NEVISACCESSAPP-6376: Fix deregistration on Identity Suite environment

Gemfile.lock

@@ -5,7 +5,7 @@ GEM
       base64
       nkf
       rexml
-    activesupport (7.2.2)
+    activesupport (7.2.2.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -25,25 +25,25 @@ GEM
     artifactory (3.0.17)
     atomos (0.1.3)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1001.0)
-    aws-sdk-core (3.211.0)
+    aws-partitions (1.1040.0)
+    aws-sdk-core (3.216.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.95.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-kms (1.97.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.169.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
+    aws-sdk-s3 (1.178.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.10.1)
+    aws-sigv4 (1.11.0)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
     base64 (0.2.0)
-    benchmark (0.3.0)
-    bigdecimal (3.1.8)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
     claide (1.1.0)
     cocoapods (1.16.2)
       addressable (~> 2.8)
@@ -86,8 +86,8 @@ GEM
     colored2 (3.1.2)
     commander (4.6.0)
       highline (~> 2.0.0)
-    concurrent-ruby (1.3.4)
-    connection_pool (2.4.1)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.0)
     declarative (0.0.20)
     digest-crc (0.6.5)
       rake (>= 12.0.0, < 14.0.0)
@@ -118,17 +118,17 @@ GEM
     faraday-em_synchrony (1.0.0)
     faraday-excon (1.1.0)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.4)
-      multipart-post (~> 2)
+    faraday-multipart (1.1.0)
+      multipart-post (~> 2.0)
     faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
     faraday_middleware (1.2.1)
       faraday (~> 1.0)
-    fastimage (2.3.1)
-    fastlane (2.225.0)
+    fastimage (2.4.0)
+    fastlane (2.226.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -168,15 +168,24 @@ GEM
       tty-spinner (>= 0.8.0, < 1.0.0)
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.3.0)
+      xcpretty (~> 0.4.0)
       xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
-    fastlane-plugin-firebase_app_distribution (0.9.1)
+    fastlane-plugin-firebase_app_distribution (0.10.0)
       google-apis-firebaseappdistribution_v1 (~> 0.3.0)
       google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
     fastlane-sirp (1.0.0)
       sysrandom (~> 1.0)
-    ffi (1.17.0-arm64-darwin)
-    ffi (1.17.0-x86_64-darwin)
+    ffi (1.17.1)
+    ffi (1.17.1-aarch64-linux-gnu)
+    ffi (1.17.1-aarch64-linux-musl)
+    ffi (1.17.1-arm-linux-gnu)
+    ffi (1.17.1-arm-linux-musl)
+    ffi (1.17.1-arm64-darwin)
+    ffi (1.17.1-x86-linux-gnu)
+    ffi (1.17.1-x86-linux-musl)
+    ffi (1.17.1-x86_64-darwin)
+    ffi (1.17.1-x86_64-linux-gnu)
+    ffi (1.17.1-x86_64-linux-musl)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
@@ -221,19 +230,19 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     highline (2.0.3)
-    http-cookie (1.0.7)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
     httpclient (2.8.3)
-    i18n (1.14.6)
+    i18n (1.14.7)
       concurrent-ruby (~> 1.0)
     jmespath (1.6.2)
-    json (2.7.6)
-    jwt (2.9.3)
+    json (2.9.1)
+    jwt (2.10.1)
       base64
-    logger (1.6.1)
+    logger (1.6.5)
     mini_magick (4.13.2)
     mini_mime (1.1.5)
-    minitest (5.25.1)
+    minitest (5.25.4)
     molinillo (0.8.0)
     multi_json (1.15.0)
     multipart-post (2.4.1)
@@ -242,22 +251,22 @@ GEM
     naturally (2.2.1)
     netrc (0.11.0)
     nkf (0.2.0)
-    optparse (0.5.0)
+    optparse (0.6.0)
     os (1.1.4)
-    plist (3.7.1)
+    plist (3.7.2)
     public_suffix (4.0.7)
     rake (13.2.1)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.3.9)
-    rouge (2.0.7)
+    rexml (3.4.0)
+    rouge (3.28.0)
     ruby-macho (2.5.1)
     ruby2_keywords (0.0.5)
-    rubyzip (2.3.2)
-    securerandom (0.3.1)
+    rubyzip (2.4.1)
+    securerandom (0.4.1)
     security (0.1.5)
     signet (0.19.0)
       addressable (~> 2.8)
@@ -290,19 +299,28 @@ GEM
       colored2 (~> 3.1)
       nanaimo (~> 0.4.0)
       rexml (>= 3.3.6, < 4.0)
-    xcpretty (0.3.0)
-      rouge (~> 2.0.7)
+    xcpretty (0.4.0)
+      rouge (~> 3.28.0)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
 
 PLATFORMS
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
   arm64-darwin
+  ruby
+  x86-linux-gnu
+  x86-linux-musl
   x86_64-darwin
+  x86_64-linux-gnu
+  x86_64-linux-musl
 
 DEPENDENCIES
   cocoapods (~> 1.16)
   fastlane (~> 2.225)
   fastlane-plugin-firebase_app_distribution
 
 BUNDLED WITH
-   2.5.23
+   2.6.3

NevisExampleApp/Screens/Home/HomePresenter.swift

@@ -144,21 +144,20 @@ extension HomePresenter {
 
 	/// Starts deregistering all accounts.
 	func deregister() {
+		guard let accounts = mobileAuthenticationClient?.localData.accounts, !accounts.isEmpty else {
+			let operationError = OperationError(operation: .deregistration,
+			                                    underlyingError: AppError.accountsNotFound)
+			return errorHandlerChain.handle(error: operationError)
+		}
+
 		switch configurationLoader.environment {
 		case .authenticationCloud:
-			guard let accounts = mobileAuthenticationClient?.localData.accounts else {
-				return appCoordinator.navigateToResult(with: .success(operation: .deregistration))
-			}
-
 			view?.disableInteraction()
 			let usernames = accounts.map(\.username)
 			doDeregistration(for: usernames)
 		case .identitySuite:
 			// In the Identity Suite environment the deregistration endpoint is guarded,
 			// and as such we need to provide a cookie to the deregister call.
-			// Also in Identity Siute a deregistration has to be authenticated for every user,
-			// so batch deregistration is not really possible.
-			let accounts = mobileAuthenticationClient?.localData.accounts ?? [any Account]()
 			let parameter: SelectAccountParameter = .select(accounts: accounts,
 			                                                operation: .deregistration,
 			                                                handler: nil,

NevisExampleApp/Screens/Select Account/SelectAccountPresenter.swift

@@ -188,7 +188,9 @@ private extension SelectAccountPresenter {
 
 	/// Starts an In-Band Authentication.
 	///
-	/// - Parameter account: The account that must be used to authenticate.
+	/// - Parameters:
+	///   - account: The account that must be used to authenticate.
+	///   - handler: An optional handler that should be executed when In-Band Authentication finished.
 	func inBandAuthenticate(using account: any Account, completion handler: ((Result<AuthorizationProvider?, AuthenticationError>) -> ())? = nil) {
 		mobileAuthenticationClient?.operations.authentication
 			.username(account.username)
@@ -244,17 +246,8 @@ private extension SelectAccountPresenter {
 					return self.errorHandlerChain.handle(error: AppError.cookieNotFound)
 				}
 
-				guard let authenticators = self.mobileAuthenticationClient?.localData.authenticators else {
-					return self.appCoordinator.navigateToResult(with: .success(operation: .deregistration))
-				}
-
-				let registeredAuthenticators = authenticators.filter {
-					$0.registration.isRegistered(account.username)
-				}
-
-				self.doDeregistration(for: account.username,
-				                      aaids: Set(registeredAuthenticators.map(\.aaid)),
-				                      authorizationProvider: authorizationProvider)
+				self.printAuthorizationInfo(authorizationProvider)
+				self.doDeregistration(for: account.username, authorizationProvider: authorizationProvider)
 			case .failure:
 				self.logger.log("Deregistration failed for user \(account.username)", color: .red)
 			}
@@ -264,24 +257,15 @@ private extension SelectAccountPresenter {
 	/// Deregisters all authenticators of a given account.
 	///
 	/// - Parameters:
-	///   - accounts: The account to deregister.
-	///   - aaids: The list of authenticator AAIDs to deregister.
-	func doDeregistration(for username: String, aaids: Set<String>, authorizationProvider: AuthorizationProvider) {
-		var remainingAaids = aaids
-		guard let aaid = remainingAaids.popFirst() else {
-			logger.log("Deregistration succeeded for user \(username)", color: .green)
-			return appCoordinator.navigateToResult(with: .success(operation: operation!))
-		}
-
+	///   - username: The username of the account to deregister.
+	///   - authorizationProvider: The authoriztion provider.
+	func doDeregistration(for username: String, authorizationProvider: AuthorizationProvider) {
 		mobileAuthenticationClient?.operations.deregistration
 			.username(username)
-			.aaid(aaid)
 			.authorizationProvider(authorizationProvider)
 			.onSuccess {
-				self.logger.log("Deregistration succeeded for authenticator with aaid \(aaid) for user \(username)", color: .green)
-				self.doDeregistration(for: username,
-				                      aaids: remainingAaids,
-				                      authorizationProvider: authorizationProvider)
+				self.logger.log("Deregistration succeeded for user \(username)", color: .green)
+				self.appCoordinator.navigateToResult(with: .success(operation: self.operation!))
 			}
 			.onError {
 				self.logger.log("Deregistration failed for user \(username)", color: .red)