Password reset fixes

2025-12-24 07:05:35 +00:00 · 2021-07-06 03:27:53 +04:00
parent ad5d4f5c75
commit a2f0f5b1ce
15 changed files with 4885 additions and 4972 deletions
--- a/submodules/TelegramCore/Sources/TelegramEngine/Auth/TelegramEngineAuth.swift
+++ b/submodules/TelegramCore/Sources/TelegramEngine/Auth/TelegramEngineAuth.swift
@@ -24,8 +24,16 @@ public extension TelegramEngineUnauthorized {
            return _internal_updateTwoStepVerificationPassword(network: self.account.network, currentPassword: currentPassword, updatedPassword: updatedPassword)
        }

-        public func performPasswordRecovery(accountManager: AccountManager, code: String, syncContacts: Bool, updatedPassword: UpdatedTwoStepVerificationPassword) -> Signal<Void, PasswordRecoveryError> {
-            return _internal_performPasswordRecovery(accountManager: accountManager, account: self.account, code: code, syncContacts: syncContacts, updatedPassword: updatedPassword)
+        public func requestTwoStepVerificationPasswordRecoveryCode() -> Signal<String, RequestTwoStepVerificationPasswordRecoveryCodeError> {
+            return _internal_requestTwoStepVerificationPasswordRecoveryCode(network: self.account.network)
+        }
+
+        public func checkPasswordRecoveryCode(code: String) -> Signal<Never, PasswordRecoveryError> {
+            return _internal_checkPasswordRecoveryCode(network: self.account.network, code: code)
+        }
+
+        public func performPasswordRecovery(code: String, updatedPassword: UpdatedTwoStepVerificationPassword) -> Signal<RecoveredAccountData, PasswordRecoveryError> {
+            return _internal_performPasswordRecovery(network: self.account.network, code: code, updatedPassword: updatedPassword)
        }

        public func resendTwoStepRecoveryEmail() -> Signal<Never, ResendTwoStepRecoveryEmailError> {
@@ -90,8 +98,8 @@ public extension TelegramEngine {
            return _internal_requestTwoStepVerificationPasswordRecoveryCode(network: self.account.network)
        }

-        public func recoverTwoStepVerificationPassword(code: String) -> Signal<Void, RecoverTwoStepVerificationPasswordError> {
-            return _internal_recoverTwoStepVerificationPassword(network: self.account.network, code: code)
+        public func performPasswordRecovery(code: String, updatedPassword: UpdatedTwoStepVerificationPassword) -> Signal<RecoveredAccountData, PasswordRecoveryError> {
+            return _internal_performPasswordRecovery(network: self.account.network, code: code, updatedPassword: updatedPassword)
        }

        public func cachedTwoStepPasswordToken() -> Signal<TemporaryTwoStepPasswordToken?, NoError> {
@@ -106,6 +114,10 @@ public extension TelegramEngine {
            return _internal_requestTemporaryTwoStepPasswordToken(account: self.account, password: password, period: period, requiresBiometrics: requiresBiometrics)
        }

+        public func checkPasswordRecoveryCode(code: String) -> Signal<Never, PasswordRecoveryError> {
+            return _internal_checkPasswordRecoveryCode(network: self.account.network, code: code)
+        }
+
        public func requestTwoStepPasswordReset() -> Signal<RequestTwoStepPasswordResetResult, NoError> {
            return _internal_requestTwoStepPasswordReset(network: self.account.network)
        }
@@ -154,12 +166,21 @@ public extension SomeTelegramEngine {
            }
        }

-        public func resendTwoStepRecoveryEmail() -> Signal<Never, ResendTwoStepRecoveryEmailError> {
+        public func requestTwoStepVerificationPasswordRecoveryCode() -> Signal<String, RequestTwoStepVerificationPasswordRecoveryCodeError> {
            switch self.engine {
            case let .authorized(engine):
-                return engine.auth.resendTwoStepRecoveryEmail()
+                return engine.auth.requestTwoStepVerificationPasswordRecoveryCode()
            case let .unauthorized(engine):
-                return engine.auth.resendTwoStepRecoveryEmail()
+                return engine.auth.requestTwoStepVerificationPasswordRecoveryCode()
+            }
+        }
+
+        public func checkPasswordRecoveryCode(code: String) -> Signal<Never, PasswordRecoveryError> {
+            switch self.engine {
+            case let .authorized(engine):
+                return engine.auth.checkPasswordRecoveryCode(code: code)
+            case let .unauthorized(engine):
+                return engine.auth.checkPasswordRecoveryCode(code: code)
            }
        }
    }
--- a/submodules/TelegramCore/Sources/TelegramEngine/Auth/TwoStepVerification.swift
+++ b/submodules/TelegramCore/Sources/TelegramEngine/Auth/TwoStepVerification.swift
@@ -312,19 +312,26 @@ func _internal_updateTwoStepVerificationEmail(network: Network, currentPassword:

 public enum RequestTwoStepVerificationPasswordRecoveryCodeError {
    case generic
+    case limitExceeded
 }

 func _internal_requestTwoStepVerificationPasswordRecoveryCode(network: Network) -> Signal<String, RequestTwoStepVerificationPasswordRecoveryCodeError> {
    return network.request(Api.functions.auth.requestPasswordRecovery(), automaticFloodWait: false)
-        |> mapError { _ -> RequestTwoStepVerificationPasswordRecoveryCodeError in
+    |> mapError { error -> RequestTwoStepVerificationPasswordRecoveryCodeError in
+        if error.errorDescription.hasPrefix("FLOOD_WAIT") {
+            return .limitExceeded
+        } else if error.errorDescription.hasPrefix("PASSWORD_RECOVERY_NA") {
+            return .generic
+        } else {
            return .generic
        }
-        |> map { result -> String in
-            switch result {
-                case let .passwordRecovery(emailPattern):
-                    return emailPattern
-            }
+    }
+    |> map { result -> String in
+        switch result {
+            case let .passwordRecovery(emailPattern):
+                return emailPattern
        }
+    }
 }

 public enum RecoverTwoStepVerificationPasswordError {
@@ -334,35 +341,6 @@ public enum RecoverTwoStepVerificationPasswordError {
    case invalidCode
 }

-func _internal_recoverTwoStepVerificationPassword(network: Network, code: String) -> Signal<Void, RecoverTwoStepVerificationPasswordError> {
-    return _internal_twoStepAuthData(network)
-    |> mapError { _ -> RecoverTwoStepVerificationPasswordError in
-        return .generic
-    }
-    |> mapToSignal { authData -> Signal<Void, RecoverTwoStepVerificationPasswordError> in
-        var flags: Int32 = (1 << 1)
-        if authData.currentPasswordDerivation != nil {
-            flags |= (1 << 0)
-        }
-
-        return network.request(Api.functions.auth.recoverPassword(flags: 0, code: code, newSettings: nil), automaticFloodWait: false)
-            |> mapError { error -> RecoverTwoStepVerificationPasswordError in
-                if error.errorDescription.hasPrefix("FLOOD_WAIT_") {
-                    return .limitExceeded
-                } else if error.errorDescription == "PASSWORD_RECOVERY_EXPIRED" {
-                    return .codeExpired
-                } else if error.errorDescription == "CODE_INVALID" {
-                    return .invalidCode
-                } else {
-                    return .generic
-                }
-            }
-            |> mapToSignal { _ -> Signal<Void, RecoverTwoStepVerificationPasswordError> in
-                return .complete()
-            }
-    }
-}
-
 func _internal_cachedTwoStepPasswordToken(postbox: Postbox) -> Signal<TemporaryTwoStepPasswordToken?, NoError> {
    return postbox.transaction { transaction -> TemporaryTwoStepPasswordToken? in
        let key = ValueBoxKey(length: 1)