Improved stability of Valet migration.

raivo-otp · Jan 29, 2022 · deb00f1 · deb00f1
1 parent 0bd162b
commit deb00f1
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 11 deletions.
diff --git a/Raivo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved b/Raivo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
@@ -78,17 +78,17 @@
         "repositoryURL": "https://github.com/realm/realm-cocoa.git",
         "state": {
           "branch": null,
-          "revision": "39177714b95bb5b1b29fffe28f1c7da77eef8e8b",
-          "version": "10.21.1"
+          "revision": "9dff9f2862240d521ad6ad599541269177ddb993",
+          "version": "10.22.0"
         }
       },
       {
         "package": "RealmDatabase",
         "repositoryURL": "https://github.com/realm/realm-core",
         "state": {
           "branch": null,
-          "revision": "f1976f0d96d9b06fbe0afbd60090b1c3966b1e23",
-          "version": "11.8.0"
+          "revision": "6b81f1a7a2d421f9e0b9e7f04e76bcf736a54409",
+          "version": "11.9.0"
         }
       },
       {

diff --git a/Raivo/Controllers/Load/LoadEntryViewController.swift b/Raivo/Controllers/Load/LoadEntryViewController.swift
@@ -73,7 +73,7 @@ class LoadEntryViewController: UIViewController {
             }
         }, error: { (error, syncerID) in
             DispatchQueue.main.async {
-                log.verbose("Error while getting syncer account")
+                log.verbose("Error while getting syncer account: \(error)")
                 getAppDelegate().syncerAccountIdentifier = nil
                 getAppDelegate().applicationIsLoaded = true
                 getAppDelegate().updateStoryboard(.transitionCrossDissolve)

diff --git a/Raivo/Helpers/StorageHelper.swift b/Raivo/Helpers/StorageHelper.swift
@@ -18,7 +18,7 @@ import Valet
 class StorageHelper {
 
     /// The keys that can be used to get/set values
-    private struct Key {
+    public struct Key {
         static let PASSWORD = "EncryptionPassword"
         static let LOCKSCREEN_TIMEOUT = "LockscreenTimeout"
         static let REALM_FILENAME = "RealmFilename"
@@ -75,6 +75,13 @@ class StorageHelper {
         try globals().removeAllObjects()
         try settings().removeAllObjects()
         try secrets().removeAllObjects()
+
+        // Try to delete literally all items in the keychain, available to the app
+        let secItemClasses = [kSecClassGenericPassword, kSecClassInternetPassword, kSecClassCertificate, kSecClassKey, kSecClassIdentity]
+        for itemClass in secItemClasses {
+            let spec: NSDictionary = [kSecClass: itemClass]
+            SecItemDelete(spec)
+        }
     }
 
     /// Check if the user can access secrets (some sort of biometric unlock should be available)

diff --git a/Raivo/Migrations/MigrationToBuild60.swift b/Raivo/Migrations/MigrationToBuild60.swift
@@ -32,14 +32,22 @@ class MigrationToBuild60: MigrationProtocol {
     /// A migration function that is always called, for all builds, on every startup.
     ///
     /// - Note: Only required when e.g. migrating (keychain) items that are referenced before initialization of the app
-    /// - Note: This migration function should include its own conditionals for when to be executed.
+    /// - Note: This migration function includes its own conditionals for when to be executed.
     func migratePreBoot() {
         do {
-            // Force migration of '.always' Valet items to '.afterFirstUnlock' Valet, throw otherwise.
-            try Valet.valet(with: Identifier(nonEmpty: "settings")!, accessibility: .afterFirstUnlock)
-                .migrateObjectsFromAlwaysAccessibleValet(removeOnCompletion: true)
+            // Try to get one item that should exist in the Keychain (stored with `afterFirstUnlock`) if the migration already ran.
+            let valet = Valet.valet(with: Identifier(nonEmpty: "settings")!, accessibility: .afterFirstUnlock)
+            let realmFilenameInGlobals = (try? valet.string(forKey: StorageHelper.Key.REALM_FILENAME)) ?? ""
+
+            // If it doesn't exist, we should run the migration. We can even do this if this is the first install, as it will have no further effect.
+            if realmFilenameInGlobals.count < 1 {
+                try Valet.valet(with: Identifier(nonEmpty: "settings")!, accessibility: .afterFirstUnlock)
+                    .migrateObjectsFromAlwaysAccessibleValet(removeOnCompletion: true)
+
+                log.info("Migrated Valet from version 3 to version 4")
+            }
         } catch KeychainError.itemNotFound {
-            // No worries, we don't have anything to migrate
+            log.verbose("No items found to migrate during pre-boot Valet migration.")
         } catch {
             log.error("Unexpected pre-boot Valet migration error: \(error).")
         }