remove user token after account is deleted or logged out

mullvad · Sep 13, 2023 · 74d7427 · 74d7427
1 parent c0ee7f5
commit 74d7427
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 2 deletions.
diff --git a/ios/MullvadREST/RESTAccessTokenManager.swift b/ios/MullvadREST/RESTAccessTokenManager.swift
@@ -62,5 +62,14 @@ extension REST {
 
             return operation
         }
+
+        public func invalidateAllTokens() {
+            operationQueue.addOperation(AsyncBlockOperation(dispatchQueue: dispatchQueue) { [weak self] in
+                guard let self else {
+                    return
+                }
+                self.tokens.removeAll()
+            })
+        }
     }
 }
diff --git a/ios/MullvadVPN/AppDelegate.swift b/ios/MullvadVPN/AppDelegate.swift
@@ -36,6 +36,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
     private(set) var accountsProxy: REST.AccountsProxy!
     private(set) var devicesProxy: REST.DevicesProxy!
 
+    private(set) var accessTokenManager: REST.AccessTokenManager!
     private(set) var addressCacheTracker: AddressCacheTracker!
     private(set) var relayCacheTracker: RelayCacheTracker!
     private(set) var storePaymentManager: StorePaymentManager!
@@ -68,6 +69,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
         apiProxy = proxyFactory.createAPIProxy()
         accountsProxy = proxyFactory.createAccountsProxy()
         devicesProxy = proxyFactory.createDevicesProxy()
+        accessTokenManager = proxyFactory.configuration.accessTokenManager
 
         let relayCache = RelayCache(cacheDirectory: containerURL)
         relayCacheTracker = RelayCacheTracker(relayCache: relayCache, application: application, apiProxy: apiProxy)
@@ -86,7 +88,8 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
             relayCacheTracker: relayCacheTracker,
             accountsProxy: accountsProxy,
             devicesProxy: devicesProxy,
-            apiProxy: apiProxy
+            apiProxy: apiProxy,
+            accessTokenManager: accessTokenManager
         )
 
         let constraintsUpdater = RelayConstraintsUpdater()

diff --git a/ios/MullvadVPN/TunnelManager/DeleteAccountOperation.swift b/ios/MullvadVPN/TunnelManager/DeleteAccountOperation.swift
@@ -17,15 +17,18 @@ class DeleteAccountOperation: ResultOperation<Void> {
 
     private let accountNumber: String
     private let accountsProxy: REST.AccountsProxy
+    private let accessTokenManager: REST.AccessTokenManager
     private var task: Cancellable?
 
     init(
         dispatchQueue: DispatchQueue,
         accountsProxy: REST.AccountsProxy,
+        accessTokenManager: REST.AccessTokenManager,
         accountNumber: String
     ) {
         self.accountNumber = accountNumber
         self.accountsProxy = accountsProxy
+        self.accessTokenManager = accessTokenManager
         super.init(dispatchQueue: dispatchQueue)
     }
 
@@ -37,6 +40,7 @@ class DeleteAccountOperation: ResultOperation<Void> {
                 self?.dispatchQueue.async {
                     switch result {
                     case .success:
+                        self?.accessTokenManager.invalidateAllTokens()
                         self?.finish(result: .success(()))
                     case let .failure(error):
                         self?.logger.error(

diff --git a/ios/MullvadVPN/TunnelManager/SetAccountOperation.swift b/ios/MullvadVPN/TunnelManager/SetAccountOperation.swift
@@ -41,6 +41,7 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
     private let accountsProxy: REST.AccountsProxy
     private let devicesProxy: REST.DevicesProxy
     private let action: SetAccountAction
+    private let accessTokenManager: REST.AccessTokenManager
 
     private let logger = Logger(label: "SetAccountOperation")
     private var tasks: [Cancellable] = []
@@ -50,11 +51,13 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
         interactor: TunnelInteractor,
         accountsProxy: REST.AccountsProxy,
         devicesProxy: REST.DevicesProxy,
+        accessTokenManager: REST.AccessTokenManager,
         action: SetAccountAction
     ) {
         self.interactor = interactor
         self.accountsProxy = accountsProxy
         self.devicesProxy = devicesProxy
+        self.accessTokenManager = accessTokenManager
         self.action = action
 
         super.init(dispatchQueue: dispatchQueue)
@@ -64,6 +67,7 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
 
     override func main() {
         startLogoutFlow { [self] in
+            self.accessTokenManager.invalidateAllTokens()
             switch action {
             case .new:
                 startNewAccountFlow { [self] result in

diff --git a/ios/MullvadVPN/TunnelManager/TunnelManager.swift b/ios/MullvadVPN/TunnelManager/TunnelManager.swift
@@ -49,6 +49,7 @@ final class TunnelManager: StorePaymentObserver {
     private let accountsProxy: REST.AccountsProxy
     private let devicesProxy: REST.DevicesProxy
     private let apiProxy: REST.APIProxy
+    private let accessTokenManager: REST.AccessTokenManager
 
     private let logger = Logger(label: "TunnelManager")
     private var nslock = NSRecursiveLock()
@@ -84,7 +85,8 @@ final class TunnelManager: StorePaymentObserver {
         relayCacheTracker: RelayCacheTracker,
         accountsProxy: REST.AccountsProxy,
         devicesProxy: REST.DevicesProxy,
-        apiProxy: REST.APIProxy
+        apiProxy: REST.APIProxy,
+        accessTokenManager: REST.AccessTokenManager
     ) {
         self.application = application
         self.tunnelStore = tunnelStore
@@ -94,6 +96,7 @@ final class TunnelManager: StorePaymentObserver {
         self.apiProxy = apiProxy
         self.operationQueue.name = "TunnelManager.operationQueue"
         self.operationQueue.underlyingQueue = internalQueue
+        self.accessTokenManager = accessTokenManager
 
         NotificationCenter.default.addObserver(
             self,
@@ -335,6 +338,7 @@ final class TunnelManager: StorePaymentObserver {
             interactor: TunnelInteractorProxy(self),
             accountsProxy: accountsProxy,
             devicesProxy: devicesProxy,
+            accessTokenManager: accessTokenManager,
             action: action
         )
 
@@ -438,6 +442,7 @@ final class TunnelManager: StorePaymentObserver {
         let operation = DeleteAccountOperation(
             dispatchQueue: internalQueue,
             accountsProxy: accountsProxy,
+            accessTokenManager: accessTokenManager,
             accountNumber: accountNumber
         )