Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: removed the possibility of concurrent webauth transactions to handle continuation misuse #848

Merged
merged 12 commits into from
May 8, 2024
Merged

fix: removed the possibility of concurrent webauth transactions to handle continuation misuse #848

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
ae9b5d2
fix: removed the possibility of concurrent webauth transactions to ha…
desusai7 May 2, 2024
737b6b1
Merge branch 'master' into fix/concurrent_web_auth_transactions
desusai7 May 6, 2024
b8aa270
test: updated tests in TransactionStoreSpec to cancel any previous tr…
desusai7 May 6, 2024
2a413d7
fix: updated to cancel any new webauth flows initiated when a webauth…
desusai7 May 8, 2024
33a91a1
chore: minor improvements
desusai7 May 8, 2024
24dced0
test: updated units test to not cancel current transaction when a new…
desusai7 May 8, 2024
5b8d38a
test: updated WebAuthSpec login and logout tests to clear transaction…
desusai7 May 8, 2024
f268917
Merge branch 'master' into fix/concurrent_web_auth_transactions
desusai7 May 8, 2024
1893388
Merge branch 'master' into fix/concurrent_web_auth_transactions
desusai7 May 8, 2024
20acabc
chore: removed whitespaces
desusai7 May 8, 2024
8b3db63
chore: minor improvements for the .transactionActiveAlready WebAuthEr…
desusai7 May 8, 2024
69f1f85
test: updated WebAuthErrorSpec to include tests for .transactionActiv…
desusai7 May 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 10 additions & 0 deletions Auth0/Auth0WebAuth.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,11 @@ final class Auth0WebAuth: WebAuth {
}

func start(_ callback: @escaping (WebAuthResult<Credentials>) -> Void) {

if self.storage.current != nil {
return callback(.failure(WebAuthError(code: .transactionActiveAlready)))
}

guard let redirectURL = self.redirectURL else {
return callback(.failure(WebAuthError(code: .noBundleIdentifier)))
}
Expand Down Expand Up @@ -207,6 +212,11 @@ final class Auth0WebAuth: WebAuth {
}

func clearSession(federated: Bool, callback: @escaping (WebAuthResult<Void>) -> Void) {

if self.storage.current != nil {
return callback(.failure(WebAuthError(code: .transactionActiveAlready)))
}

let endpoint = federated ?
URL(string: "v2/logout?federated", relativeTo: self.url)! :
URL(string: "v2/logout", relativeTo: self.url)!
Expand Down
2 changes: 1 addition & 1 deletion Auth0/AuthenticationError.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ extension AuthenticationError {

return "Received error with code \(self.code)."
}

}

// MARK: - Equatable
Expand Down
2 changes: 2 additions & 0 deletions Auth0/WebAuthError.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ public struct WebAuthError: Auth0Error {

enum Code: Equatable {
case noBundleIdentifier
case transactionActiveAlready
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are tests for WebAuthError, those should be updated as well: https://github.com/auth0/Auth0.swift/blob/master/Auth0Tests/WebAuthErrorSpec.swift

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing it out, included tests for it now.

case invalidInvitationURL(String)
case userCancelled
case noAuthorizationCode([String: String])
Expand Down Expand Up @@ -79,6 +80,7 @@ extension WebAuthError {
switch self.code {
case .noBundleIdentifier: return "Unable to retrieve the bundle identifier from Bundle.main.bundleIdentifier,"
+ " or it could not be used to build a valid URL."
case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the moment"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the moment"
case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the moment."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the text description for the WebAuthError .transactionActiveAlready as per description

case .invalidInvitationURL(let url): return "The invitation URL (\(url)) is missing the 'invitation' and/or"
+ " the 'organization' query parameters."
case .userCancelled: return "The user cancelled the Web Auth operation."
Expand Down
2 changes: 2 additions & 0 deletions Auth0Tests/WebAuthSpec.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,7 @@ class WebAuthSpec: QuickSpec {

beforeEach {
auth = newWebAuth()
TransactionStore.shared.clear()
}

it("should start the supplied provider") {
Expand Down Expand Up @@ -600,6 +601,7 @@ class WebAuthSpec: QuickSpec {

beforeEach {
auth = newWebAuth()
TransactionStore.shared.clear()
}

it("should start the supplied provider") {
Expand Down