Add elevation

Author: almenscorner

SupportCompanion/Helpers/ElevationHelpers.swift

@@ -0,0 +1,168 @@
+import LocalAuthentication
+import Foundation
+import SwiftUI
+import Combine
+
+func authenticateWithTouchIDOrPassword(completion: @escaping (Bool) -> Void) {
+    let context = LAContext()
+    var error: NSError?
+
+    if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
+        // Try Touch ID/Face ID
+        context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: "Authenticate to elevate privileges") { success, authError in
+            if success {
+                // Authentication successful
+                DispatchQueue.main.async {
+                    completion(true)
+                }
+            } else {
+                // Fallback to password
+                authenticateWithPassword(completion: completion)
+            }
+        }
+    } else {
+        // Biometrics unavailable, fallback to password
+        authenticateWithPassword(completion: completion)
+    }
+}
+
+func authenticateWithPassword(completion: @escaping (Bool) -> Void) {
+    let context = LAContext()
+    var error: NSError?
+
+    // Check if deviceOwnerAuthentication (password fallback) is available
+    if context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) {
+        context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Authenticate to elevate privileges") { success, authError in
+            DispatchQueue.main.async {
+                if success {
+                    // Authentication successful
+                    completion(true)
+                } else {
+                    // Authentication failed
+                    completion(false)
+                }
+            }
+        }
+    } else {
+        // Device owner authentication not available
+        DispatchQueue.main.async {
+            completion(false)
+        }
+    }
+}
+
+func saveReasonToDisk(reason: String) {
+    let fileManager = FileManager.default
+    let appState = AppStateManager.shared
+    
+    // Get the Application Support directory
+    guard let appSupportDirectory = fileManager.urls(for: .applicationSupportDirectory, in: .userDomainMask).first else {
+        Logger.shared.logError("Failed to locate Application Support directory.")
+        return
+    }
+    
+    // Create a subdirectory for your app if needed
+    let appDirectory = appSupportDirectory.appendingPathComponent("SupportCompanion")
+    
+    do {
+        // Ensure the directory exists
+        if !fileManager.fileExists(atPath: appDirectory.path) {
+            try fileManager.createDirectory(at: appDirectory, withIntermediateDirectories: true, attributes: nil)
+        }
+    } catch {
+        Logger.shared.logError("Error creating app directory: \(error.localizedDescription)")
+        return
+    }
+    
+    // Define the file URL
+    let fileURL = appDirectory.appendingPathComponent("ElevationReasons.json")
+    
+    // Debug: Log the file URL
+    Logger.shared.logDebug("Saving reason to: \(fileURL.path)")
+
+    // Get the current date
+    let dateFormatter = ISO8601DateFormatter()
+    let currentDate = dateFormatter.string(from: Date())
+
+    // Create a dictionary to save
+    let entry: [String: Any] = [
+        "reason": reason, 
+        "date": currentDate,
+        "user": NSUserName(),
+        "host": Host.current().localizedName ?? "Unknown",
+        "serial": appState.deviceInfoManager.deviceInfo?.serialNumber ?? "Unknown",
+        "severity": appState.preferences.elevationSeverity
+    ]
+
+    var existingEntries: [[String: Any]] = []
+
+    // Read existing entries if the file exists
+    if let data = try? Data(contentsOf: fileURL),
+       let json = try? JSONSerialization.jsonObject(with: data, options: []) as? [[String: String]] {
+        existingEntries = json
+    }
+
+    // Add the new entry
+    existingEntries.append(entry)
+
+    // Save back to disk
+    do {
+        let data = try JSONSerialization.data(withJSONObject: existingEntries, options: [.prettyPrinted])
+        try data.write(to: fileURL, options: .atomic) // Atomic ensures safe writes
+        Logger.shared.logDebug("Reason saved successfully.")
+    } catch {
+        Logger.shared.logError("Error saving reason: \(error.localizedDescription)")
+    }
+}
+
+func sendReasonToWebhook(reason: String) {
+    let dateFormatter = ISO8601DateFormatter()
+    let appState = AppStateManager.shared
+
+    // Define the webhook URL
+    let webhookURL = URL(string: appState.preferences.elevationWebhookURL)!
+    
+    // Create a dictionary with the reason
+    let payload: [String: Any] = [
+        "reason": reason, 
+        "date": dateFormatter.string(from: Date()),
+        "user": NSUserName(),
+        "host": Host.current().localizedName ?? "Unknown",
+        "serial": appState.deviceInfoManager.deviceInfo?.serialNumber ?? "Unknown",
+        "severity":appState.preferences.elevationSeverity
+    ]
+    
+    // Serialize the dictionary to JSON
+    guard let jsonData = try? JSONSerialization.data(withJSONObject: payload) else {
+        print("Failed to serialize JSON.")
+        return
+    }
+    
+    // Create a POST request
+    var request = URLRequest(url: webhookURL)
+    request.httpMethod = "POST"
+    request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+    request.httpBody = jsonData
+    
+    // Create a URLSession task
+    let task = URLSession.shared.dataTask(with: request) { data, response, error in
+        if let error = error {
+            saveReasonToDisk(reason: reason)
+            Logger.shared.logError("Failed to send reason to webhook: \(error.localizedDescription)")
+            return
+        }
+        
+        if let response = response as? HTTPURLResponse {
+            if response.statusCode == 200 || response.statusCode == 202 {
+                print("Reason sent to webhook successfully.")
+            } else {
+                // Fallback to save to disk if webhook fails
+                saveReasonToDisk(reason: reason)
+                Logger.shared.logError("Failed to send reason to webhook. Status code: \(response.statusCode)")
+            }
+        }
+    }
+    
+    // Start the task
+    task.resume()
+}

SupportCompanion/ViewModels/AppStateManager.swift

@@ -16,7 +16,7 @@ class AppStateManager: ObservableObject {
     lazy var applicationsInfoManager = ApplicationsInfoManager(appState: self)
     lazy var pendingIntuneUpdatesManager = PendingIntuneUpdatesManager(appState: self)
     lazy var evergreenInfoManager = EvergreenInfoManager(appState: self)
-    
+    lazy var elevationManager = ElevationManager(appState: self)
     @Published var isRefreshing: Bool = false
     @Published var deviceInfoManager = DeviceInfoManager.shared
     @Published var storageInfoManager = StorageInfoManager.shared
@@ -36,8 +36,10 @@ class AppStateManager: ObservableObject {
     @Published var storageUsageColor: Color = Color(NSColor.controlAccentColor)
     @Published var JsonCards: [JsonCard] = []
     @Published var catalogs: [String] = []
+    @Published var isDemotionActive: Bool = false
+    @Published var timeToDemote: TimeInterval = 0
 
-    private var cancellables = Set<AnyCancellable>()
+    private var cancellables: Set<AnyCancellable> = Set<AnyCancellable>()
     var showWindowCallback: (() -> Void)?
 
     func startBackgroundTasks() {
@@ -92,6 +94,16 @@ class AppStateManager: ObservableObject {
             }
             .store(in: &cancellables)
     }
+
+    func startDemotionTimer(duration: TimeInterval) {
+        elevationManager.startDemotionTimer(duration: duration) { [weak self] remainingTime in
+            DispatchQueue.main.async {
+                guard let self = self else { return }
+                self.timeToDemote = remainingTime
+                self.isDemotionActive = remainingTime > 0
+            }
+        }
+    }
 
     @MainActor
     func refreshAll() {
@@ -103,6 +115,7 @@ class AppStateManager: ObservableObject {
                 group.addTask { self.mdmInfoManager.refresh() }
                 group.addTask { self.systemUpdatesManager.refresh() }
                 group.addTask { self.batteryInfoManager.refresh() }
+                group.addTask { self.userInfoManager.refresh() }
             }
             self.isRefreshing = false
         }

SupportCompanion/ViewModels/ElevationManager.swift

@@ -0,0 +1,147 @@
+import Foundation
+import Combine
+import SwiftUI
+
+class ElevationManager {
+    @State private var elevationReason = ""
+    private var appState: AppStateManager
+    private var cancellable: AnyCancellable?
+    private var timerPublisher: AnyPublisher<Date, Never>?
+    private var onTimeUpdate: ((Double) -> Void)?
+
+    static let shared = ElevationManager(appState: AppStateManager.shared)
+
+    init(appState: AppStateManager) {
+        self.appState = AppStateManager.shared
+    }
+
+        func elevatePrivileges(completion: @escaping (Bool) -> Void) {
+        authenticateWithTouchIDOrPassword { success in
+            guard success else {
+                completion(false)
+                return
+            }
+            let command = "/usr/sbin/dseditgroup"
+            let arguments = ["-o", "edit", "-a", NSUserName(), "-t", "user", "admin"]
+            Task {
+                do {
+                    _ = try await ExecutionService.executeCommandPrivileged(command, arguments: arguments)
+                    // Update isAdmin status
+                    UserInfoManager.shared.updateUserInfo()
+                    completion(true)
+                }
+                catch {
+                    Logger.shared.logError("Failed to elevate privileges: \(error.localizedDescription)")
+                    completion(false)
+                }
+            }
+        }
+    }
+
+    func demotePrivileges(completion: @escaping (Bool) -> Void) {
+        let command = "/usr/sbin/dseditgroup"
+        let arguments = ["-o", "edit", "-d", NSUserName(), "-t", "user", "admin"]
+        Task {
+            do {
+                _ = try await ExecutionService.executeCommandPrivileged(command, arguments: arguments)
+                // Update isAdmin status
+                UserInfoManager.shared.updateUserInfo()
+                UserDefaults.standard.removeObject(forKey: "PrivilegeDemotionEndTime")
+                completion(true)
+            }
+            catch {
+                Logger.shared.logError("Failed to demote privileges: \(error.localizedDescription)")
+                completion(false)
+            }
+        }
+    }
+
+    func startDemotionTimer(duration: TimeInterval, onUpdate: @escaping (Double) -> Void) {
+        Logger.shared.logDebug("Starting demotion timer with duration: \(duration)")
+        stopDemotionTimer() // Ensure any existing timer is stopped
+
+        persistDemotionState(endTime: Date().addingTimeInterval(duration))
+
+        NotificationService(appState: self.appState).sendNotification(
+            message: "Privliged session started. You will be demoted in \(duration.formattedTimeUnit()).", 
+            notificationType: .generic
+        )
+
+        var remainingTime = duration
+        self.onTimeUpdate = onUpdate
+
+        // Create a Combine Timer Publisher
+        timerPublisher = Timer.publish(every: 1, on: .main, in: .common)
+            .autoconnect()
+            .eraseToAnyPublisher()
+
+        // Subscribe to timer updates
+        cancellable = timerPublisher?.sink { [weak self] _ in
+            guard let self = self else { return }
+
+            if remainingTime > 0 {
+                remainingTime -= 1
+                var timeToDemote = appState.timeToDemote
+                timeToDemote -= 1
+                // If half the time has passed, notify the user
+                if remainingTime == duration / 2 {
+                    NotificationService(appState: self.appState).sendNotification(
+                        message: "Your elevated privileges will be demoted in \(timeToDemote.formattedTimeUnit()).",
+                        notificationType: .generic
+                    )
+                }
+                self.onTimeUpdate?(remainingTime)
+            } else {
+                self.stopDemotionTimer()
+                self.demotePrivileges { success in
+                    guard success else {
+                        Logger.shared.logDebug("Failed to demote privileges.")
+                        return
+                    }
+                    NotificationService(appState: self.appState).sendNotification(
+                        message: "Your elevated privileges have been demoted.",
+                        notificationType: .generic
+                    )
+                }
+                Logger.shared.logDebug("Demotion timer expired. Privileges demoted.")
+            }
+        }
+    }
+
+    /// Stops the timer
+    func stopDemotionTimer() {
+        cancellable?.cancel()
+        cancellable = nil
+        onTimeUpdate?(0) // Notify remaining time is 0
+    }
+
+    func handleElevation(reason: String) {
+        Logger.shared.logDebug("Handling elevation for reason: \(reason)")
+        // Authenticate and elevate privileges
+        self.elevatePrivileges { success in
+            guard success else {
+                Logger.shared.logDebug("Authentication failed. Unable to elevate privileges.")
+                return
+            }
+            Logger.shared.logDebug("Authentication successful. Privileges elevated.")
+            if self.appState.preferences.requireReasonForElevation {
+                if !self.appState.preferences.elevationWebhookURL.isEmpty {
+                    sendReasonToWebhook(reason: reason)
+                } else {
+                    saveReasonToDisk(reason: reason)
+                }
+            }
+            // Start the timer
+            self.appState.startDemotionTimer(duration: self.appState.preferences.maxElevationTime)
+        }
+    }
+
+    func persistDemotionState(endTime: Date) {
+        UserDefaults.standard.set(endTime, forKey: "PrivilegeDemotionEndTime")
+        UserDefaults.standard.synchronize()
+    }
+
+    func loadPersistedDemotionState() -> Date? {
+        return UserDefaults.standard.object(forKey: "PrivilegeDemotionEndTime") as? Date
+    }
+}