Merge branch 'release/2.15.1'

TCHAP_CHANGES.md

@@ -1,3 +1,14 @@
+Changes in Tchap 2.15.1 (2024-12-23)
+====================================
+
+Bugfixes 🐛
+----------
+ - Ajout d'une exception pour les requêtes posthog ([#1146](https://github.com/tchapgouv/tchap-android/issues/1146))
+
+Other changes
+-------------
+ - Ajout d'une politique de mot de passe sur l'export manuel des clés. ([#1145](https://github.com/tchapgouv/tchap-android/issues/1145))
+
 Changes in Tchap 2.15.0 (2024-12-16)
 ====================================
 

towncrier.toml

@@ -1,5 +1,5 @@
 [tool.towncrier]
-    version = "2.15.0"
+    version = "2.15.1"
     directory = "changelog.d"
     filename = "TCHAP_CHANGES.md"
     name = "Changes in Tchap"

vector-app/build.gradle

@@ -37,7 +37,7 @@ ext.versionMinor = 15
 // Note: even values are reserved for regular release, odd values for hotfix release.
 // When creating a hotfix, you should decrease the value, since the current value
 // is the value for the next regular release.
-ext.versionPatch = 0
+ext.versionPatch = 1
 
 static def getGitTimestamp() {
     def cmd = 'git show -s --format=%ct'

vector/src/main/java/im/vector/app/features/crypto/keys/KeysExporter.kt

@@ -20,11 +20,19 @@ import android.content.Context
 import android.net.Uri
 import im.vector.app.core.dispatchers.CoroutineDispatchers
 import im.vector.app.core.extensions.safeOpenOutputStream
+import im.vector.app.core.resources.StringProvider
+import im.vector.lib.strings.CommonStrings
 import kotlinx.coroutines.withContext
+import org.matrix.android.sdk.api.auth.AuthenticationService
+import org.matrix.android.sdk.api.extensions.tryOrNull
+import org.matrix.android.sdk.api.failure.Failure
+import org.matrix.android.sdk.api.failure.MatrixError
 import org.matrix.android.sdk.api.session.Session
 import javax.inject.Inject
 
 class KeysExporter @Inject constructor(
+        private val authenticationService: AuthenticationService,
+        private val stringProvider: StringProvider,
         private val session: Session,
         private val context: Context,
         private val dispatchers: CoroutineDispatchers
@@ -34,6 +42,7 @@ class KeysExporter @Inject constructor(
      */
     suspend fun export(password: String, uri: Uri) {
         withContext(dispatchers.io) {
+            checkPasswordPolicy(password)
             val data = session.cryptoService().exportRoomKeys(password)
             context.safeOpenOutputStream(uri)
                     ?.use { it.write(data) }
@@ -56,6 +65,30 @@ class KeysExporter @Inject constructor(
             }
         }
     }
+
+    // TCHAP add policy on the password to export keys
+    private suspend fun checkPasswordPolicy(password: String) {
+        val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(session.sessionParams.homeServerConnectionConfig) }
+        val isValid = passwordPolicy?.let { policy ->
+            val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true
+            val hasDigit = policy.requireDigit == null || password.any { it.isDigit() }
+            val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() }
+            val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() }
+            val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() }
+
+            minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol
+        } ?: true
+
+        if (!isValid) {
+            throw Failure.ServerError(
+                    error = MatrixError(
+                            code = MatrixError.M_WEAK_PASSWORD,
+                            message = stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error)
+                    ),
+                    httpCode = 400
+            )
+        }
+    }
 }
 
 class UnexpectedExportKeysFileSizeException(expectedFileSize: Long, actualFileSize: Long) : IllegalStateException(

vector/src/main/java/im/vector/app/features/onboarding/OnboardingViewModel.kt

@@ -1033,15 +1033,15 @@ class OnboardingViewModel @AssistedInject constructor(
             } else {
                 currentJob = viewModelScope.launch {
                     val passwordPolicy = tryOrNull { authenticationService.getPasswordPolicy(homeServerConnectionConfig) }
-                    val isValid = if (passwordPolicy != null) {
-                        passwordPolicy.minLength?.let { it <= password.length } ?: true &&
-                                passwordPolicy.requireDigit?.let { it && password.any { char -> char.isDigit() } } ?: true &&
-                                passwordPolicy.requireLowercase?.let { it && password.any { char -> char.isLetter() && char.isLowerCase() } } ?: true &&
-                                passwordPolicy.requireUppercase?.let { it && password.any { char -> char.isLetter() && char.isUpperCase() } } ?: true &&
-                                passwordPolicy.requireSymbol?.let { it && password.any { char -> !char.isLetter() && !char.isDigit() } } ?: true
-                    } else {
-                        true
-                    }
+                    val isValid = passwordPolicy?.let { policy ->
+                        val minLengthValid = policy.minLength?.let { minLength -> password.length >= minLength } ?: true
+                        val hasDigit = policy.requireDigit == null || password.any { it.isDigit() }
+                        val hasLowercase = policy.requireLowercase == null || password.any { it.isLowerCase() }
+                        val hasUppercase = policy.requireUppercase == null || password.any { it.isUpperCase() }
+                        val hasSymbol = policy.requireSymbol == null || password.any { !it.isLetterOrDigit() }
+
+                        minLengthValid && hasDigit && hasLowercase && hasUppercase && hasSymbol
+                    } ?: true
 
                     if (!isValid) {
                         _viewEvents.post(OnboardingViewEvents.Failure(Throwable(stringProvider.getString(CommonStrings.tchap_password_weak_pwd_error))))

vector/src/withpinning/res/xml/network_security_config.xml

@@ -13,6 +13,7 @@
     <!-- Allow system certificates for firebase if used. No effect on FDroid variant -->
     <domain-config cleartextTrafficPermitted="false">
         <domain includeSubdomains="false">firebaseinstallations.googleapis.com</domain>
+        <domain includeSubdomains="false">posthogdev.tchap.incubateur.net</domain>
         <trust-anchors>
             <certificates src="system" />
         </trust-anchors>