Merge pull request #67 from johannes-schliephake/develop

v2.0

App/Info.plist

@@ -24,6 +24,8 @@
 	<string>$(MARKETING_VERSION)</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<true/>
 	<key>LSRequiresIPhoneOS</key>
 	<true/>
 	<key>NSAppTransportSecurity</key>

Passwords.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -0,0 +1,16 @@
+{
+  "object": {
+    "pins": [
+      {
+        "package": "Sodium",
+        "repositoryURL": "https://github.com/jedisct1/swift-sodium.git",
+        "state": {
+          "branch": null,
+          "revision": "4f9164a0a2c9a6a7ff53a2833d54a5c79c957342",
+          "version": "0.9.1"
+        }
+      }
+    ]
+  },
+  "version": 1
+}

README.md

@@ -2,10 +2,9 @@
 
 ![](https://raw.githubusercontent.com/johannes-schliephake/nextcloud-passwords-ios/main/AppIcon@1x.png)
 
-An iOS client for the [Nextcloud Passwords](https://git.mdns.eu/nextcloud/passwords) app.
-Available on the [App Store](https://apps.apple.com/app/id1546212226).
+An iOS client for the [Nextcloud Passwords](https://git.mdns.eu/nextcloud/passwords) app. Available on the [App Store](https://apps.apple.com/app/id1546212226).
 
-This app allows you to view, create, edit and delete the passwords and folders on your Nextcloud server. It offers a variety of filtering and sorting options.
+This app allows you to view, create, edit and delete passwords and folders on your Nextcloud server. It offers a variety of filtering and sorting options. End-to-end/client-side encryption and encrypted offline storage make sure your data is secure.
 
 A Password AutoFill provider is integrated into the app for seamless login experiences. You can enable this feature in iOS's Settings app.
 

Shared/Configuration.swift

@@ -1,16 +1,23 @@
 import Foundation
 
 
-struct Configuration {
+enum Configuration {
+
+    static let defaults: [String: Any] = [
+        "automaticallyGeneratePasswords": true,
+        "storeOffline": true
+    ]
 
     static let shortVersionString = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as! String // swiftlint:disable:this force_cast
     static let appService = Bundle.main.object(forInfoDictionaryKey: "AppService") as! String // swiftlint:disable:this force_cast
     static let appGroup = Bundle.main.object(forInfoDictionaryKey: "AppGroup") as! String // swiftlint:disable:this force_cast
     static let appKeychain = Bundle.main.object(forInfoDictionaryKey: "AppKeychain") as! String // swiftlint:disable:this force_cast
-    static let clientName = "\(Bundle.main.infoDictionary?["CFBundleName"] as! String) (iOS)" // swiftlint:disable:this force_cast
+    static let clientName = "\(Bundle.main.infoDictionary?["CFBundleName"] as! String) (iOS\(appService.hasSuffix("debug") ? ", Debug" : ""))" // swiftlint:disable:this force_cast
     static let isTestEnvironment = ProcessInfo.processInfo.environment["TEST"] == "true"
-    static let userDefaults = UserDefaults(suiteName: Configuration.appGroup)!
-
-    private init() {}
+    static let userDefaults: UserDefaults = {
+        let userDefaults = UserDefaults(suiteName: Configuration.appGroup)!
+        userDefaults.register(defaults: defaults)
+        return userDefaults
+    }()
 
 }

Shared/Controllers/Global/AuthenticationChallengeController.swift

@@ -1,4 +1,3 @@
-import CryptoKit
 import WebKit
 import Combine
 
@@ -24,11 +23,10 @@ final class AuthenticationChallengeController: NSObject, ObservableObject {
         super.init()
 
         acceptedCertificateHash = Keychain.default.load(key: "acceptedCertificateHash")
-        CredentialsController.default.$credentials.sink(receiveValue: clearAcceptedCertificateHash).store(in: &subscriptions)
     }
 
-    func clearAcceptedCertificateHash(credentials: Credentials? = nil) {
-        guard credentials == nil else {
+    func clearAcceptedCertificateHash(session: Session? = nil) {
+        guard session == nil else {
             return
         }
         acceptedCertificateHash = nil
@@ -43,7 +41,7 @@ final class AuthenticationChallengeController: NSObject, ObservableObject {
     }
 
     func deny(certificateHash: String) {
-        CredentialsController.default.logout()
+        SessionController.default.logout()
 
         let deniedCertificateConfirmationRequests = certificateConfirmationRequests.filter { $0.hash == certificateHash }
         certificateConfirmationRequests.removeAll { deniedCertificateConfirmationRequests.contains($0) }
@@ -65,7 +63,7 @@ final class AuthenticationChallengeController: NSObject, ObservableObject {
             return
         }
         let certificateData = SecCertificateCopyData(certificate) as Data
-        let certificateHash = SHA256.hash(data: certificateData).map { String(format: "%02X", $0) }.joined(separator: ":")
+        let certificateHash = Crypto.SHA256.hash(certificateData, humanReadable: true)
 
         /// Check certificate hash against accepted hash
         if certificateHash == acceptedCertificateHash {
@@ -79,7 +77,10 @@ final class AuthenticationChallengeController: NSObject, ObservableObject {
         }, deny: {
             completionHandler(.performDefaultHandling, nil)
         })
-        certificateConfirmationRequests.append(certificateConfirmationRequest)
+        DispatchQueue.main.async {
+            [self] in
+            certificateConfirmationRequests.append(certificateConfirmationRequest)
+        }
     }
 
 }

Shared/Controllers/Global/BiometricAuthenticationController.swift

@@ -13,8 +13,12 @@ final class BiometricAuthenticationController: ObservableObject {
     private let semaphore = DispatchSemaphore(value: 1)
 
     init() {
-        NotificationCenter.default.publisher(for: UIApplication.didBecomeActiveNotification).sink(receiveValue: unlockApp).store(in: &subscriptions)
-        NotificationCenter.default.publisher(for: UIApplication.willResignActiveNotification).sink(receiveValue: lockApp).store(in: &subscriptions)
+        NotificationCenter.default.publisher(for: UIApplication.didBecomeActiveNotification)
+            .sink(receiveValue: unlockApp)
+            .store(in: &subscriptions)
+        NotificationCenter.default.publisher(for: UIApplication.willResignActiveNotification)
+            .sink(receiveValue: lockApp)
+            .store(in: &subscriptions)
     }
 
     private init(isUnlocked: Bool) {
@@ -34,7 +38,7 @@ final class BiometricAuthenticationController: ObservableObject {
             let context = LAContext()
             let policy = LAPolicy.deviceOwnerAuthentication
             var error: NSError?
-            guard CredentialsController.default.credentials != nil,
+            guard SessionController.default.session != nil,
                   context.canEvaluatePolicy(policy, error: &error) else {
                 DispatchQueue.main.async {
                     isUnlocked = true