-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: removed the possibility of concurrent webauth transactions to handle continuation misuse #848
Conversation
…ndle continuation misuse
…ansaction when a new transaction is added
… flow is active already
… transaction is added
… store before each run to start clean
Auth0/WebAuthError.swift
Outdated
@@ -79,6 +80,7 @@ extension WebAuthError { | |||
switch self.code { | |||
case .noBundleIdentifier: return "Unable to retrieve the bundle identifier from Bundle.main.bundleIdentifier," | |||
+ " or it could not be used to build a valid URL." | |||
case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the moment" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the moment" | |
case .transactionActiveAlready: return "Failed to start this transaction, as there is an active transaction at the moment." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated the text description for the WebAuthError .transactionActiveAlready
as per description
@@ -6,6 +6,7 @@ public struct WebAuthError: Auth0Error { | |||
|
|||
enum Code: Equatable { | |||
case noBundleIdentifier | |||
case transactionActiveAlready |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are tests for WebAuthError
, those should be updated as well: https://github.com/auth0/Auth0.swift/blob/master/Auth0Tests/WebAuthErrorSpec.swift
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing it out, included tests for it now.
📋 Changes
login
&logout
in WebAuthSpec to clearTransactionStore
before each run to start clean and not get failed by the un-cleared transaction in memory by previous test runs.📎 References
auth0/Auth0.swift#827
Checklist
🎯 Testing
Tested by trying to start the below defined two flows at exact same time via both callbacks & async/await approach and found that the code is working as per expectations by cancelling the newly triggering web auth flow and ensuring the existing web auth flow executes completely.
google-oauth2
connection usingASWebAuthenticationSession
Universal Login
usingSafariViewController