From e54b55c8bdda6ff6c3e597d9afbf729fe6f76da5 Mon Sep 17 00:00:00 2001
From: Max Goedjen <max.goedjen@gmail.com>
Date: Sun, 7 Nov 2021 17:19:24 -0800
Subject: [PATCH] Match key to note

---
 SecretAgent/Notifier.swift                    | 36 +++++++++++++------
 ...uthenticationContextPersistenceStore.swift |  9 +++++
 Secretive.xcodeproj/project.pbxproj           |  4 +++
 3 files changed, 39 insertions(+), 10 deletions(-)
 create mode 100644 SecretKit/Common/Types/AuthenticationContextPersistenceStore.swift

diff --git a/SecretAgent/Notifier.swift b/SecretAgent/Notifier.swift
index 75fdac8..ffa8059 100644
--- a/SecretAgent/Notifier.swift
+++ b/SecretAgent/Notifier.swift
@@ -15,10 +15,11 @@ class Notifier {
         let updateCategory = UNNotificationCategory(identifier: Constants.updateCategoryIdentitifier, actions: [updateAction, ignoreAction], intentIdentifiers: [], options: [])
         let criticalUpdateCategory = UNNotificationCategory(identifier: Constants.criticalUpdateCategoryIdentitifier, actions: [updateAction], intentIdentifiers: [], options: [])
 
-        let rawDurations = [Measurement(value: 1, unit: UnitDuration.minutes),
-                            Measurement(value: 5, unit: UnitDuration.minutes),
-                            Measurement(value: 1, unit: UnitDuration.hours),
-                            Measurement(value: 24, unit: UnitDuration.hours)
+        let rawDurations = [
+            Measurement(value: 1, unit: UnitDuration.minutes),
+            Measurement(value: 5, unit: UnitDuration.minutes),
+            Measurement(value: 1, unit: UnitDuration.hours),
+            Measurement(value: 24, unit: UnitDuration.hours)
         ]
 
         let doNotPersistAction = UNNotificationAction(identifier: Constants.doNotPersistActionIdentitifier, title: "Do Not Unlock", options: [])
@@ -43,6 +44,12 @@ class Notifier {
         }
         UNUserNotificationCenter.current().setNotificationCategories([updateCategory, criticalUpdateCategory, persistAuthenticationCategory])
         UNUserNotificationCenter.current().delegate = notificationDelegate
+
+        notificationDelegate.persistAuthentication = { secret, store, duration in
+            guard let duration = duration else { return }
+            try? store.persistAuthentication(secret: secret, forDuration: duration)
+        }
+
     }
 
     func prompt() {
@@ -51,14 +58,14 @@ class Notifier {
     }
 
     func notify(accessTo secret: AnySecret, from store: AnySecretStore, by provenance: SigningRequestProvenance, requiredAuthentication: Bool) {
-        notificationDelegate.persistAuthentication = { duration in
-            guard let duration = duration else { return }
-            try? store.persistAuthentication(secret: secret, forDuration: duration)
-        }
+        notificationDelegate.pendingPersistableSecrets[secret.id.description] = secret
+        notificationDelegate.pendingPersistableStores[store.id.description] = store
         let notificationCenter = UNUserNotificationCenter.current()
         let notificationContent = UNMutableNotificationContent()
         notificationContent.title = "Signed Request from \(provenance.origin.displayName)"
         notificationContent.subtitle = "Using secret \"\(secret.name)\""
+        notificationContent.userInfo[Constants.persistSecretIDKey] = secret.id.description
+        notificationContent.userInfo[Constants.persistStoreIDKey] = store.id.description
         if #available(macOS 12.0, *) {
             notificationContent.interruptionLevel = .timeSensitive
         }
@@ -119,6 +126,9 @@ extension Notifier {
         static let persistAuthenticationCategoryIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication"
         static let doNotPersistActionIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.donotpersist"
         static let persistForActionIdentitifierPrefix  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.persist."
+
+        static let persistSecretIDKey  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.secretidkey"
+        static let persistStoreIDKey  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.storeidkey"
     }
 
 }
@@ -127,8 +137,10 @@ class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate {
 
     fileprivate var release: Release?
     fileprivate var ignore: ((Release) -> Void)?
-    fileprivate var persistAuthentication: ((TimeInterval?) -> Void)?
+    fileprivate var persistAuthentication: ((AnySecret, AnySecretStore, TimeInterval?) -> Void)?
     fileprivate var persistOptions: [String: TimeInterval] = [:]
+    fileprivate var pendingPersistableStores: [String: AnySecretStore] = [:]
+    fileprivate var pendingPersistableSecrets: [String: AnySecret] = [:]
 
     func userNotificationCenter(_ center: UNUserNotificationCenter, openSettingsFor notification: UNNotification?) {
 
@@ -161,7 +173,11 @@ class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate {
     }
 
     func handlePersistAuthenticationResponse(response: UNNotificationResponse) {
-        persistAuthentication?(persistOptions[response.actionIdentifier])
+        guard let secretID = response.notification.request.content.userInfo[Notifier.Constants.persistSecretIDKey] as? String, let secret = pendingPersistableSecrets[secretID],
+              let storeID = response.notification.request.content.userInfo[Notifier.Constants.persistStoreIDKey] as? String, let store = pendingPersistableStores[storeID]
+        else { return }
+        pendingPersistableSecrets[secretID] = nil
+        persistAuthentication?(secret, store, persistOptions[response.actionIdentifier])
     }
 
     func userNotificationCenter(_ center: UNUserNotificationCenter, willPresent notification: UNNotification, withCompletionHandler completionHandler: @escaping (UNNotificationPresentationOptions) -> Void) {
diff --git a/SecretKit/Common/Types/AuthenticationContextPersistenceStore.swift b/SecretKit/Common/Types/AuthenticationContextPersistenceStore.swift
new file mode 100644
index 0000000..a1be3c3
--- /dev/null
+++ b/SecretKit/Common/Types/AuthenticationContextPersistenceStore.swift
@@ -0,0 +1,9 @@
+//
+//  AuthenticationContextPersistenceStore.swift
+//  SecretKit
+//
+//  Created by Max Goedjen on 11/7/21.
+//  Copyright © 2021 Max Goedjen. All rights reserved.
+//
+
+import Foundation
diff --git a/Secretive.xcodeproj/project.pbxproj b/Secretive.xcodeproj/project.pbxproj
index 630f5c5..a443835 100644
--- a/Secretive.xcodeproj/project.pbxproj
+++ b/Secretive.xcodeproj/project.pbxproj
@@ -14,6 +14,7 @@
 		5018F54F24064786002EB505 /* Notifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5018F54E24064786002EB505 /* Notifier.swift */; };
 		501B7AE1251C56F700776EC7 /* SigningRequestProvenance.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */; };
 		5035FF6E2737A2F4006FE1F6 /* SignedData.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5035FF6D2737A2F4006FE1F6 /* SignedData.swift */; };
+		5035FF742738AEA1006FE1F6 /* AuthenticationContextPersistenceStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5035FF732738AEA1006FE1F6 /* AuthenticationContextPersistenceStore.swift */; };
 		50524B442420969E008DBD97 /* OpenSSHWriterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */; };
 		50571E0324393C2600F76F6C /* JustUpdatedChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */; };
 		50571E0524393D1500F76F6C /* LaunchAgentController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50571E0424393D1500F76F6C /* LaunchAgentController.swift */; };
@@ -230,6 +231,7 @@
 		50153E21250DECA300525160 /* SecretListItemView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretListItemView.swift; sourceTree = "<group>"; };
 		5018F54E24064786002EB505 /* Notifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notifier.swift; sourceTree = "<group>"; };
 		5035FF6D2737A2F4006FE1F6 /* SignedData.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SignedData.swift; sourceTree = "<group>"; };
+		5035FF732738AEA1006FE1F6 /* AuthenticationContextPersistenceStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AuthenticationContextPersistenceStore.swift; sourceTree = "<group>"; };
 		50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenSSHWriterTests.swift; sourceTree = "<group>"; };
 		50571E0224393C2600F76F6C /* JustUpdatedChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = JustUpdatedChecker.swift; sourceTree = "<group>"; };
 		50571E0424393D1500F76F6C /* LaunchAgentController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LaunchAgentController.swift; sourceTree = "<group>"; };
@@ -397,6 +399,7 @@
 				50617DCA23FCECA10099B055 /* Secret.swift */,
 				50617DC623FCE4EA0099B055 /* SecretStore.swift */,
 				5035FF6D2737A2F4006FE1F6 /* SignedData.swift */,
+				5035FF732738AEA1006FE1F6 /* AuthenticationContextPersistenceStore.swift */,
 			);
 			path = Types;
 			sourceTree = "<group>";
@@ -1057,6 +1060,7 @@
 				506838A32415EA5D00F55094 /* AnySecretStore.swift in Sources */,
 				50617DCE23FCECFA0099B055 /* SecureEnclaveSecret.swift in Sources */,
 				50617DD023FCED2C0099B055 /* SecureEnclave.swift in Sources */,
+				5035FF742738AEA1006FE1F6 /* AuthenticationContextPersistenceStore.swift in Sources */,
 				5068389E241471CD00F55094 /* SecretStoreList.swift in Sources */,
 				506838A12415EA5600F55094 /* AnySecret.swift in Sources */,
 				5099A02923FE35240062B6F2 /* SmartCardStore.swift in Sources */,