Use random IDs to match FCM notifications to accounts

2022-05-03 03:01:18 +03:00 · 2022-05-03 03:01:18 +03:00 · d4e4d9fcde
parent fa75570254
commit d4e4d9fcde
4 changed files with 25 additions and 6 deletions
--- a/mastodon/build.gradle
+++ b/mastodon/build.gradle
@ -9,7 +9,7 @@ android {
 		applicationId "org.joinmastodon.android"
 		minSdk 23
 		targetSdk 31
-		versionCode 34
+		versionCode 35
 		versionName "1.0.4"
 		testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
 	}
--- a/mastodon/src/main/java/org/joinmastodon/android/PushNotificationReceiver.java
+++ b/mastodon/src/main/java/org/joinmastodon/android/PushNotificationReceiver.java
@ -18,6 +18,7 @@ import android.util.Log;
 import org.joinmastodon.android.api.MastodonAPIController;
 import org.joinmastodon.android.api.requests.notifications.GetNotificationByID;
 import org.joinmastodon.android.api.session.AccountSession;
 import org.joinmastodon.android.api.session.AccountSessionManager;
 import org.joinmastodon.android.model.Account;
 import org.joinmastodon.android.model.PushNotification;
@ -52,10 +53,23 @@ public class PushNotificationReceiver extends BroadcastReceiver{
 			String k=intent.getStringExtra("k");
 			String p=intent.getStringExtra("p");
 			String s=intent.getStringExtra("s");
-			String accountID=intent.getStringExtra("x");
+			String pushAccountID=intent.getStringExtra("x");
-			if(!TextUtils.isEmpty(accountID) && !TextUtils.isEmpty(k) && !TextUtils.isEmpty(p) && !TextUtils.isEmpty(s)){
+			if(!TextUtils.isEmpty(pushAccountID) && !TextUtils.isEmpty(k) && !TextUtils.isEmpty(p) && !TextUtils.isEmpty(s)){
 				MastodonAPIController.runInBackground(()->{
 					try{
 						List<AccountSession> accounts=AccountSessionManager.getInstance().getLoggedInAccounts();
 						AccountSession account=null;
 						for(AccountSession acc:accounts){
 							if(pushAccountID.equals(acc.pushAccountID)){
 								account=acc;
 								break;
 							}
 						}
 						if(account==null){
 							Log.w(TAG, "onReceive: account for id '"+pushAccountID+"' not found");
 							return;
 						}
 						String accountID=account.getID();
 						PushNotification pn=AccountSessionManager.getInstance().getAccount(accountID).getPushSubscriptionManager().decryptNotification(k, p, s);
 						new GetNotificationByID(pn.notificationId+"")
 								.setCallback(new Callback<>(){
--- a/mastodon/src/main/java/org/joinmastodon/android/api/PushSubscriptionManager.java
+++ b/mastodon/src/main/java/org/joinmastodon/android/api/PushSubscriptionManager.java
@ -126,7 +126,7 @@ public class PushSubscriptionManager{
 			throw new IllegalStateException("No device push token available");
 		MastodonAPIController.runInBackground(()->{
 			Log.d(TAG, "registerAccountForPush: started for "+accountID);
-			String encodedPublicKey, encodedAuthKey;
+			String encodedPublicKey, encodedAuthKey, pushAccountID;
 			try{
 				KeyPairGenerator generator=KeyPairGenerator.getInstance("EC");
 				ECGenParameterSpec spec=new ECGenParameterSpec(EC_CURVE_NAME);
@ -136,13 +136,17 @@ public class PushSubscriptionManager{
 				privateKey=keyPair.getPrivate();
 				encodedPublicKey=Base64.encodeToString(serializeRawPublicKey(publicKey), Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
 				authKey=new byte[16];
-				new SecureRandom().nextBytes(authKey);
+				SecureRandom secureRandom=new SecureRandom();
 				secureRandom.nextBytes(authKey);
 				byte[] randomAccountID=new byte[16];
 				secureRandom.nextBytes(randomAccountID);
 				AccountSession session=AccountSessionManager.getInstance().tryGetAccount(accountID);
 				if(session==null)
 					return;
 				session.pushPrivateKey=Base64.encodeToString(privateKey.getEncoded(), Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
 				session.pushPublicKey=Base64.encodeToString(publicKey.getEncoded(), Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
 				session.pushAuthKey=encodedAuthKey=Base64.encodeToString(authKey, Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
 				session.pushAccountID=pushAccountID=Base64.encodeToString(randomAccountID, Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
 				AccountSessionManager.getInstance().writeAccountsFile();
 			}catch(NoSuchAlgorithmException|InvalidAlgorithmParameterException e){
 				Log.e(TAG, "registerAccountForPush: error generating encryption key", e);
@ -153,7 +157,7 @@ public class PushSubscriptionManager{
 					encodedAuthKey,
 					subscription==null ? PushSubscription.Alerts.ofAll() : subscription.alerts,
 					subscription==null ? PushSubscription.Policy.ALL : subscription.policy,
-					accountID)
+					pushAccountID)
 					.setCallback(new Callback<>(){
 						@Override
 						public void onSuccess(PushSubscription result){
--- a/mastodon/src/main/java/org/joinmastodon/android/api/session/AccountSession.java
+++ b/mastodon/src/main/java/org/joinmastodon/android/api/session/AccountSession.java
@ -27,6 +27,7 @@ public class AccountSession{
 	public boolean needUpdatePushSettings;
 	public long filtersLastUpdated;
 	public List<Filter> wordFilters=new ArrayList<>();
 	public String pushAccountID;
 	private transient MastodonAPIController apiController;
 	private transient StatusInteractionController statusInteractionController;
 	private transient CacheController cacheController;