fetch a new
// profile key credential for them.
versionedProfiles.clearProfileKeyCredential(for: AciObjC(aci), transaction: SDSDB.shimOnlyBridge(tx))
}
// If this is the profile for the local user, we always want to defer to local state
// so skip the update profile for address call.
if case .otherUser(let serviceId) = address {
udManager.setUnidentifiedAccessMode(.unknown, for: serviceId, tx: SDSDB.shimOnlyBridge(tx))
if shouldFetchProfile {
tx.addSyncCompletion {
let profileFetcher = SSKEnvironment.shared.profileFetcherRef
_ = profileFetcher.fetchProfileSync(for: serviceId, authedAccount: authedAccount)
}
}
}
userProfile.update(
profileKey: .setTo(profileKey),
userProfileWriter: userProfileWriter,
transaction: SDSDB.shimOnlyBridge(tx),
completion: nil
)
}
public func fillInProfileKeys(
allProfileKeys: [Aci: Data],
authoritativeProfileKeys: [Aci: Data],
userProfileWriter: UserProfileWriter,
localIdentifiers: LocalIdentifiers,
tx: DBWriteTransaction
) {
for (aci, profileKey) in authoritativeProfileKeys {
setProfileKeyData(
profileKey,
for: aci,
onlyFillInIfMissing: false,
shouldFetchProfile: true,
userProfileWriter: userProfileWriter,
localIdentifiers: localIdentifiers,
authedAccount: .implicit(),
tx: tx
)
}
for (aci, profileKey) in allProfileKeys {
if authoritativeProfileKeys[aci] != nil {
continue
}
setProfileKeyData(
profileKey,
for: aci,
onlyFillInIfMissing: true,
shouldFetchProfile: true,
userProfileWriter: userProfileWriter,
localIdentifiers: localIdentifiers,
authedAccount: .implicit(),
tx: tx
)
}
}
// MARK: - Bulk Fetching
@objc
func _getUserProfile(for address: SignalServiceAddress, tx: SDSAnyReadTransaction) -> OWSUserProfile? {
// TODO: Don't reach out to global state.
if address.isLocalAddress {
// For "local reads", use the local user profile.
return getLocalUserProfile(with: tx)
} else {
return modelReadCaches.userProfileReadCache.getUserProfiles(for: [.otherUser(address)], transaction: tx).first!
}
}
public func fetchUserProfiles(for addresses: [SignalServiceAddress], tx: SDSAnyReadTransaction) -> [OWSUserProfile?] {
return Refinery<SignalServiceAddress, OWSUserProfile>(addresses).refine(condition: { address in
// TODO: Don't reach out to global state.
return address.isLocalAddress
}, then: { localAddresses in
lazy var profile = { self.getLocalUserProfile(with: tx) }()
return localAddresses.lazy.map { _ in profile }
}, otherwise: { otherAddresses in
return self.modelReadCaches.userProfileReadCache.getUserProfiles(for: otherAddresses.map { .otherUser($0) }, transaction: tx)
}).values
}
// MARK: -
private class var avatarUrlSession: OWSURLSessionProtocol {
return self.signalService.urlSessionForCdn(cdnNumber: 0)
}
// MARK: -
@objc
public func updateProfileOnServiceIfNecessary(authedAccount: AuthedAccount) {
switch _updateProfileOnServiceIfNecessary() {
case .notReady, .updating:
return
case .notNeeded:
repairAvatarIfNeeded(authedAccount: authedAccount)
}
}
private enum UpdateProfileStatus {
case notReady
case notNeeded
case updating
}
fileprivate struct ProfileUpdateRequest {
var requestId: UUID
var requestParameters: Parameters
var authedAccount: AuthedAccount
struct Parameters {
var profileKey: OWSAES256Key?
var future: Future<Void>
}
}
@discardableResult
private func _updateProfileOnServiceIfNecessary(retryDelay: TimeInterval = 1) -> UpdateProfileStatus {
AssertIsOnMainThread()
guard AppReadiness.isAppReady else {
return .notReady
}
guard !isUpdatingProfileOnService else {
// Avoid having two redundant updates in flight at the same time.
return .notReady
}
let profileChanges = databaseStorage.read { tx in
return currentPendingProfileChanges(tx: tx)
}
guard let profileChanges else {
return .notNeeded
}
guard let (parameters, authedAccount) = processProfileUpdateRequests(upThrough: profileChanges.id) else {
return .notReady
}
isUpdatingProfileOnService = true
let backgroundTask = OWSBackgroundTask(label: #function)
Task { @MainActor in
// We must be on the MainActor to touch isUpdatingProfileOnService.
defer {
isUpdatingProfileOnService = false
backgroundTask.end()
}
do {
try await updateProfileOnService(
profileChanges: profileChanges,
newProfileKey: parameters?.profileKey,
authedAccount: authedAccount
)
DispatchQueue.global().async {
parameters?.future.resolve()
}
DispatchQueue.main.async {
self._updateProfileOnServiceIfNecessary()
}
} catch {
DispatchQueue.global().async {
parameters?.future.reject(error)
}
DispatchQueue.main.asyncAfter(deadline: .now() + retryDelay) {
self._updateProfileOnServiceIfNecessary(retryDelay: retryDelay * 2)
}
}
}
return .updating
}
/// Searches `pendingUpdateRequests` for a match; cancels dropped requests.
///
/// Processes `pendingUpdateRequests` while searching for `requestId`. If it
/// finds a pending request with `requestId`, it will cancel any preceding
/// requests that are now obsolete.
///
/// - Returns: The `Future` and `AuthedAccount` to use for `requestId`. If
/// `requestId` can't be sent right now, returns `nil`. We can't send
/// requests if we can't authenticate with the server. We assume we can
/// authenticate when we're registered or if the request's `authedAccount`
/// contains explicit credentials.
private func processProfileUpdateRequests(upThrough requestId: UUID) -> (ProfileUpdateRequest.Parameters?, AuthedAccount)? {
let tsAccountManager = DependenciesBridge.shared.tsAccountManager
let isRegistered = tsAccountManager.registrationStateWithMaybeSneakyTransaction.isRegistered
// Find the AuthedAccount & Future for the request. This will generally
// exist for the initial request but will be nil for any retries.
let pendingRequests: (canceledRequests: [ProfileUpdateRequest], result: (ProfileUpdateRequest.Parameters?, AuthedAccount)?)
pendingRequests = swiftValues.pendingUpdateRequests.update { mutableRequests in
let canceledRequests: [ProfileUpdateRequest]
let currentRequest: ProfileUpdateRequest?
if let requestIndex = mutableRequests.firstIndex(where: { $0.requestId == requestId }) {
canceledRequests = Array(mutableRequests.prefix(upTo: requestIndex))
currentRequest = mutableRequests[requestIndex]
mutableRequests = Array(mutableRequests[requestIndex...])
} else {
canceledRequests = []
currentRequest = nil
}
let authedAccount = currentRequest?.authedAccount ?? .implicit()
switch authedAccount.info {
case .implicit where isRegistered, .explicit:
mutableRequests = Array(mutableRequests.dropFirst())
return (canceledRequests, (currentRequest?.requestParameters, authedAccount))
case .implicit:
return (canceledRequests, nil)
}
}
for canceledRequest in pendingRequests.canceledRequests {
canceledRequest.requestParameters.future.reject(OWSGenericError("Canceled because a new request was enqueued."))
}
return pendingRequests.result
}
private static var avatarRepairPromise: Promise<Void>?
private func repairAvatarIfNeeded(authedAccount: AuthedAccount) {
guard CurrentAppContext().isMainApp else {
return
}
dispatchPrecondition(condition: .onQueue(.main))
guard Self.avatarRepairPromise == nil else {
// Already have a repair outstanding.
return
}
// Have already repaired?
guard avatarRepairNeeded() else {
return
}
guard
DependenciesBridge.shared.tsAccountManager.registrationStateWithMaybeSneakyTransaction.isPrimaryDevice ?? false,
self.localProfileAvatarData() != nil
else {
databaseStorage.write { tx in clearAvatarRepairNeeded(tx: tx) }
return
}
Self.avatarRepairPromise = Promise.wrapAsync { @MainActor in
defer {
Self.avatarRepairPromise = nil
}
do {
let uploadPromise = await self.databaseStorage.awaitableWrite { tx in
return self.reuploadLocalProfile(
unsavedRotatedProfileKey: nil,
mustReuploadAvatar: true,
authedAccount: authedAccount,
tx: tx.asV2Write
)
}
try await uploadPromise.awaitable()
Logger.info("Avatar repair succeeded.")
await self.databaseStorage.awaitableWrite { tx in self.clearAvatarRepairNeeded(tx: tx) }
} catch {
Logger.warn("Avatar repair failed: \(error)")
await self.databaseStorage.awaitableWrite { tx in self.incrementAvatarRepairAttempts(tx: tx) }
}
}
}
private static let maxAvatarRepairAttempts = 5
private func avatairRepairAttemptCount(_ transaction: SDSAnyReadTransaction) -> Int {
let store = SDSKeyValueStore(collection: GRDBSchemaMigrator.migrationSideEffectsCollectionName)
return store.getInt(GRDBSchemaMigrator.avatarRepairAttemptCount,
defaultValue: Self.maxAvatarRepairAttempts,
transaction: transaction)
}
private func avatarRepairNeeded() -> Bool {
return self.databaseStorage.read { transaction in
let count = avatairRepairAttemptCount(transaction)
return count < Self.maxAvatarRepairAttempts
}
}
private func incrementAvatarRepairAttempts(tx: SDSAnyWriteTransaction) {
let store = SDSKeyValueStore(collection: GRDBSchemaMigrator.migrationSideEffectsCollectionName)
store.setInt(avatairRepairAttemptCount(tx) + 1, key: GRDBSchemaMigrator.avatarRepairAttemptCount, transaction: tx)
}
private func clearAvatarRepairNeeded(tx: SDSAnyWriteTransaction) {
let store = SDSKeyValueStore(collection: GRDBSchemaMigrator.migrationSideEffectsCollectionName)
store.removeValue(forKey: GRDBSchemaMigrator.avatarRepairAttemptCount, transaction: tx)
}
private func updateProfileOnService(
profileChanges: PendingProfileUpdate,
newProfileKey: OWSAES256Key?,
authedAccount: AuthedAccount
) async throws {
do {
let avatarUpdate = try await buildAvatarUpdate(
avatarChange: profileChanges.profileAvatarData,
authedAccount: authedAccount
)
// We capture the local user profile early to eliminate the risk of opening
// a transaction within a transaction.
let userProfile = profileManagerImpl.localUserProfile()
guard let profileKey = newProfileKey ?? userProfile.profileKey else {
throw OWSAssertionError("Can't upload profile without profileKey.")
}
// It's important that the value we compute for
// `newGivenName`/`newFamilyName` exactly match what we put in our
// encrypted profile. If they don't match (eg one trims the value and the
// other doesn't), then `LocalProfileChecker` may enter an infinite loop
// trying to fix the profile.
let newGivenName: OWSUserProfile.NameComponent?
switch profileChanges.profileGivenName {
case .setTo(let newValue):
newGivenName = newValue
case .noChange:
// This is the *only* place that can clear our own name, and it only does
// so when the name we think we have (which should be valid) isn't valid.
newGivenName = userProfile.givenName.flatMap { OWSUserProfile.NameComponent(truncating: $0) }
}
let newFamilyName = profileChanges.profileFamilyName.orExistingValue(
userProfile.familyName.flatMap { OWSUserProfile.NameComponent(truncating: $0) }
)
let newBio = profileChanges.profileBio.orExistingValue(userProfile.bio)
let newBioEmoji = profileChanges.profileBioEmoji.orExistingValue(userProfile.bioEmoji)
let newVisibleBadgeIds = profileChanges.visibleBadgeIds.orExistingValue(userProfile.visibleBadges.map { $0.badgeId })
let versionedUpdate = try await Self.versionedProfilesSwift.updateProfile(
profileGivenName: newGivenName,
profileFamilyName: newFamilyName,
profileBio: newBio,
profileBioEmoji: newBioEmoji,
profileAvatarMutation: avatarUpdate.remoteMutation,
visibleBadgeIds: newVisibleBadgeIds,
profileKey: profileKey,
authedAccount: authedAccount
)
await databaseStorage.awaitableWrite { tx in
self.tryToDequeueProfileChanges(profileChanges, tx: tx)
// Apply the changes to our local profile.
let userProfile = OWSUserProfile.getOrBuildUserProfile(
for: .localUser,
userProfileWriter: .localUser,
tx: tx
)
userProfile.update(
givenName: .setTo(newGivenName?.stringValue.rawValue),
familyName: .setTo(newFamilyName?.stringValue.rawValue),
bio: .setTo(newBio),
bioEmoji: .setTo(newBioEmoji),
avatarUrlPath: .setTo(versionedUpdate.avatarUrlPath.orExistingValue(userProfile.avatarUrlPath)),
avatarFileName: .setTo(avatarUpdate.filenameChange.orExistingValue(userProfile.avatarFileName)),
userProfileWriter: profileChanges.userProfileWriter,
transaction: tx,
completion: nil
)
// Notify all our devices that the profile has changed.
let tsRegistrationState = DependenciesBridge.shared.tsAccountManager.registrationState(tx: tx.asV2Read)
if tsRegistrationState.isRegistered {
self.syncManager.sendFetchLatestProfileSyncMessage(tx: tx)
}
}
// If we're changing the profile key, then the normal "fetch our profile"
// method will fail because it will the just-obsoleted profile key.
if newProfileKey == nil {
_ = try await fetchLocalUsersProfile(authedAccount: authedAccount).awaitable()
}
} catch let error where error.isNetworkFailureOrTimeout {
// We retry network errors forever (with exponential backoff).
throw error
} catch {
// Other errors cause us to give up immediately.
await databaseStorage.awaitableWrite { tx in self.tryToDequeueProfileChanges(profileChanges, tx: tx) }
throw error
}
}
/// Computes necessary changes to the avatar.
///
/// Most fields are re-encrypted with every update. However, the avatar can
/// be large, so we only update it if absolutely necessary. We must update
/// the profile avatar in three cases:
/// (1) The avatar has changed (duh!).
/// (2) The profile key has changed.
/// (3) The remote avatar doesn't match the local avatar.
/// In the first case, we'll always have the new avatar because we're
/// actively changing it. In the latter case, another device may have
/// changed it, so we may need to download it to re-encrypt it.
private func buildAvatarUpdate(
avatarChange: OptionalAvatarChange<Data?>,
authedAccount: AuthedAccount
) async throws -> (remoteMutation: VersionedProfileAvatarMutation, filenameChange: OptionalChange<String?>) {
switch avatarChange {
case .setTo(let newAvatar):
// This is case (1). It's also case (2) when we're also changing the avatar.
if let newAvatar {
let avatarFilename = try writeProfileAvatarToDisk(avatarData: newAvatar)
return (.changeAvatar(newAvatar), .setTo(avatarFilename))
}
return (.clearAvatar, .setTo(nil))
case .noChangeButMustReupload:
// This is case (2) and (3).
do {
try await downloadAndDecryptLocalUserAvatarIfNeeded(authedAccount: authedAccount)
} catch where !error.isNetworkFailureOrTimeout {
// Ignore the error because it's not likely to go away if we retry. If we
// can't decrypt the existing avatar, then we don't really have any choice
// other than blowing it away.
}
if let avatarFilename = localUserProfile().avatarFileName, let avatarData = localProfileAvatarData() {
return (.changeAvatar(avatarData), .setTo(avatarFilename))
}
return (.clearAvatar, .setTo(nil))
case .noChange:
// We aren't changing the avatar, so use the existing value.
if localUserProfile().avatarUrlPath != nil {
return (.keepAvatar, .noChange)
}
return (.clearAvatar, .setTo(nil))
}
}
private func writeProfileAvatarToDisk(avatarData: Data) throws -> String {
let filename = OWSUserProfile.generateAvatarFilename()
let filePath = OWSUserProfile.profileAvatarFilePath(for: filename)
do {
try avatarData.write(to: URL(fileURLWithPath: filePath), options: [.atomic])
} catch {
throw OWSError(error: .avatarWriteFailed, description: "Avatar write failed.", isRetryable: false)
}
return filename
}
// MARK: - Update Queue
private static let kPendingProfileUpdateKey = "kPendingProfileUpdateKey"
private func enqueueProfileUpdate(
profileGivenName: OptionalChange<OWSUserProfile.NameComponent>,
profileFamilyName: OptionalChange<OWSUserProfile.NameComponent?>,
profileBio: OptionalChange<String?>,
profileBioEmoji: OptionalChange<String?>,
profileAvatarData: OptionalAvatarChange<Data?>,
visibleBadgeIds: OptionalChange<[String]>,
userProfileWriter: UserProfileWriter,
tx: SDSAnyWriteTransaction
) -> PendingProfileUpdate {
let oldChanges = currentPendingProfileChanges(tx: tx)
let newChanges = PendingProfileUpdate(
profileGivenName: profileGivenName.orElseIfNoChange(oldChanges?.profileGivenName ?? .noChange),
profileFamilyName: profileFamilyName.orElseIfNoChange(oldChanges?.profileFamilyName ?? .noChange),
profileBio: profileBio.orElseIfNoChange(oldChanges?.profileBio ?? .noChange),
profileBioEmoji: profileBioEmoji.orElseIfNoChange(oldChanges?.profileBioEmoji ?? .noChange),
profileAvatarData: { () -> OptionalAvatarChange<Data?> in
let newValue = profileAvatarData
// If newValue isn't as important as oldValue, prefer oldValue. If there's
// a tie, prefer newValue.
if let oldValue = oldChanges?.profileAvatarData, newValue.isLessImportantThan(oldValue) {
return oldValue
}
return newValue
}(),
visibleBadgeIds: visibleBadgeIds.orElseIfNoChange(oldChanges?.visibleBadgeIds ?? .noChange),
userProfileWriter: userProfileWriter
)
settingsStore.setObject(newChanges, key: Self.kPendingProfileUpdateKey, transaction: tx)
return newChanges
}
private func currentPendingProfileChanges(tx: SDSAnyReadTransaction) -> PendingProfileUpdate? {
guard let value = settingsStore.getObject(forKey: Self.kPendingProfileUpdateKey, transaction: tx) else {
return nil
}
guard let profileChanges = value as? PendingProfileUpdate else {
owsFailDebug("Invalid value.")
return nil
}
return profileChanges
}
private func isCurrentPendingProfileChanges(_ profileChanges: PendingProfileUpdate, tx: SDSAnyReadTransaction) -> Bool {
guard let databaseValue = currentPendingProfileChanges(tx: tx) else {
return false
}
return profileChanges.hasSameIdAs(databaseValue)
}
private func tryToDequeueProfileChanges(_ profileChanges: PendingProfileUpdate, tx: SDSAnyWriteTransaction) {
guard isCurrentPendingProfileChanges(profileChanges, tx: tx) else {
Logger.warn("Ignoring stale update completion.")
return
}
settingsStore.removeValue(forKey: Self.kPendingProfileUpdateKey, transaction: tx)
}
/// Rotates the local profile key. Intended specifically
/// for the use case of recipient hiding.
///
/// - Parameter tx: The transaction to use for this operation.
@objc
func rotateProfileKeyUponRecipientHideObjC(tx: SDSAnyWriteTransaction) {
let tsRegistrationState = DependenciesBridge.shared.tsAccountManager.registrationState(tx: tx.asV2Read)
guard tsRegistrationState.isRegistered else {
return
}
guard tsRegistrationState.isPrimaryDevice ?? false else {
return
}
// We schedule in the NSE by writing state; the actual rotation
// will bail early, though.
self.setRecipientHidingTriggerTimestamp(Date(), tx: tx)
self.rotateProfileKeyIfNecessary(tx: tx)
}
@objc
func forceRotateLocalProfileKeyForGroupDepartureObjc(tx: SDSAnyWriteTransaction) {
let tsRegistrationState = DependenciesBridge.shared.tsAccountManager.registrationState(tx: tx.asV2Read)
guard tsRegistrationState.isRegistered else {
return
}
guard tsRegistrationState.isPrimaryDevice ?? false else {
return
}
// We schedule in the NSE by writing state; the actual rotation
// will bail early, though.
self.setLeaveGroupTriggerTimestamp(Date(), tx: tx)
self.rotateProfileKeyIfNecessary(tx: tx)
}
// MARK: - Profile Key Rotation Metadata
private static let kLastGroupProfileKeyCheckTimestampKey = "lastGroupProfileKeyCheckTimestamp"
private func lastGroupProfileKeyCheckTimestamp(tx: SDSAnyReadTransaction) -> Date? {
return self.metadataStore.getDate(Self.kLastGroupProfileKeyCheckTimestampKey, transaction: tx)
}
private func setLastGroupProfileKeyCheckTimestamp(tx: SDSAnyWriteTransaction) {
return self.metadataStore.setDate(Date(), key: Self.kLastGroupProfileKeyCheckTimestampKey, transaction: tx)
}
private static let recipientHidingTriggerTimestampKey = "recipientHidingTriggerTimestampKey"
private func recipientHidingTriggerTimestamp(tx: SDSAnyReadTransaction) -> Date? {
return self.metadataStore.getDate(Self.recipientHidingTriggerTimestampKey, transaction: tx)
}
private func setRecipientHidingTriggerTimestamp(_ date: Date?, tx: SDSAnyWriteTransaction) {
guard let date else {
self.metadataStore.removeValue(forKey: Self.recipientHidingTriggerTimestampKey, transaction: tx)
return
}
return self.metadataStore.setDate(date, key: Self.recipientHidingTriggerTimestampKey, transaction: tx)
}
private static let leaveGroupTriggerTimestampKey = "leaveGroupTriggerTimestampKey"
private func leaveGroupTriggerTimestamp(tx: SDSAnyReadTransaction) -> Date? {
return self.metadataStore.getDate(Self.leaveGroupTriggerTimestampKey, transaction: tx)
}
private func setLeaveGroupTriggerTimestamp(_ date: Date?, tx: SDSAnyWriteTransaction) {
guard let date else {
self.metadataStore.removeValue(forKey: Self.leaveGroupTriggerTimestampKey, transaction: tx)
return
}
return self.metadataStore.setDate(date, key: Self.leaveGroupTriggerTimestampKey, transaction: tx)
}
// MARK: - Last Messaging Date
public func didSendOrReceiveMessage(
serviceId: ServiceId,
localIdentifiers: LocalIdentifiers,
tx: DBWriteTransaction
) {
let userProfileWriter: UserProfileWriter = .metadataUpdate
let address = OWSUserProfile.insertableAddress(for: serviceId, localIdentifiers: localIdentifiers)
switch address {
case .localUser:
return
case .otherUser:
break
}
let userProfile = OWSUserProfile.getOrBuildUserProfile(
for: address,
userProfileWriter: userProfileWriter,
tx: SDSDB.shimOnlyBridge(tx)
)
// lastMessagingDate is coarse; we don't need to track every single message
// sent or received. It is sufficient to update it only when the value
// changes by more than an hour.
if let lastMessagingDate = userProfile.lastMessagingDate, abs(lastMessagingDate.timeIntervalSinceNow) < kHourInterval {
return
}
userProfile.update(
lastMessagingDate: .setTo(Date()),
userProfileWriter: userProfileWriter,
transaction: SDSDB.shimOnlyBridge(tx),
completion: nil
)
}
}
// MARK: -
public class PendingProfileUpdate: NSObject, NSCoding {
let id: UUID
let profileGivenName: OptionalChange<OWSUserProfile.NameComponent>
let profileFamilyName: OptionalChange<OWSUserProfile.NameComponent?>
let profileBio: OptionalChange<String?>
let profileBioEmoji: OptionalChange<String?>
let profileAvatarData: OptionalAvatarChange<Data?>
let visibleBadgeIds: OptionalChange<[String]>
let userProfileWriter: UserProfileWriter
init(
profileGivenName: OptionalChange<OWSUserProfile.NameComponent>,
profileFamilyName: OptionalChange<OWSUserProfile.NameComponent?>,
profileBio: OptionalChange<String?>,
profileBioEmoji: OptionalChange<String?>,
profileAvatarData: OptionalAvatarChange<Data?>,
visibleBadgeIds: OptionalChange<[String]>,
userProfileWriter: UserProfileWriter
) {
self.id = UUID()
self.profileGivenName = profileGivenName
self.profileFamilyName = profileFamilyName
self.profileBio = profileBio
self.profileBioEmoji = profileBioEmoji
self.profileAvatarData = Self.normalizeAvatar(profileAvatarData)
self.visibleBadgeIds = visibleBadgeIds
self.userProfileWriter = userProfileWriter
}
func hasSameIdAs(_ other: PendingProfileUpdate) -> Bool {
return self.id == other.id
}
private static func normalizeAvatar(_ avatarData: OptionalAvatarChange<Data?>) -> OptionalAvatarChange<Data?> {
return avatarData.map { $0?.nilIfEmpty }
}
// MARK: - NSCoding
private enum NSCodingKeys: String {
case id
case profileGivenName
case profileFamilyName
case profileBio
case profileBioEmoji
case profileAvatarData
case visibleBadgeIds
case userProfileWriter
var changedKey: String { rawValue + "Changed" }
var mustReuploadKey: String { rawValue + "MustReupload" }
}
private static func encodeOptionalChange<T>(_ value: OptionalChange<T?>, for codingKey: NSCodingKeys, with aCoder: NSCoder) {
switch value {
case .noChange:
aCoder.encode(false, forKey: codingKey.changedKey)
case .setTo(let value):
if let value {
aCoder.encode(value, forKey: codingKey.rawValue)
}
}
}
private static func encodeOptionalAvatarChange<T>(_ value: OptionalAvatarChange<T?>, for codingKey: NSCodingKeys, with aCoder: NSCoder) {
switch value {
case .noChangeButMustReupload:
aCoder.encode(true, forKey: codingKey.mustReuploadKey)
fallthrough
case .noChange:
aCoder.encode(false, forKey: codingKey.changedKey)
case .setTo(let value):
if let value {
aCoder.encode(value, forKey: codingKey.rawValue)
}
}
}
private static func encodeVisibleBadgeIds(_ value: OptionalChange<[String]>, for codingKey: NSCodingKeys, with aCoder: NSCoder) {
switch value {
case .noChange:
break
case .setTo(let value):
aCoder.encode(value, forKey: codingKey.rawValue)
}
}
public func encode(with aCoder: NSCoder) {
aCoder.encode(id.uuidString, forKey: NSCodingKeys.id.rawValue)
Self.encodeOptionalChange(profileGivenName.map { $0.stringValue.rawValue }, for: .profileGivenName, with: aCoder)
Self.encodeOptionalChange(profileFamilyName.map { $0?.stringValue.rawValue }, for: .profileFamilyName, with: aCoder)
Self.encodeOptionalChange(profileBio, for: .profileBio, with: aCoder)
Self.encodeOptionalChange(profileBioEmoji, for: .profileBioEmoji, with: aCoder)
Self.encodeOptionalAvatarChange(profileAvatarData, for: .profileAvatarData, with: aCoder)
Self.encodeVisibleBadgeIds(visibleBadgeIds, for: .visibleBadgeIds, with: aCoder)
aCoder.encodeCInt(Int32(userProfileWriter.rawValue), forKey: NSCodingKeys.userProfileWriter.rawValue)
}
private static func decodeOptionalChange<T>(for codingKey: NSCodingKeys, with aDecoder: NSCoder) -> OptionalChange<T?> {
if aDecoder.containsValue(forKey: codingKey.changedKey), !aDecoder.decodeBool(forKey: codingKey.changedKey) {
return .noChange
}
return .setTo(aDecoder.decodeObject(forKey: codingKey.rawValue) as? T? ?? nil)
}
private static func decodeOptionalAvatarChange<T>(for codingKey: NSCodingKeys, with aDecoder: NSCoder) -> OptionalAvatarChange<T?> {
if aDecoder.containsValue(forKey: codingKey.changedKey), !aDecoder.decodeBool(forKey: codingKey.changedKey) {
if aDecoder.containsValue(forKey: codingKey.mustReuploadKey), aDecoder.decodeBool(forKey: codingKey.mustReuploadKey) {
return .noChangeButMustReupload
}
return .noChange
}
return .setTo(aDecoder.decodeObject(forKey: codingKey.rawValue) as? T? ?? nil)
}
private static func decodeOptionalNameChange(
for codingKey: NSCodingKeys,
with aDecoder: NSCoder
) -> OptionalChange<OWSUserProfile.NameComponent?> {
let stringChange: OptionalChange<String?> = decodeOptionalChange(for: codingKey, with: aDecoder)
switch stringChange {
case .noChange:
return .noChange
case .setTo(.none):
return .setTo(nil)
case .setTo(.some(let value)):
// We shouldn't be able to encode an invalid value. If we do, fall back to
// `.noChange` rather than clearing it.
guard let nameComponent = OWSUserProfile.NameComponent(truncating: value) else {
return .noChange
}
return .setTo(nameComponent)
}
}
private static func decodeRequiredNameChange(
for codingKey: NSCodingKeys,
with aDecoder: NSCoder
) -> OptionalChange<OWSUserProfile.NameComponent> {
switch decodeOptionalNameChange(for: codingKey, with: aDecoder) {
case .noChange:
return .noChange
case .setTo(.none):
// Don't allow the value to be cleared. Fall back to `.noChange` rather
// than throwing an error.
return .noChange
case .setTo(.some(let value)):
return .setTo(value)
}
}
private static func decodeVisibleBadgeIds(for codingKey: NSCodingKeys, with aDecoder: NSCoder) -> OptionalChange<[String]> {
guard let visibleBadgeIds = aDecoder.decodeObject(forKey: codingKey.rawValue) as? [String] else {
return .noChange
}
return .setTo(visibleBadgeIds)
}
public required init?(coder aDecoder: NSCoder) {
guard
let idString = aDecoder.decodeObject(forKey: NSCodingKeys.id.rawValue) as? String,
let id = UUID(uuidString: idString)
else {
owsFailDebug("Missing id")
return nil
}
self.id = id
self.profileGivenName = Self.decodeRequiredNameChange(for: .profileGivenName, with: aDecoder)
self.profileFamilyName = Self.decodeOptionalNameChange(for: .profileFamilyName, with: aDecoder)
self.profileBio = Self.decodeOptionalChange(for: .profileBio, with: aDecoder)
self.profileBioEmoji = Self.decodeOptionalChange(for: .profileBioEmoji, with: aDecoder)
self.profileAvatarData = Self.normalizeAvatar(Self.decodeOptionalAvatarChange(for: .profileAvatarData, with: aDecoder))
self.visibleBadgeIds = Self.decodeVisibleBadgeIds(for: .visibleBadgeIds, with: aDecoder)
if
aDecoder.containsValue(forKey: NSCodingKeys.userProfileWriter.rawValue),
let userProfileWriter = UserProfileWriter(rawValue: UInt(aDecoder.decodeInt32(forKey: NSCodingKeys.userProfileWriter.rawValue)))
{
self.userProfileWriter = userProfileWriter
} else {
self.userProfileWriter = .unknown
}
}
}
// MARK: - Avatar Downloads
extension OWSProfileManager {
fileprivate struct AvatarDownloadKey: Hashable {
let avatarUrlPath: String
let profileKey: Data
}
public func downloadAndDecryptLocalUserAvatarIfNeeded(authedAccount: AuthedAccount) async throws {
let oldProfile = databaseStorage.read { tx in OWSUserProfile.getUserProfile(for: .localUser, tx: tx) }
guard
let oldProfile,
let profileKey = oldProfile.profileKey,
let avatarUrlPath = oldProfile.avatarUrlPath,
!avatarUrlPath.isEmpty,
oldProfile.avatarFileName == nil
else {
return
}
let shouldRetry: Bool
do {
let temporaryFileUrl = try await downloadAndDecryptAvatar(avatarUrlPath: avatarUrlPath, profileKey: profileKey)
var didConsumeFilePath = false
defer {
if !didConsumeFilePath { try? FileManager.default.removeItem(at: temporaryFileUrl) }
}
(shouldRetry, didConsumeFilePath) = try await databaseStorage.awaitableWrite { tx in
let newProfile = OWSUserProfile.getUserProfile(for: .localUser, tx: tx)
guard let newProfile, newProfile.avatarFileName == nil else {
return (false, false)
}
// If the URL/profileKey change, we have a new avatar to download.
guard newProfile.profileKey == profileKey, newProfile.avatarUrlPath == avatarUrlPath else {
return (true, false)
}
let avatarFilename = try OWSUserProfile.consumeTemporaryAvatarFileUrl(.setTo(temporaryFileUrl), tx: tx)
newProfile.update(
avatarFileName: avatarFilename,
userProfileWriter: .avatarDownload,
transaction: tx,
completion: nil
)
return (false, true)
}
}
if shouldRetry {
try await downloadAndDecryptLocalUserAvatarIfNeeded(authedAccount: authedAccount)
}
}
public func downloadAndDecryptAvatar(avatarUrlPath: String, profileKey: OWSAES256Key) async throws -> URL {
let backgroundTask = OWSBackgroundTask(label: "\(#function)")
defer { backgroundTask.end() }
return try await Self._downloadAndDecryptAvatar(
avatarUrlPath: avatarUrlPath,
profileKey: profileKey,
remainingRetries: 3
)
}
private static func _downloadAndDecryptAvatar(
avatarUrlPath: String,
profileKey: OWSAES256Key,
remainingRetries: Int
) async throws -> URL {
assert(!avatarUrlPath.isEmpty)
do {
Logger.info("")
let urlSession = self.avatarUrlSession
let response = try await urlSession.downloadTaskPromise(avatarUrlPath, method: .get).awaitable()
let decryptedFileUrl = OWSFileSystem.temporaryFileUrl(isAvailableWhileDeviceLocked: true)
try decryptAvatar(at: response.downloadUrl, to: decryptedFileUrl, profileKey: profileKey)
guard Data.ows_isValidImage(at: decryptedFileUrl, mimeType: nil) else {
throw OWSGenericError("Couldn't validate avatar")
}
guard UIImage(contentsOfFile: decryptedFileUrl.path) != nil else {
throw OWSGenericError("Couldn't decode image")
}
return decryptedFileUrl
} catch where error.isNetworkFailureOrTimeout && remainingRetries > 0 {
return try await _downloadAndDecryptAvatar(
avatarUrlPath: avatarUrlPath,
profileKey: profileKey,
remainingRetries: remainingRetries - 1
)
}
}
private static func decryptAvatar(
at encryptedFileUrl: URL,
to decryptedFileUrl: URL,
profileKey: OWSAES256Key
) throws {
let readHandle = try FileHandle(forReadingFrom: encryptedFileUrl)
defer {
try? readHandle.close()
}
guard
FileManager.default.createFile(
atPath: decryptedFileUrl.path,
contents: nil,
attributes: [.protectionKey: FileProtectionType.completeUntilFirstUserAuthentication]
)
else {
throw OWSGenericError("Couldn't create temporary file")
}
let writeHandle = try FileHandle(forWritingTo: decryptedFileUrl)
defer {
try? writeHandle.close()
}
let concatenatedLength = Int(try readHandle.seekToEnd())
try readHandle.seek(toOffset: 0)
let nonceLength = Aes256GcmEncryptedData.nonceLength
let authenticationTagLength = Aes256GcmEncryptedData.authenticationTagLength
var remainingLength = concatenatedLength - nonceLength - authenticationTagLength
guard remainingLength >= 0 else {
throw OWSGenericError("ciphertext too short")
}
let nonceData = try readHandle.read(upToCount: nonceLength) ?? Data()
let decryptor = try Aes256GcmDecryption(key: profileKey.keyData, nonce: nonceData, associatedData: [])
while remainingLength > 0 {
let kBatchLimit = 32768
var payloadData: Data = try readHandle.read(upToCount: min(remainingLength, kBatchLimit)) ?? Data()
try decryptor.decrypt(&payloadData)
try writeHandle.write(contentsOf: payloadData)
remainingLength -= payloadData.count
}
let authenticationTag = try readHandle.read(upToCount: authenticationTagLength) ?? Data()
guard try decryptor.verifyTag(authenticationTag) else {
throw OWSGenericError("failed to decrypt")
}
}
}