Add tracking of whether an account exists to TunnelManager; activate/deactivate key rotation appropriately.

Author: acb-mv

ios/MullvadVPN/TunnelManager/SetAccountOperation.swift

@@ -35,6 +35,14 @@ enum SetAccountAction {
         case .delete: "Delete account"
         }
     }
+
+    // true if this action results in an account being set if successful
+    var isConstructive: Bool {
+        switch self {
+        case .unset, .delete: false
+        default: true
+        }
+    }
 }
 
 class SetAccountOperation: ResultOperation<StoredAccountData?> {

ios/MullvadVPN/TunnelManager/TunnelManager.swift

@@ -60,6 +60,14 @@ final class TunnelManager: StorePaymentObserver {
     private let observerList = ObserverList<TunnelObserver>()
     private var networkMonitor: NWPathMonitor?
 
+    private var hasAccount = false {
+        didSet(previous) {
+            if hasAccount != previous {
+                startOrStopPeriodicPrivateKeyRotation()
+            }
+        }
+    }
+
     private var privateKeyRotationTimer: DispatchSourceTimer?
     public private(set) var isRunningPeriodicPrivateKeyRotation = false
     public private(set) var nextKeyRotationDate: Date? = nil
@@ -112,7 +120,7 @@ final class TunnelManager: StorePaymentObserver {
         nslock.lock()
         defer { nslock.unlock() }
 
-        guard !isRunningPeriodicPrivateKeyRotation else { return }
+        guard !isRunningPeriodicPrivateKeyRotation, hasAccount else { return }
 
         logger.debug("Start periodic private key rotation.")
 
@@ -132,6 +140,14 @@ final class TunnelManager: StorePaymentObserver {
         updatePrivateKeyRotationTimer()
     }
 
+    func startOrStopPeriodicPrivateKeyRotation() {
+        if hasAccount {
+            startPeriodicPrivateKeyRotation()
+        } else {
+            stopPeriodicPrivateKeyRotation()
+        }
+    }
+
     func getNextKeyRotationDate() -> Date? {
         nslock.lock()
         defer { nslock.unlock() }
@@ -337,6 +353,7 @@ final class TunnelManager: StorePaymentObserver {
 
         operation.completionQueue = .main
         operation.completionHandler = { [weak self] result in
+            self?.hasAccount = action.isConstructive
             self?.updatePrivateKeyRotationTimer()
 
             completionHandler(result)

ios/MullvadVPNTests/DevicesProxy+Stubs.swift

@@ -54,7 +54,8 @@ struct DevicesProxyStub: DeviceHandling {
         retryStrategy: REST.RetryStrategy,
         completion: @escaping ProxyCompletionHandler<Bool>
     ) -> Cancellable {
-        AnyCancellable()
+        completion(.success(true))
+        return AnyCancellable()
     }
 
     func rotateDeviceKey(

ios/MullvadVPNTests/TunnelManagerTests.swift

@@ -59,10 +59,8 @@ final class TunnelManagerTests: XCTestCase {
             apiProxy: apiProxy,
             accessTokenManager: accessTokenManager
         )
-        tunnelManager.startPeriodicPrivateKeyRotation()
-        let previousTimer = tunnelManager.nextKeyRotationDate
         _ = try await tunnelManager.setNewAccount()
-        XCTAssertNotEqual(previousTimer, tunnelManager.nextKeyRotationDate)
+        XCTAssertEqual(tunnelManager.isRunningPeriodicPrivateKeyRotation, true)
     }
 
     func testLogOutStopsKeyRotations() async throws {
@@ -83,9 +81,8 @@ final class TunnelManagerTests: XCTestCase {
             apiProxy: apiProxy,
             accessTokenManager: accessTokenManager
         )
-        tunnelManager.startPeriodicPrivateKeyRotation()
+        _ = try await tunnelManager.setNewAccount()
         await tunnelManager.unsetAccount()
-        // This currently fails, as isRunningPeriodicPrivateKeyRotation is not changed.
         XCTAssertEqual(tunnelManager.isRunningPeriodicPrivateKeyRotation, false)
     }
 }