Merge branch 'main' of https://github.com/MaryamShaghaghi/mullvadvpn-…

…fork into filter-providers

.github/workflows/check-changelog.yml

@@ -0,0 +1,18 @@
+---
+name: Check changelog format
+on:
+  pull_request:
+    paths:
+      - 'CHANGELOG.md'
+env:
+  LINE_LIMIT: 100
+jobs:
+  check-changelog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: No lines must exceed ${{ env.LINE_LIMIT }} characters
+        run: |
+          awk 'length($0) > '$LINE_LIMIT' { print NR ": Line exceeds '$LINE_LIMIT' chars: " $0; found=1 } \
+            END { if(found) exit 1 }' CHANGELOG.md

CHANGELOG.md

@@ -22,6 +22,9 @@ Line wrap the file at 100 chars.                                              Th
 * **Security**: in case of vulnerabilities.
 
 ## [Unreleased]
+### Added
+- Add CLI support for applying patches to the settings with `mullvad import-settings`.
+
 ### Changed
 #### Android
 - Migrate welcome view to compose.
@@ -43,19 +46,21 @@ Line wrap the file at 100 chars.                                              Th
 
 ## [2023.6-beta1] - 2023-11-23
 ### Added
-- Add customizable relay lists to the CLI on desktop. Custom lists can be managed through `mullvad custom-lists` and can be selected through `mullvad relay set` and `mullvad bridge set`.
+- Add customizable relay lists to the CLI on desktop. Custom lists can be managed through
+  `mullvad custom-lists` and can be selected through `mullvad relay set` and `mullvad bridge set`.
 - Add custom lists to location selector in desktop app.
 - Add custom API access methods to the CLI on desktop. Custom API access methods allow the user to
   proxy API traffic through a peer before connecting to a tunnel. They are managed through
   `mullvad api-access`, and the initially supported network protocols are `Shadowsocks` and
   `SOCKS5`.
 - Add social media content blocker.
 - Add ability to override server IPs to the CLI.
-- Add CLI support for applying patches to the settings with `mullvad import-settings`.
 
 ### Changed
 - Update Electron from 25.2.0 to 26.3.0.
-- CLI command `mullvad relay set tunnel wireguard entry-location` changed to `mullvad relay set tunnel wireguard entry location`, as the `location` subcommand can now be swapped for `custom-list` to select entry relays using a custom list.
+- CLI command `mullvad relay set tunnel wireguard entry-location` changed to
+  `mullvad relay set tunnel wireguard entry location`, as the `location` subcommand can now be
+  swapped for `custom-list` to select entry relays using a custom list.
 
 #### Linux
 - Don't block forwarding of traffic when the split tunnel mark (ct mark) is set.
@@ -65,7 +70,8 @@ Line wrap the file at 100 chars.                                              Th
 - Remove wireguard-go (userspace WireGuard) support.
 
 ### Fixed
-- Validate that hostname matches correct server type for CLI commands `mullvad relay set location`, `mullvad bridge set location` and `mullvad relay set tunnel wireguard entry location`
+- Validate that hostname matches correct server type for CLI commands `mullvad relay set location`,
+  `mullvad bridge set location`, and `mullvad relay set tunnel wireguard entry location`.
 - Show correct endpoint in CLI for custom relays.
 - Lower risk of being rate limited.
 - Fix error dialog when failing to write to console by handling the thrown error.
@@ -487,8 +493,8 @@ Identical to android/2022.2-beta2 except for updated translations.
 
 ### Security
 - When the system service is being shut down and the target state is _secured_, maintain the
-  blocking firewall rules. Unless it's possible to deduce that the system isn't shutting down and the
-  system service is being stopped by the user intentionally. This is to prevent leaks that might
+  blocking firewall rules. Unless it's possible to deduce that the system isn't shutting down and
+  the system service is being stopped by the user intentionally. This is to prevent leaks that might
   occur during system shutdown. Fixes 2022 Mullvad app audit issue item `MUL22-02`.
 
 #### Windows
@@ -899,8 +905,8 @@ properly after initialization.
 - Move window after dragging tray icon to new position.
 
 #### Linux
-- Greatly simplify behavior around custom DNS when using systemd-resolved, by not setting DNS config on interfaces other
-  than our tunnel interface.
+- Greatly simplify behavior around custom DNS when using systemd-resolved, by not setting DNS config
+  on interfaces other than our tunnel interface.
 
 
 ## [2021.5] - 2021-10-25
@@ -1350,7 +1356,8 @@ This release is for Android only.
 - Fix issues managing DNS when dnsmasq is used with NetworkManager.
 - Fix issues with managing kernel WireGuard device via NetworkManager.
 - Disable NetworkManager's connectivity check before applying firewall rules to avoid triggering
-  NetworkManager's [bug](https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/312#note_453724)
+  NetworkManager's
+  [bug](https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/312#note_453724)
 
 ### Security
 - Restore the last target state if the daemon crashes. Previously, if auto-connect and

ios/MullvadVPN.xcodeproj/project.pbxproj

@@ -576,7 +576,6 @@
 		A9A5FA0F2ACB05160083449F /* StoreSubscription.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5846227026E229F20035F7C2 /* StoreSubscription.swift */; };
 		A9A5FA102ACB05160083449F /* PacketTunnelTransport.swift in Sources */ = {isa = PBXBuildFile; fileRef = 063687B928EB234F00BE7161 /* PacketTunnelTransport.swift */; };
 		A9A5FA112ACB05160083449F /* TransportMonitor.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0697D6E628F01513007A9E99 /* TransportMonitor.swift */; };
-		A9A5FA122ACB05160083449F /* DeleteAccountOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C6FA802A66E23300F521F0 /* DeleteAccountOperation.swift */; };
 		A9A5FA132ACB05160083449F /* LoadTunnelConfigurationOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 588527B1276B3F0700BAA373 /* LoadTunnelConfigurationOperation.swift */; };
 		A9A5FA142ACB05160083449F /* MapConnectionStatusOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 58F2E147276A307400A79513 /* MapConnectionStatusOperation.swift */; };
 		A9A5FA152ACB05160083449F /* RedeemVoucherOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = F07BF2612A26279100042943 /* RedeemVoucherOperation.swift */; };
@@ -672,7 +671,6 @@
 		F0B0E6972AFE6E7E001DC66B /* XCTest+Async.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0B0E6962AFE6E7E001DC66B /* XCTest+Async.swift */; };
 		F0C2AEFD2A0BB5CC00986207 /* NotificationProviderIdentifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C2AEFC2A0BB5CC00986207 /* NotificationProviderIdentifier.swift */; };
 		F0C6A8432AB08E54000777A8 /* RedeemVoucherViewConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C6A8422AB08E54000777A8 /* RedeemVoucherViewConfiguration.swift */; };
-		F0C6FA812A66E23300F521F0 /* DeleteAccountOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C6FA802A66E23300F521F0 /* DeleteAccountOperation.swift */; };
 		F0C6FA852A6A733700F521F0 /* InAppPurchaseInteractor.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C6FA842A6A733700F521F0 /* InAppPurchaseInteractor.swift */; };
 		F0D8825B2B04F53600D3EF9A /* OutgoingConnectionData.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0D8825A2B04F53600D3EF9A /* OutgoingConnectionData.swift */; };
 		F0D8825C2B04F70E00D3EF9A /* OutgoingConnectionData.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0D8825A2B04F53600D3EF9A /* OutgoingConnectionData.swift */; };
@@ -1683,7 +1681,6 @@
 		F0B0E6962AFE6E7E001DC66B /* XCTest+Async.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "XCTest+Async.swift"; sourceTree = "<group>"; };
 		F0C2AEFC2A0BB5CC00986207 /* NotificationProviderIdentifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NotificationProviderIdentifier.swift; sourceTree = "<group>"; };
 		F0C6A8422AB08E54000777A8 /* RedeemVoucherViewConfiguration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RedeemVoucherViewConfiguration.swift; sourceTree = "<group>"; };
-		F0C6FA802A66E23300F521F0 /* DeleteAccountOperation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DeleteAccountOperation.swift; sourceTree = "<group>"; };
 		F0C6FA842A6A733700F521F0 /* InAppPurchaseInteractor.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = InAppPurchaseInteractor.swift; sourceTree = "<group>"; };
 		F0D8825A2B04F53600D3EF9A /* OutgoingConnectionData.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OutgoingConnectionData.swift; sourceTree = "<group>"; };
 		F0DA87462A9CB9A2006044F1 /* AccountExpiryRow.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AccountExpiryRow.swift; sourceTree = "<group>"; };
@@ -2014,7 +2011,6 @@
 		5823FA5726CE4A4100283BF8 /* TunnelManager */ = {
 			isa = PBXGroup;
 			children = (
-				F0C6FA802A66E23300F521F0 /* DeleteAccountOperation.swift */,
 				588527B1276B3F0700BAA373 /* LoadTunnelConfigurationOperation.swift */,
 				58F2E147276A307400A79513 /* MapConnectionStatusOperation.swift */,
 				F07BF2612A26279100042943 /* RedeemVoucherOperation.swift */,
@@ -4217,7 +4213,6 @@
 				A9A5FA0F2ACB05160083449F /* StoreSubscription.swift in Sources */,
 				A9A5FA102ACB05160083449F /* PacketTunnelTransport.swift in Sources */,
 				A9A5FA112ACB05160083449F /* TransportMonitor.swift in Sources */,
-				A9A5FA122ACB05160083449F /* DeleteAccountOperation.swift in Sources */,
 				A9B6AC1A2ADE8FBB00F7802A /* InMemorySettingsStore.swift in Sources */,
 				A9A5FA132ACB05160083449F /* LoadTunnelConfigurationOperation.swift in Sources */,
 				A9A5FA142ACB05160083449F /* MapConnectionStatusOperation.swift in Sources */,
@@ -4519,7 +4514,6 @@
 				7AF9BE8E2A331C7B00DBFEDB /* RelayFilterViewModel.swift in Sources */,
 				58F3C0A4249CB069003E76BE /* HeaderBarView.swift in Sources */,
 				5864AF0829C78849005B0CD9 /* CellFactoryProtocol.swift in Sources */,
-				F0C6FA812A66E23300F521F0 /* DeleteAccountOperation.swift in Sources */,
 				F07CFF2029F2720E008C0343 /* RegisteredDeviceInAppNotificationProvider.swift in Sources */,
 				587A01FC23F1F0BE00B68763 /* SimulatorTunnelProviderHost.swift in Sources */,
 				7A6F2FA72AFBB9AE006D0856 /* AccountExpiry.swift in Sources */,

ios/MullvadVPN/TunnelManager/SetAccountOperation.swift

@@ -24,11 +24,15 @@ enum SetAccountAction {
     /// Unset account.
     case unset
 
+    /// Delete account.
+    case delete(String)
+
     var taskName: String {
         switch self {
         case .new: "Set new account"
         case .existing: "Set existing account"
         case .unset: "Unset account"
+        case .delete: "Delete account"
         }
     }
 }
@@ -78,6 +82,11 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
 
             case .unset:
                 finish(result: .success(nil))
+
+            case let .delete(accountNumber):
+                startDeleteAccountFlow(accountNumber: accountNumber) { [self] result in
+                    finish(result: result.map { .none })
+                }
             }
         }
     }
@@ -141,6 +150,27 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
         }
     }
 
+    /**
+     Begin delete flow of an existing account by performing the following steps:
+
+     1. Delete existing account with the API.
+     2. Reset tunnel settings to default and remove last used account.
+     */
+    private func startDeleteAccountFlow(
+        accountNumber: String,
+        completion: @escaping (Result<Void, Error>) -> Void
+    ) {
+        deleteAccount(accountNumber: accountNumber) { [self] result in
+            interactor.setSettings(LatestTunnelSettings(), persist: true)
+
+            if result.isSuccess {
+                interactor.removeLastUsedAccount()
+            }
+
+            completion(result)
+        }
+    }
+
     /**
      Continue login flow after receiving account data as a part of creating new or retrieving existing account from
      the API by performing the following steps:
@@ -264,6 +294,28 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
         tasks.append(task)
     }
 
+    /// Delete account.
+    private func deleteAccount(accountNumber: String, completion: @escaping (Result<Void, Error>) -> Void) {
+        logger.debug("Delete account...")
+
+        let task = accountsProxy.deleteAccount(
+            accountNumber: accountNumber,
+            retryStrategy: .default
+        ) { [self] result in
+            dispatchQueue.async { [self] in
+                let result = result.inspectError { error in
+                    guard !error.isOperationCancellationError else { return }
+
+                    logger.error(error: error, message: "Failed to delete account.")
+                }
+
+                completion(result)
+            }
+        }
+
+        tasks.append(task)
+    }
+
     /// Delete device from API.
     private func deleteDevice(accountNumber: String, deviceIdentifier: String, completion: @escaping (Error?) -> Void) {
         logger.debug("Delete current device...")
@@ -398,3 +450,5 @@ class SetAccountOperation: ResultOperation<StoredAccountData?> {
         var device: Device
     }
 }
+
+// swiftlint:disable:this file_length

ios/MullvadVPN/TunnelManager/TunnelInteractor.swift

@@ -33,6 +33,7 @@ protocol TunnelInteractor {
     func setConfigurationLoaded()
     func setSettings(_ settings: LatestTunnelSettings, persist: Bool)
     func setDeviceState(_ deviceState: DeviceState, persist: Bool)
+    func removeLastUsedAccount()
     func handleRestError(_ error: Error)
 
     func startTunnel()

ios/MullvadVPN/TunnelManager/TunnelManager.swift

@@ -364,10 +364,13 @@ final class TunnelManager: StorePaymentObserver {
             MutuallyExclusive(category: OperationCategory.settingsUpdate.category)
         )
 
-        // Unsetting the account (ie. logging out) should cancel all other currently ongoing
-        // activity.
-        if case .unset = action {
+        // Unsetting (ie. logging out) or deleting the account should cancel all other
+        // currently ongoing activity.
+        switch action {
+        case .unset, .delete:
             operationQueue.cancelAllOperations()
+        default:
+            break
         }
 
         operationQueue.addOperation(operation)
@@ -437,43 +440,10 @@ final class TunnelManager: StorePaymentObserver {
     func deleteAccount(
         accountNumber: String,
         completion: ((Error?) -> Void)? = nil
-    ) -> Cancellable {
-        let operation = DeleteAccountOperation(
-            dispatchQueue: internalQueue,
-            accountsProxy: accountsProxy,
-            accessTokenManager: accessTokenManager,
-            accountNumber: accountNumber
-        )
-
-        operation.completionQueue = .main
-        operation.completionHandler = { [weak self] result in
-            switch result {
-            case .success:
-                self?.unsetTunnelConfiguration {
-                    self?.operationQueue.cancelAllOperations()
-                    self?.wipeAllUserData()
-                    self?.setDeviceState(.loggedOut, persist: true)
-                    DispatchQueue.main.async {
-                        completion?(nil)
-                    }
-                }
-            case let .failure(error):
-                completion?(error)
-            }
+    ) {
+        setAccount(action: .delete(accountNumber)) { result in
+            completion?(result.error)
         }
-
-        operation.addObserver(
-            BackgroundObserver(
-                application: application,
-                name: "Delete account",
-                cancelUponExpiration: true
-            )
-        )
-
-        operation.addCondition(MutuallyExclusive(category: OperationCategory.deviceStateUpdate.category))
-
-        operationQueue.addOperation(operation)
-        return operation
     }
 
     func updateDeviceData(_ completionHandler: ((Error?) -> Void)? = nil) {
@@ -1092,7 +1062,7 @@ final class TunnelManager: StorePaymentObserver {
         isRunningPeriodicPrivateKeyRotation = false
     }
 
-    private func wipeAllUserData() {
+    fileprivate func removeLastUsedAccount() {
         do {
             try SettingsManager.setLastUsedAccount(nil)
         } catch {
@@ -1121,7 +1091,7 @@ final class TunnelManager: StorePaymentObserver {
             unsetTunnelConfiguration {
                 self.setDeviceState(.revoked, persist: true)
                 self.operationQueue.cancelAllOperations()
-                self.wipeAllUserData()
+                self.removeLastUsedAccount()
             }
         default:
             break
@@ -1307,6 +1277,10 @@ private struct TunnelInteractorProxy: TunnelInteractor {
         tunnelManager.setDeviceState(deviceState, persist: persist)
     }
 
+    func removeLastUsedAccount() {
+        tunnelManager.removeLastUsedAccount()
+    }
+
     func startTunnel() {
         tunnelManager.startTunnel()
     }