From 6def911dbc3397adced440c77187b2035e40d0f4 Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Mon, 17 Feb 2020 10:46:43 +1100
Subject: [PATCH] Enforce file size limit for profile pictures

---
 Signal/Signal-Info.plist                           |  2 +-
 .../src/Loki/View Controllers/DisplayNameVC.swift  |  2 +-
 Signal/src/Loki/View Controllers/SettingsVC.swift  | 10 ++++++++--
 Signal/src/ViewControllers/ProfileViewController.m |  2 +-
 .../OnboardingProfileViewController.swift          |  2 +-
 Signal/src/util/Backup/OWSBackupImportJob.m        |  2 +-
 SignalMessaging/profiles/OWSProfileManager.h       |  2 +-
 SignalMessaging/profiles/OWSProfileManager.m       | 14 +++++++-------
 .../src/Loki/API/LokiFileServerAPI.swift           |  3 +++
 9 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/Signal/Signal-Info.plist b/Signal/Signal-Info.plist
index 378a5f3ca..342d37adb 100644
--- a/Signal/Signal-Info.plist
+++ b/Signal/Signal-Info.plist
@@ -5,7 +5,7 @@
 	<key>BuildDetails</key>
 	<dict>
 		<key>CarthageVersion</key>
-		<string>0.33.0</string>
+		<string>0.34.0</string>
 		<key>OSXVersion</key>
 		<string>10.15.3</string>
 		<key>WebRTCCommit</key>
diff --git a/Signal/src/Loki/View Controllers/DisplayNameVC.swift b/Signal/src/Loki/View Controllers/DisplayNameVC.swift
index ffbadd74a..264a5fd3d 100644
--- a/Signal/src/Loki/View Controllers/DisplayNameVC.swift	
+++ b/Signal/src/Loki/View Controllers/DisplayNameVC.swift	
@@ -155,7 +155,7 @@ final class DisplayNameVC : UIViewController {
             return showError(title: NSLocalizedString("Please pick a shorter display name", comment: ""))
         }
         TSAccountManager.sharedInstance().didRegister()
-        OWSProfileManager.shared().updateLocalProfileName(displayName, avatarImage: nil, success: { }, failure: { }) // Try to save the user name but ignore the result
+        OWSProfileManager.shared().updateLocalProfileName(displayName, avatarImage: nil, success: { }, failure: { _ in }) // Try to save the user name but ignore the result
         let homeVC = HomeVC()
         navigationController!.setViewControllers([ homeVC ], animated: true)
     }
diff --git a/Signal/src/Loki/View Controllers/SettingsVC.swift b/Signal/src/Loki/View Controllers/SettingsVC.swift
index acf7b3ab2..4e92331db 100644
--- a/Signal/src/Loki/View Controllers/SettingsVC.swift	
+++ b/Signal/src/Loki/View Controllers/SettingsVC.swift	
@@ -274,10 +274,16 @@ final class SettingsVC : UIViewController, AvatarViewHelperDelegate {
                         self.displayNameToBeUploaded = nil
                     }
                 }
-            }, failure: {
+            }, failure: { error in
                 DispatchQueue.main.async {
                     modalActivityIndicator.dismiss {
-                        let alert = UIAlertController(title: NSLocalizedString("Couldn't Update Profile", comment: ""), message: NSLocalizedString("Please check your internet connection and try again", comment: ""), preferredStyle: .alert)
+                        var isMaxFileSizeExceeded = false
+                        if let error = error as? LokiDotNetAPI.LokiDotNetAPIError {
+                            isMaxFileSizeExceeded = (error == .maxFileSizeExceeded)
+                        }
+                        let title = isMaxFileSizeExceeded ? "Maximum File Size Exceeded" : NSLocalizedString("Couldn't Update Profile", comment: "")
+                        let message = isMaxFileSizeExceeded ? "Please select a smaller photo and try again" : NSLocalizedString("Please check your internet connection and try again", comment: "")
+                        let alert = UIAlertController(title: title, message: message, preferredStyle: .alert)
                         alert.addAction(UIAlertAction(title: NSLocalizedString("OK", comment: ""), style: .default, handler: nil))
                         self?.present(alert, animated: true, completion: nil)
                     }
diff --git a/Signal/src/ViewControllers/ProfileViewController.m b/Signal/src/ViewControllers/ProfileViewController.m
index 7234eeea8..536a69d45 100644
--- a/Signal/src/ViewControllers/ProfileViewController.m
+++ b/Signal/src/ViewControllers/ProfileViewController.m
@@ -419,7 +419,7 @@ NSString *const kProfileView_LastPresentedDate = @"kProfileView_LastPresentedDat
                                   }];
                               });
                           }
-                          failure:^{
+                          failure:^(NSError *error) {
                               dispatch_async(dispatch_get_main_queue(), ^{
                                   [modalActivityIndicator dismissWithCompletion:^{
                                       [OWSAlerts showErrorAlertWithMessage:NSLocalizedString(
diff --git a/Signal/src/ViewControllers/Registration/OnboardingProfileViewController.swift b/Signal/src/ViewControllers/Registration/OnboardingProfileViewController.swift
index 2e94c34b9..795bfd7e5 100644
--- a/Signal/src/ViewControllers/Registration/OnboardingProfileViewController.swift
+++ b/Signal/src/ViewControllers/Registration/OnboardingProfileViewController.swift
@@ -170,7 +170,7 @@ public class OnboardingProfileViewController: OnboardingBaseViewController {
                                                                     self.onboardingController.profileDidComplete(fromView: self)
                                                                 })
                                                             }
-                                                        }, failure: {
+                                                        }, failure: { _ in
                                                             DispatchQueue.main.async {
                                                                 modal.dismiss(completion: {
                                                                     OWSAlerts.showErrorAlert(message: NSLocalizedString("PROFILE_VIEW_ERROR_UPDATE_FAILED",
diff --git a/Signal/src/util/Backup/OWSBackupImportJob.m b/Signal/src/util/Backup/OWSBackupImportJob.m
index 6ccf6f5de..2d94a7bc5 100644
--- a/Signal/src/util/Backup/OWSBackupImportJob.m
+++ b/Signal/src/util/Backup/OWSBackupImportJob.m
@@ -336,7 +336,7 @@ NSString *const kOWSBackup_ImportDatabaseKeySpec = @"kOWSBackup_ImportDatabaseKe
             success:^{
                 resolve(@(1));
             }
-            failure:^{
+            failure:^(NSError *error) {
                 // Ignore errors related to local profile.
                 resolve(@(1));
             }];
diff --git a/SignalMessaging/profiles/OWSProfileManager.h b/SignalMessaging/profiles/OWSProfileManager.h
index a0b5a379b..69d991906 100644
--- a/SignalMessaging/profiles/OWSProfileManager.h
+++ b/SignalMessaging/profiles/OWSProfileManager.h
@@ -50,7 +50,7 @@ extern const NSUInteger kOWSProfileManager_MaxAvatarDiameter;
 - (void)updateLocalProfileName:(nullable NSString *)profileName
                    avatarImage:(nullable UIImage *)avatarImage
                        success:(void (^)(void))successBlock
-                       failure:(void (^)(void))failureBlock;
+                       failure:(void (^)(NSError *))failureBlock;
 
 - (BOOL)isProfileNameTooLong:(nullable NSString *)profileName;
 
diff --git a/SignalMessaging/profiles/OWSProfileManager.m b/SignalMessaging/profiles/OWSProfileManager.m
index 386247089..bc4376d20 100644
--- a/SignalMessaging/profiles/OWSProfileManager.m
+++ b/SignalMessaging/profiles/OWSProfileManager.m
@@ -229,13 +229,13 @@ typedef void (^ProfileManagerFailureBlock)(NSError *error);
 - (void)updateLocalProfileName:(nullable NSString *)profileName
                    avatarImage:(nullable UIImage *)avatarImage
                        success:(void (^)(void))successBlockParameter
-                       failure:(void (^)(void))failureBlockParameter
+                       failure:(void (^)(NSError *))failureBlockParameter
 {
     OWSAssertDebug(successBlockParameter);
     OWSAssertDebug(failureBlockParameter);
 
     // Ensure that the success and failure blocks are called on the main thread.
-    void (^failureBlock)(void) = ^{
+    void (^failureBlock)(NSError *) = ^(NSError *error) {
         OWSLogError(@"Updating service with profile failed.");
 
         // We use a "self-only" contact sync to indicate to desktop
@@ -247,7 +247,7 @@ typedef void (^ProfileManagerFailureBlock)(NSError *error);
         [[self.syncManager syncLocalContact] retainUntilComplete];
 
         dispatch_async(dispatch_get_main_queue(), ^{
-            failureBlockParameter();
+            failureBlockParameter(error);
         });
     };
     void (^successBlock)(void) = ^{
@@ -288,7 +288,7 @@ typedef void (^ProfileManagerFailureBlock)(NSError *error);
                                         }];
             }
             failure:^(NSError *error) {
-                failureBlock();
+                failureBlock(error);
             }];
     };
 
@@ -319,11 +319,11 @@ typedef void (^ProfileManagerFailureBlock)(NSError *error);
                             tryToUpdateService(avatarUrlPath, fileName);
                         }
                         failure:^(NSError *error) {
-                            failureBlock();
+                            failureBlock(error);
                         }];
                 }
                 failure:^(NSError *error) {
-                    failureBlock();
+                    failureBlock(error);
                 }];
         }
     } else if (userProfile.avatarUrlPath) {
@@ -333,7 +333,7 @@ typedef void (^ProfileManagerFailureBlock)(NSError *error);
                 tryToUpdateService(nil, nil);
             }
             failure:^(NSError *error) {
-                failureBlock();
+                failureBlock(error);
             }];
     } else {
         OWSLogVerbose(@"Updating local profile on service with no avatar.");
diff --git a/SignalServiceKit/src/Loki/API/LokiFileServerAPI.swift b/SignalServiceKit/src/Loki/API/LokiFileServerAPI.swift
index f9b60faca..e33c9a43f 100644
--- a/SignalServiceKit/src/Loki/API/LokiFileServerAPI.swift
+++ b/SignalServiceKit/src/Loki/API/LokiFileServerAPI.swift
@@ -138,6 +138,9 @@ public final class LokiFileServerAPI : LokiDotNetAPI {
     // MARK: Profile Pictures (Public API)
     public static func setProfilePicture(_ profilePicture: Data) -> Promise<String> {
         return Promise<String>() { seal in
+            guard profilePicture.count < maxFileSize else {
+                return seal.reject(LokiDotNetAPIError.maxFileSizeExceeded)
+            }
             getAuthToken(for: server).done { token in
                 let url = "\(server)/users/me/avatar"
                 let parameters: JSON = [ "type" : attachmentType, "Content-Type" : "application/binary" ]