VPN-5532: Prevent persistent VPN config system prompt (#8430)

mozilla-mobile · Nov 1, 2023 · b0c4c0a · b0c4c0a
1 parent d1a65f1
commit b0c4c0a
Show file tree

Hide file tree

Showing 8 changed files with 49 additions and 4 deletions.
diff --git a/android/vpnClient/src/main/java/org/mozilla/firefox/vpn/qt/VPNActivity.java b/android/vpnClient/src/main/java/org/mozilla/firefox/vpn/qt/VPNActivity.java
@@ -163,6 +163,7 @@ private void initServiceConnection(){
   private final int EVENT_PERMISSION_REQURED = 6;
   private final int EVENT_DISCONNECTED = 2;
   private final int EVENT_ONBOARDING_COMPLETED = 9;
+  private final int EVENT_VPN_CONFIG_PERMISSION_RESPONSE = 10;
 
   public void onPermissionRequest(int code, Parcel data) {
     if(code != EVENT_PERMISSION_REQURED){
@@ -183,6 +184,11 @@ public void onNotificationPermissionRequest() {
   protected void onActivityResult(int requestCode, int resultCode, Intent data) {
     if(requestCode == PERMISSION_TRANSACTION){
       // THATS US!
+
+      // At this point, the user has made a selection on the system config permission modal to either allow or not allow
+      // the vpn configuration to be created, so it is safe to run activation retries via ConnectionManager::startHandshakeTimer()
+      // without the possibility or re-prompting (flickering) the modal while it is currently being displayed  
+      onServiceMessage(EVENT_VPN_CONFIG_PERMISSION_RESPONSE,"");
       if( resultCode == RESULT_OK ){
         // Prompt accepted, tell service to retry.
         dispatchParcel(ACTION_RESUME_ACTIVATE,"");

diff --git a/src/connectionmanager.cpp b/src/connectionmanager.cpp
@@ -262,6 +262,10 @@ void ConnectionManager::deleteOSTunnelConfig() {
   }
 }
 
+void ConnectionManager::startHandshakeTimer() {
+  m_handshakeTimer.start(HANDSHAKE_TIMEOUT_SEC * 1000);
+}
+
 void ConnectionManager::handshakeTimeout() {
   logger.debug() << "Timeout while waiting for handshake";
 
@@ -571,7 +575,14 @@ void ConnectionManager::activateNext() {
   const InterfaceConfig& config = m_activationQueue.first();
 
   logger.debug() << "Activating peer" << logger.keys(config.m_serverPublicKey);
-  m_handshakeTimer.start(HANDSHAKE_TIMEOUT_SEC * 1000);
+
+// Mobile platforms will begin handshake timer once we know the VPN
+// configuration has been set with the system (to avoid persistently
+// re-triggering the system prompt - VPN-5532)
+#if defined(MZ_LINUX) || defined(MZ_WINDOWS) || defined(MZ_MACOS)
+  startHandshakeTimer();
+#endif
+
   m_impl->activate(config, stateToReason(m_state));
 
   // Move to the confirming state if we are awaiting any connection handshakes.

diff --git a/src/connectionmanager.h b/src/connectionmanager.h
@@ -78,6 +78,7 @@ class ConnectionManager : public QObject, public LogSerializer {
   void backendFailure();
   void updateRequired();
   void deleteOSTunnelConfig();
+  void startHandshakeTimer();
 
   const ServerData& currentServer() const { return m_serverData; }
 

diff --git a/src/platforms/android/androidcontroller.cpp b/src/platforms/android/androidcontroller.cpp
@@ -14,6 +14,7 @@
 
 #include "androidutils.h"
 #include "androidvpnactivity.h"
+#include "connectionmanager.h"
 #include "errorhandler.h"
 #include "feature.h"
 #include "i18nstrings.h"
@@ -110,6 +111,14 @@ AndroidController::AndroidController() {
         }
       },
       Qt::QueuedConnection);
+  connect(
+      activity, &AndroidVPNActivity::eventVpnConfigPermissionResponse, this,
+      []() {
+        ConnectionManager* connectionManager =
+            MozillaVPN::instance()->connectionManager();
+        connectionManager->startHandshakeTimer();
+      },
+      Qt::QueuedConnection);
 }
 AndroidController::~AndroidController() { MZ_COUNT_DTOR(AndroidController); }
 

diff --git a/src/platforms/android/androidvpnactivity.cpp b/src/platforms/android/androidvpnactivity.cpp
@@ -142,6 +142,9 @@ void AndroidVPNActivity::handleServiceMessage(int code, const QString& data) {
     case ServiceEvents::EVENT_ONBOARDING_COMPLETED:
       emit eventOnboardingCompleted();
       break;
+    case ServiceEvents::EVENT_VPN_CONFIG_PERMISSION_RESPONSE:
+      emit eventVpnConfigPermissionResponse();
+      break;
     default:
       Q_ASSERT(false);
   }

diff --git a/src/platforms/android/androidvpnactivity.h b/src/platforms/android/androidvpnactivity.h
@@ -72,7 +72,12 @@ enum ServiceEvents {
   // The Daemon need's the app to ask for notification
   // permissions, to show the "you're connected" messages.
   EVENT_REQUEST_NOTIFICATION_PERMISSION = 8,
+  // Signals MozillaVPN that we have completed onboarding
   EVENT_ONBOARDING_COMPLETED = 9,
+  // Signals the ConnectionManager that it may now allow
+  // activation retries now that the system vpn config modal
+  // has been responded to
+  EVENT_VPN_CONFIG_PERMISSION_RESPONSE = 10,
 };
 typedef enum ServiceEvents ServiceEvents;
 
@@ -96,6 +101,7 @@ class AndroidVPNActivity : public QObject {
   void eventStatisticUpdate(const QString& data);
   void eventActivationError(const QString& data);
   void eventOnboardingCompleted();
+  void eventVpnConfigPermissionResponse();
   void eventRequestGleanUploadEnabledState();
 
  private:

diff --git a/src/platforms/ios/ioscontroller.mm b/src/platforms/ios/ioscontroller.mm
@@ -160,6 +160,10 @@
       }
       onboardingCompletedCallback:^() {
         MozillaVPN::instance()->onboardingCompleted();
+      }
+      vpnConfigPermissionResponseCallback:^() {
+        ConnectionManager* connectionManager = MozillaVPN::instance()->connectionManager();
+        connectionManager->startHandshakeTimer();
       }];
 }
 

diff --git a/src/platforms/ios/ioscontroller.swift b/src/platforms/ios/ioscontroller.swift
@@ -116,7 +116,7 @@ public class IOSControllerImpl : NSObject {
         }
     }
 
-    @objc func connect(dnsServer: String, serverIpv6Gateway: String, serverPublicKey: String, serverIpv4AddrIn: String, serverPort: Int,  allowedIPAddressRanges: Array<VPNIPAddressRange>, reason: Int, gleanDebugTag: String, isSuperDooperFeatureActive: Bool, installationId: String, isOnboarding: Bool, disconnectCallback: @escaping () -> Void, onboardingCompletedCallback: @escaping () -> Void) {
+    @objc func connect(dnsServer: String, serverIpv6Gateway: String, serverPublicKey: String, serverIpv4AddrIn: String, serverPort: Int,  allowedIPAddressRanges: Array<VPNIPAddressRange>, reason: Int, gleanDebugTag: String, isSuperDooperFeatureActive: Bool, installationId: String, isOnboarding: Bool, disconnectCallback: @escaping () -> Void, onboardingCompletedCallback: @escaping () -> Void, vpnConfigPermissionResponseCallback: @escaping () -> Void) {
         IOSControllerImpl.logger.debug(message: "Connecting")
 
         TunnelManager.withTunnel { tunnel in
@@ -152,11 +152,11 @@ public class IOSControllerImpl : NSObject {
 
             let config = TunnelConfiguration(name: VPN_NAME, interface: interface, peers: peerConfigurations)
 
-            return self.configureTunnel(config: config, reason: reason, serverName: serverIpv4AddrIn + ":\(serverPort )", gleanDebugTag: gleanDebugTag, isSuperDooperFeatureActive: isSuperDooperFeatureActive, installationId: installationId, isOnboarding: isOnboarding, disconnectCallback: disconnectCallback, onboardingCompletedCallback: onboardingCompletedCallback)
+            return self.configureTunnel(config: config, reason: reason, serverName: serverIpv4AddrIn + ":\(serverPort )", gleanDebugTag: gleanDebugTag, isSuperDooperFeatureActive: isSuperDooperFeatureActive, installationId: installationId, isOnboarding: isOnboarding, disconnectCallback: disconnectCallback, onboardingCompletedCallback: onboardingCompletedCallback, vpnConfigPermissionResponseCallback: vpnConfigPermissionResponseCallback)
         }
     }
 
-    func configureTunnel(config: TunnelConfiguration, reason: Int, serverName: String, gleanDebugTag: String, isSuperDooperFeatureActive: Bool, installationId: String, isOnboarding: Bool, disconnectCallback: @escaping () -> Void, onboardingCompletedCallback: @escaping () -> Void) {
+    func configureTunnel(config: TunnelConfiguration, reason: Int, serverName: String, gleanDebugTag: String, isSuperDooperFeatureActive: Bool, installationId: String, isOnboarding: Bool, disconnectCallback: @escaping () -> Void, onboardingCompletedCallback: @escaping () -> Void, vpnConfigPermissionResponseCallback: @escaping () -> Void) {
         TunnelManager.withTunnel { tunnel in
             let proto = NETunnelProviderProtocol(tunnelConfiguration: config)
             proto!.providerBundleIdentifier = TunnelManager.vpnBundleId
@@ -185,6 +185,11 @@ public class IOSControllerImpl : NSObject {
             tunnel.isEnabled = true
 
             return tunnel.saveToPreferences { saveError in
+                // At this point, the user has made a selection on the system config permission modal to either allow or not allow
+                // the vpn configuration to be created, so it is safe to run activation retries via ConnectionManager::startHandshakeTimer()
+                // without the possibility or re-prompting (flickering) the modal while it is currently being displayed
+                vpnConfigPermissionResponseCallback()
+
                 if let error = saveError {
                     IOSControllerImpl.logger.error(message: "Connect Tunnel Save Error: \(error)")
                     disconnectCallback()