diff --git a/Account/Sources/Account/Account.swift b/Account/Sources/Account/Account.swift index bda179251..07aa0bd3c 100644 --- a/Account/Sources/Account/Account.swift +++ b/Account/Sources/Account/Account.swift @@ -258,7 +258,7 @@ public final class Account: DisplayNameProvider, UnreadCountProvider, Container, return delegate.refreshProgress } - init(dataFolder: String, type: AccountType, accountID: String, transport: Transport? = nil) { + init(dataFolder: String, type: AccountType, accountID: String, secretsProvider: SecretsProvider, transport: Transport? = nil) { switch type { case .onMyMac: self.delegate = LocalAccountDelegate() @@ -267,17 +267,17 @@ public final class Account: DisplayNameProvider, UnreadCountProvider, Container, case .feedbin: self.delegate = FeedbinAccountDelegate(dataFolder: dataFolder, transport: transport) case .feedly: - self.delegate = FeedlyAccountDelegate(dataFolder: dataFolder, transport: transport, api: FeedlyAccountDelegate.environment) + self.delegate = FeedlyAccountDelegate(dataFolder: dataFolder, transport: transport, api: FeedlyAccountDelegate.environment, secretsProvider: secretsProvider) case .newsBlur: self.delegate = NewsBlurAccountDelegate(dataFolder: dataFolder, transport: transport) case .freshRSS: - self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .freshRSS) + self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .freshRSS, secretsProvider: secretsProvider) case .inoreader: - self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .inoreader) + self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .inoreader, secretsProvider: secretsProvider) case .bazQux: - self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .bazQux) + self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .bazQux, secretsProvider: secretsProvider) case .theOldReader: - self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .theOldReader) + self.delegate = ReaderAPIAccountDelegate(dataFolder: dataFolder, transport: transport, variant: .theOldReader, secretsProvider: secretsProvider) } self.delegate.accountMetadata = metadata @@ -367,29 +367,29 @@ public final class Account: DisplayNameProvider, UnreadCountProvider, Container, try CredentialsManager.removeCredentials(type: type, server: server, username: username) } - public static func validateCredentials(transport: Transport = URLSession.webserviceTransport(), type: AccountType, credentials: Credentials, endpoint: URL? = nil, completion: @escaping (Result) -> Void) { + public static func validateCredentials(transport: Transport = URLSession.webserviceTransport(), type: AccountType, credentials: Credentials, endpoint: URL? = nil, secretsProvider: SecretsProvider, completion: @escaping (Result) -> Void) { switch type { case .feedbin: - FeedbinAccountDelegate.validateCredentials(transport: transport, credentials: credentials, completion: completion) + FeedbinAccountDelegate.validateCredentials(transport: transport, credentials: credentials, secretsProvider: secretsProvider, completion: completion) case .newsBlur: - NewsBlurAccountDelegate.validateCredentials(transport: transport, credentials: credentials, completion: completion) + NewsBlurAccountDelegate.validateCredentials(transport: transport, credentials: credentials, secretsProvider: secretsProvider, completion: completion) case .freshRSS, .inoreader, .bazQux, .theOldReader: - ReaderAPIAccountDelegate.validateCredentials(transport: transport, credentials: credentials, endpoint: endpoint, completion: completion) + ReaderAPIAccountDelegate.validateCredentials(transport: transport, credentials: credentials, endpoint: endpoint, secretsProvider: secretsProvider, completion: completion) default: break } } - internal static func oauthAuthorizationClient(for type: AccountType) -> OAuthAuthorizationClient { + internal static func oauthAuthorizationClient(for type: AccountType, secretsProvider: SecretsProvider) -> OAuthAuthorizationClient { switch type { case .feedly: - return FeedlyAccountDelegate.environment.oauthAuthorizationClient + return FeedlyAccountDelegate.environment.oauthAuthorizationClient(secretsProvider: secretsProvider) default: fatalError("\(type) is not a client for OAuth authorization code granting.") } } - public static func oauthAuthorizationCodeGrantRequest(for type: AccountType) -> URLRequest { + public static func oauthAuthorizationCodeGrantRequest(for type: AccountType, secretsProvider: SecretsProvider) -> URLRequest { let grantingType: OAuthAuthorizationGranting.Type switch type { case .feedly: @@ -398,13 +398,14 @@ public final class Account: DisplayNameProvider, UnreadCountProvider, Container, fatalError("\(type) does not support OAuth authorization code granting.") } - return grantingType.oauthAuthorizationCodeGrantRequest() + return grantingType.oauthAuthorizationCodeGrantRequest(secretsProvider: secretsProvider) } public static func requestOAuthAccessToken(with response: OAuthAuthorizationResponse, client: OAuthAuthorizationClient, accountType: AccountType, transport: Transport = URLSession.webserviceTransport(), + secretsProvider: SecretsProvider, completion: @escaping (Result) -> ()) { let grantingType: OAuthAuthorizationGranting.Type @@ -415,7 +416,7 @@ public final class Account: DisplayNameProvider, UnreadCountProvider, Container, fatalError("\(accountType) does not support OAuth authorization code granting.") } - grantingType.requestOAuthAccessToken(with: response, transport: transport, completion: completion) + grantingType.requestOAuthAccessToken(with: response, transport: transport, secretsProvider: secretsProvider, completion: completion) } public func receiveRemoteNotification(userInfo: [AnyHashable : Any], completion: @escaping () -> Void) { diff --git a/Account/Sources/Account/AccountDelegate.swift b/Account/Sources/Account/AccountDelegate.swift index a8981bc6a..66e52210e 100644 --- a/Account/Sources/Account/AccountDelegate.swift +++ b/Account/Sources/Account/AccountDelegate.swift @@ -52,7 +52,7 @@ protocol AccountDelegate { func accountWillBeDeleted(_ account: Account) - static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL?, completion: @escaping (Result) -> Void) + static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL?, secretsProvider: SecretsProvider, completion: @escaping (Result) -> Void) /// Suspend all network activity func suspendNetwork() diff --git a/Account/Sources/Account/AccountManager.swift b/Account/Sources/Account/AccountManager.swift index 0db039d7c..3a82b49cf 100644 --- a/Account/Sources/Account/AccountManager.swift +++ b/Account/Sources/Account/AccountManager.swift @@ -12,6 +12,7 @@ import RSWeb import Articles import ArticlesDatabase import Database +import Secrets // Main thread only. @@ -29,6 +30,8 @@ public final class AccountManager: UnreadCountProvider { private let defaultAccountFolderName = "OnMyMac" private let defaultAccountIdentifier = "OnMyMac" + private let secretsProvider: SecretsProvider + public var isSuspended = false public var isUnreadCountsInitialized: Bool { for account in activeAccounts { @@ -94,9 +97,11 @@ public final class AccountManager: UnreadCountProvider { return CombinedRefreshProgress(downloadProgressArray: downloadProgressArray) } - public init(accountsFolder: String) { - self.accountsFolder = accountsFolder + public init(accountsFolder: String, secretsProvider: SecretsProvider) { + self.accountsFolder = accountsFolder + self.secretsProvider = secretsProvider + // The local "On My Mac" account must always exist, even if it's empty. let localAccountFolder = (accountsFolder as NSString).appendingPathComponent("OnMyMac") do { @@ -107,7 +112,7 @@ public final class AccountManager: UnreadCountProvider { abort() } - defaultAccount = Account(dataFolder: localAccountFolder, type: .onMyMac, accountID: defaultAccountIdentifier) + defaultAccount = Account(dataFolder: localAccountFolder, type: .onMyMac, accountID: defaultAccountIdentifier, secretsProvider: secretsProvider) accountsDictionary[defaultAccount.accountID] = defaultAccount readAccountsFromDisk() @@ -134,7 +139,7 @@ public final class AccountManager: UnreadCountProvider { abort() } - let account = Account(dataFolder: accountFolder, type: type, accountID: accountID) + let account = Account(dataFolder: accountFolder, type: type, accountID: accountID, secretsProvider: secretsProvider) accountsDictionary[accountID] = account var userInfo = [String: Any]() @@ -430,7 +435,7 @@ private extension AccountManager { } func loadAccount(_ accountSpecifier: AccountSpecifier) -> Account? { - return Account(dataFolder: accountSpecifier.folderPath, type: accountSpecifier.type, accountID: accountSpecifier.identifier) + return Account(dataFolder: accountSpecifier.folderPath, type: accountSpecifier.type, accountID: accountSpecifier.identifier, secretsProvider: secretsProvider) } func loadAccount(_ filename: String) -> Account? { diff --git a/Account/Sources/Account/CloudKit/CloudKitAccountDelegate.swift b/Account/Sources/Account/CloudKit/CloudKitAccountDelegate.swift index a9738d63a..6f56eab55 100644 --- a/Account/Sources/Account/CloudKit/CloudKitAccountDelegate.swift +++ b/Account/Sources/Account/CloudKit/CloudKitAccountDelegate.swift @@ -451,7 +451,7 @@ final class CloudKitAccountDelegate: AccountDelegate { articlesZone.resetChangeToken() } - static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, completion: (Result) -> Void) { + static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, secretsProvider: SecretsProvider, completion: (Result) -> Void) { return completion(.success(nil)) } diff --git a/Account/Sources/Account/Feedbin/FeedbinAccountDelegate.swift b/Account/Sources/Account/Feedbin/FeedbinAccountDelegate.swift index 1ac8e0d6f..65af2f95d 100644 --- a/Account/Sources/Account/Feedbin/FeedbinAccountDelegate.swift +++ b/Account/Sources/Account/Feedbin/FeedbinAccountDelegate.swift @@ -583,7 +583,7 @@ final class FeedbinAccountDelegate: AccountDelegate { func accountWillBeDeleted(_ account: Account) { } - static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, completion: @escaping (Result) -> Void) { + static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, secretsProvider: SecretsProvider, completion: @escaping (Result) -> Void) { let caller = FeedbinAPICaller(transport: transport) caller.credentials = credentials diff --git a/Account/Sources/Account/Feedly/FeedlyAPICaller.swift b/Account/Sources/Account/Feedly/FeedlyAPICaller.swift index e84b801bd..01c1cd3c2 100644 --- a/Account/Sources/Account/Feedly/FeedlyAPICaller.swift +++ b/Account/Sources/Account/Feedly/FeedlyAPICaller.swift @@ -37,12 +37,12 @@ final class FeedlyAPICaller { return components } - var oauthAuthorizationClient: OAuthAuthorizationClient { + func oauthAuthorizationClient(secretsProvider: SecretsProvider) -> OAuthAuthorizationClient { switch self { case .sandbox: return .feedlySandboxClient case .cloud: - return .feedlyCloudClient + return OAuthAuthorizationClient.feedlyCloudClient(secretsProvider: secretsProvider) } } } @@ -50,11 +50,13 @@ final class FeedlyAPICaller { private let transport: Transport private let baseUrlComponents: URLComponents private let uriComponentAllowed: CharacterSet + private let secretsProvider: SecretsProvider - init(transport: Transport, api: API) { + init(transport: Transport, api: API, secretsProvider: SecretsProvider) { self.transport = transport self.baseUrlComponents = api.baseUrlComponents - + self.secretsProvider = secretsProvider + var urlHostAllowed = CharacterSet.urlHostAllowed urlHostAllowed.remove("+") uriComponentAllowed = urlHostAllowed diff --git a/Account/Sources/Account/Feedly/FeedlyAccountDelegate+OAuth.swift b/Account/Sources/Account/Feedly/FeedlyAccountDelegate+OAuth.swift index 9e29bbbe2..c1f1128f6 100644 --- a/Account/Sources/Account/Feedly/FeedlyAccountDelegate+OAuth.swift +++ b/Account/Sources/Account/Feedly/FeedlyAccountDelegate+OAuth.swift @@ -25,11 +25,11 @@ public struct FeedlyOAuthAccessTokenResponse: Decodable, OAuthAccessTokenRespons } extension FeedlyAccountDelegate: OAuthAuthorizationGranting { - + private static let oauthAuthorizationGrantScope = "https://cloud.feedly.com/subscriptions" - - static func oauthAuthorizationCodeGrantRequest() -> URLRequest { - let client = environment.oauthAuthorizationClient + + static func oauthAuthorizationCodeGrantRequest(secretsProvider: SecretsProvider) -> URLRequest { + let client = environment.oauthAuthorizationClient(secretsProvider: secretsProvider) let authorizationRequest = OAuthAuthorizationRequest(clientId: client.id, redirectUri: client.redirectUri, scope: oauthAuthorizationGrantScope, @@ -38,12 +38,12 @@ extension FeedlyAccountDelegate: OAuthAuthorizationGranting { return FeedlyAPICaller.authorizationCodeUrlRequest(for: authorizationRequest, baseUrlComponents: baseURLComponents) } - static func requestOAuthAccessToken(with response: OAuthAuthorizationResponse, transport: Transport, completion: @escaping (Result) -> ()) { - let client = environment.oauthAuthorizationClient + static func requestOAuthAccessToken(with response: OAuthAuthorizationResponse, transport: Transport, secretsProvider: SecretsProvider, completion: @escaping (Result) -> ()) { + let client = environment.oauthAuthorizationClient(secretsProvider: secretsProvider) let request = OAuthAccessTokenRequest(authorizationResponse: response, scope: oauthAuthorizationGrantScope, client: client) - let caller = FeedlyAPICaller(transport: transport, api: environment) + let caller = FeedlyAPICaller(transport: transport, api: environment, secretsProvider: secretsProvider) caller.requestAccessToken(request) { result in switch result { case .success(let response): diff --git a/Account/Sources/Account/Feedly/FeedlyAccountDelegate.swift b/Account/Sources/Account/Feedly/FeedlyAccountDelegate.swift index d7cc77290..4de0bee54 100644 --- a/Account/Sources/Account/Feedly/FeedlyAccountDelegate.swift +++ b/Account/Sources/Account/Feedly/FeedlyAccountDelegate.swift @@ -67,15 +67,15 @@ final class FeedlyAccountDelegate: AccountDelegate { private weak var currentSyncAllOperation: MainThreadOperation? private let operationQueue = MainThreadOperationQueue() - init(dataFolder: String, transport: Transport?, api: FeedlyAPICaller.API) { + init(dataFolder: String, transport: Transport?, api: FeedlyAPICaller.API, secretsProvider: SecretsProvider) { // Many operations have their own operation queues, such as the sync all operation. // Making this a serial queue at this higher level of abstraction means we can ensure, // for example, a `FeedlyRefreshAccessTokenOperation` occurs before a `FeedlySyncAllOperation`, // improving our ability to debug, reason about and predict the behaviour of the code. if let transport = transport { - self.caller = FeedlyAPICaller(transport: transport, api: api) - + self.caller = FeedlyAPICaller(transport: transport, api: api, secretsProvider: secretsProvider) + } else { let sessionConfiguration = URLSessionConfiguration.default @@ -92,12 +92,12 @@ final class FeedlyAccountDelegate: AccountDelegate { } let session = URLSession(configuration: sessionConfiguration) - self.caller = FeedlyAPICaller(transport: session, api: api) + self.caller = FeedlyAPICaller(transport: session, api: api, secretsProvider: secretsProvider) } let databaseFilePath = (dataFolder as NSString).appendingPathComponent("Sync.sqlite3") self.database = SyncDatabase(databaseFilePath: databaseFilePath) - self.oauthAuthorizationClient = api.oauthAuthorizationClient + self.oauthAuthorizationClient = api.oauthAuthorizationClient(secretsProvider: secretsProvider) self.caller.delegate = self } @@ -539,7 +539,7 @@ final class FeedlyAccountDelegate: AccountDelegate { MainThreadOperationQueue.shared.add(logout) } - static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL?, completion: @escaping (Result) -> Void) { + static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL?, secretsProvider: SecretsProvider, completion: @escaping (Result) -> Void) { assertionFailure("An `account` instance should enqueue an \(FeedlyRefreshAccessTokenOperation.self) instead.") completion(.success(credentials)) } diff --git a/Account/Sources/Account/Feedly/OAuthAccountAuthorizationOperation.swift b/Account/Sources/Account/Feedly/OAuthAccountAuthorizationOperation.swift index f16029ce8..c3f164370 100644 --- a/Account/Sources/Account/Feedly/OAuthAccountAuthorizationOperation.swift +++ b/Account/Sources/Account/Feedly/OAuthAccountAuthorizationOperation.swift @@ -9,6 +9,7 @@ import Foundation import AuthenticationServices import RSCore +import Secrets public protocol OAuthAccountAuthorizationOperationDelegate: AnyObject { func oauthAccountAuthorizationOperation(_ operation: OAuthAccountAuthorizationOperation, didCreate account: Account) @@ -42,17 +43,19 @@ public enum OAuthAccountAuthorizationOperationError: LocalizedError { private let accountType: AccountType private let oauthClient: OAuthAuthorizationClient private var session: ASWebAuthenticationSession? - - public init(accountType: AccountType) { + private let secretsProvider: SecretsProvider + + public init(accountType: AccountType, secretsProvider: SecretsProvider) { self.accountType = accountType - self.oauthClient = Account.oauthAuthorizationClient(for: accountType) + self.secretsProvider = secretsProvider + self.oauthClient = Account.oauthAuthorizationClient(for: accountType, secretsProvider: secretsProvider) } public func run() { assert(presentationAnchor != nil, "\(self) outlived presentation anchor.") - let request = Account.oauthAuthorizationCodeGrantRequest(for: accountType) - + let request = Account.oauthAuthorizationCodeGrantRequest(for: accountType, secretsProvider: secretsProvider) + guard let url = request.url else { return DispatchQueue.main.async { self.didEndAuthentication(url: nil, error: URLError(.badURL)) @@ -113,7 +116,7 @@ public enum OAuthAccountAuthorizationOperationError: LocalizedError { let response = try OAuthAuthorizationResponse(url: url, client: oauthClient) - Account.requestOAuthAccessToken(with: response, client: oauthClient, accountType: accountType, completion: didEndRequestingAccessToken(_:)) + Account.requestOAuthAccessToken(with: response, client: oauthClient, accountType: accountType, secretsProvider: secretsProvider, completion: didEndRequestingAccessToken(_:)) } catch is ASWebAuthenticationSessionError { didFinish() // Primarily, cancellation. diff --git a/Account/Sources/Account/Feedly/OAuthAuthorizationClient+Feedly.swift b/Account/Sources/Account/Feedly/OAuthAuthorizationClient+Feedly.swift index 627736317..a0371870e 100644 --- a/Account/Sources/Account/Feedly/OAuthAuthorizationClient+Feedly.swift +++ b/Account/Sources/Account/Feedly/OAuthAuthorizationClient+Feedly.swift @@ -11,14 +11,14 @@ import Secrets extension OAuthAuthorizationClient { - static var feedlyCloudClient: OAuthAuthorizationClient { + static func feedlyCloudClient(secretsProvider: SecretsProvider) -> OAuthAuthorizationClient { /// Models private NetNewsWire client secrets. /// These placeholders are substituted at build time using a Run Script phase with build settings. /// https://developer.feedly.com/v3/auth/#authenticating-a-user-and-obtaining-an-auth-code - return OAuthAuthorizationClient(id: SecretsManager.provider.feedlyClientId, + return OAuthAuthorizationClient(id: secretsProvider.feedlyClientId, redirectUri: "netnewswire://auth/feedly", state: nil, - secret: SecretsManager.provider.feedlyClientSecret) + secret: secretsProvider.feedlyClientSecret) } static var feedlySandboxClient: OAuthAuthorizationClient { diff --git a/Account/Sources/Account/Feedly/OAuthAuthorizationCodeGranting.swift b/Account/Sources/Account/Feedly/OAuthAuthorizationCodeGranting.swift index 713788fbd..cff25cafb 100644 --- a/Account/Sources/Account/Feedly/OAuthAuthorizationCodeGranting.swift +++ b/Account/Sources/Account/Feedly/OAuthAuthorizationCodeGranting.swift @@ -17,7 +17,7 @@ public struct OAuthAuthorizationClient: Equatable { public var redirectUri: String public var state: String? public var secret: String - + public init(id: String, redirectUri: String, state: String?, secret: String) { self.id = id self.redirectUri = redirectUri @@ -167,7 +167,7 @@ public protocol OAuthAuthorizationCodeGrantRequesting { protocol OAuthAuthorizationGranting: AccountDelegate { - static func oauthAuthorizationCodeGrantRequest() -> URLRequest + static func oauthAuthorizationCodeGrantRequest(secretsProvider: SecretsProvider) -> URLRequest - static func requestOAuthAccessToken(with response: OAuthAuthorizationResponse, transport: Transport, completion: @escaping (Result) -> ()) + static func requestOAuthAccessToken(with response: OAuthAuthorizationResponse, transport: Transport, secretsProvider: SecretsProvider, completion: @escaping (Result) -> ()) } diff --git a/Account/Sources/Account/LocalAccount/LocalAccountDelegate.swift b/Account/Sources/Account/LocalAccount/LocalAccountDelegate.swift index ddd60afb8..cadcab2a1 100644 --- a/Account/Sources/Account/LocalAccount/LocalAccountDelegate.swift +++ b/Account/Sources/Account/LocalAccount/LocalAccountDelegate.swift @@ -197,7 +197,7 @@ final class LocalAccountDelegate: AccountDelegate { func accountWillBeDeleted(_ account: Account) { } - static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, completion: (Result) -> Void) { + static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, secretsProvider: SecretsProvider, completion: (Result) -> Void) { return completion(.success(nil)) } diff --git a/Account/Sources/Account/NewsBlur/NewsBlurAccountDelegate.swift b/Account/Sources/Account/NewsBlur/NewsBlurAccountDelegate.swift index 8fc6989d9..fbdac4289 100644 --- a/Account/Sources/Account/NewsBlur/NewsBlurAccountDelegate.swift +++ b/Account/Sources/Account/NewsBlur/NewsBlurAccountDelegate.swift @@ -612,7 +612,7 @@ final class NewsBlurAccountDelegate: AccountDelegate { caller.logout() { _ in } } - class func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, completion: @escaping (Result) -> ()) { + class func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL? = nil, secretsProvider: SecretsProvider, completion: @escaping (Result) -> ()) { let caller = NewsBlurAPICaller(transport: transport) caller.credentials = credentials caller.validateCredentials() { result in diff --git a/Account/Sources/Account/ReaderAPI/ReaderAPIAccountDelegate.swift b/Account/Sources/Account/ReaderAPI/ReaderAPIAccountDelegate.swift index df810c095..da676d0f7 100644 --- a/Account/Sources/Account/ReaderAPI/ReaderAPIAccountDelegate.swift +++ b/Account/Sources/Account/ReaderAPI/ReaderAPIAccountDelegate.swift @@ -74,12 +74,12 @@ final class ReaderAPIAccountDelegate: AccountDelegate { var refreshProgress = DownloadProgress(numberOfTasks: 0) - init(dataFolder: String, transport: Transport?, variant: ReaderAPIVariant) { + init(dataFolder: String, transport: Transport?, variant: ReaderAPIVariant, secretsProvider: SecretsProvider) { let databaseFilePath = (dataFolder as NSString).appendingPathComponent("Sync.sqlite3") database = SyncDatabase(databaseFilePath: databaseFilePath) if transport != nil { - caller = ReaderAPICaller(transport: transport!) + caller = ReaderAPICaller(transport: transport!, secretsProvider: secretsProvider) } else { let sessionConfiguration = URLSessionConfiguration.default sessionConfiguration.requestCachePolicy = .reloadIgnoringLocalCacheData @@ -94,7 +94,7 @@ final class ReaderAPIAccountDelegate: AccountDelegate { sessionConfiguration.httpAdditionalHeaders = userAgentHeaders } - caller = ReaderAPICaller(transport: URLSession(configuration: sessionConfiguration)) + caller = ReaderAPICaller(transport: URLSession(configuration: sessionConfiguration), secretsProvider: secretsProvider) } caller.variant = variant @@ -636,13 +636,13 @@ final class ReaderAPIAccountDelegate: AccountDelegate { func accountWillBeDeleted(_ account: Account) { } - static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL?, completion: @escaping (Result) -> Void) { + static func validateCredentials(transport: Transport, credentials: Credentials, endpoint: URL?, secretsProvider: SecretsProvider, completion: @escaping (Result) -> Void) { guard let endpoint = endpoint else { completion(.failure(TransportError.noURL)) return } - let caller = ReaderAPICaller(transport: transport) + let caller = ReaderAPICaller(transport: transport, secretsProvider: secretsProvider) caller.credentials = credentials caller.validateCredentials(endpoint: endpoint) { result in DispatchQueue.main.async { diff --git a/Account/Sources/Account/ReaderAPI/ReaderAPICaller.swift b/Account/Sources/Account/ReaderAPI/ReaderAPICaller.swift index fd2995c25..093eab505 100644 --- a/Account/Sources/Account/ReaderAPI/ReaderAPICaller.swift +++ b/Account/Sources/Account/ReaderAPI/ReaderAPICaller.swift @@ -48,6 +48,7 @@ final class ReaderAPICaller: NSObject { } private var transport: Transport! + private let secretsProvider: SecretsProvider private let uriComponentAllowed: CharacterSet private var accessToken: String? @@ -77,9 +78,10 @@ final class ReaderAPICaller: NSObject { } } - init(transport: Transport) { + init(transport: Transport, secretsProvider: SecretsProvider) { self.transport = transport - + self.secretsProvider = secretsProvider + var urlHostAllowed = CharacterSet.urlHostAllowed urlHostAllowed.remove("+") urlHostAllowed.remove("&") @@ -693,8 +695,8 @@ private extension ReaderAPICaller { func addVariantHeaders(_ request: inout URLRequest) { if variant == .inoreader { - request.addValue(SecretsManager.provider.inoreaderAppId, forHTTPHeaderField: "AppId") - request.addValue(SecretsManager.provider.inoreaderAppKey, forHTTPHeaderField: "AppKey") + request.addValue(secretsProvider.inoreaderAppId, forHTTPHeaderField: "AppId") + request.addValue(secretsProvider.inoreaderAppKey, forHTTPHeaderField: "AppKey") } } diff --git a/Account/Tests/AccountTests/Feedly/FeedlyTestSupport.swift b/Account/Tests/AccountTests/Feedly/FeedlyTestSupport.swift index 34432fcd9..456c4c1c2 100644 --- a/Account/Tests/AccountTests/Feedly/FeedlyTestSupport.swift +++ b/Account/Tests/AccountTests/Feedly/FeedlyTestSupport.swift @@ -19,10 +19,6 @@ class FeedlyTestSupport { var refreshToken = Credentials(type: .oauthRefreshToken, username: "Test", secret: "t3st-refresh-tok3n") var transport = TestTransport() - init() { - SecretsManager.provider = FeedlyTestSecrets() - } - func makeMockNetworkStack() -> (TestTransport, FeedlyAPICaller) { let caller = FeedlyAPICaller(transport: transport, api: .sandbox) caller.credentials = accessToken diff --git a/Mac/AppDelegate.swift b/Mac/AppDelegate.swift index f4f375454..50e98dc8a 100644 --- a/Mac/AppDelegate.swift +++ b/Mac/AppDelegate.swift @@ -108,6 +108,7 @@ final class AppDelegate: NSObject, NSApplicationDelegate, NSUserInterfaceValidat #endif private var themeImportPath: String? + private let secretsProvider = Secrets() override init() { NSWindow.allowsAutomaticWindowTabbing = false @@ -119,8 +120,7 @@ final class AppDelegate: NSObject, NSApplicationDelegate, NSUserInterfaceValidat crashReporter.enable() #endif - SecretsManager.provider = Secrets() - AccountManager.shared = AccountManager(accountsFolder: Platform.dataSubfolder(forApplication: nil, folderName: "Accounts")!) + AccountManager.shared = AccountManager(accountsFolder: Platform.dataSubfolder(forApplication: nil, folderName: "Accounts")!, secretsProvider: secretsProvider) ArticleThemesManager.shared = ArticleThemesManager(folderPath: Platform.dataSubfolder(forApplication: nil, folderName: "Themes")!) NotificationCenter.default.addObserver(self, selector: #selector(unreadCountDidChange(_:)), name: .UnreadCountDidChange, object: nil) diff --git a/Mac/MainWindow/MainWindowController.swift b/Mac/MainWindow/MainWindowController.swift index 38dac3377..3ad3a140f 100644 --- a/Mac/MainWindow/MainWindowController.swift +++ b/Mac/MainWindow/MainWindowController.swift @@ -1257,7 +1257,7 @@ private extension MainWindowController { } func startArticleExtractorForCurrentLink() { - if let link = currentLink, let extractor = ArticleExtractor(link) { + if let link = currentLink, let extractor = ArticleExtractor(link, secretsProvider: Secrets()) { extractor.delegate = self extractor.process() articleExtractor = extractor diff --git a/Mac/Preferences/Accounts/AccountsFeedbinWindowController.swift b/Mac/Preferences/Accounts/AccountsFeedbinWindowController.swift index a4e95cea6..07c29cccf 100644 --- a/Mac/Preferences/Accounts/AccountsFeedbinWindowController.swift +++ b/Mac/Preferences/Accounts/AccountsFeedbinWindowController.swift @@ -79,8 +79,8 @@ class AccountsFeedbinWindowController: NSWindowController { progressIndicator.startAnimation(self) let credentials = Credentials(type: .basic, username: usernameTextField.stringValue, secret: passwordTextField.stringValue) - Account.validateCredentials(type: .feedbin, credentials: credentials) { [weak self] result in - + Account.validateCredentials(type: .feedbin, credentials: credentials, secretsProvider: Secrets()) { [weak self] result in + guard let self = self else { return } self.actionButton.isEnabled = true diff --git a/Mac/Preferences/Accounts/AccountsNewsBlurWindowController.swift b/Mac/Preferences/Accounts/AccountsNewsBlurWindowController.swift index e7a233041..266cae8c9 100644 --- a/Mac/Preferences/Accounts/AccountsNewsBlurWindowController.swift +++ b/Mac/Preferences/Accounts/AccountsNewsBlurWindowController.swift @@ -76,7 +76,7 @@ class AccountsNewsBlurWindowController: NSWindowController { progressIndicator.startAnimation(self) let credentials = Credentials(type: .newsBlurBasic, username: usernameTextField.stringValue, secret: passwordTextField.stringValue) - Account.validateCredentials(type: .newsBlur, credentials: credentials) { [weak self] result in + Account.validateCredentials(type: .newsBlur, credentials: credentials, secretsProvider: Secrets()) { [weak self] result in guard let self = self else { return } diff --git a/Mac/Preferences/Accounts/AccountsPreferencesViewController.swift b/Mac/Preferences/Accounts/AccountsPreferencesViewController.swift index d1a81e611..b1aa87766 100644 --- a/Mac/Preferences/Accounts/AccountsPreferencesViewController.swift +++ b/Mac/Preferences/Accounts/AccountsPreferencesViewController.swift @@ -174,7 +174,7 @@ extension AccountsPreferencesViewController: AccountsPreferencesAddAccountDelega accountsReaderAPIWindowController.runSheetOnWindow(self.view.window!) addAccountWindowController = accountsReaderAPIWindowController case .feedly: - let addAccount = OAuthAccountAuthorizationOperation(accountType: .feedly) + let addAccount = OAuthAccountAuthorizationOperation(accountType: .feedly, secretsProvider: Secrets()) addAccount.delegate = self addAccount.presentationAnchor = self.view.window! runAwaitingFeedlyLoginAlertModal(forLifetimeOf: addAccount) diff --git a/Mac/Preferences/Accounts/AccountsReaderAPIWindowController.swift b/Mac/Preferences/Accounts/AccountsReaderAPIWindowController.swift index 992b8c260..e876df380 100644 --- a/Mac/Preferences/Accounts/AccountsReaderAPIWindowController.swift +++ b/Mac/Preferences/Accounts/AccountsReaderAPIWindowController.swift @@ -131,8 +131,8 @@ class AccountsReaderAPIWindowController: NSWindowController { progressIndicator.startAnimation(self) let credentials = Credentials(type: .readerBasic, username: usernameTextField.stringValue, secret: passwordTextField.stringValue) - Account.validateCredentials(type: accountType, credentials: credentials, endpoint: apiURL) { [weak self] result in - + Account.validateCredentials(type: accountType, credentials: credentials, endpoint: apiURL, secretsProvider: Secrets()) { [weak self] result in + guard let self = self else { return } self.actionButton.isEnabled = true diff --git a/Secrets/Package.swift b/Secrets/Package.swift index a85d30e9c..a7b8f58c1 100644 --- a/Secrets/Package.swift +++ b/Secrets/Package.swift @@ -2,20 +2,23 @@ import PackageDescription let package = Package( - name: "Secrets", + name: "Secrets", platforms: [.macOS(.v14), .iOS(.v17)], - products: [ - .library( - name: "Secrets", + products: [ + .library( + name: "Secrets", type: .dynamic, - targets: ["Secrets"] - ) - ], - dependencies: [], - targets: [ - .target( - name: "Secrets", - dependencies: [] - ) - ] + targets: ["Secrets"] + ) + ], + dependencies: [], + targets: [ + .target( + name: "Secrets", + dependencies: [], + swiftSettings: [ + .enableExperimentalFeature("StrictConcurrency") + ] + ) + ] ) diff --git a/Secrets/Sources/Secrets/SecretsManager.swift b/Secrets/Sources/Secrets/SecretsManager.swift deleted file mode 100644 index c53f5615f..000000000 --- a/Secrets/Sources/Secrets/SecretsManager.swift +++ /dev/null @@ -1,12 +0,0 @@ -// -// SecretsManager.swift -// -// -// Created by Maurice Parker on 7/30/20. -// - -import Foundation - -public class SecretsManager { - public static var provider: SecretsProvider! -} diff --git a/Shared/Article Extractor/ArticleExtractor.swift b/Shared/Article Extractor/ArticleExtractor.swift index 6b26f8f8d..55108c149 100644 --- a/Shared/Article Extractor/ArticleExtractor.swift +++ b/Shared/Article Extractor/ArticleExtractor.swift @@ -34,15 +34,15 @@ class ArticleExtractor { private var url: URL! - public init?(_ articleLink: String) { + public init?(_ articleLink: String, secretsProvider: SecretsProvider) { self.articleLink = articleLink let clientURL = "https://extract.feedbin.com/parser" - let username = SecretsManager.provider.mercuryClientId - let signiture = articleLink.hmacUsingSHA1(key: SecretsManager.provider.mercuryClientSecret) - + let username = secretsProvider.mercuryClientId + let signature = articleLink.hmacUsingSHA1(key: secretsProvider.mercuryClientSecret) + if let base64URL = articleLink.data(using: .utf8)?.base64EncodedString() { - let fullURL = "\(clientURL)/\(username)/\(signiture)?base64_url=\(base64URL)" + let fullURL = "\(clientURL)/\(username)/\(signature)?base64_url=\(base64URL)" if let url = URL(string: fullURL) { self.url = url return diff --git a/iOS/Account/FeedbinAccountViewController.swift b/iOS/Account/FeedbinAccountViewController.swift index 6ed4eb9a7..296d7e96f 100644 --- a/iOS/Account/FeedbinAccountViewController.swift +++ b/iOS/Account/FeedbinAccountViewController.swift @@ -30,6 +30,8 @@ class FeedbinAccountViewController: UITableViewController { weak var account: Account? weak var delegate: AddAccountDismissDelegate? + var secretsProvider: SecretsProvider! + override func viewDidLoad() { super.viewDidLoad() setupFooter() @@ -120,7 +122,7 @@ class FeedbinAccountViewController: UITableViewController { setNavigationEnabled(to: false) let credentials = Credentials(type: .basic, username: trimmedEmail, secret: password) - Account.validateCredentials(type: .feedbin, credentials: credentials) { result in + Account.validateCredentials(type: .feedbin, credentials: credentials, secretsProvider: secretsProvider) { result in self.toggleActivityIndicatorAnimation(visible: false) self.setNavigationEnabled(to: true) diff --git a/iOS/Account/NewsBlurAccountViewController.swift b/iOS/Account/NewsBlurAccountViewController.swift index 8df0adfa9..baa6abda7 100644 --- a/iOS/Account/NewsBlurAccountViewController.swift +++ b/iOS/Account/NewsBlurAccountViewController.swift @@ -29,7 +29,7 @@ class NewsBlurAccountViewController: UITableViewController { weak var account: Account? weak var delegate: AddAccountDismissDelegate? - + override func viewDidLoad() { super.viewDidLoad() setupFooter() @@ -105,7 +105,7 @@ class NewsBlurAccountViewController: UITableViewController { disableNavigation() let basicCredentials = Credentials(type: .newsBlurBasic, username: trimmedUsername, secret: password) - Account.validateCredentials(type: .newsBlur, credentials: basicCredentials) { result in + Account.validateCredentials(type: .newsBlur, credentials: basicCredentials, secretsProvider: Secrets()) { result in self.stopAnimatingActivityIndicator() self.enableNavigation() @@ -147,7 +147,6 @@ class NewsBlurAccountViewController: UITableViewController { case .failure(let error): self.showError(error.localizedDescription) } - } } diff --git a/iOS/Account/ReaderAPIAccountViewController.swift b/iOS/Account/ReaderAPIAccountViewController.swift index 27fb1cc8d..d8fdd9ade 100644 --- a/iOS/Account/ReaderAPIAccountViewController.swift +++ b/iOS/Account/ReaderAPIAccountViewController.swift @@ -157,7 +157,7 @@ class ReaderAPIAccountViewController: UITableViewController { disableNavigation() let credentials = Credentials(type: .readerBasic, username: trimmedUsername, secret: password) - Account.validateCredentials(type: type, credentials: credentials, endpoint: url) { result in + Account.validateCredentials(type: type, credentials: credentials, endpoint: url, secretsProvider: Secrets()) { result in self.stopAnimatingActivityIndicator() self.enableNavigation() @@ -199,7 +199,6 @@ class ReaderAPIAccountViewController: UITableViewController { case .failure(let error): self.showError(error.localizedDescription) } - } } diff --git a/iOS/AppDelegate.swift b/iOS/AppDelegate.swift index f76fefaa2..0ab401f19 100644 --- a/iOS/AppDelegate.swift +++ b/iOS/AppDelegate.swift @@ -58,16 +58,17 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD var isSyncArticleStatusRunning = false var isWaitingForSyncTasks = false + private var secretsProvider = Secrets() + override init() { super.init() appDelegate = self - SecretsManager.provider = Secrets() let documentFolder = FileManager.default.urls(for: .documentDirectory, in: .userDomainMask).first! let documentAccountsFolder = documentFolder.appendingPathComponent("Accounts").absoluteString let documentAccountsFolderPath = String(documentAccountsFolder.suffix(from: documentAccountsFolder.index(documentAccountsFolder.startIndex, offsetBy: 7))) - AccountManager.shared = AccountManager(accountsFolder: documentAccountsFolderPath) - + AccountManager.shared = AccountManager(accountsFolder: documentAccountsFolderPath, secretsProvider: secretsProvider) + let documentThemesFolder = documentFolder.appendingPathComponent("Themes").absoluteString let documentThemesFolderPath = String(documentThemesFolder.suffix(from: documentAccountsFolder.index(documentThemesFolder.startIndex, offsetBy: 7))) ArticleThemesManager.shared = ArticleThemesManager(folderPath: documentThemesFolderPath) diff --git a/iOS/Article/WebViewController.swift b/iOS/Article/WebViewController.swift index d19bbbe3c..595d6ba9e 100644 --- a/iOS/Article/WebViewController.swift +++ b/iOS/Article/WebViewController.swift @@ -657,7 +657,7 @@ private extension WebViewController { func startArticleExtractor() { guard articleExtractor == nil else { return } - if let link = article?.preferredLink, let extractor = ArticleExtractor(link) { + if let link = article?.preferredLink, let extractor = ArticleExtractor(link, secretsProvider: Secrets()) { extractor.delegate = self extractor.process() articleExtractor = extractor diff --git a/iOS/Settings/AddAccountViewController.swift b/iOS/Settings/AddAccountViewController.swift index 8f0e92e44..2998b0684 100644 --- a/iOS/Settings/AddAccountViewController.swift +++ b/iOS/Settings/AddAccountViewController.swift @@ -197,7 +197,7 @@ class AddAccountViewController: UITableViewController, AddAccountDismissDelegate addViewController.delegate = self present(navController, animated: true) case .feedly: - let addAccount = OAuthAccountAuthorizationOperation(accountType: .feedly) + let addAccount = OAuthAccountAuthorizationOperation(accountType: .feedly, secretsProvider: Secrets()) addAccount.delegate = self addAccount.presentationAnchor = self.view.window! MainThreadOperationQueue.shared.add(addAccount)