Add ability to optionally store credentials for re-auth

assessmentmodel-sdk/src/test/java/org/sagebionetworks/bridge/assessmentmodel/upload/AssessmentArchiverTest.kt

@@ -262,6 +262,8 @@ class TestBridgeConfig: BridgeConfig {
         get() = PlatformConfig.BridgeEnvironment.PRODUCTION
     override val osName: String
         get() = "AssessmentModel-SDK Test"
+    override val cacheCredentials: Boolean
+        get() = false
     override val osVersion: String
         get() = "AssessmentModel-SDK Test"
     override val deviceName: String

bridge-client/build.gradle.kts

@@ -95,6 +95,7 @@ kotlin {
                 api(libs.koin.core)
                 // Kermit
                 implementation(libs.touchlab.kermit)
+                implementation(libs.multiplatform.settings)
             }
         }
 
@@ -114,6 +115,7 @@ kotlin {
                 implementation(libs.androidx.work.runtimeKts)
                 implementation(libs.koin.android)
                 implementation(libs.koin.android.workmanager)
+                implementation(libs.androidx.security.crypto.ktx)
             }
         }
         val androidUnitTest by getting {

bridge-client/src/androidMain/kotlin/org/sagebionetworks/bridge/kmm/shared/AndroidBridgeConfig.kt

@@ -47,6 +47,8 @@ class AndroidBridgeConfig(context: Context) : BridgeConfig {
     // TODO: emm 2021-08-18 Where should this value come from?
     override val bridgeEnvironment: PlatformConfig.BridgeEnvironment = PlatformConfig.BridgeEnvironment.PRODUCTION
 
+    override val cacheCredentials: Boolean = applicationContext.resources.getBoolean(R.bool.cache_credentials)
+
     override val osName: String = "Android"
 
     override val osVersion: String = VERSION.RELEASE

bridge-client/src/androidMain/kotlin/org/sagebionetworks/bridge/kmm/shared/di/KoinAndroid.kt

@@ -1,7 +1,11 @@
 package org.sagebionetworks.bridge.kmm.shared.di
 
+import androidx.security.crypto.EncryptedSharedPreferences
+import androidx.security.crypto.MasterKey
 import app.cash.sqldelight.driver.android.AndroidSqliteDriver
 import app.cash.sqldelight.db.SqlDriver
+import com.russhwolf.settings.Settings
+import com.russhwolf.settings.SharedPreferencesSettings
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
@@ -14,6 +18,8 @@ import org.sagebionetworks.bridge.kmm.shared.BridgeConfig
 import org.sagebionetworks.bridge.kmm.shared.apis.HttpAndroidUtil
 import org.sagebionetworks.bridge.kmm.shared.apis.HttpUtil
 import org.sagebionetworks.bridge.kmm.shared.cache.BridgeResourceDatabase
+import org.sagebionetworks.bridge.kmm.shared.cache.EncryptedSharedSettings
+import org.sagebionetworks.bridge.kmm.shared.cache.EncryptedSharedSettingsImpl
 import org.sagebionetworks.bridge.kmm.shared.upload.CoroutineUploadWorker
 
 actual val platformModule: Module = module {
@@ -29,4 +35,16 @@ actual val platformModule: Module = module {
 
     single<HttpUtil> {HttpAndroidUtil(get())}
 
+    single<Settings>(named(EncryptedSharedSettingsImpl.encryptedSettingsName)) {
+        SharedPreferencesSettings(EncryptedSharedPreferences.create(
+            get(),
+            EncryptedSharedSettingsImpl.ENCRYPTED_DATABASE_NAME,
+            MasterKey.Builder(get())
+                .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
+                .build(),
+            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+        ), false)
+    }
+
 }

bridge-client/src/androidMain/res/values/bridge_config.xml

@@ -2,5 +2,6 @@
 <resources>
     <string name="osb_app_id" translatable="false">bridge-client-kmm-integration</string>
     <string name="osb_app_name">Bridge Client KMM Integration</string>
+    <bool name="cache_credentials">false</bool>
 
 </resources>

bridge-client/src/androidTest/kotlin/org/sagebionetworks/bridge/kmm/shared/integration/AbstractBaseIntegrationTest.kt → bridge-client/src/androidUnitTest/kotlin/org/sagebionetworks/bridge/kmm/shared/integration/AbstractBaseIntegrationTest.kt

@@ -1,14 +1,18 @@
 package org.sagebionetworks.bridge.kmm.shared.integration
 
 import org.koin.core.context.startKoin
+import org.koin.core.qualifier.named
 import org.koin.dsl.module
 import org.koin.test.KoinTest
 import org.sagebionetworks.bridge.kmm.shared.BaseTest
 import org.sagebionetworks.bridge.kmm.shared.BridgeConfig
 import org.sagebionetworks.bridge.kmm.shared.PlatformConfig
+import org.sagebionetworks.bridge.kmm.shared.TestEncryptedSharedSettings
 import org.sagebionetworks.bridge.kmm.shared.apis.HttpUtil
+import org.sagebionetworks.bridge.kmm.shared.cache.EncryptedSharedSettings
 import org.sagebionetworks.bridge.kmm.shared.cache.ResourceDatabaseHelper
 import org.sagebionetworks.bridge.kmm.shared.di.bridgeClientkoinModules
+import org.sagebionetworks.bridge.kmm.shared.repo.AuthenticationRepository
 import org.sagebionetworks.bridge.kmm.shared.testDatabaseDriver
 import kotlin.test.*
 
@@ -26,6 +30,16 @@ abstract class AbstractBaseIntegrationTest: BaseTest(), KoinTest {
                     return "en-US,en"
                 }
             } }
+            //Need to override for tests since encryptedSharedSettings requires a Context
+            single<AuthenticationRepository> {
+                AuthenticationRepository(
+                    authHttpClient = get(named("authHttpClient")),
+                    bridgeConfig = get(),
+                    database = get(),
+                    backgroundScope =  get(named("background")),
+                    encryptedSharedSettings = TestEncryptedSharedSettings()
+                )
+            }
 
         }
         init {
@@ -58,10 +72,12 @@ abstract class AbstractBaseIntegrationTest: BaseTest(), KoinTest {
             get() = PlatformConfig.BridgeEnvironment.PRODUCTION
         override val osName: String
             get() = "Android Integration Test"
+        override val cacheCredentials: Boolean
+            get() = true
         override val osVersion: String
             get() = "Android Integration Test"
         override val deviceName: String
             get() = "Android Integration Test"
 
     }
-}
+}

bridge-client/src/androidTest/kotlin/org/sagebionetworks/bridge/kmm/shared/integration/AuthenticationIntegrationTest.kt → bridge-client/src/androidUnitTest/kotlin/org/sagebionetworks/bridge/kmm/shared/integration/AuthenticationIntegrationTest.kt

@@ -2,9 +2,13 @@ package org.sagebionetworks.bridge.kmm.shared.integration
 
 import org.koin.core.component.inject
 import org.sagebionetworks.bridge.kmm.shared.cache.ResourceResult
-import org.sagebionetworks.bridge.kmm.shared.repo.AuthenticationRepository
 import org.sagebionetworks.bridge.kmm.shared.models.UserSessionInfo
-import kotlin.test.*
+import org.sagebionetworks.bridge.kmm.shared.repo.AuthenticationRepository
+import kotlin.test.Test
+import kotlin.test.assertFalse
+import kotlin.test.assertNotEquals
+import kotlin.test.assertNotNull
+import kotlin.test.assertTrue
 
 class AuthenticationIntegrationTest: AbstractBaseIntegrationTest() {
 
@@ -31,6 +35,12 @@ class AuthenticationIntegrationTest: AbstractBaseIntegrationTest() {
             val updatedSession = authRepo.session()
             assertNotNull(updatedSession)
             assertNotEquals(updatedSession.reauthToken, sessionInfo.reauthToken)
+            // Clear session token and reauth token
+            authRepo.updateCachedSession(null, updatedSession.copy(reauthToken = "invalid-token", sessionToken = "", authenticated = false))
+            //Test reauth using cached credentials
+            assertTrue(authRepo.reAuth())
+            assertTrue(authRepo.isAuthenticated())
+
             //Test signout
             authRepo.signOut()
             assertFalse(authRepo.isAuthenticated())

bridge-client/src/commonMain/kotlin/org/sagebionetworks/bridge/kmm/shared/BridgeConfig.kt

@@ -42,6 +42,8 @@ interface PlatformConfig {
     val deviceName: String
 
     val osName: String
+
+    val cacheCredentials: Boolean
 }
 
 fun PlatformConfig.buildClientData(input: JsonElement? = null, uploadId: String? = null): JsonElement {

bridge-client/src/commonMain/kotlin/org/sagebionetworks/bridge/kmm/shared/cache/EncryptedSharedSettings.kt

@@ -0,0 +1,29 @@
+package org.sagebionetworks.bridge.kmm.shared.cache
+
+import com.russhwolf.settings.Settings
+import com.russhwolf.settings.get
+import com.russhwolf.settings.set
+
+interface EncryptedSharedSettings {
+    var pwd: String?
+}
+
+class EncryptedSharedSettingsImpl (
+    private val encryptedSettings: Settings,
+) : EncryptedSharedSettings {
+
+    override var pwd: String?
+        get() {
+            return encryptedSettings[PWD_KEY]
+        }
+        set(value) {
+            encryptedSettings[PWD_KEY] = value
+        }
+
+    companion object {
+        const val ENCRYPTED_DATABASE_NAME = "ENCRYPTED_SETTINGS"
+        const val encryptedSettingsName = "encryptedSettings"
+        // Keys of values stored in settings
+        private const val PWD_KEY = "PWD_KEY"
+    }
+}

bridge-client/src/commonMain/kotlin/org/sagebionetworks/bridge/kmm/shared/di/Koin.kt

@@ -5,6 +5,8 @@ import org.koin.core.module.Module
 import org.koin.core.qualifier.named
 import org.koin.dsl.KoinAppDeclaration
 import org.koin.dsl.module
+import org.sagebionetworks.bridge.kmm.shared.cache.EncryptedSharedSettings
+import org.sagebionetworks.bridge.kmm.shared.cache.EncryptedSharedSettingsImpl
 import org.sagebionetworks.bridge.kmm.shared.cache.LocalJsonDataCache
 import org.sagebionetworks.bridge.kmm.shared.cache.ResourceDatabaseHelper
 import org.sagebionetworks.bridge.kmm.shared.repo.*
@@ -25,6 +27,8 @@ fun bridgeClientkoinModules(enableNetworkLogs: Boolean): List<Module> {
 val commonModule = module {
     single {ResourceDatabaseHelper(get())}
 
+    single<EncryptedSharedSettings> {EncryptedSharedSettingsImpl(get(named(EncryptedSharedSettingsImpl.encryptedSettingsName)))}
+
     single<AssessmentConfigRepo> {AssessmentConfigRepo(get(), get(), get(named("background"))) }
     single<ScheduleTimelineRepo> {ScheduleTimelineRepo(get(), get(), get(), get(), get(named("background")), null) }
     single<ActivityEventsRepo> { ActivityEventsRepo(get(), get(), get(named("background")), get()) }
@@ -34,7 +38,8 @@ val commonModule = module {
             authHttpClient = get(named("authHttpClient")),
             bridgeConfig = get(),
             database = get(),
-            backgroundScope =  get(named("background"))
+            backgroundScope =  get(named("background")),
+            encryptedSharedSettings = get()
         )
     }
     single<AppConfigRepo> { AppConfigRepo(get(), get(), get(named("background")), get()) }

bridge-client/src/commonMain/kotlin/org/sagebionetworks/bridge/kmm/shared/repo/AuthenticationRepository.kt

@@ -31,7 +31,8 @@ class AuthenticationRepository(
     authHttpClient: HttpClient,
     val bridgeConfig: BridgeConfig,
     val database: ResourceDatabaseHelper,
-    private val backgroundScope: CoroutineScope
+    private val backgroundScope: CoroutineScope,
+    private val encryptedSharedSettings: EncryptedSharedSettings
 ) : KoinComponent, AuthenticationProvider {
 
     internal companion object {
@@ -111,6 +112,7 @@ class AuthenticationRepository(
         }
         // Always clear database when signOut is called
         database.clearDatabase()
+        clearCredentials()
     }
 
     /**
@@ -192,6 +194,21 @@ class AuthenticationRepository(
         return signIn(signIn)
     }
 
+    private fun storeCredentials(password: String) {
+        if (bridgeConfig.cacheCredentials) {
+            encryptedSharedSettings.pwd = password
+        }
+    }
+
+    private fun clearCredentials() {
+        encryptedSharedSettings.pwd = null
+    }
+
+    private fun getCredentials() : String? {
+        return encryptedSharedSettings.pwd
+    }
+
+
     suspend fun reauthWithCredentials(password: String) : ResourceResult<UserSessionInfo> {
         val sessionInfo = session() ?: return ResourceResult.Failed(ResourceStatus.FAILED)
         val signIn = SignIn(
@@ -207,6 +224,7 @@ class AuthenticationRepository(
         } catch (err: Throwable) {
             Logger.e("Error requesting reAuth with stored password: $err")
             if (err is ResponseException && err.response.status == HttpStatusCode.NotFound) {
+                clearCredentials()
                 ResourceResult.Failed(ResourceStatus.FAILED)
             } else {
                 ResourceResult.Failed(ResourceStatus.RETRY)
@@ -217,6 +235,9 @@ class AuthenticationRepository(
     private suspend fun signIn(signIn: SignIn) : ResourceResult<UserSessionInfo> {
         try {
             val userSession = authenticationApi.signIn(signIn)
+            if (signIn.password != null && bridgeConfig.cacheCredentials) {
+                storeCredentials(signIn.password)
+            }
             updateCachedSession(null, userSession)
             return ResourceResult.Success(userSession, ResourceStatus.SUCCESS)
         } catch (err: Throwable) {
@@ -290,6 +311,13 @@ class AuthenticationRepository(
                         sessionToken = ""
                     )
                     updateCachedSession(null, newSession)
+                    val pwd = getCredentials()
+                    if (bridgeConfig.cacheCredentials && pwd != null) {
+                        val result = reauthWithCredentials(pwd)
+                        if (result is ResourceResult.Success) {
+                            success = true
+                        }
+                    }
                 } else {
                     // Some sort of network error leave the session alone so we can try again
                     Logger.i("User reauth failed. Ignoring. $err")

bridge-client/src/commonTest/kotlin/org/sagebionetworks/bridge/kmm/shared/TestUtils.kt

@@ -15,6 +15,7 @@ import kotlinx.serialization.json.Json
 import org.sagebionetworks.bridge.kmm.shared.apis.RefreshTokenFeature
 import org.sagebionetworks.bridge.kmm.shared.apis.SessionTokenFeature
 import org.sagebionetworks.bridge.kmm.shared.apis.HttpUtil
+import org.sagebionetworks.bridge.kmm.shared.cache.EncryptedSharedSettings
 import org.sagebionetworks.bridge.kmm.shared.cache.ResourceDatabaseHelper
 import org.sagebionetworks.bridge.kmm.shared.di.appendAuthConfig
 import org.sagebionetworks.bridge.kmm.shared.di.appendDefaultConfig
@@ -98,3 +99,9 @@ fun getJsonReponseHandler(json: String, responseCode: HttpStatusCode = HttpStatu
         respond(json, responseCode, headersOf("Content-Type" to listOf(ContentType.Application.Json.toString())))
     }
 }
+
+class TestEncryptedSharedSettings : EncryptedSharedSettings {
+
+    override var pwd: String? = null
+
+}