macOS: Show privacy notice on adding first tunnel

App store reviewers don't understand that this isn't a service. Revert this as soon as they come to their senses. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-15 01:06:44 +01:00 · 2019-02-15 01:06:44 +01:00 · fcca2d4fec
parent 58181a4d40
commit fcca2d4fec
5 changed files with 47 additions and 8 deletions
--- a/WireGuard/WireGuard.xcodeproj/project.pbxproj
+++ b/WireGuard/WireGuard.xcodeproj/project.pbxproj
@ -43,6 +43,7 @@
 		6B653B86220DE2960050E69C /* NetworkExtension.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 6FF4AC462120B9E0002C96EB /* NetworkExtension.framework */; };
 		6B707D8421F918D4000A8F73 /* TunnelConfiguration+UapiConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6B707D8321F918D4000A8F73 /* TunnelConfiguration+UapiConfig.swift */; };
 		6B707D8621F918D4000A8F73 /* TunnelConfiguration+UapiConfig.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6B707D8321F918D4000A8F73 /* TunnelConfiguration+UapiConfig.swift */; };
+		6BAC16E6221634B300A5FB78 /* AppStorePrivacyNotice.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6BAC16E42216324B00A5FB78 /* AppStorePrivacyNotice.swift */; };
 		6BD5C97B220D1AE200784E08 /* key.c in Sources */ = {isa = PBXBuildFile; fileRef = 6BD5C979220D1AE100784E08 /* key.c */; };
 		6BD5C97C220D1AE200784E08 /* key.c in Sources */ = {isa = PBXBuildFile; fileRef = 6BD5C979220D1AE100784E08 /* key.c */; };
 		6BD5C97D220D1AE200784E08 /* key.c in Sources */ = {isa = PBXBuildFile; fileRef = 6BD5C979220D1AE100784E08 /* key.c */; };
@ -255,6 +256,7 @@
 		6B5C5E26220A48D30024272E /* Keychain.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Keychain.swift; sourceTree = "<group>"; };
 		6B62E45E220A6FA900EF34A6 /* PrivateDataConfirmation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PrivateDataConfirmation.swift; sourceTree = "<group>"; };
 		6B707D8321F918D4000A8F73 /* TunnelConfiguration+UapiConfig.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "TunnelConfiguration+UapiConfig.swift"; sourceTree = "<group>"; };
+		6BAC16E42216324B00A5FB78 /* AppStorePrivacyNotice.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppStorePrivacyNotice.swift; sourceTree = "<group>"; };
 		6BD5C979220D1AE100784E08 /* key.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = key.c; sourceTree = "<group>"; };
 		6BD5C97A220D1AE200784E08 /* key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = key.h; sourceTree = "<group>"; };
 		6F4DD16721DA552B00690EAE /* NSTableView+Reuse.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSTableView+Reuse.swift"; sourceTree = "<group>"; };
@ -561,6 +563,7 @@
 				6F4DD16721DA552B00690EAE /* NSTableView+Reuse.swift */,
 				5F52D0BE21E3788900283CEA /* NSColor+Hex.swift */,
 				6FFACD1E21E4D89600E9A2A5 /* ParseError+WireGuardAppError.swift */,
+				6BAC16E42216324B00A5FB78 /* AppStorePrivacyNotice.swift */,
 			);
 			path = macOS;
 			sourceTree = "<group>";
@ -1156,6 +1159,7 @@
 				6FB1BDCB21D50F1700A991BF /* Curve25519.swift in Sources */,
 				6B586C55220CBA6D00427C51 /* Data+KeyEncoding.swift in Sources */,
 				6F9B582921E8D6D100544D02 /* PopupRow.swift in Sources */,
+				6BAC16E6221634B300A5FB78 /* AppStorePrivacyNotice.swift in Sources */,
 				6FB1BDBB21D50F0200A991BF /* Localizable.strings in Sources */,
 				6FB1BDBC21D50F0200A991BF /* ringlogger.c in Sources */,
 				6FB1BDBD21D50F0200A991BF /* ringlogger.h in Sources */,
--- a/WireGuard/WireGuard/Base.lproj/Localizable.strings
+++ b/WireGuard/WireGuard/Base.lproj/Localizable.strings
@ -333,3 +333,5 @@

 "macAppExitingWithActiveTunnelMessage" = "WireGuard is exiting with an active tunnel";
 "macAppExitingWithActiveTunnelInfo" = "The tunnel will remain active after exiting. You may disable it by reopening this application or through the Network panel in System Preferences.";
+"macPrivacyNoticeMessage" = "Privacy notice: be sure you trust this configuration file";
+"macPrivacyNoticeInfo" = "You will be prompted by the system to allow or disallow adding a VPN configuration. While this application does not send any information to the WireGuard project, information is by design sent to the servers specified inside of the configuration file you have just added, which configures your computer to use those servers as a VPN. Be certain that you trust this configuration before clicking “Allow” in the following dialog.";
--- a/WireGuard/WireGuard/UI/macOS/AppStorePrivacyNotice.swift
+++ b/WireGuard/WireGuard/UI/macOS/AppStorePrivacyNotice.swift
@ -0,0 +1,29 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved.
+
+import Cocoa
+
+class AppStorePrivacyNotice {
+    // The App Store Review Board does not comprehend the fact that this application
+    // is not a service and does not have any servers of its own. They therefore require
+    // us to give a notice regarding collection of user data using our non-existent
+    // servers. This demand is obviously impossible to fulfill, since it doesn't make sense,
+    // but we do our best here to show something in that category.
+    static func show(from sourceVC: NSViewController?, into tunnelsManager: TunnelsManager, _ callback: @escaping () -> Void) {
+        if tunnelsManager.numberOfTunnels() > 0 {
+            callback()
+            return
+        }
+        let alert = NSAlert()
+
+        alert.messageText = tr("macPrivacyNoticeMessage")
+        alert.informativeText = tr("macPrivacyNoticeInfo")
+        alert.alertStyle = NSAlert.Style.warning
+        if let window = sourceVC?.view.window {
+            alert.beginSheetModal(for: window) { _ in callback() }
+        } else {
+            alert.runModal()
+            callback()
+        }
+    }
+}
--- a/WireGuard/WireGuard/UI/macOS/ImportPanelPresenter.swift
+++ b/WireGuard/WireGuard/UI/macOS/ImportPanelPresenter.swift
@ -13,7 +13,9 @@ class ImportPanelPresenter {
            guard let tunnelsManager = tunnelsManager else { return }
            guard response == .OK else { return }
            guard let url = openPanel.url else { return }
-            TunnelImporter.importFromFile(url: url, into: tunnelsManager, sourceVC: sourceVC, errorPresenterType: ErrorPresenter.self)
+            AppStorePrivacyNotice.show(from: sourceVC, into: tunnelsManager) {
+                TunnelImporter.importFromFile(url: url, into: tunnelsManager, sourceVC: sourceVC, errorPresenterType: ErrorPresenter.self)
+            }
        }
    }
 }
--- a/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift
+++ b/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift
@ -219,14 +219,16 @@ class TunnelEditViewController: NSViewController {
            }
        } else {
            // We're creating a new tunnel
-            tunnelsManager.add(tunnelConfiguration: tunnelConfiguration, activateOnDemandSetting: onDemandSetting) { [weak self] result in
-                if let error = result.error {
-                    ErrorPresenter.showErrorAlert(error: error, from: self)
-                    return
+            AppStorePrivacyNotice.show(from: self, into: tunnelsManager) { [weak self] in
+                self?.tunnelsManager.add(tunnelConfiguration: tunnelConfiguration, activateOnDemandSetting: onDemandSetting) { [weak self] result in
+                    if let error = result.error {
+                        ErrorPresenter.showErrorAlert(error: error, from: self)
+                        return
+                    }
+                    let tunnel: TunnelContainer = result.value!
+                    self?.dismiss(self)
+                    self?.delegate?.tunnelSaved(tunnel: tunnel)
                }
-                let tunnel: TunnelContainer = result.value!
-                self?.dismiss(self)
-                self?.delegate?.tunnelSaved(tunnel: tunnel)
            }
        }
    }