From 74d742730218ac7ace629b9f06ec1a5d37d0d95f Mon Sep 17 00:00:00 2001
From: Mojgan <Mojgan.jelodar@codic.se>
Date: Wed, 13 Sep 2023 16:39:42 +0200
Subject: [PATCH] remove user token after account is deleted or logged out

---
 ios/MullvadREST/RESTAccessTokenManager.swift             | 9 +++++++++
 ios/MullvadVPN/AppDelegate.swift                         | 5 ++++-
 .../TunnelManager/DeleteAccountOperation.swift           | 4 ++++
 ios/MullvadVPN/TunnelManager/SetAccountOperation.swift   | 4 ++++
 ios/MullvadVPN/TunnelManager/TunnelManager.swift         | 7 ++++++-
 5 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/ios/MullvadREST/RESTAccessTokenManager.swift b/ios/MullvadREST/RESTAccessTokenManager.swift
index 8b374b88d57a..17c812020d34 100644
--- a/ios/MullvadREST/RESTAccessTokenManager.swift
+++ b/ios/MullvadREST/RESTAccessTokenManager.swift
@@ -62,5 +62,14 @@ extension REST {
 
             return operation
         }
+
+        public func invalidateAllTokens() {
+            operationQueue.addOperation(AsyncBlockOperation(dispatchQueue: dispatchQueue) { [weak self] in
+                guard let self else {
+                    return
+                }
+                self.tokens.removeAll()
+            })
+        }
     }
 }
diff --git a/ios/MullvadVPN/AppDelegate.swift b/ios/MullvadVPN/AppDelegate.swift
index 46d913e381e7..ab6c623d7b30 100644
--- a/ios/MullvadVPN/AppDelegate.swift
+++ b/ios/MullvadVPN/AppDelegate.swift
@@ -36,6 +36,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
     private(set) var accountsProxy: REST.AccountsProxy!
     private(set) var devicesProxy: REST.DevicesProxy!
 
+    private(set) var accessTokenManager: REST.AccessTokenManager!
     private(set) var addressCacheTracker: AddressCacheTracker!
     private(set) var relayCacheTracker: RelayCacheTracker!
     private(set) var storePaymentManager: StorePaymentManager!
@@ -68,6 +69,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
         apiProxy = proxyFactory.createAPIProxy()
         accountsProxy = proxyFactory.createAccountsProxy()
         devicesProxy = proxyFactory.createDevicesProxy()
+        accessTokenManager = proxyFactory.configuration.accessTokenManager
 
         let relayCache = RelayCache(cacheDirectory: containerURL)
         relayCacheTracker = RelayCacheTracker(relayCache: relayCache, application: application, apiProxy: apiProxy)
@@ -86,7 +88,8 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
             relayCacheTracker: relayCacheTracker,
             accountsProxy: accountsProxy,
             devicesProxy: devicesProxy,
-            apiProxy: apiProxy
+            apiProxy: apiProxy,
+            accessTokenManager: accessTokenManager
         )
 
         let constraintsUpdater = RelayConstraintsUpdater()
diff --git a/ios/MullvadVPN/TunnelManager/DeleteAccountOperation.swift b/ios/MullvadVPN/TunnelManager/DeleteAccountOperation.swift
index 3230e9fde059..ad4463d5622a 100644
--- a/ios/MullvadVPN/TunnelManager/DeleteAccountOperation.swift
+++ b/ios/MullvadVPN/TunnelManager/DeleteAccountOperation.swift
@@ -17,15 +17,18 @@ class DeleteAccountOperation: ResultOperation<Void> {
 
     private let accountNumber: String
     private let accountsProxy: REST.AccountsProxy
+    private let accessTokenManager: REST.AccessTokenManager
     private var task: Cancellable?
 
     init(
         dispatchQueue: DispatchQueue,
         accountsProxy: REST.AccountsProxy,
+        accessTokenManager: REST.AccessTokenManager,
         accountNumber: String
     ) {
         self.accountNumber = accountNumber
         self.accountsProxy = accountsProxy
+        self.accessTokenManager = accessTokenManager
         super.init(dispatchQueue: dispatchQueue)
     }
 
@@ -37,6 +40,7 @@ class DeleteAccountOperation: ResultOperation<Void> {
                 self?.dispatchQueue.async {
                     switch result {
                     case .success:
+                        self?.accessTokenManager.invalidateAllTokens()
                         self?.finish(result: .success(()))
                     case let .failure(error):
                         self?.logger.error(
diff --git a/ios/MullvadVPN/TunnelManager/SetAccountOperation.swift b/ios/MullvadVPN/TunnelManager/SetAccountOperation.swift
index 080fdc36ab9e..77eeb02db6e7 100644
--- a/ios/MullvadVPN/TunnelManager/SetAccountOperation.swift
+++ b/ios/MullvadVPN/TunnelManager/SetAccountOperation.swift
@@ -41,6 +41,7 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
     private let accountsProxy: REST.AccountsProxy
     private let devicesProxy: REST.DevicesProxy
     private let action: SetAccountAction
+    private let accessTokenManager: REST.AccessTokenManager
 
     private let logger = Logger(label: "SetAccountOperation")
     private var tasks: [Cancellable] = []
@@ -50,11 +51,13 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
         interactor: TunnelInteractor,
         accountsProxy: REST.AccountsProxy,
         devicesProxy: REST.DevicesProxy,
+        accessTokenManager: REST.AccessTokenManager,
         action: SetAccountAction
     ) {
         self.interactor = interactor
         self.accountsProxy = accountsProxy
         self.devicesProxy = devicesProxy
+        self.accessTokenManager = accessTokenManager
         self.action = action
 
         super.init(dispatchQueue: dispatchQueue)
@@ -64,6 +67,7 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
 
     override func main() {
         startLogoutFlow { [self] in
+            self.accessTokenManager.invalidateAllTokens()
             switch action {
             case .new:
                 startNewAccountFlow { [self] result in
diff --git a/ios/MullvadVPN/TunnelManager/TunnelManager.swift b/ios/MullvadVPN/TunnelManager/TunnelManager.swift
index 4b33489c8b9b..710d663bed59 100644
--- a/ios/MullvadVPN/TunnelManager/TunnelManager.swift
+++ b/ios/MullvadVPN/TunnelManager/TunnelManager.swift
@@ -49,6 +49,7 @@ final class TunnelManager: StorePaymentObserver {
     private let accountsProxy: REST.AccountsProxy
     private let devicesProxy: REST.DevicesProxy
     private let apiProxy: REST.APIProxy
+    private let accessTokenManager: REST.AccessTokenManager
 
     private let logger = Logger(label: "TunnelManager")
     private var nslock = NSRecursiveLock()
@@ -84,7 +85,8 @@ final class TunnelManager: StorePaymentObserver {
         relayCacheTracker: RelayCacheTracker,
         accountsProxy: REST.AccountsProxy,
         devicesProxy: REST.DevicesProxy,
-        apiProxy: REST.APIProxy
+        apiProxy: REST.APIProxy,
+        accessTokenManager: REST.AccessTokenManager
     ) {
         self.application = application
         self.tunnelStore = tunnelStore
@@ -94,6 +96,7 @@ final class TunnelManager: StorePaymentObserver {
         self.apiProxy = apiProxy
         self.operationQueue.name = "TunnelManager.operationQueue"
         self.operationQueue.underlyingQueue = internalQueue
+        self.accessTokenManager = accessTokenManager
 
         NotificationCenter.default.addObserver(
             self,
@@ -335,6 +338,7 @@ final class TunnelManager: StorePaymentObserver {
             interactor: TunnelInteractorProxy(self),
             accountsProxy: accountsProxy,
             devicesProxy: devicesProxy,
+            accessTokenManager: accessTokenManager,
             action: action
         )
 
@@ -438,6 +442,7 @@ final class TunnelManager: StorePaymentObserver {
         let operation = DeleteAccountOperation(
             dispatchQueue: internalQueue,
             accountsProxy: accountsProxy,
+            accessTokenManager: accessTokenManager,
             accountNumber: accountNumber
         )