Add DTO for User Storage

Author: Foriger

MIRACLTrust/MIRACLTrust-Sources/Authentication/Authenticator.swift

@@ -152,7 +152,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
                     if let clientErrorData, clientErrorData.code == MPINID_EXPIRED || clientErrorData.code == EXPIRED_MPINID {
                         let user = user.revoke()
 
-                        try? userStorage.update(user: user)
+                        try? userStorage.update(user: user.toUserDTO())
 
                         callCompletionHandler(with: AuthenticationError.revoked)
                         return
@@ -225,7 +225,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
                         case MPINID_REVOKED, REVOKED_MPINID:
                             let user = user.revoke()
 
-                            try? userStorage.update(user: user)
+                            try? userStorage.update(user: user.toUserDTO())
 
                             callCompletionHandler(with: AuthenticationError.revoked)
                             return

MIRACLTrust/MIRACLTrust-Sources/MIRACLTrust.swift

@@ -6,7 +6,9 @@ import Foundation
     // MARK: Public properties
 
     @objc public var users: [User] {
-        userStorage.all()
+        userStorage.all().map {
+            $0.toUser()
+        }
     }
 
     @objc public var projectId: String
@@ -847,15 +849,15 @@ import Foundation
     ///   - userId: id of the user. Can be email or any other string.
     /// - Returns: User object from the database. Returns nil if there is no such object in the storage.
     @objc public func getUser(by userId: String) -> User? {
-        userStorage.getUser(by: userId, projectId: projectId)
+        userStorage.getUser(by: userId, projectId: projectId)?.toUser()
     }
 
     // MARK: Identities Removal
 
     /// Delete a registered user.
     /// - Parameter user: object that needs to be deleted.
     @objc public func delete(user: User) throws {
-        try userStorage.delete(user: user)
+        try userStorage.delete(user: user.toUserDTO())
     }
 
     // MARK: Private methods

MIRACLTrust/MIRACLTrust-Sources/Push Notification Authentication/PushNotificationAuthenticator.swift

@@ -39,7 +39,7 @@ struct PushNotificationAuthenticator: Sendable {
             return
         }
 
-        guard let user = userStorage.getUser(by: userId, projectId: projectId) else {
+        guard let user = userStorage.getUser(by: userId, projectId: projectId)?.toUser() else {
             callCompletionHandler(
                 authenticated: false,
                 error: AuthenticationError.userNotFound

MIRACLTrust/MIRACLTrust-Sources/Registration/Registrator.swift

@@ -299,7 +299,7 @@ final class Registrator: Sendable {
                     category: .registration
                 )
 
-                try userStorage.update(user: user)
+                try userStorage.update(user: user.toUserDTO())
 
                 DispatchQueue.main.async {
                     self.completionHandler(user, nil)
@@ -310,7 +310,7 @@ final class Registrator: Sendable {
                     category: .registration
                 )
 
-                try userStorage.add(user: user)
+                try userStorage.add(user: user.toUserDTO())
 
                 DispatchQueue.main.async {
                     self.completionHandler(user, nil)

MIRACLTrust/MIRACLTrust-Sources/Signing/Signer.swift

@@ -123,7 +123,7 @@ struct Signer: Sendable {
         logOperation(operation: LoggingConstants.signingExecution)
 
         // User could be updated from WaM.
-        let user = userStorage.getUser(by: user.userId, projectId: user.projectId) ?? user
+        let user = userStorage.getUser(by: user.userId, projectId: user.projectId)?.toUser() ?? user
         let timestamp = Date()
 
         guard let publicKey = user.publicKey else {

MIRACLTrust/MIRACLTrust-Sources/User Storage/SQLiteUserStorage.swift

@@ -79,7 +79,7 @@ final class SQLiteUserStorage: NSObject, UserStorage {
         }
     }
 
-    func add(user: User) throws {
+    func add(user: UserDTO) throws {
         let insertUser = """
             INSERT INTO
                 User(userId, projectId, revoked, pinLength, mpinId, token, dtas, publicKey) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
@@ -119,7 +119,7 @@ final class SQLiteUserStorage: NSObject, UserStorage {
         }
     }
 
-    func delete(user: User) throws {
+    func delete(user: UserDTO) throws {
         let deleteUser = """
             DELETE FROM User WHERE userId = ? AND projectId = ?
         """
@@ -136,7 +136,7 @@ final class SQLiteUserStorage: NSObject, UserStorage {
         )
     }
 
-    func update(user: User) throws {
+    func update(user: UserDTO) throws {
         let updateUser = """
             UPDATE User
             SET revoked = ?, pinLength = ? , mpinId = ?, token = ?, dtas = ?, publicKey = ?
@@ -178,13 +178,13 @@ final class SQLiteUserStorage: NSObject, UserStorage {
         )
     }
 
-    func all() -> [User] {
+    func all() -> [UserDTO] {
         let selectAllUsers = """
             SELECT * FROM User
         """
 
         do {
-            var users = [User]()
+            var users = [UserDTO]()
             try sqliteHelper.select(
                 statement: selectAllUsers,
                 bindingsBlock: nil,
@@ -223,7 +223,7 @@ final class SQLiteUserStorage: NSObject, UserStorage {
                         publicKey = data
                     }
 
-                    let iteratedUser = User(
+                    let iteratedUser = UserDTO(
                         userId: userId,
                         projectId: projectId,
                         revoked: revoked,
@@ -242,13 +242,13 @@ final class SQLiteUserStorage: NSObject, UserStorage {
         }
     }
 
-    func getUser(by userId: String, projectId: String) -> User? {
+    func getUser(by userId: String, projectId: String) -> UserDTO? {
         let selectUserByUserIdAndProjectId = """
             SELECT * FROM User WHERE userId = ? AND projectId = ?
         """
 
         do {
-            var user: User?
+            var user: UserDTO?
             try sqliteHelper.select(
                 statement: selectUserByUserIdAndProjectId,
                 bindingsBlock: { statement in
@@ -291,7 +291,7 @@ final class SQLiteUserStorage: NSObject, UserStorage {
 
                         publicKey = data
                     }
-                    user = User(
+                    user = UserDTO(
                         userId: userId,
                         projectId: projectId,
                         revoked: revoked,

MIRACLTrust/MIRACLTrust-Sources/User Storage/User.swift

@@ -81,3 +81,18 @@ import Foundation
         )
     }
 }
+
+extension User {
+    func toUserDTO() -> UserDTO {
+        UserDTO(
+            userId: userId,
+            projectId: projectId,
+            revoked: revoked,
+            pinLength: pinLength,
+            mpinId: mpinId,
+            token: token,
+            dtas: dtas,
+            publicKey: publicKey
+        )
+    }
+}

MIRACLTrust/MIRACLTrust-Sources/User Storage/UserDTO.swift

@@ -0,0 +1,72 @@
+import Foundation
+
+/// Defines the persistent data representation of a user.
+///
+/// A user is uniquely identified by the composite key of (`userId`, `projectId`).
+///
+/// - warning: This object contains sensitive data.
+/// Implementers must ensure secure storage (e.g., encryption at rest).
+public final class UserDTO: NSObject, Sendable {
+    /// The identifier of the user, which is unique within the scope of a project. Could be email, username, etc.
+    public let userId: String
+
+    /// The identifier of the project this user belongs to.
+    public let projectId: String
+
+    /// The revocation status of the user.
+    public let revoked: Bool
+
+    /// The user's PIN's number of digits.
+    public let pinLength: Int
+
+    /// The identifier of this user registration in the MIRACL Trust Platform.
+    public let mpinId: Data
+
+    /// A secure user token.
+    ///
+    /// - warning:
+    ///  This field contain sensitive data. The storage implementation
+    /// is responsible for its secure handling, including encryption at rest.
+    public let token: Data
+
+    /// Data required for a server-side validation.
+    public let dtas: String
+
+    /// The public part of the user's signing key.
+    public let publicKey: Data?
+
+    public init(
+        userId: String,
+        projectId: String,
+        revoked: Bool,
+        pinLength: Int,
+        mpinId: Data,
+        token: Data,
+        dtas: String,
+        publicKey: Data?
+    ) {
+        self.userId = userId
+        self.projectId = projectId
+        self.revoked = revoked
+        self.pinLength = pinLength
+        self.mpinId = mpinId
+        self.token = token
+        self.dtas = dtas
+        self.publicKey = publicKey
+    }
+}
+
+extension UserDTO {
+    func toUser() -> User {
+        User(
+            userId: userId,
+            projectId: projectId,
+            revoked: revoked,
+            pinLength: pinLength,
+            mpinId: mpinId,
+            token: token,
+            dtas: dtas,
+            publicKey: publicKey
+        )
+    }
+}

MIRACLTrust/MIRACLTrust-Sources/User Storage/UserStorage.swift

@@ -10,22 +10,22 @@ public protocol UserStorage: Sendable {
 
     /// Adds a new user to the storage.
     /// - Parameter user: a user that needs to be added to the storage.
-    func add(user: User) throws
+    func add(user: UserDTO) throws
 
     /// Deletes the user from the storage.
     /// - Parameter user: a user that needs to be deleted to the storage.
-    func delete(user: User) throws
+    func delete(user: UserDTO) throws
 
     /// Updates the user in the storage
     /// - Parameter user: a user that needs to be updated to the storage.
-    func update(user: User) throws
+    func update(user: UserDTO) throws
 
     /// Get all users written in the storage.
-    func all() -> [User]
+    func all() -> [UserDTO]
 
     /// Get User object by its user id and project id. If User isn't present in the storage this method returns nil.
     /// - Parameters:
     ///   - userId: a user id to be checked in the storage.
     ///   - projectId: a project id to be checked in the storage.
-    func getUser(by userId: String, projectId: String) -> User?
+    func getUser(by userId: String, projectId: String) -> UserDTO?
 }

MIRACLTrust/MIRACLTrust.xcodeproj/project.pbxproj

@@ -193,6 +193,7 @@
 		6DC89F612E2FCA1000683AFB /* CrossDeviceSessionAborter.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DC89F602E2FCA0900683AFB /* CrossDeviceSessionAborter.swift */; };
 		6DC89F632E2FDBE900683AFB /* CrossDeviceSessionError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DC89F622E2FDBE400683AFB /* CrossDeviceSessionError.swift */; };
 		6DC987342E54C3CB00E1EDAB /* CrossDeviceSessionTestCase.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DC987332E54C3C400E1EDAB /* CrossDeviceSessionTestCase.swift */; };
+		6DC987222E5332D200E1EDAB /* UserDTO.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DC987212E5332CF00E1EDAB /* UserDTO.swift */; };
 		6DCDC7542834EC22006974F6 /* GetSigningSessionDetailsTestCase.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DCDC7532834EC22006974F6 /* GetSigningSessionDetailsTestCase.swift */; };
 		6DCFDD4224AA0CEC00CED02F /* RegistrationTestCase.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DCFDD4124AA0CEC00CED02F /* RegistrationTestCase.swift */; };
 		6DCFDD4424AA0E7D00CED02F /* QRAuthenticationTestCase.swift in Sources */ = {isa = PBXBuildFile; fileRef = 6DCFDD4324AA0E7D00CED02F /* QRAuthenticationTestCase.swift */; };
@@ -499,6 +500,7 @@
 		6DC89F602E2FCA0900683AFB /* CrossDeviceSessionAborter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CrossDeviceSessionAborter.swift; sourceTree = "<group>"; };
 		6DC89F622E2FDBE400683AFB /* CrossDeviceSessionError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CrossDeviceSessionError.swift; sourceTree = "<group>"; };
 		6DC987332E54C3C400E1EDAB /* CrossDeviceSessionTestCase.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CrossDeviceSessionTestCase.swift; sourceTree = "<group>"; };
+		6DC987212E5332CF00E1EDAB /* UserDTO.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = UserDTO.swift; sourceTree = "<group>"; };
 		6DCDC7532834EC22006974F6 /* GetSigningSessionDetailsTestCase.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GetSigningSessionDetailsTestCase.swift; sourceTree = "<group>"; };
 		6DCFDD4124AA0CEC00CED02F /* RegistrationTestCase.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RegistrationTestCase.swift; sourceTree = "<group>"; };
 		6DCFDD4324AA0E7D00CED02F /* QRAuthenticationTestCase.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = QRAuthenticationTestCase.swift; sourceTree = "<group>"; };
@@ -762,6 +764,7 @@
 				6D866E8F245AC299003F7510 /* SQLChiper */,
 				6D97CC2426A19A1200EEE8B6 /* SQLiteMigration */,
 				6DBA72EA240FC76000561F89 /* User.swift */,
+				6DC987212E5332CF00E1EDAB /* UserDTO.swift */,
 				6DF2D3F2269F00B5004CAD54 /* UserStorage.swift */,
 				6DF2D3F4269F0363004CAD54 /* SQLiteUserStorage.swift */,
 				6DB4580C269C17DB00C4FEFA /* SQLiteHelper.swift */,
@@ -1620,6 +1623,7 @@
 				6DC46A0625B9BAD40099866C /* LoggingConstants.swift in Sources */,
 				6D6D9A0C282BEB9800316755 /* SigningSessionDetailsRequestBody.swift in Sources */,
 				6DC46A5225B9BAFD0099866C /* ActivationTokenError.swift in Sources */,
+				6DC987222E5332D200E1EDAB /* UserDTO.swift in Sources */,
 				6D291E962E55F8CD00C6AD80 /* DefaultUserStorageOptions.swift in Sources */,
 				6DF2D3F7269F03DE004CAD54 /* SQLiteUserStorageError.swift in Sources */,
 				6DDFB53A29EFDCCE00B981FB /* FallbackRequestErrorResponse.swift in Sources */,