aligning recovery code with connect flow

cmonfortep · CDRussell · commit 15f7cb8466b2 · 2025-03-13T14:30:25.000Z
diff --git a/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/SyncAccountRepository.kt b/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/SyncAccountRepository.kt
@@ -33,6 +33,7 @@ import com.duckduckgo.sync.impl.AccountErrorCodes.GENERIC_ERROR
 import com.duckduckgo.sync.impl.AccountErrorCodes.INVALID_CODE
 import com.duckduckgo.sync.impl.AccountErrorCodes.LOGIN_FAILED
 import com.duckduckgo.sync.impl.Result.Error
+import com.duckduckgo.sync.impl.Result.Success
 import com.duckduckgo.sync.impl.pixels.*
 import com.duckduckgo.sync.store.*
 import com.squareup.anvil.annotations.*
@@ -54,10 +55,12 @@ interface SyncAccountRepository {
     fun deleteAccount(): Result<Boolean>
     fun latestToken(): String
     fun getRecoveryCode(): Result<String>
+    fun getInvitationCode(): Result<String>
     fun getThisConnectedDevice(): ConnectedDevice?
     fun getConnectedDevices(): Result<List<ConnectedDevice>>
     fun getConnectQR(): Result<String>
     fun pollConnectionKeys(): Result<Boolean>
+    fun pollSecondDeviceAck(): Result<Boolean>
     fun renameDevice(device: ConnectedDevice): Result<Boolean>
     fun logoutAndJoinNewAccount(stringCode: String): Result<Boolean>
 }
@@ -77,6 +80,9 @@ class AppSyncAccountRepository @Inject constructor(
     private val syncFeature: SyncFeature,
 ) : SyncAccountRepository {
 
+    private var tempPrivateKey: String? = null
+    private var tempPublickKey: String? = null
+
     private val connectedDevicesCached: MutableList<ConnectedDevice> = mutableListOf()
 
     override fun isSyncSupported(): Boolean {
@@ -169,6 +175,17 @@ class AppSyncAccountRepository @Inject constructor(
         return Result.Success(Adapters.recoveryCodeAdapter.toJson(LinkCode(RecoveryCode(primaryKey, userID))).encodeB64())
     }
 
+    override fun getInvitationCode(): Result<String> {
+        Timber.d("InvitationFlow: Generating invitation code")
+
+        val deviceID = syncStore.deviceId ?: return Error(reason = "Get Invitation Code: Not existing device ID").alsoFireAccountErrorPixel()
+        val prepareForConnect = nativeLib.prepareForConnect() // TODO: check if values returned are different or always the same
+        tempPrivateKey = prepareForConnect.secretKey
+        tempPublickKey = prepareForConnect.publicKey
+        val invitationCode = InvitationCode(deviceId = deviceID, publicKey = prepareForConnect.publicKey)
+        return Result.Success(Adapters.invitationCodeAdapter.toJson(invitationCode).encodeB64())
+    }
+
     override fun getConnectQR(): Result<String> {
         val prepareForConnect = kotlin.runCatching {
             nativeLib.prepareForConnect().also {
@@ -234,6 +251,53 @@ class AppSyncAccountRepository @Inject constructor(
         }
     }
 
+    // TODO: review error codes
+    override fun pollSecondDeviceAck(): Result<Boolean> {
+        val deviceId = syncDeviceIds.deviceId()
+
+        val result = syncApi.invitationACK(deviceId)
+        return when (result) {
+            is Error -> {
+                if (result.code == NOT_FOUND.code) { // TODO: check with JP which errors we can receive here.
+                    return Result.Success(false)
+                } else if (result.code == GONE.code) {
+                    return Error(code = CONNECT_FAILED.code, reason = "Connect: keys expired").alsoFireAccountErrorPixel() // TODO: change according to JP errors
+                }
+                result.alsoFireAccountErrorPixel()
+            }
+
+            is Result.Success -> {
+                val sealOpen = kotlin.runCatching {
+                    nativeLib.sealOpen(result.data, tempPrivateKey!!, tempPublickKey!!) // TODO: handle those double bangs
+                }.getOrElse { throwable ->
+                    throwable.asErrorResult().alsoFireAccountErrorPixel()
+                    return Error(code = CONNECT_FAILED.code, reason = "Connect: Error opening seal")
+                }
+                val publicKeyNewDevice = Adapters.ackCodeAdapter.fromJson(sealOpen)?.publicKey
+                    ?: return Error(code = CONNECT_FAILED.code, reason = "Connect: Error reading received recovery code").alsoFireAccountErrorPixel()
+                val deviceId2 = Adapters.ackCodeAdapter.fromJson(sealOpen)?.deviceId
+                    ?: return Error(code = CONNECT_FAILED.code, reason = "Connect: Error reading received recovery code").alsoFireAccountErrorPixel()
+
+                // we encrypt our secrets with publickeynewdevice
+                // we send them to the BE endpoint
+                return sendSecrets(deviceId2, publicKeyNewDevice).onFailure {
+                    return it.copy(code = LOGIN_FAILED.code)
+                }
+            }
+        }
+    }
+
+    private fun sendSecrets(deviceId: String, publicKey: String): Result<Boolean> {
+        val recoveryCode = getRecoveryCode()
+        when (recoveryCode) {
+            is Error -> TODO()
+            is Success -> {
+                val encryptedSecrets = nativeLib.seal(recoveryCode.data, publicKey)
+                return syncApi.sendSecrets(deviceId, encryptedSecrets)
+            }
+        }
+    }
+
     override fun logout(deviceId: String): Result<Boolean> {
         val token = syncStore.token.takeUnless { it.isNullOrEmpty() }
             ?: return Error(reason = "Logout: Token Empty").alsoFireLogoutErrorPixel()
@@ -527,6 +591,9 @@ class AppSyncAccountRepository @Inject constructor(
         companion object {
             private val moshi = Moshi.Builder().build()
             val recoveryCodeAdapter: JsonAdapter<LinkCode> = moshi.adapter(LinkCode::class.java)
+
+            val invitationCodeAdapter: JsonAdapter<InvitationCode> = moshi.adapter(InvitationCode::class.java)
+            val ackCodeAdapter: JsonAdapter<ACKCode> = moshi.adapter(ACKCode::class.java)
         }
     }
 }
@@ -563,6 +630,16 @@ data class LinkCode(
     val connect: ConnectCode? = null,
 )
 
+data class InvitationCode(
+    val deviceId: String,
+    val publicKey: String,
+)
+
+data class ACKCode( // TODO: if this is the same as Invitation, we can remove
+    val deviceId: String,
+    val publicKey: String,
+)
+
 data class RecoveryCode(
     @field:Json(name = "primary_key") val primaryKey: String,
     @field:Json(name = "user_id") val userId: String,
diff --git a/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/SyncService.kt b/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/SyncService.kt
@@ -69,6 +69,17 @@ interface SyncService {
         @Path("device_id") deviceId: String,
     ): Call<ConnectKey>
 
+    @GET("$SYNC_PROD_ENVIRONMENT_URL/sync/connect/{device_id}") // TODO: change url
+    fun invitationACK(
+        @Path("device_id") deviceId: String,
+    ): Call<InvitationACK>
+
+    @GET("$SYNC_PROD_ENVIRONMENT_URL/sync/connect/{device_id}") // TODO: change url and validate is GET or POST
+    fun sendSecret(
+        @Path("device_id") deviceId: String,
+        @Path("secret") secret: String,
+    ): Call<Void>
+
     @PATCH("$SYNC_PROD_ENVIRONMENT_URL/sync/data")
     fun patch(
         @Header("Authorization") token: String,
@@ -130,6 +141,10 @@ data class ConnectKey(
     @field:Json(name = "encrypted_recovery_key") val encryptedRecoveryKey: String,
 )
 
+data class InvitationACK(
+    @field:Json(name = "encrypted_recovery_key") val encryptedACK: String, // TODO: revisit once defined
+)
+
 data class Connect(
     @field:Json(name = "device_id") val deviceId: String,
     @field:Json(name = "encrypted_recovery_key") val encryptedRecoveryKey: String,
diff --git a/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/SyncServiceRemote.kt b/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/SyncServiceRemote.kt
@@ -60,6 +60,15 @@ interface SyncApi {
         deviceId: String,
     ): Result<String>
 
+    fun invitationACK(
+        deviceId: String,
+    ): Result<String>
+
+    fun sendSecrets(
+        deviceId: String,
+        encryptedSecrets: String,
+    ): Result<Boolean>
+
     fun deleteAccount(token: String): Result<Boolean>
 
     fun getDevices(token: String): Result<List<Device>>
@@ -192,6 +201,37 @@ class SyncServiceRemote @Inject constructor(
         }
     }
 
+    override fun invitationACK(deviceId: String): Result<String> {
+        val response = runCatching {
+            val logoutCall = syncService.invitationACK(deviceId)
+            logoutCall.execute()
+        }.getOrElse { throwable ->
+            return Result.Error(reason = throwable.message.toString())
+        }
+
+        return onSuccess(response) {
+            val sealed = response.body()?.encryptedACK.takeUnless { it.isNullOrEmpty() }
+                ?: return@onSuccess Result.Error(reason = "InvitationFlow: empty body")
+            Result.Success(sealed)
+        }
+    }
+
+    override fun sendSecrets(
+        deviceId: String,
+        encryptedSecrets: String,
+    ): Result<Boolean> {
+        val response = runCatching {
+            val sendSecretCall = syncService.sendSecret(deviceId, encryptedSecrets)
+            sendSecretCall.execute()
+        }.getOrElse { throwable ->
+            return Result.Error(reason = throwable.message.toString())
+        }
+
+        return onSuccess(response) {
+            Result.Success(true)
+        }
+    }
+
     override fun deleteAccount(token: String): Result<Boolean> {
         val response = runCatching {
             val deleteAccountCall = syncService.deleteAccount("Bearer $token")
diff --git a/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/ui/SyncWithAnotherActivityViewModel.kt b/sync/sync-impl/src/main/java/com/duckduckgo/sync/impl/ui/SyncWithAnotherActivityViewModel.kt
@@ -37,10 +37,12 @@ import com.duckduckgo.sync.impl.Result.Error
 import com.duckduckgo.sync.impl.Result.Success
 import com.duckduckgo.sync.impl.SyncAccountRepository
 import com.duckduckgo.sync.impl.SyncFeature
+import com.duckduckgo.sync.impl.decodeB64
 import com.duckduckgo.sync.impl.getOrNull
 import com.duckduckgo.sync.impl.onFailure
 import com.duckduckgo.sync.impl.onSuccess
 import com.duckduckgo.sync.impl.pixels.SyncPixels
+import com.duckduckgo.sync.impl.ui.SyncConnectViewModel.Companion.POLLING_INTERVAL
 import com.duckduckgo.sync.impl.ui.SyncWithAnotherActivityViewModel.Command.AskToSwitchAccount
 import com.duckduckgo.sync.impl.ui.SyncWithAnotherActivityViewModel.Command.FinishWithError
 import com.duckduckgo.sync.impl.ui.SyncWithAnotherActivityViewModel.Command.LoginSuccess
@@ -52,12 +54,14 @@ import com.duckduckgo.sync.impl.ui.setup.EnterCodeContract.EnterCodeContractOutp
 import javax.inject.Inject
 import kotlinx.coroutines.channels.BufferOverflow.DROP_OLDEST
 import kotlinx.coroutines.channels.Channel
+import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.onStart
 import kotlinx.coroutines.flow.receiveAsFlow
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
+import timber.log.Timber
 
 @ContributesViewModel(ActivityScope::class)
 class SyncWithAnotherActivityViewModel @Inject constructor(
@@ -73,7 +77,31 @@ class SyncWithAnotherActivityViewModel @Inject constructor(
 
     private val viewState = MutableStateFlow(ViewState())
     fun viewState(): Flow<ViewState> = viewState.onStart {
-        generateQRCode()
+        startInvitationProcess()
+    }
+
+    private fun startInvitationProcess() {
+        viewModelScope.launch(dispatchers.io()) {
+            generateQRCode()
+            var polling = true
+            while (polling) {
+                delay(POLLING_INTERVAL)
+                syncAccountRepository.pollSecondDeviceAck()
+                    .onSuccess { success ->
+                        if (!success) return@onSuccess // continue polling
+                        // syncPixels.fireSignupConnectPixel(source) //TODO: pixel?
+                        command.send(Command.LoginSuccess)
+                        polling = false
+                    }.onFailure {
+                        when (it.code) {
+                            CONNECT_FAILED.code, LOGIN_FAILED.code -> {
+                                command.send(Command.ShowError(string.sync_connect_login_error, it.reason)) // TODO: review error message
+                                polling = false
+                            }
+                        }
+                    }
+            }
+        }
     }
 
     private fun generateQRCode() {
@@ -83,15 +111,29 @@ class SyncWithAnotherActivityViewModel @Inject constructor(
     }
 
     private suspend fun showQRCode() {
-        syncAccountRepository.getRecoveryCode()
-            .onSuccess { connectQR ->
-                val qrBitmap = withContext(dispatchers.io()) {
-                    qrEncoder.encodeAsBitmap(connectQR, dimen.qrSizeSmall, dimen.qrSizeSmall)
+        if (syncFeature.canShowRecoveryCode().isEnabled()) {
+            syncAccountRepository.getRecoveryCode()
+                .onSuccess { connectQR ->
+                    val qrBitmap = withContext(dispatchers.io()) {
+                        Timber.i("cdr QR code generated. ${connectQR.decodeB64()} $connectQR ")
+                        qrEncoder.encodeAsBitmap(connectQR, dimen.qrSizeSmall, dimen.qrSizeSmall)
+                    }
+                    viewState.emit(viewState.value.copy(qrCodeBitmap = qrBitmap))
+                }.onFailure {
+                    command.send(Command.FinishWithError)
                 }
-                viewState.emit(viewState.value.copy(qrCodeBitmap = qrBitmap))
-            }.onFailure {
-                command.send(Command.FinishWithError)
-            }
+        } else {
+            syncAccountRepository.getInvitationCode()
+                .onSuccess { connectQR ->
+                    val qrBitmap = withContext(dispatchers.io()) {
+                        Timber.i("cdr QR code generated. ${connectQR.decodeB64()} $connectQR ")
+                        qrEncoder.encodeAsBitmap(connectQR, dimen.qrSizeSmall, dimen.qrSizeSmall)
+                    }
+                    viewState.emit(viewState.value.copy(qrCodeBitmap = qrBitmap))
+                }.onFailure {
+                    command.send(Command.FinishWithError)
+                }
+        }
     }
 
     fun onErrorDialogDismissed() {
@@ -110,7 +152,7 @@ class SyncWithAnotherActivityViewModel @Inject constructor(
     }
 
     data class ViewState(
-        val qrCodeBitmap: Bitmap? = null,
+        val qrCodeBitmap: Bitmap? = null, // TODO: this can be 2 different codes
     )
 
     sealed class Command {
@@ -157,7 +199,10 @@ class SyncWithAnotherActivityViewModel @Inject constructor(
         }
     }
 
-    private suspend fun emitError(result: Error, qrCode: String) {
+    private suspend fun emitError(
+        result: Error,
+        qrCode: String,
+    ) {
         if (result.code == ALREADY_SIGNED_IN.code && syncFeature.seamlessAccountSwitching().isEnabled()) {
             command.send(AskToSwitchAccount(qrCode))
         } else {
@@ -214,6 +259,7 @@ class SyncWithAnotherActivityViewModel @Inject constructor(
                     syncPixels.fireLoginPixel()
                     command.send(LoginSuccess)
                 }
+
                 EnterCodeContractOutput.SwitchAccountSuccess -> {
                     syncPixels.fireLoginPixel()
                     command.send(SwitchAccountSuccess)
