OpenVPN OTP is persisted with the password (#785)

Encode OpenVPN password + OTP in tunnel rather than in the app. Encoding them upfront in the app ends up persisting the profile with the combined password. Update the library with a new OTP field in OpenVPN.Credentials, so that the password encoding is performed [on the fly in the tunnel](https://github.com/passepartoutvpn/passepartoutkit-source/pull/398). Similar to how provider modules are generated. This is likely a regression caused by migrating to NEProfileRepository, because starting a connection causes the profile to be saved to NE with the encoded password. Later, the profile is restored from NE and therefore contains the encoded password.
2024-10-30 17:07:59 +01:00 · 2024-10-30 17:07:59 +01:00 · bb8c760278
parent 9a365703c5
commit bb8c760278
3 changed files with 18 additions and 14 deletions
--- a/Passepartout.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
+++ b/Passepartout.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
@ -41,7 +41,7 @@
      "kind" : "remoteSourceControl",
      "location" : "git@github.com:passepartoutvpn/passepartoutkit-source",
      "state" : {
-        "revision" : "7426954e8ec84e6ddf6c8cd415bfa2c5c7064534"
+        "revision" : "8b4c47f716120fab3f219593cf4ae0e6e2c86677"
      }
    },
    {
--- a/Passepartout/Library/Package.swift
+++ b/Passepartout/Library/Package.swift
@ -36,7 +36,7 @@ let package = Package(
    ],
    dependencies: [
 //        .package(url: "git@github.com:passepartoutvpn/passepartoutkit-source", from: "0.9.0"),
-        .package(url: "git@github.com:passepartoutvpn/passepartoutkit-source", revision: "7426954e8ec84e6ddf6c8cd415bfa2c5c7064534"),
+        .package(url: "git@github.com:passepartoutvpn/passepartoutkit-source", revision: "8b4c47f716120fab3f219593cf4ae0e6e2c86677"),
 //        .package(path: "../../../passepartoutkit-source"),
        .package(url: "git@github.com:passepartoutvpn/passepartoutkit-source-openvpn-openssl", from: "0.9.1"),
 //        .package(url: "git@github.com:passepartoutvpn/passepartoutkit-source-openvpn-openssl", revision: "031863a1cd683962a7dfe68e20b91fa820a1ecce"),
--- a/Passepartout/Library/Sources/AppUIMain/Views/Modules/OpenVPNView+Credentials.swift
+++ b/Passepartout/Library/Sources/AppUIMain/Views/Modules/OpenVPNView+Credentials.swift
@ -25,6 +25,7 @@

 import PassepartoutKit
 import SwiftUI
+import UtilsLibrary

 extension OpenVPNView {
    struct CredentialsView: View {
@ -43,9 +44,6 @@ extension OpenVPNView {
        @State
        private var builder = OpenVPN.Credentials.Builder()

-        @State
-        private var otp = ""
-
        @State
        private var paywallReason: PaywallReason?

@ -60,16 +58,17 @@ extension OpenVPNView {
            .navigationTitle(Strings.Modules.Openvpn.credentials)
            .onLoad {
                builder = credentials?.builder() ?? OpenVPN.Credentials.Builder()
+                builder.otp = nil
            }
            .onChange(of: builder) {
-                if isEligibleForInteractiveLogin, isAuthenticating {
-                    credentials = $0.buildForAuthentication(otp: otp)
+                var copy = $0
+                if isEligibleForInteractiveLogin {
+                    copy.otp = copy.otp?.nilIfEmpty
                } else {
-                    credentials = $0.build()
+                    copy.otpMethod = .none
+                    copy.otp = nil
                }
-            }
-            .onChange(of: otp) {
-                credentials = builder.buildForAuthentication(otp: $0)
+                credentials = copy.build()
            }
            .modifier(PaywallModifier(reason: $paywallReason))
        }
@ -135,8 +134,12 @@ private extension OpenVPNView.CredentialsView {
            ThemeSecureField(title: Strings.Global.password, text: $builder.password, placeholder: Strings.Placeholders.secret)
                .textContentType(.password)

-            if isEligibleForInteractiveLogin, isAuthenticating && builder.otpMethod != .none {
-                ThemeSecureField(title: Strings.Unlocalized.otp, text: $otp, placeholder: Strings.Placeholders.secret)
+            if isEligibleForInteractiveLogin, isAuthenticating, builder.otpMethod != .none {
+                ThemeSecureField(
+                    title: Strings.Unlocalized.otp,
+                    text: $builder.otp ?? "",
+                    placeholder: Strings.Placeholders.secret
+                )
                .textContentType(.oneTimeCode)
            }
        }
@ -146,6 +149,7 @@ private extension OpenVPNView.CredentialsView {
    var inputFooter: String? {
        if isAuthenticating {
            return builder.otpMethod.localizedDescription(style: .approachDescription)
+                .nilIfEmpty
        }
        return nil
    }