Push notifications support via UnifiedPush (#2303)

Fixes #793. This is an implementation for push notifications based on UnifiedPush for Tusky. No push gateway (other than UP itself) is needed, since UnifiedPush is simple enough such that it can act as a catch-all endpoint for WebPush messages. When a UnifiedPush distributor is present on-device, we will by default register Tusky as a receiver; if no UnifiedPush distributor is available, then pull notifications are used as a fallback mechanism. Because WebPush messages are encrypted, and Mastodon does not send the keys and IV needed for decryption in the request body, for now the push handler simply acts as a trigger for the pre-existing NotificationWorker which is also used for pull notifications. Nevertheless, I have implemented proper key generation and storage, just in case we would like to implement full decryption support in the future when Mastodon upgrades to the latest WebPush encryption scheme that includes all information in the request body. For users with existing accounts, push notifications will not be enabled until all of the accounts have been re-logged in to grant the new push OAuth scope. A small prompt will be shown (until dismissed) as a Snackbar to explain to the user about this, and an option is added in Account Preferences to facilitate re-login without deleting local drafts and cache.
2022-05-17 13:32:09 -04:00 · 2022-05-17 13:32:09 -04:00 · 9ec5d6e3b0
commit 9ec5d6e3b0
parent 20f3ec921f
20 changed files with 1490 additions and 24 deletions
--- a/app/src/main/java/com/keylesspalace/tusky/components/login/LoginActivity.kt
+++ b/app/src/main/java/com/keylesspalace/tusky/components/login/LoginActivity.kt
@ -92,12 +92,17 @@ class LoginActivity : BaseActivity(), Injectable {

        if (savedInstanceState == null &&
            BuildConfig.CUSTOM_INSTANCE.isNotBlank() &&
-            !isAdditionalLogin()
+            !isAdditionalLogin() && !isAccountMigration()
        ) {
            binding.domainEditText.setText(BuildConfig.CUSTOM_INSTANCE)
            binding.domainEditText.setSelection(BuildConfig.CUSTOM_INSTANCE.length)
        }

+        if (isAccountMigration()) {
+            binding.domainEditText.setText(accountManager.activeAccount!!.domain)
+            binding.domainEditText.isEnabled = false
+        }
+
        if (BuildConfig.CUSTOM_LOGO_URL.isNotBlank()) {
            Glide.with(binding.loginLogo)
                .load(BuildConfig.CUSTOM_LOGO_URL)
@ -120,7 +125,7 @@ class LoginActivity : BaseActivity(), Injectable {
            textView?.movementMethod = LinkMovementMethod.getInstance()
        }

-        if (isAdditionalLogin()) {
+        if (isAdditionalLogin() || isAccountMigration()) {
            setSupportActionBar(binding.toolbar)
            supportActionBar?.setDisplayHomeAsUpEnabled(true)
            supportActionBar?.setDisplayShowTitleEnabled(false)
@ -135,7 +140,7 @@ class LoginActivity : BaseActivity(), Injectable {

    override fun finish() {
        super.finish()
-        if (isAdditionalLogin()) {
+        if (isAdditionalLogin() || isAccountMigration()) {
            overridePendingTransition(R.anim.slide_from_left, R.anim.slide_to_right)
        }
    }
@ -230,7 +235,7 @@ class LoginActivity : BaseActivity(), Injectable {
            domain, clientId, clientSecret, oauthRedirectUri, code, "authorization_code"
        ).fold(
            { accessToken ->
-                accountManager.addAccount(accessToken.accessToken, domain)
+                accountManager.addAccount(accessToken.accessToken, domain, OAUTH_SCOPES)

                val intent = Intent(this, MainActivity::class.java)
                intent.flags = Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_CLEAR_TASK
@ -262,19 +267,28 @@ class LoginActivity : BaseActivity(), Injectable {
    }

    private fun isAdditionalLogin(): Boolean {
-        return intent.getBooleanExtra(LOGIN_MODE, false)
+        return intent.getIntExtra(LOGIN_MODE, MODE_DEFAULT) == MODE_ADDITIONAL_LOGIN
+    }
+
+    private fun isAccountMigration(): Boolean {
+        return intent.getIntExtra(LOGIN_MODE, MODE_DEFAULT) == MODE_MIGRATION
    }

    companion object {
        private const val TAG = "LoginActivity" // logging tag
-        private const val OAUTH_SCOPES = "read write follow"
+        private const val OAUTH_SCOPES = "read write follow push"
        private const val LOGIN_MODE = "LOGIN_MODE"
        private const val DOMAIN = "domain"
        private const val CLIENT_ID = "clientId"
        private const val CLIENT_SECRET = "clientSecret"

+        const val MODE_DEFAULT = 0
+        const val MODE_ADDITIONAL_LOGIN = 1
+        // "Migration" is used to update the OAuth scope granted to the client
+        const val MODE_MIGRATION = 2
+
        @JvmStatic
-        fun getIntent(context: Context, mode: Boolean): Intent {
+        fun getIntent(context: Context, mode: Int): Intent {
            val loginIntent = Intent(context, LoginActivity::class.java)
            loginIntent.putExtra(LOGIN_MODE, mode)
            return loginIntent
--- a/app/src/main/java/com/keylesspalace/tusky/components/notifications/NotificationHelper.java
+++ b/app/src/main/java/com/keylesspalace/tusky/components/notifications/NotificationHelper.java
@ -57,6 +57,7 @@ import com.keylesspalace.tusky.entity.Notification;
 import com.keylesspalace.tusky.entity.Poll;
 import com.keylesspalace.tusky.entity.PollOption;
 import com.keylesspalace.tusky.entity.Status;
+import com.keylesspalace.tusky.network.MastodonApi;
 import com.keylesspalace.tusky.receiver.NotificationClearBroadcastReceiver;
 import com.keylesspalace.tusky.receiver.SendStatusBroadcastReceiver;
 import com.keylesspalace.tusky.util.StringUtils;
@ -539,13 +540,18 @@ public class NotificationHelper {
        }
    }

-    private static boolean filterNotification(AccountEntity account, Notification notification,
+    public static boolean filterNotification(AccountEntity account, Notification notification,
+                                              Context context) {
+        return filterNotification(account, notification.getType(), context);
+    }
+
+    public static boolean filterNotification(AccountEntity account, Notification.Type type,
                                              Context context) {

        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            NotificationManager notificationManager = (NotificationManager) context.getSystemService(Context.NOTIFICATION_SERVICE);

-            String channelId = getChannelId(account, notification);
+            String channelId = getChannelId(account, type);
            if(channelId == null) {
                // unknown notificationtype
                return false;
@ -554,7 +560,7 @@ public class NotificationHelper {
            return channel.getImportance() > NotificationManager.IMPORTANCE_NONE;
        }

-        switch (notification.getType()) {
+        switch (type) {
            case MENTION:
                return account.getNotificationsMentioned();
            case STATUS:
@ -580,7 +586,12 @@ public class NotificationHelper {

    @Nullable
    private static String getChannelId(AccountEntity account, Notification notification) {
-        switch (notification.getType()) {
+        return getChannelId(account, notification.getType());
+    }
+
+    @Nullable
+    private static String getChannelId(AccountEntity account, Notification.Type type) {
+        switch (type) {
            case MENTION:
                return CHANNEL_MENTION + account.getIdentifier();
            case STATUS:
--- a/app/src/main/java/com/keylesspalace/tusky/components/notifications/PushNotificationHelper.kt
+++ b/app/src/main/java/com/keylesspalace/tusky/components/notifications/PushNotificationHelper.kt
@ -0,0 +1,220 @@
+/* Copyright 2022 Tusky contributors
+ *
+ * This file is a part of Tusky.
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * Tusky is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
+ * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+ * Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with Tusky; if not,
+ * see <http://www.gnu.org/licenses>. */
+
+@file:JvmName("PushNotificationHelper")
+package com.keylesspalace.tusky.components.notifications
+
+import android.app.NotificationManager
+import android.content.Context
+import android.os.Build
+import android.util.Log
+import android.view.View
+import androidx.appcompat.app.AlertDialog
+import androidx.preference.PreferenceManager
+import com.google.android.material.snackbar.Snackbar
+import com.keylesspalace.tusky.R
+import com.keylesspalace.tusky.components.login.LoginActivity
+import com.keylesspalace.tusky.db.AccountEntity
+import com.keylesspalace.tusky.db.AccountManager
+import com.keylesspalace.tusky.entity.Notification
+import com.keylesspalace.tusky.network.MastodonApi
+import com.keylesspalace.tusky.util.CryptoUtil
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import org.unifiedpush.android.connector.UnifiedPush
+import retrofit2.HttpException
+
+private const val TAG = "PushNotificationHelper"
+
+private const val KEY_MIGRATION_NOTICE_DISMISSED = "migration_notice_dismissed"
+
+private fun anyAccountNeedsMigration(accountManager: AccountManager): Boolean =
+    accountManager.accounts.any(::accountNeedsMigration)
+
+private fun accountNeedsMigration(account: AccountEntity): Boolean =
+    !account.oauthScopes.contains("push")
+
+fun currentAccountNeedsMigration(accountManager: AccountManager): Boolean =
+    accountManager.activeAccount?.let(::accountNeedsMigration) ?: false
+
+fun showMigrationNoticeIfNecessary(context: Context, parent: View, accountManager: AccountManager) {
+    // No point showing anything if we cannot enable it
+    if (!isUnifiedPushAvailable(context)) return
+    if (!anyAccountNeedsMigration(accountManager)) return
+
+    val pm = PreferenceManager.getDefaultSharedPreferences(context)
+    if (pm.getBoolean(KEY_MIGRATION_NOTICE_DISMISSED, false)) return
+
+    Snackbar.make(parent, R.string.tips_push_notification_migration, Snackbar.LENGTH_INDEFINITE).apply {
+        setAction(R.string.action_details) { showMigrationExplanationDialog(context, accountManager) }
+        show()
+    }
+}
+
+private fun showMigrationExplanationDialog(context: Context, accountManager: AccountManager) {
+    AlertDialog.Builder(context).apply {
+        if (currentAccountNeedsMigration(accountManager)) {
+            setMessage(R.string.dialog_push_notification_migration)
+            setPositiveButton(R.string.title_migration_relogin) { _, _ ->
+                context.startActivity(LoginActivity.getIntent(context, LoginActivity.MODE_MIGRATION))
+            }
+        } else {
+            setMessage(R.string.dialog_push_notification_migration_other_accounts)
+        }
+        setNegativeButton(R.string.action_dismiss) { dialog, _ ->
+            val pm = PreferenceManager.getDefaultSharedPreferences(context)
+            pm.edit().putBoolean(KEY_MIGRATION_NOTICE_DISMISSED, true).apply()
+            dialog.dismiss()
+        }
+        show()
+    }
+}
+
+private suspend fun enableUnifiedPushNotificationsForAccount(context: Context, api: MastodonApi, accountManager: AccountManager, account: AccountEntity) {
+    if (isUnifiedPushNotificationEnabledForAccount(account)) {
+        // Already registered, update the subscription to match notification settings
+        updateUnifiedPushSubscription(context, api, accountManager, account)
+    } else {
+        UnifiedPush.registerAppWithDialog(context, account.id.toString())
+    }
+}
+
+fun disableUnifiedPushNotificationsForAccount(context: Context, account: AccountEntity) {
+    if (!isUnifiedPushNotificationEnabledForAccount(account)) {
+        // Not registered
+        return
+    }
+
+    UnifiedPush.unregisterApp(context, account.id.toString())
+}
+
+fun isUnifiedPushNotificationEnabledForAccount(account: AccountEntity): Boolean =
+    account.unifiedPushUrl.isNotEmpty()
+
+private fun isUnifiedPushAvailable(context: Context): Boolean =
+    UnifiedPush.getDistributors(context).isNotEmpty()
+
+fun canEnablePushNotifications(context: Context, accountManager: AccountManager): Boolean =
+    isUnifiedPushAvailable(context) && !anyAccountNeedsMigration(accountManager)
+
+suspend fun enablePushNotificationsWithFallback(context: Context, api: MastodonApi, accountManager: AccountManager) {
+    if (!canEnablePushNotifications(context, accountManager)) {
+        // No UP distributors
+        NotificationHelper.enablePullNotifications(context)
+        return
+    }
+
+    val nm = context.getSystemService(Context.NOTIFICATION_SERVICE) as NotificationManager
+
+    accountManager.accounts.forEach {
+        val notificationGroupEnabled = Build.VERSION.SDK_INT < 28 ||
+            nm.getNotificationChannelGroup(it.identifier)?.isBlocked == false
+        val shouldEnable = it.notificationsEnabled && notificationGroupEnabled
+
+        if (shouldEnable) {
+            enableUnifiedPushNotificationsForAccount(context, api, accountManager, it)
+        } else {
+            disableUnifiedPushNotificationsForAccount(context, it)
+        }
+    }
+}
+
+private fun disablePushNotifications(context: Context, accountManager: AccountManager) {
+    accountManager.accounts.forEach {
+        disableUnifiedPushNotificationsForAccount(context, it)
+    }
+}
+
+fun disableAllNotifications(context: Context, accountManager: AccountManager) {
+    disablePushNotifications(context, accountManager)
+    NotificationHelper.disablePullNotifications(context)
+}
+
+private fun buildSubscriptionData(context: Context, account: AccountEntity): Map<String, Boolean> =
+    buildMap {
+        Notification.Type.asList.forEach {
+            put("data[alerts][${it.presentation}]", NotificationHelper.filterNotification(account, it, context))
+        }
+    }
+
+// Called by UnifiedPush callback
+suspend fun registerUnifiedPushEndpoint(context: Context, api: MastodonApi, accountManager: AccountManager, account: AccountEntity, endpoint: String) {
+    // Generate a prime256v1 key pair for WebPush
+    // Decryption is unimplemented for now, since Mastodon uses an old WebPush
+    // standard which does not send needed information for decryption in the payload
+    // This makes it not directly compatible with UnifiedPush
+    // As of now, we use it purely as a way to trigger a pull
+    val keyPair = CryptoUtil.generateECKeyPair(CryptoUtil.CURVE_PRIME256_V1)
+    val auth = CryptoUtil.secureRandomBytesEncoded(16)
+
+    withContext(Dispatchers.IO) {
+        api.subscribePushNotifications(
+            "Bearer ${account.accessToken}", account.domain,
+            endpoint, keyPair.pubkey, auth,
+            buildSubscriptionData(context, account)
+        ).onFailure {
+            Log.d(TAG, "Error setting push endpoint for account ${account.id}")
+            Log.d(TAG, Log.getStackTraceString(it))
+            Log.d(TAG, (it as HttpException).response().toString())
+
+            disableUnifiedPushNotificationsForAccount(context, account)
+        }.onSuccess {
+            Log.d(TAG, "UnifiedPush registration succeeded for account ${account.id}")
+
+            account.pushPubKey = keyPair.pubkey
+            account.pushPrivKey = keyPair.privKey
+            account.pushAuth = auth
+            account.pushServerKey = it.serverKey
+            account.unifiedPushUrl = endpoint
+            accountManager.saveAccount(account)
+        }
+    }
+}
+
+// Synchronize the enabled / disabled state of notifications with server-side subscription
+suspend fun updateUnifiedPushSubscription(context: Context, api: MastodonApi, accountManager: AccountManager, account: AccountEntity) {
+    withContext(Dispatchers.IO) {
+        api.updatePushNotificationSubscription(
+            "Bearer ${account.accessToken}", account.domain,
+            buildSubscriptionData(context, account)
+        ).onSuccess {
+            Log.d(TAG, "UnifiedPush subscription updated for account ${account.id}")
+
+            account.pushServerKey = it.serverKey
+            accountManager.saveAccount(account)
+        }
+    }
+}
+
+suspend fun unregisterUnifiedPushEndpoint(api: MastodonApi, accountManager: AccountManager, account: AccountEntity) {
+    withContext(Dispatchers.IO) {
+        api.unsubscribePushNotifications("Bearer ${account.accessToken}", account.domain)
+            .onFailure {
+                Log.d(TAG, "Error unregistering push endpoint for account " + account.id)
+                Log.d(TAG, Log.getStackTraceString(it))
+                Log.d(TAG, (it as HttpException).response().toString())
+            }
+            .onSuccess {
+                Log.d(TAG, "UnifiedPush unregistration succeeded for account " + account.id)
+                // Clear the URL in database
+                account.unifiedPushUrl = ""
+                account.pushServerKey = ""
+                account.pushAuth = ""
+                account.pushPrivKey = ""
+                account.pushPubKey = ""
+                accountManager.saveAccount(account)
+            }
+    }
+}
--- a/app/src/main/java/com/keylesspalace/tusky/components/preference/AccountPreferencesFragment.kt
+++ b/app/src/main/java/com/keylesspalace/tusky/components/preference/AccountPreferencesFragment.kt
@ -23,6 +23,7 @@ import androidx.annotation.DrawableRes
 import androidx.preference.PreferenceFragmentCompat
 import com.google.android.material.snackbar.Snackbar
 import com.keylesspalace.tusky.AccountListActivity
+import com.keylesspalace.tusky.BaseActivity
 import com.keylesspalace.tusky.BuildConfig
 import com.keylesspalace.tusky.FiltersActivity
 import com.keylesspalace.tusky.R
@ -30,6 +31,8 @@ import com.keylesspalace.tusky.TabPreferenceActivity
 import com.keylesspalace.tusky.appstore.EventHub
 import com.keylesspalace.tusky.appstore.PreferenceChangedEvent
 import com.keylesspalace.tusky.components.instancemute.InstanceListActivity
+import com.keylesspalace.tusky.components.login.LoginActivity
+import com.keylesspalace.tusky.components.notifications.currentAccountNeedsMigration
 import com.keylesspalace.tusky.db.AccountEntity
 import com.keylesspalace.tusky.db.AccountManager
 import com.keylesspalace.tusky.di.Injectable
@ -139,6 +142,18 @@ class AccountPreferencesFragment : PreferenceFragmentCompat(), Injectable {
                }
            }

+            if (currentAccountNeedsMigration(accountManager)) {
+                preference {
+                    setTitle(R.string.title_migration_relogin)
+                    setIcon(R.drawable.ic_logout)
+                    setOnPreferenceClickListener {
+                        val intent = LoginActivity.getIntent(context, LoginActivity.MODE_MIGRATION)
+                        (activity as BaseActivity).startActivityWithSlideInAnimation(intent)
+                        true
+                    }
+                }
+            }
+
            preferenceCategory(R.string.pref_publishing) {
                listPreference {
                    setTitle(R.string.pref_default_post_privacy)