Merge branch 'release/1.6.0-alpha3' into main

Author: tobihagemann

.github/workflows/build.yml

@@ -16,6 +16,11 @@ jobs:
           key: ${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}
           restore-keys: |
             ${{ runner.os }}-spm-
+      - name: Run process.sh script
+        run: |
+          ./Scripts/process.sh --fail-on-errors
+          failed=$?
+          exit $failed
       - name: Create CloudAccessSecrets
         run: ./create-cloud-access-secrets-file.sh
         env:

.swiftformat

@@ -1,3 +1,5 @@
+--minversion 0.47.10
+
 # format options
 
 --commas inline

CloudAccessPrivate/.swiftpm/xcode/xcshareddata/xcschemes/CloudAccessPrivateCore.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1220"
+   LastUpgradeVersion = "1240"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"

CloudAccessPrivate/Package.swift

@@ -1,5 +1,4 @@
 // swift-tools-version:5.1
-// The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
 
@@ -10,7 +9,6 @@ let package = Package(
 		.macOS(.v10_12)
 	],
 	products: [
-		// Products define the executables and libraries a package produces, and make them visible to other packages.
 		.library(
 			name: "CloudAccessPrivate",
 			targets: ["CloudAccessPrivate"]
@@ -21,18 +19,15 @@ let package = Package(
 		)
 	],
 	dependencies: [
-		// Dependencies declare other packages that this package depends on.
-		.package(url: "https://github.com/google/GTMAppAuth.git", .upToNextMinor(from: "1.1.0")),
 		.package(url: "https://github.com/openid/AppAuth-iOS.git", .upToNextMinor(from: "1.4.0")),
-		.package(url: "https://github.com/cryptomator/cloud-access-swift.git", .upToNextMinor(from: "0.9.1")),
+		.package(url: "https://github.com/cryptomator/cloud-access-swift.git", .upToNextMinor(from: "0.11.0")),
+		.package(url: "https://github.com/CocoaLumberjack/CocoaLumberjack.git", .upToNextMinor(from: "3.7.0")),
 		.package(url: "https://github.com/phil1995/dropbox-sdk-obj-c.git", .branch("main")),
 		.package(url: "https://github.com/google/google-api-objectivec-client-for-rest.git", .upToNextMinor(from: "1.4.3")),
-		.package(url: "https://github.com/CocoaLumberjack/CocoaLumberjack.git", .upToNextMinor(from: "3.7.0"))
-
+		.package(url: "https://github.com/google/GTMAppAuth.git", .upToNextMinor(from: "1.1.0")),
+		.package(url: "https://github.com/google/gtm-session-fetcher.git", .upToNextMinor(from: "1.4.0"))
 	],
 	targets: [
-		// Targets are the basic building blocks of a package. A target can define a module or a test suite.
-		// Targets can depend on other targets in this package, and on products in packages this package depends on.
 		.target(
 			name: "CloudAccessPrivate",
 			dependencies: [
@@ -47,6 +42,7 @@ let package = Package(
 				"CryptomatorCloudAccess",
 				"GoogleAPIClientForREST_Drive",
 				"GTMAppAuth",
+				"GTMSessionFetcher",
 				"ObjectiveDropboxOfficial"
 			]
 		),

CloudAccessPrivate/Sources/CloudAccessPrivateCore/CryptomatorDatabase.swift

@@ -29,14 +29,15 @@ public class CryptomatorDatabase {
 
 	private static var migrator: DatabaseMigrator {
 		var migrator = DatabaseMigrator()
+
 		migrator.registerMigration("v1") { db in
 			try db.create(table: "cloudProviderAccounts") { table in
 				table.column("accountUID", .text).primaryKey()
 				table.column("cloudProviderType", .text).notNull()
 			}
 			try db.create(table: "vaultAccounts") { table in
 				table.column("vaultUID", .text).primaryKey()
-				table.column("delegateAccountUID", .text).notNull()
+				table.column("delegateAccountUID", .text).notNull().references("cloudProviderAccounts")
 				table.column("vaultPath", .text).notNull()
 				table.column("lastUpToDateCheck", .date).notNull()
 			}

CloudAccessPrivate/Sources/CloudAccessPrivateCore/Manager/CloudProviderAccountManager.swift

@@ -13,7 +13,7 @@ public struct CloudProviderAccount: Decodable, FetchableRecord, TableRecord {
 	static let accountUIDKey = "accountUID"
 	static let cloudProviderTypeKey = "cloudProviderType"
 	public let accountUID: String
-	let cloudProviderType: CloudProviderType
+	public let cloudProviderType: CloudProviderType
 
 	public init(accountUID: String, cloudProviderType: CloudProviderType) {
 		self.accountUID = accountUID

CloudAccessPrivate/Sources/CloudAccessPrivateCore/Manager/VaultAccountManager.swift

@@ -15,11 +15,13 @@ public struct VaultAccount: Decodable, FetchableRecord, TableRecord {
 	static let delegateAccountUIDKey = "delegateAccountUID"
 	static let vaultPathKey = "vaultPath"
 	static let lastUpToDateCheckKey = "lastUpToDateCheck"
-	let vaultUID: String
+	public let vaultUID: String
 	let delegateAccountUID: String
 	public let vaultPath: CloudPath
 	let lastUpToDateCheck: Date
 
+	public static let delegateAccount = belongsTo(CloudProviderAccount.self)
+
 	public init(vaultUID: String, delegateAccountUID: String, vaultPath: CloudPath, lastUpToDateCheck: Date = Date()) {
 		self.vaultUID = vaultUID
 		self.delegateAccountUID = delegateAccountUID
@@ -69,7 +71,7 @@ public class VaultAccountManager {
 		return account
 	}
 
-	public func getAllAccounts() throws -> [VaultAccount] {
+	func getAllAccounts() throws -> [VaultAccount] {
 		try dbPool.read { db in
 			try VaultAccount.fetchAll(db)
 		}

CloudAccessPrivate/Sources/CloudAccessPrivateCore/Manager/VaultManager.swift

@@ -51,6 +51,7 @@ public class VaultManager {
 			guard VaultManager.cachedDecorators[vaultUID] == nil else {
 				throw VaultManagerError.vaultAlreadyExists
 			}
+			let vaultVersion = 7
 			let masterkey = try Masterkey.createNew()
 			let cryptor = Cryptor(masterkey: masterkey)
 			let delegate = try providerManager.getProvider(with: delegateAccountUID)
@@ -60,7 +61,7 @@ public class VaultManager {
 				let tmpDirURL = URL(fileURLWithPath: NSTemporaryDirectory(), isDirectory: true).appendingPathComponent(UUID().uuidString, isDirectory: true)
 				try FileManager.default.createDirectory(at: tmpDirURL, withIntermediateDirectories: true)
 				let localMasterkeyURL = tmpDirURL.appendingPathComponent(UUID().uuidString, isDirectory: false)
-				let masterkeyData = try self.exportMasterkey(masterkey, password: password)
+				let masterkeyData = try self.exportMasterkey(masterkey, vaultVersion: vaultVersion, password: password)
 				try masterkeyData.write(to: localMasterkeyURL)
 				let masterkeyCloudPath = vaultPath.appendingPathComponent("masterkey.cryptomator")
 				return delegate.uploadFile(from: localMasterkeyURL, to: masterkeyCloudPath, replaceExisting: false)
@@ -76,8 +77,10 @@ public class VaultManager {
 				let shorteningDecorator = try VaultFormat7ShorteningProviderDecorator(delegate: decorator, vaultPath: vaultPath)
 				let account = VaultAccount(vaultUID: vaultUID, delegateAccountUID: delegateAccountUID, vaultPath: vaultPath, lastUpToDateCheck: Date())
 				try self.vaultAccountManager.saveNewAccount(account)
-				try self.saveFileProviderConformMasterkeyToKeychain(masterkey, forVaultUID: vaultUID, password: password, storePasswordInKeychain: storePasswordInKeychain)
+				try self.saveFileProviderConformMasterkeyToKeychain(masterkey, forVaultUID: vaultUID, vaultVersion: vaultVersion, password: password, storePasswordInKeychain: storePasswordInKeychain)
 				VaultManager.cachedDecorators[vaultUID] = shorteningDecorator
+			}.then {
+				self.addFileProviderDomain(forVaultUID: vaultUID, vaultPath: vaultPath)
 			}
 		} catch {
 			return Promise(error)
@@ -102,19 +105,20 @@ public class VaultManager {
 	 */
 	public func manualUnlockVault(withUID vaultUID: String, password: String) throws -> CloudProvider {
 		let keychainEntry = try getVaultFromKeychain(forVaultUID: vaultUID)
-		let masterkey = try Masterkey.createFromMasterkeyFile(jsonData: keychainEntry.masterkeyData, password: password)
-		return try createVaultDecorator(from: masterkey, vaultUID: vaultUID)
+		let masterkeyFile = try MasterkeyFile.withContentFromData(data: keychainEntry.masterkeyData)
+		let masterkey = try masterkeyFile.unlock(passphrase: password)
+		return try createVaultDecorator(from: masterkey, vaultUID: vaultUID, vaultVersion: masterkeyFile.version)
 	}
 
-	func createVaultDecorator(from masterkey: Masterkey, vaultUID: String) throws -> CloudProvider {
+	func createVaultDecorator(from masterkey: Masterkey, vaultUID: String, vaultVersion: Int) throws -> CloudProvider {
 		let vaultAccount = try vaultAccountManager.getAccount(with: vaultUID)
 		let delegate = try providerManager.getProvider(with: vaultAccount.delegateAccountUID)
-		return try createVaultDecorator(from: masterkey, delegate: delegate, vaultPath: vaultAccount.vaultPath, vaultUID: vaultUID)
+		return try createVaultDecorator(from: masterkey, delegate: delegate, vaultPath: vaultAccount.vaultPath, vaultUID: vaultUID, vaultVersion: vaultVersion)
 	}
 
-	func createVaultDecorator(from masterkey: Masterkey, delegate: CloudProvider, vaultPath: CloudPath, vaultUID: String) throws -> CloudProvider {
+	func createVaultDecorator(from masterkey: Masterkey, delegate: CloudProvider, vaultPath: CloudPath, vaultUID: String, vaultVersion: Int) throws -> CloudProvider {
 		let cryptor = Cryptor(masterkey: masterkey)
-		switch masterkey.version {
+		switch vaultVersion {
 		case 7:
 			let decorator = try VaultFormat7ProviderDecorator(delegate: delegate, vaultPath: vaultPath, cryptor: cryptor)
 			let shorteningDecorator = try VaultFormat7ShorteningProviderDecorator(delegate: decorator, vaultPath: vaultPath)
@@ -140,8 +144,9 @@ public class VaultManager {
 		guard let password = vault.password else {
 			throw VaultManagerError.passwordNotInKeychain
 		}
-		let masterkey = try Masterkey.createFromMasterkeyFile(jsonData: vault.masterkeyData, password: password)
-		return try createVaultDecorator(from: masterkey, vaultUID: vaultUID)
+		let masterkeyFile = try MasterkeyFile.withContentFromData(data: vault.masterkeyData)
+		let masterkey = try masterkeyFile.unlock(passphrase: password)
+		return try createVaultDecorator(from: masterkey, vaultUID: vaultUID, vaultVersion: masterkeyFile.version)
 	}
 
 	/**
@@ -161,12 +166,15 @@ public class VaultManager {
 			let tmpDirURL = FileManager.default.temporaryDirectory
 			let localMasterkeyURL = tmpDirURL.appendingPathComponent(UUID().uuidString, isDirectory: false)
 			return delegate.downloadFile(from: masterkeyPath, to: localMasterkeyURL).then {
-				let masterkey = try Masterkey.createFromMasterkeyFile(fileURL: localMasterkeyURL, password: password)
+				let masterkeyFile = try MasterkeyFile.withContentFromURL(url: localMasterkeyURL)
+				let masterkey = try masterkeyFile.unlock(passphrase: password)
 				let vaultPath = self.getVaultPath(from: masterkeyPath)
-				_ = try self.createVaultDecorator(from: masterkey, delegate: delegate, vaultPath: vaultPath, vaultUID: vaultUID)
+				_ = try self.createVaultDecorator(from: masterkey, delegate: delegate, vaultPath: vaultPath, vaultUID: vaultUID, vaultVersion: masterkeyFile.version)
 				let vaultAccount = VaultAccount(vaultUID: vaultUID, delegateAccountUID: delegateAccountUID, vaultPath: vaultPath, lastUpToDateCheck: Date())
-				try self.saveFileProviderConformMasterkeyToKeychain(masterkey, forVaultUID: vaultUID, password: password, storePasswordInKeychain: storePasswordInKeychain)
+				try self.saveFileProviderConformMasterkeyToKeychain(masterkey, forVaultUID: vaultUID, vaultVersion: masterkeyFile.version, password: password, storePasswordInKeychain: storePasswordInKeychain)
 				try self.vaultAccountManager.saveNewAccount(vaultAccount)
+			}.then {
+				self.addFileProviderDomain(forVaultUID: vaultUID, vaultPath: self.getVaultPath(from: masterkeyPath))
 			}
 		} catch {
 			VaultManager.cachedDecorators[vaultUID] = nil
@@ -220,8 +228,8 @@ public class VaultManager {
 	/**
 	 - Postcondition: The masterkey is stored in the keychain with a ScryptCostParameter, which allows the usage in the FileProviderExtension (15mb Memory Limit). Additionally: storePasswordInKeychain <=> the password for the masterkey is also stored in the keychain.
 	 */
-	func saveFileProviderConformMasterkeyToKeychain(_ masterkey: Masterkey, forVaultUID vaultUID: String, password: String, storePasswordInKeychain: Bool) throws {
-		let masterkeyDataForFileProvider = try masterkey.exportEncrypted(password: password, pepper: [UInt8](), scryptCostParam: VaultManager.scryptCostParamForFileProvider)
+	func saveFileProviderConformMasterkeyToKeychain(_ masterkey: Masterkey, forVaultUID vaultUID: String, vaultVersion: Int, password: String, storePasswordInKeychain: Bool) throws {
+		let masterkeyDataForFileProvider = try MasterkeyFile.lock(masterkey: masterkey, vaultVersion: vaultVersion, passphrase: password, pepper: [UInt8](), scryptCostParam: VaultManager.scryptCostParamForFileProvider)
 		let keychainEntry = VaultKeychainEntry(masterkeyData: masterkeyDataForFileProvider, password: storePasswordInKeychain ? password : nil)
 		let jsonEnccoder = JSONEncoder()
 		let encodedEntry = try jsonEnccoder.encode(keychainEntry)
@@ -239,8 +247,8 @@ public class VaultManager {
 		return masterkeyPath.deletingLastPathComponent()
 	}
 
-	func exportMasterkey(_ masterkey: Masterkey, password: String) throws -> Data {
-		return try masterkey.exportEncrypted(password: password)
+	func exportMasterkey(_ masterkey: Masterkey, vaultVersion: Int, password: String) throws -> Data {
+		return try MasterkeyFile.lock(masterkey: masterkey, vaultVersion: vaultVersion, passphrase: password)
 	}
 
 	func removeFileProviderDomain(withVaultUID vaultUID: String) -> Promise<Void> {
@@ -254,6 +262,12 @@ public class VaultManager {
 			NSFileProviderManager.remove(domainForVault)
 		}
 	}
+
+	func addFileProviderDomain(forVaultUID vaultUID: String, vaultPath: CloudPath) -> Promise<Void> {
+		let identifier = NSFileProviderDomainIdentifier(vaultUID)
+		let domain = NSFileProviderDomain(identifier: identifier, displayName: vaultPath.lastPathComponent, pathRelativeToDocumentStorage: vaultUID)
+		return NSFileProviderManager.add(domain)
+	}
 }
 
 extension NSFileProviderManager {
@@ -280,4 +294,16 @@ extension NSFileProviderManager {
 			}
 		}
 	}
+
+	class func add(_ domain: NSFileProviderDomain) -> Promise<Void> {
+		return Promise<Void> { fulfill, reject in
+			NSFileProviderManager.add(domain) { error in
+				if let error = error {
+					reject(error)
+				} else {
+					fulfill(())
+				}
+			}
+		}
+	}
 }