fix: harden pubky restore

ben-kaufman · ben-kaufman · commit 4033b1edfad0 · 2026-04-24T10:17:40.000-05:00
diff --git a/app/src/main/java/to/bitkit/repositories/PubkyRepo.kt b/app/src/main/java/to/bitkit/repositories/PubkyRepo.kt
@@ -190,6 +190,8 @@ class PubkyRepo @Inject constructor(
         if (storedSecretKeyHex.isNullOrEmpty()) {
             if (!savedSessionSecret.isNullOrEmpty()) {
                 Logger.warn("Skipped re-sign-in recovery, no secret key available", context = TAG)
+                runCatching { keychain.delete(Keychain.Key.PAYKIT_SESSION.name) }
+                notifyBackupStateChanged()
                 InitResult.RestorationFailed
             } else {
                 InitResult.NoSession
@@ -755,27 +757,33 @@ class PubkyRepo @Inject constructor(
 
     suspend fun restoreSessionBackupState(backup: PubkySessionBackupV1?): Result<Unit> = runCatching {
         withContext(ioDispatcher) {
-            pubkyService.forceSignOut()
-            clearAuthenticatedState()
-            runCatching { keychain.delete(Keychain.Key.PAYKIT_SESSION.name) }
-            runCatching { keychain.delete(Keychain.Key.PUBKY_SECRET_KEY.name) }
-
-            when (backup?.kind) {
-                null -> Unit
-                PubkySessionBackupKind.LocalSeed -> {
-                    val secretKeyHex = deriveLocalSecretKeyFromWalletSeed()
-                    keychain.upsertString(Keychain.Key.PUBKY_SECRET_KEY.name, secretKeyHex)
+            initializeMutex.withLock {
+                if (backup == null) {
+                    notifyBackupStateChanged()
+                    return@withLock
                 }
 
-                PubkySessionBackupKind.ExternalSession -> {
-                    val sessionSecret = requireNotNull(backup.sessionSecret?.takeIf { it.isNotBlank() }) {
-                        "Missing session secret in backup"
+                pubkyService.forceSignOut()
+                clearAuthenticatedState()
+                runCatching { keychain.delete(Keychain.Key.PAYKIT_SESSION.name) }
+                runCatching { keychain.delete(Keychain.Key.PUBKY_SECRET_KEY.name) }
+
+                when (backup.kind) {
+                    PubkySessionBackupKind.LocalSeed -> {
+                        val secretKeyHex = deriveLocalSecretKeyFromWalletSeed()
+                        keychain.upsertString(Keychain.Key.PUBKY_SECRET_KEY.name, secretKeyHex)
+                    }
+
+                    PubkySessionBackupKind.ExternalSession -> {
+                        val sessionSecret = requireNotNull(backup.sessionSecret?.takeIf { it.isNotBlank() }) {
+                            "Missing session secret in backup"
+                        }
+                        keychain.upsertString(Keychain.Key.PAYKIT_SESSION.name, sessionSecret)
                     }
-                    keychain.upsertString(Keychain.Key.PAYKIT_SESSION.name, sessionSecret)
                 }
-            }
 
-            notifyBackupStateChanged()
+                notifyBackupStateChanged()
+            }
         }
     }
 
diff --git a/app/src/main/java/to/bitkit/ui/screens/contacts/AddContactScreen.kt b/app/src/main/java/to/bitkit/ui/screens/contacts/AddContactScreen.kt
@@ -163,7 +163,7 @@ private fun AddContactSheetContent(
             trailingIcon = {
                 IconButton(
                     onClick = onPaste,
-                    modifier = Modifier.testTag("AddContactPaste"),
+                    modifier = Modifier.testTag("AddContactPaste")
                 ) {
                     Icon(
                         painter = painterResource(R.drawable.ic_clipboard_text),
@@ -174,7 +174,7 @@ private fun AddContactSheetContent(
             },
             modifier = Modifier
                 .fillMaxWidth()
-                .testTag("AddContactPubkyField"),
+                .testTag("AddContactPubkyField")
         )
         VerticalSpacer(16.dp)
 
@@ -187,15 +187,15 @@ private fun AddContactSheetContent(
                 onClick = onScanQr,
                 modifier = Modifier
                     .weight(1f)
-                    .testTag("AddContactScanQR"),
+                    .testTag("AddContactScanQR")
             )
             PrimaryButton(
                 text = stringResource(R.string.contacts__add_button),
                 onClick = onSubmit,
                 enabled = isSubmitEnabled,
                 modifier = Modifier
                     .weight(1f)
-                    .testTag("AddContactAdd"),
+                    .testTag("AddContactAdd")
             )
         }
         VerticalSpacer(16.dp)
@@ -418,7 +418,7 @@ private fun ErrorContent(
         SecondaryButton(
             text = stringResource(R.string.common__retry),
             onClick = onRetry,
-            modifier = Modifier.testTag("AddContactRetry"),
+            modifier = Modifier.testTag("AddContactRetry")
         )
     }
 }
@@ -462,15 +462,15 @@ private fun LoadedContent(
                 onClick = onDiscard,
                 modifier = Modifier
                     .weight(1f)
-                    .testTag("AddContactDiscard"),
+                    .testTag("AddContactDiscard")
             )
             PrimaryButton(
                 text = stringResource(R.string.common__save),
                 onClick = onSave,
                 enabled = !isLoading,
                 modifier = Modifier
                     .weight(1f)
-                    .testTag("AddContactSave"),
+                    .testTag("AddContactSave")
             )
         }
         VerticalSpacer(16.dp)
diff --git a/app/src/test/java/to/bitkit/repositories/PubkyRepoTest.kt b/app/src/test/java/to/bitkit/repositories/PubkyRepoTest.kt
@@ -26,6 +26,7 @@ import to.bitkit.models.PubkySessionBackupKind
 import to.bitkit.models.PubkySessionBackupV1
 import to.bitkit.services.PubkyService
 import to.bitkit.test.BaseUnitTest
+import to.bitkit.utils.AppError
 import kotlin.test.assertEquals
 import kotlin.test.assertFalse
 import kotlin.test.assertNotNull
@@ -84,7 +85,7 @@ class PubkyRepoTest : BaseUnitTest() {
 
     @Test
     fun `startAuthentication should reset state on failure`() = test {
-        whenever(pubkyService.startAuth()).thenThrow(RuntimeException("Auth failed"))
+        whenever(pubkyService.startAuth()).thenAnswer { throw TestAppError("Auth failed") }
 
         val result = sut.startAuthentication()
 
@@ -145,7 +146,7 @@ class PubkyRepoTest : BaseUnitTest() {
 
     @Test
     fun `completeAuthentication should reset state on failure`() = test {
-        whenever(pubkyService.completeAuth()).thenThrow(RuntimeException("Failed"))
+        whenever(pubkyService.completeAuth()).thenAnswer { throw TestAppError("Failed") }
 
         val result = sut.completeAuthentication()
 
@@ -193,7 +194,7 @@ class PubkyRepoTest : BaseUnitTest() {
         assertNotNull(existingProfile)
 
         val pk = checkNotNull(sut.publicKey.value) { "publicKey should be set after authentication" }
-        whenever(pubkyService.getProfile(pk)).thenThrow(RuntimeException("Network error"))
+        whenever(pubkyService.getProfile(pk)).thenAnswer { throw TestAppError("Network error") }
 
         sut.loadProfile()
 
@@ -266,8 +267,8 @@ class PubkyRepoTest : BaseUnitTest() {
     fun `deleteProfile should fail when signOut fails`() = test {
         authenticateForTesting()
         whenever(keychain.loadString(Keychain.Key.PAYKIT_SESSION.name)).thenReturn("test_secret")
-        whenever(pubkyService.signOut()).thenThrow(RuntimeException("Sign out failed"))
-        whenever(pubkyService.forceSignOut()).thenThrow(RuntimeException("Force sign out failed"))
+        whenever(pubkyService.signOut()).thenAnswer { throw TestAppError("Sign out failed") }
+        whenever(pubkyService.forceSignOut()).thenAnswer { throw TestAppError("Force sign out failed") }
 
         val result = sut.deleteProfile()
 
@@ -284,7 +285,11 @@ class PubkyRepoTest : BaseUnitTest() {
         whenever(keychain.loadString(Keychain.Key.PUBKY_SECRET_KEY.name)).thenReturn(secretKey)
         whenever(pubkyService.sessionList(expiredSession, Env.contactsBasePath)).thenReturn(emptyList())
         whenever(pubkyService.sessionList(newSession, Env.contactsBasePath)).thenReturn(emptyList())
-        whenever(pubkyService.sessionDelete(expiredSession, Env.profilePath)).thenThrow(RuntimeException("Expired"))
+        whenever(
+            pubkyService.sessionDelete(expiredSession, Env.profilePath)
+        ).thenAnswer {
+            throw TestAppError("Expired")
+        }
         whenever(pubkyService.signIn(secretKey)).thenReturn(newSession)
         whenever(pubkyService.importSession(newSession)).thenReturn(VALID_SELF_KEY)
 
@@ -303,7 +308,11 @@ class PubkyRepoTest : BaseUnitTest() {
         whenever(keychain.loadString(Keychain.Key.PAYKIT_SESSION.name)).thenReturn(expiredSession)
         whenever(keychain.loadString(Keychain.Key.PUBKY_SECRET_KEY.name)).thenReturn(null)
         whenever(pubkyService.sessionList(expiredSession, Env.contactsBasePath)).thenReturn(emptyList())
-        whenever(pubkyService.sessionDelete(expiredSession, Env.profilePath)).thenThrow(RuntimeException("Expired"))
+        whenever(
+            pubkyService.sessionDelete(expiredSession, Env.profilePath)
+        ).thenAnswer {
+            throw TestAppError("Expired")
+        }
 
         val result = sut.deleteProfileWithSessionRetry()
 
@@ -315,7 +324,7 @@ class PubkyRepoTest : BaseUnitTest() {
     @Test
     fun `signOut should force sign out when server sign out fails`() = test {
         authenticateForTesting()
-        whenever(pubkyService.signOut()).thenThrow(RuntimeException("Server error"))
+        whenever(pubkyService.signOut()).thenAnswer { throw TestAppError("Server error") }
 
         val result = sut.signOut()
 
@@ -455,6 +464,20 @@ class PubkyRepoTest : BaseUnitTest() {
         verifyBlocking(keychain) { upsertString(Keychain.Key.PAYKIT_SESSION.name, session) }
     }
 
+    @Test
+    fun `initialize should delete stale saved session when re-sign-in is unavailable`() = test {
+        val session = "stale_session"
+        whenever(keychain.loadString(Keychain.Key.PAYKIT_SESSION.name)).thenReturn(session)
+        whenever(keychain.loadString(Keychain.Key.PUBKY_SECRET_KEY.name)).thenReturn(null)
+        whenever(pubkyService.importSession(session)).thenAnswer { throw TestAppError("Expired") }
+
+        sut.initialize()
+
+        assertTrue(sut.sessionRestorationFailed.value)
+        assertFalse(sut.isAuthenticated.value)
+        verifyBlocking(keychain) { delete(Keychain.Key.PAYKIT_SESSION.name) }
+    }
+
     @Test
     fun `refreshSessionIfPossible should refresh session when local secret key exists`() = test {
         val secretKey = "local_secret"
@@ -511,6 +534,21 @@ class PubkyRepoTest : BaseUnitTest() {
         verifyBlocking(keychain) { upsertString(Keychain.Key.PAYKIT_SESSION.name, "external_session") }
     }
 
+    @Test
+    fun `restoreSessionBackupState should keep current session when backup has no pubky state`() = test {
+        authenticateForTesting(publicKey = VALID_SELF_KEY)
+        clearInvocations(pubkyService, keychain)
+
+        val result = sut.restoreSessionBackupState(null)
+
+        assertTrue(result.isSuccess)
+        assertTrue(sut.isAuthenticated.value)
+        assertEquals(VALID_SELF_KEY, sut.publicKey.value)
+        verifyBlocking(pubkyService, never()) { forceSignOut() }
+        verifyBlocking(keychain, never()) { delete(Keychain.Key.PAYKIT_SESSION.name) }
+        verifyBlocking(keychain, never()) { delete(Keychain.Key.PUBKY_SECRET_KEY.name) }
+    }
+
     @Test
     fun `loadContacts should populate contacts on success`() = test {
         authenticateForTesting()
@@ -651,7 +689,7 @@ class PubkyRepoTest : BaseUnitTest() {
         val pk = checkNotNull(sut.publicKey.value)
         val strippedPk = pk.removePrefix("pubky")
         whenever(pubkyService.fetchFileString("pubky://$strippedPk${Env.contactsBasePath}$contactKey"))
-            .thenThrow(RuntimeException("Network error"))
+            .thenAnswer { throw TestAppError("Network error") }
 
         sut.loadContacts()
 
@@ -666,7 +704,7 @@ class PubkyRepoTest : BaseUnitTest() {
         authenticateForTesting()
         whenever(keychain.loadString(Keychain.Key.PAYKIT_SESSION.name)).thenReturn("test_secret")
         whenever(pubkyService.sessionList("test_secret", Env.contactsBasePath))
-            .thenThrow(RuntimeException("Directory Not Found (404)"))
+            .thenAnswer { throw TestAppError("Directory Not Found (404)") }
 
         sut.loadContacts()
 
@@ -695,7 +733,7 @@ class PubkyRepoTest : BaseUnitTest() {
         val strippedKey = contactKey.removePrefix("pubky")
         val contactProfile = mock<CorePubkyProfile>()
         whenever(pubkyService.fetchFileString("pubky://$strippedKey${Env.profilePath}"))
-            .thenThrow(RuntimeException("Missing bitkit profile"))
+            .thenAnswer { throw TestAppError("Missing bitkit profile") }
         whenever(contactProfile.name).thenReturn("Bob")
         whenever(contactProfile.bio).thenReturn("Bio")
         whenever(pubkyService.getProfile(contactKey)).thenReturn(contactProfile)
@@ -711,8 +749,8 @@ class PubkyRepoTest : BaseUnitTest() {
         val contactKey = VALID_CONTACT_KEY_A
         val strippedKey = contactKey.removePrefix("pubky")
         whenever(pubkyService.fetchFileString("pubky://$strippedKey${Env.profilePath}"))
-            .thenThrow(RuntimeException("Missing bitkit profile"))
-        whenever(pubkyService.getProfile(contactKey)).thenThrow(RuntimeException("Profile not found"))
+            .thenAnswer { throw TestAppError("Missing bitkit profile") }
+        whenever(pubkyService.getProfile(contactKey)).thenAnswer { throw TestAppError("Profile not found") }
 
         val result = sut.fetchContactProfile(contactKey)
 
@@ -892,5 +930,7 @@ class PubkyRepoTest : BaseUnitTest() {
     }
 }
 
+private class TestAppError(message: String) : AppError(message)
+
 private fun String.ensurePubkyPrefixForTest(): String =
     if (startsWith("pubky")) this else "pubky$this"
