Bug Fix - Device name leaks personal information

element-hq/element-ios#910

MatrixKit/Assets/MatrixKitAssets.bundle/en.lproj/MatrixKit.strings

@@ -51,6 +51,9 @@
 "login_invalid_param" = "Invalid parameter";
 "register_error_title" = "Registration Failed";
 "login_error_forgot_password_is_not_supported" = "Forgot password is not currently supported";
+"login_mobile_device"="Mobile";
+"login_tablet_device"="Tablet";
+"login_desktop_device"="Desktop";
 
 // Action
 "no" = "No";

MatrixKit/Controllers/MXKAuthenticationViewController.h

@@ -126,6 +126,12 @@
  */
 @property(nonatomic,getter=isUserInteractionEnabled) BOOL userInteractionEnabled;
 
+/**
+ The device name used to display it in the user's devices list (nil by default).
+ If nil, the device display name field is filled with a default string: "Mobile", "Tablet"...
+ */
+@property (nonatomic) NSString *deviceDisplayName;
+
 /**
  The delegate for the view controller.
  */

MatrixKit/Controllers/MXKAuthenticationViewController.m

@@ -101,6 +101,8 @@ - (void)finalizeInit
     // Set initial auth type
     _authType = MXKAuthenticationTypeLogin;
 
+    _deviceDisplayName = nil;
+
     // Initialize authInputs view classes
     loginAuthInputsViewClass = MXKAuthInputsPasswordBasedView.class;
     registerAuthInputsViewClass = nil; // No registration flow is supported yet
@@ -829,7 +831,9 @@ - (IBAction)onButtonPressed:(id)sender
                         NSDictionary *parameters = @{@"auth": @{},
                                                      @"username": self.authInputsView.userId,
                                                      @"password": self.authInputsView.password,
-                                                     @"bind_email": @(NO)};
+                                                     @"bind_email": @(NO),
+                                                     @"initial_device_display_name":self.deviceDisplayName
+                                                     };
 
                         mxCurrentOperation = [mxRestClient registerWithParameters:parameters success:^(NSDictionary *JSONResponse) {
 
@@ -1198,6 +1202,22 @@ - (void)onSuccessfulLogin:(MXCredentials*)credentials
 
 #pragma mark - Privates
 
+- (NSString *)deviceDisplayName
+{
+    if (_deviceDisplayName)
+    {
+        return _deviceDisplayName;
+    }
+
+#if TARGET_OS_IPHONE
+    NSString *deviceName = [[UIDevice currentDevice].model isEqualToString:@"iPad"] ? [NSBundle mxk_localizedStringForKey:@"login_tablet_device"] : [NSBundle mxk_localizedStringForKey:@"login_mobile_device"];
+#elif TARGET_OS_OSX
+    NSString *deviceName = [NSBundle mxk_localizedStringForKey:@"login_desktop_device"];
+#endif
+
+    return deviceName;
+}
+
 - (void)refreshForgotPasswordSession
 {
     [_authenticationActivityIndicator stopAnimating];
@@ -1334,7 +1354,11 @@ - (void)updateRESTClient
 
 - (void)loginWithParameters:(NSDictionary*)parameters
 {
-    mxCurrentOperation = [mxRestClient login:parameters success:^(NSDictionary *JSONResponse) {
+    // Add the device name
+    NSMutableDictionary *theParameters = [NSMutableDictionary dictionaryWithDictionary:parameters];
+    theParameters[@"initial_device_display_name"] = self.deviceDisplayName;
+
+    mxCurrentOperation = [mxRestClient login:theParameters success:^(NSDictionary *JSONResponse) {
 
         MXCredentials *credentials = [MXCredentials modelFromJSON:JSONResponse];
 
@@ -1370,7 +1394,11 @@ - (void)registerWithParameters:(NSDictionary*)parameters
         registrationTimer = nil;
     }
 
-    mxCurrentOperation = [mxRestClient registerWithParameters:parameters success:^(NSDictionary *JSONResponse) {
+    // Add the device name
+    NSMutableDictionary *theParameters = [NSMutableDictionary dictionaryWithDictionary:parameters];
+    theParameters[@"initial_device_display_name"] = self.deviceDisplayName;
+
+    mxCurrentOperation = [mxRestClient registerWithParameters:theParameters success:^(NSDictionary *JSONResponse) {
 
         MXCredentials *credentials = [MXCredentials modelFromJSON:JSONResponse];