Move secrets into Keychain

APNSAttachmentService/NotificationService.swift

@@ -8,15 +8,13 @@
 
 import UserNotifications
 import MobileCoreServices
+import KeychainAccess
 
 final class NotificationService: UNNotificationServiceExtension {
 
     private var contentHandler: ((UNNotificationContent) -> Void)?
     private var bestAttemptContent: UNMutableNotificationContent?
 
-    private var baseURL: String = ""
-    private var apiPassword: String = ""
-
     // swiftlint:disable cyclomatic_complexity
     // swiftlint:disable function_body_length
     override func didReceive(_ request: UNNotificationRequest,
@@ -26,18 +24,18 @@ final class NotificationService: UNNotificationServiceExtension {
         self.contentHandler = contentHandler
         bestAttemptContent = (request.content.mutableCopy() as? UNMutableNotificationContent)
 
-        let prefs = UserDefaults(suiteName: "group.io.robbie.homeassistant")!
-        if let url = prefs.string(forKey: "baseURL") {
-            baseURL = url
-        }
-        if let pass = prefs.string(forKey: "apiPassword") {
-            apiPassword = pass
-        }
-
         func failEarly() {
             contentHandler(request.content)
         }
 
+        let keychain = Keychain(service: "io.robbie.homeassistant")
+        guard let baseURL = keychain["baseURL"] else {
+            return failEarly()
+        }
+        guard let apiPassword = keychain["apiPassword"] else {
+            return failEarly()
+        }
+
         guard let content = (request.content.mutableCopy() as? UNMutableNotificationContent) else {
             return failEarly()
         }

HomeAssistant.xcodeproj/project.pbxproj

@@ -7,6 +7,7 @@
 	objects = {
 
 /* Begin PBXBuildFile section */
+		474AA46EC65ABB974EFC74A4 /* Pods-APNSAttachmentService-metadata.plist in Resources */ = {isa = PBXBuildFile; fileRef = 3B8A292E4944AD7D9EBC2B14 /* Pods-APNSAttachmentService-metadata.plist */; };
 		5487B2333FBD80B7ED0CFD47 /* Pods-NotificationContentExtension-metadata.plist in Resources */ = {isa = PBXBuildFile; fileRef = 93F0B444A811A0269A540879 /* Pods-NotificationContentExtension-metadata.plist */; };
 		81F6A23C9F9F3ED89E445E90 /* Pods_NotificationContentExtension.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 141825DF3D525694F6F38A6C /* Pods_NotificationContentExtension.framework */; };
 		8A8D77622C1E7600D10BE8A4 /* Pods_HomeAssistant.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 352613F4CF40158FA40BF5D3 /* Pods_HomeAssistant.framework */; };
@@ -212,6 +213,7 @@
 		B6F7004A1CB34FA600753BAB /* GroupViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = B6F700491CB34FA600753BAB /* GroupViewController.swift */; };
 		B6F700521CB374F700753BAB /* RootTabBarViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = B6F700511CB374F700753BAB /* RootTabBarViewController.swift */; };
 		B6FBE3971D46A4E500EE0E36 /* Beacons.swift in Sources */ = {isa = PBXBuildFile; fileRef = B6FBE3961D46A4E500EE0E36 /* Beacons.swift */; };
+		CE969D82133AF9F6FC377A1C /* Pods_APNSAttachmentService.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5F9E760F9E79B22B21B67B57 /* Pods_APNSAttachmentService.framework */; };
 		F88F0593CC7882D233B611E3 /* Pods_HomeAssistantUITests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 923F8D630AC5BA0C36905E8A /* Pods_HomeAssistantUITests.framework */; };
 /* End PBXBuildFile section */
 
@@ -267,9 +269,13 @@
 		34C5CC8974502E3DE3BB68B0 /* Pods-HomeAssistant-metadata.plist */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.plist.xml; name = "Pods-HomeAssistant-metadata.plist"; path = "Pods/Pods-HomeAssistant-metadata.plist"; sourceTree = "<group>"; };
 		352613F4CF40158FA40BF5D3 /* Pods_HomeAssistant.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_HomeAssistant.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		366FD7D1C50AFCED407FEBB6 /* Pods-HomeAssistant.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-HomeAssistant.release.xcconfig"; path = "Pods/Target Support Files/Pods-HomeAssistant/Pods-HomeAssistant.release.xcconfig"; sourceTree = "<group>"; };
+		3B8A292E4944AD7D9EBC2B14 /* Pods-APNSAttachmentService-metadata.plist */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.plist.xml; name = "Pods-APNSAttachmentService-metadata.plist"; path = "Pods/Pods-APNSAttachmentService-metadata.plist"; sourceTree = "<group>"; };
 		50EA5FF6155A1CAA7A186D73 /* Pods_HomeAssistantTests.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_HomeAssistantTests.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		59FBFE4425DE1869FC57C7AC /* Pods-APNSAttachmentService.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-APNSAttachmentService.release.xcconfig"; path = "Pods/Target Support Files/Pods-APNSAttachmentService/Pods-APNSAttachmentService.release.xcconfig"; sourceTree = "<group>"; };
+		5F9E760F9E79B22B21B67B57 /* Pods_APNSAttachmentService.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_APNSAttachmentService.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		6176DB9F5F90397A15B2D929 /* Pods-HomeAssistantTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-HomeAssistantTests.release.xcconfig"; path = "Pods/Target Support Files/Pods-HomeAssistantTests/Pods-HomeAssistantTests.release.xcconfig"; sourceTree = "<group>"; };
 		6410E5092616A0DD9241A91D /* Pods-HomeAssistant.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-HomeAssistant.debug.xcconfig"; path = "Pods/Target Support Files/Pods-HomeAssistant/Pods-HomeAssistant.debug.xcconfig"; sourceTree = "<group>"; };
+		76DAC3D4A57C268C960DC06F /* Pods-APNSAttachmentService.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-APNSAttachmentService.debug.xcconfig"; path = "Pods/Target Support Files/Pods-APNSAttachmentService/Pods-APNSAttachmentService.debug.xcconfig"; sourceTree = "<group>"; };
 		86B81352B1184CB193CED943 /* Pods-NotificationContentExtension.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-NotificationContentExtension.debug.xcconfig"; path = "Pods/Target Support Files/Pods-NotificationContentExtension/Pods-NotificationContentExtension.debug.xcconfig"; sourceTree = "<group>"; };
 		923F8D630AC5BA0C36905E8A /* Pods_HomeAssistantUITests.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_HomeAssistantUITests.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		93F0B444A811A0269A540879 /* Pods-NotificationContentExtension-metadata.plist */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.plist.xml; name = "Pods-NotificationContentExtension-metadata.plist"; path = "Pods/Pods-NotificationContentExtension-metadata.plist"; sourceTree = "<group>"; };
@@ -531,6 +537,7 @@
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				CE969D82133AF9F6FC377A1C /* Pods_APNSAttachmentService.framework in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -547,6 +554,7 @@
 				B627CB081D83C87B0057173E /* UserNotifications.framework */,
 				B627CB0A1D83C87B0057173E /* UserNotificationsUI.framework */,
 				141825DF3D525694F6F38A6C /* Pods_NotificationContentExtension.framework */,
+				5F9E760F9E79B22B21B67B57 /* Pods_APNSAttachmentService.framework */,
 			);
 			name = Frameworks;
 			sourceTree = "<group>";
@@ -564,6 +572,9 @@
 				BA2CF5D1E68D4F13CA129A6D /* Pods-NotificationContentExtension.release.xcconfig */,
 				34C5CC8974502E3DE3BB68B0 /* Pods-HomeAssistant-metadata.plist */,
 				93F0B444A811A0269A540879 /* Pods-NotificationContentExtension-metadata.plist */,
+				76DAC3D4A57C268C960DC06F /* Pods-APNSAttachmentService.debug.xcconfig */,
+				59FBFE4425DE1869FC57C7AC /* Pods-APNSAttachmentService.release.xcconfig */,
+				3B8A292E4944AD7D9EBC2B14 /* Pods-APNSAttachmentService-metadata.plist */,
 			);
 			name = Pods;
 			sourceTree = "<group>";
@@ -1024,9 +1035,11 @@
 			isa = PBXNativeTarget;
 			buildConfigurationList = B6AAD7A91D827DD40090B220 /* Build configuration list for PBXNativeTarget "APNSAttachmentService" */;
 			buildPhases = (
+				110CB92F4F51279FC9948FD0 /* [CP] Check Pods Manifest.lock */,
 				B6AAD79D1D827DD40090B220 /* Sources */,
 				B6AAD79E1D827DD40090B220 /* Frameworks */,
 				B6AAD79F1D827DD40090B220 /* Resources */,
+				E899FB7104B5D2D0A4B40BD5 /* [CP] Copy Pods Resources */,
 			);
 			buildRules = (
 			);
@@ -1071,6 +1084,9 @@
 							com.apple.HomeKit = {
 								enabled = 0;
 							};
+							com.apple.Keychain = {
+								enabled = 0;
+							};
 							com.apple.Maps.iOS = {
 								enabled = 1;
 							};
@@ -1293,12 +1309,28 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				474AA46EC65ABB974EFC74A4 /* Pods-APNSAttachmentService-metadata.plist in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
 /* End PBXResourcesBuildPhase section */
 
 /* Begin PBXShellScriptBuildPhase section */
+		110CB92F4F51279FC9948FD0 /* [CP] Check Pods Manifest.lock */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "[CP] Check Pods Manifest.lock";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "diff \"${PODS_ROOT}/../Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n    # print error to STDERR\n    echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n    exit 1\nfi\n";
+			showEnvVarsInLog = 0;
+		};
 		3A6AA6CAB1A0AAE9B3A4CA83 /* [CP] Check Pods Manifest.lock */ = {
 			isa = PBXShellScriptBuildPhase;
 			buildActionMask = 2147483647;
@@ -1476,6 +1508,21 @@
 			shellScript = "\"${SRCROOT}/Pods/Target Support Files/Pods-HomeAssistantUITests/Pods-HomeAssistantUITests-frameworks.sh\"\n";
 			showEnvVarsInLog = 0;
 		};
+		E899FB7104B5D2D0A4B40BD5 /* [CP] Copy Pods Resources */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			name = "[CP] Copy Pods Resources";
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "\"${SRCROOT}/Pods/Target Support Files/Pods-APNSAttachmentService/Pods-APNSAttachmentService-resources.sh\"\n";
+			showEnvVarsInLog = 0;
+		};
 		EB3BEB157867EEEFE3AFD2F3 /* [CP] Copy Pods Resources */ = {
 			isa = PBXShellScriptBuildPhase;
 			buildActionMask = 2147483647;
@@ -1978,6 +2025,7 @@
 		};
 		B6AAD7AA1D827DD40090B220 /* Debug */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 76DAC3D4A57C268C960DC06F /* Pods-APNSAttachmentService.debug.xcconfig */;
 			buildSettings = {
 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 				CLANG_WARN_SUSPICIOUS_MOVES = YES;
@@ -2000,6 +2048,7 @@
 		};
 		B6AAD7AB1D827DD40090B220 /* Release */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 59FBFE4425DE1869FC57C7AC /* Pods-APNSAttachmentService.release.xcconfig */;
 			buildSettings = {
 				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 				CLANG_WARN_SUSPICIOUS_MOVES = YES;

HomeAssistant/AppDelegate.swift

@@ -30,6 +30,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
     func application(_ application: UIApplication,
                      didFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]? = nil) -> Bool {
         migrateUserDefaultsToAppGroups()
+        migrateSecretsToKeychain()
         Realm.Configuration.defaultConfiguration = realmConfig
         print("Realm file path", Realm.Configuration.defaultConfiguration.fileURL!.path)
         Fabric.with([Crashlytics.self])

HomeAssistant/Utilities/Utils.swift

@@ -9,6 +9,7 @@
 import Foundation
 import FontAwesomeKit
 import Crashlytics
+import KeychainAccess
 
 func getIconForIdentifier(_ iconIdentifier: String, iconWidth: Double, iconHeight: Double, color: UIColor) -> UIImage {
     if let iconCodes = FontAwesomeKit.FAKMaterialDesignIcons.allIcons() as? [String:String] {
@@ -246,6 +247,32 @@ func migrateUserDefaultsToAppGroups() {
 
 }
 
+func migrateSecretsToKeychain() {
+
+    let keychain = Keychain(service: "io.robbie.homeassistant")
+
+    let groupDefaults = UserDefaults(suiteName: "group.io.robbie.homeassistant")
+
+    let didMigrateToKeychain = "DidMigrateSecretsToKeychain"
+
+    if let groupDefaults = groupDefaults {
+        if !groupDefaults.bool(forKey: didMigrateToKeychain) {
+            keychain["baseURL"] = groupDefaults.string(forKey: "baseURL")
+            keychain["apiPassword"] = groupDefaults.string(forKey: "apiPassword")
+            groupDefaults.removeObject(forKey: "baseURL")
+            groupDefaults.removeObject(forKey: "apiPassword")
+            groupDefaults.set(true, forKey: didMigrateToKeychain)
+            groupDefaults.synchronize()
+            print("Successfully migrated secrets to keychain")
+        } else {
+            print("No need to migrate secrets")
+        }
+    } else {
+        print("Unable to create NSUserDefaults with given app group")
+    }
+
+}
+
 func openURLInBrowser(url: String) {
     if let urlToOpen = URL(string: url) {
         if OpenInChromeController.sharedInstance.isChromeInstalled() {

HomeAssistant/Views/RootTabBarViewController.swift

@@ -11,6 +11,7 @@ import MBProgressHUD
 import Whisper
 import ObjectMapper
 import PromiseKit
+import KeychainAccess
 
 class RootTabBarViewController: UITabBarController, UITabBarControllerDelegate {
 
@@ -31,9 +32,10 @@ class RootTabBarViewController: UITabBarController, UITabBarControllerDelegate {
 
     override func viewDidAppear(_ animated: Bool) {
         let hud = MBProgressHUD.showAdded(to: self.view, animated: true)
-        if let baseURL = prefs.string(forKey: "baseURL"), let apiPass = prefs.string(forKey: "apiPassword") {
+        let keychain = Keychain(service: "io.robbie.homeassistant")
+        if let baseURL = keychain["baseURL"], let apiPass = keychain["apiPassword"] {
             firstly {
-                HomeAssistantAPI.sharedInstance.Setup(baseAPIUrl: baseURL, APIPassword: apiPass)
+                HomeAssistantAPI.sharedInstance.Setup(baseURL: baseURL, password: apiPass)
                 }.then {_ in
                     HomeAssistantAPI.sharedInstance.Connect()
                 }.then { _ -> Void in

HomeAssistant/Views/SettingsViewController.swift

@@ -13,12 +13,14 @@ import PromiseKit
 import Crashlytics
 import SafariServices
 import Alamofire
+import KeychainAccess
 
 // swiftlint:disable file_length
 // swiftlint:disable:next type_body_length
 class SettingsViewController: FormViewController {
 
     let prefs = UserDefaults(suiteName: "group.io.robbie.homeassistant")!
+    let keychain = Keychain(service: "io.robbie.homeassistant")
 
     var doneButton: Bool = false
 
@@ -56,17 +58,17 @@ class SettingsViewController: FormViewController {
             self.navigationItem.setRightBarButton(aboutButton, animated: true)
         }
 
-        if let baseURL = prefs.string(forKey: "baseURL") {
+        if let baseURL = keychain["baseURL"] {
             self.baseURL = URL(string: baseURL)!
         }
 
-        if let apiPass = prefs.string(forKey: "apiPassword") {
+        if let apiPass = keychain["apiPassword"] {
             self.password = apiPass
         }
 
         self.configured = (self.baseURL != nil && self.password != nil)
 
-//        checkForEmail()
+        checkForEmail()
 
         if showErrorConnectingMessage {
             let errDesc = (showErrorConnectingMessageError?.localizedDescription)!
@@ -199,8 +201,8 @@ class SettingsViewController: FormViewController {
                         }
                     } else if self.connectStep == 2 {
                         firstly {
-                            HomeAssistantAPI.sharedInstance.Setup(baseAPIUrl: self.baseURL!.absoluteString,
-                                                                  APIPassword: self.password!)
+                            HomeAssistantAPI.sharedInstance.Setup(baseURL: self.baseURL!.absoluteString,
+                                                                  password: self.password!)
                             }.then {_ in
                                 HomeAssistantAPI.sharedInstance.Connect()
                             }.then { config -> Void in
@@ -212,12 +214,11 @@ class SettingsViewController: FormViewController {
                                 row.hidden = true
                                 row.evaluateHidden()
                                 if let url = self.baseURL {
-                                    self.prefs.setValue(url.absoluteString, forKey: "baseURL")
+                                    self.keychain["baseURL"] = url.absoluteString
                                 }
                                 if let password = self.password {
-                                    self.prefs.setValue(password, forKey: "apiPassword")
+                                    self.keychain["apiPassword"] = password
                                 }
-                                self.prefs.synchronize()
                                 self.form.setValues(["locationName": config.LocationName, "version": config.Version])
                                 let locationNameRow: LabelRow = self.form.rowBy(tag: "locationName")!
                                 locationNameRow.updateCell()

NotificationContentExtension/NotificationViewController.swift

@@ -11,6 +11,7 @@ import UserNotifications
 import UserNotificationsUI
 import MapKit
 import MBProgressHUD
+import KeychainAccess
 
 class NotificationViewController: UIViewController, UNNotificationContentExtension {
 
@@ -24,11 +25,11 @@ class NotificationViewController: UIViewController, UNNotificationContentExtensi
         super.viewDidLoad()
         // Do any required interface initialization here.
 
-        let prefs = UserDefaults(suiteName: "group.io.robbie.homeassistant")!
-        if let url = prefs.string(forKey: "baseURL") {
+        let keychain = Keychain(service: "io.robbie.homeassistant")
+        if let url = keychain["baseURL"] {
             baseURL = url
         }
-        if let pass = prefs.string(forKey: "apiPassword") {
+        if let pass = keychain["apiPassword"] {
             urlConfiguration.httpAdditionalHeaders = ["X-HA-Access": pass]
         }
     }

Podfile

@@ -16,6 +16,7 @@ target 'HomeAssistant' do
   pod 'Eureka', :git => 'https://github.com/xmartlabs/Eureka.git', :branch => 'master'
   pod 'Fabric'
   pod 'FontAwesomeKit/MaterialDesignIcons', :git => 'https://github.com/robbiet480/FontAwesomeKit.git', :branch => 'Material-Design-Icons'
+  pod 'KeychainAccess'
   pod 'IKEventSource'
   pod 'MBProgressHUD'
   pod 'ObjectMapper'
@@ -37,7 +38,12 @@ target 'HomeAssistantUITests' do
 
 end
 
+target 'APNSAttachmentService' do
+  pod 'KeychainAccess'
+end
+
 target 'NotificationContentExtension' do
+  pod 'KeychainAccess'
   pod 'MBProgressHUD'
 end