bug: a lack of mutual TLS (mTLS) support for several API endpoints

[rmaksimov]

Describe the Bug

The Problem

Both iOS and Android verions of RC do not send client certificate for the following endpoints while contacting a RC server with nginx as a reverse proxy instance in front of it

nginx is configured to authenticate users with certificates (mutual TLS)

The endpoints are:

1. /admin/info
2. /api/v1/push.get

Steps to Reproduce

Admin Panel

While clicking on the Admin panel button in RC app, the 400 Bad Request error occurs

nginx log entry:

GET /admin/info?layout=embedded HTTP/2.0" 400

This results in no possibility to access the administration workspace on mobile devices

Push Notifications

While receiving a push notification message and trying to load more data from the server, the 400 Bad Request error occurs

As a result no additional information is received from the server

nginx log entry:

GET /api/v1/push.get?id={ID} HTTP/2.0" 400

Push Notifications: iOS

For the latter case it looks as if there is a lack of delegate: RocketChatURLSessionDelegate() in URLSession

Rocket.Chat.ReactNative/ios/NotificationService/NotificationService.swift

Line 268 in e43a181

// Create URLSessionConfiguration with proper timeouts for notification service extension

but in the API class it is handled correctly

Rocket.Chat.ReactNative/ios/Shared/RocketChat/API/API.swift

Line 25 in e43a181

private let pinnedSession: URLSession = {

Push Notifications: Android

Pushes on the Android app: it looks like the new OkHttpClient.Builder() is missing a user credentials context while sending a request to /api/v1/push.get

Rocket.Chat.ReactNative/android/app/src/main/java/chat/rocket/reactnative/notification/LoadNotification.java

Line 111 in e43a181

final OkHttpClient client = new OkHttpClient.Builder()

Additional Information

Below are the previous related issue and PR, that could help to get the context of the problem:

• Unable to open attachment images in full size or download them #5204
• fix: unable to open some attachments with SSL Client Certificate enabled #6130

Expected Behavior

No response

Actual Behavior

No response

Rocket.Chat Server Version

8.4.2

Rocket.Chat App Version

4.72.0

Device Name

iPhone, Samsung

OS Version

iOS 18, Android 16

Additional Context

p.s.
It's not directly related to this issue, but also there are two places doing the same thing in different manner

Rocket.Chat.ReactNative/ios/RocketChat Watch App/Client/RocketChatClient.swift

Line 25 in e43a181

lazy var session = URLSession(

Rocket.Chat.ReactNative/ios/RocketChat Watch App/Client/URLSessionCertificateHandling.swift

Line 5 in cd6f2a8

final class URLSesionClientCertificateHandling: NSObject, URLSessionDelegate {

Rocket.Chat.ReactNative/ios/Shared/RocketChat/API/API.swift

Line 14 in cd6f2a8

final class RocketChatURLSessionDelegate: NSObject, URLSessionDelegate {

[coderabbitai]

🔗 Related PRs

#6991 - chore: upgrade to react-native-mmkv v4 [merged]
#7339 - fix(android): set RC Mobile User-Agent on push notification avatar fetch [merged]
#7346 - fix(android/voip): start microphone FGS for outgoing calls so audio survives backgrounding [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!