Lock account and send notification when someone passes phone verification but fails reglock

service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java

@@ -96,6 +96,17 @@ public class APNSender implements Managed, PushNotificationSender {
         }
       }
 
+      case ATTEMPT_LOGIN_NOTIFICATION_HIGH_PRIORITY -> new SimpleApnsPayloadBuilder()
+          .setMutableContent(true)
+          .setLocalizedAlertMessage("APN_Message")
+          .addCustomProperty("attemptLoginContext", notification.data())
+          .build();
+
+      case ATTEMPT_LOGIN_NOTIFICATION_LOW_PRIORITY -> new SimpleApnsPayloadBuilder()
+          .setContentAvailable(true)
+          .addCustomProperty("attemptLoginContext", notification.data())
+          .build();
+
       case CHALLENGE -> new SimpleApnsPayloadBuilder()
           .setSound("default")
           .setLocalizedAlertMessage("APN_Message")

service/src/main/java/org/whispersystems/textsecuregcm/push/FcmSender.java

@@ -89,6 +89,7 @@ public class FcmSender implements PushNotificationSender {
 
     final String key = switch (pushNotification.notificationType()) {
       case NOTIFICATION -> "notification";
+      case ATTEMPT_LOGIN_NOTIFICATION_HIGH_PRIORITY, ATTEMPT_LOGIN_NOTIFICATION_LOW_PRIORITY -> "attemptLoginContext";
       case CHALLENGE -> "challenge";
       case RATE_LIMIT_CHALLENGE -> "rateLimitChallenge";
     };

service/src/main/java/org/whispersystems/textsecuregcm/push/PushNotification.java

@@ -18,7 +18,11 @@ public record PushNotification(String deviceToken,
                                boolean urgent) {
 
   public enum NotificationType {
-    NOTIFICATION, CHALLENGE, RATE_LIMIT_CHALLENGE
+    NOTIFICATION,
+    ATTEMPT_LOGIN_NOTIFICATION_HIGH_PRIORITY,
+    @Deprecated ATTEMPT_LOGIN_NOTIFICATION_LOW_PRIORITY, // Temporary support for iOS clients; can be removed after 2023-06-12
+    CHALLENGE,
+    RATE_LIMIT_CHALLENGE
   }
 
   public enum TokenType {

service/src/main/java/org/whispersystems/textsecuregcm/push/PushNotificationManager.java

@@ -78,6 +78,22 @@ public class PushNotificationManager {
         PushNotification.NotificationType.RATE_LIMIT_CHALLENGE, challengeToken, destination, device, true));
   }
 
+  public void sendAttemptLoginNotification(final Account destination, final String context) throws NotPushRegisteredException {
+    final Device device = destination.getDevice(Device.MASTER_ID).orElseThrow(NotPushRegisteredException::new);
+    final Pair<String, PushNotification.TokenType> tokenAndType = getToken(device);
+
+    sendNotification(new PushNotification(tokenAndType.first(), tokenAndType.second(),
+        PushNotification.NotificationType.ATTEMPT_LOGIN_NOTIFICATION_HIGH_PRIORITY,
+        context, destination, device, true));
+
+    // This is a workaround for older iOS clients who need a low priority push to trigger the logout notification
+    if (tokenAndType.second() == PushNotification.TokenType.APN) {
+      sendNotification(new PushNotification(tokenAndType.first(), tokenAndType.second(),
+          PushNotification.NotificationType.ATTEMPT_LOGIN_NOTIFICATION_LOW_PRIORITY,
+          context, destination, device, false));
+    }
+  }
+
   public void handleMessagesRetrieved(final Account account, final Device device, final String userAgent) {
     RedisOperation.unchecked(() -> pushLatencyManager.recordQueueRead(account.getUuid(), device.getId(), userAgent));
     apnPushNotificationScheduler.cancelScheduledNotifications(account, device).whenComplete(logErrors());