Skip to content

feat(nomad devices): Block nomad intent for Wire production backends and restrict logout intent to nomad sessions#4682

Open
MohamadJaara wants to merge 3 commits intodevelopfrom
nomad-devices/feat/reject-intent-for-prod-host
Open

feat(nomad devices): Block nomad intent for Wire production backends and restrict logout intent to nomad sessions#4682
MohamadJaara wants to merge 3 commits intodevelopfrom
nomad-devices/feat/reject-intent-for-prod-host

Conversation

@MohamadJaara
Copy link
Copy Markdown
Member

@MohamadJaara MohamadJaara commented Mar 27, 2026

PR Submission Checklist for internal contributors

  • The PR Title

    • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
    • contains a reference JIRA issue number like SQPIT-764
    • answers the question: If merged, this PR will: ... ³

  • The PR Description

    • is free of optional paragraphs and you have filled the relevant parts to the best of your ability

What's new in this PR?

Issues

  • Nomad intents should not be processed when the resolved backend API points to Wire's production infrastructure, as nomad is intended for on-premises deployments only.
  • The nomad logout broadcast receiver logs out any active session regardless of whether it was created via the nomad flow.

Solutions

  • Added a production API check in WireActivityViewModel.handleIntentsThatAreNotDeepLinks() that rejects the nomad intent if the resolved ServerConfig.Links.api host matches Wire's production backend. This uses the same logic as kalium's internal isProductionApi() (with a TODO to consolidate once the kalium function is made public).
  • Added a nomad account check in NomadLogoutReceiver using the existing DoesValidNomadAccountExistUseCase. The logout broadcast is now ignored if the current session is not a nomad session.

Testing

Test Coverage

  • I have added automated tests to this contribution

How to Test

  1. Production backend block: Verify that a nomad intent whose backendConfig resolves to prod-nginz-https.wire.com is silently rejected (log: "Nomad login ignored: resolved backend is Wire production").
  2. Nomad-only logout: Verify that sending com.wire.ACTION_LOGOUT broadcast when logged in via a non-nomad session does nothing. When logged in via a nomad session, the logout proceeds as before.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 27, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yamilmedina yamilmedina yamilmedina approved these changes

@ohassine ohassine ohassine approved these changes

Assignees

@MohamadJaara MohamadJaara

Labels

size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MohamadJaara @yamilmedina @ohassine