HTTPClient: added support for sending X-Nonce
#2214
Conversation
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
912ba5d
to
faa2587
Compare
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
fbc2779
to
d668f83
Compare
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
d668f83
to
bc52a3b
Compare
Codecov Report
@@ Coverage Diff @@
## main #2214 +/- ##
==========================================
- Coverage 85.96% 85.89% -0.08%
==========================================
Files 184 183 -1
Lines 12121 12152 +31
==========================================
+ Hits 10420 10438 +18
- Misses 1701 1714 +13
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
bc52a3b
to
1f5a4aa
Compare
NachoSoto
requested review from
aboedo and
tonidero
and removed request for
aboedo
|
Okay finished this. The new implementation uses the term "nonce" everywhere, and I added a test that ensures that the format matches the python tests, using the same string used there. |
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
d17bc8d
to
e5e2819
Compare
NachoSoto
changed the title
HTTPClient: added support for sending request UUIDsHTTPClient: added support for sending X-Nonce
NachoSoto
force-pushed
the
http-client-request-uuid
branch
2 times, most recently
from
8a4075a
to
c95b581
Compare
|
|
||
| private var asUInt8Array: [UInt8] { | ||
| // swiftlint:disable:next identifier_name | ||
| let (u1, u2, u3, u4, u5, u6, u7, u8, u9, u10, u11, u12, u13, u14, u15, u16) = self.uuid |
There was a problem hiding this comment.
Interesting, I didn't know you could unpack a UUID like this. But it looks good 👍
|
|
||
| @available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.2, *) | ||
| static func randomNonce() -> Data { | ||
| return Data(ChaChaPoly.Nonce()) |
There was a problem hiding this comment.
@tonidero I've updated this implementation with a proper nonce generation algorithm now that the backend will accept 12 bytes (see ecfa437b7f557a57fdf4377b3af27dbf124908cf)
There was a problem hiding this comment.
I want all features to be named like that
| } | ||
|
|
||
| init(method: Method, path: Path, nonce: Data?) { | ||
| assert(nonce == nil || nonce?.count == Data.nonceLength) |
There was a problem hiding this comment.
Hmm when we deploy the library, we deploy the release version I think right? so this shouldn't affect developers. Also, seems like we've already done that in a few places in the codebase, so I'm ok with it 👍
There was a problem hiding this comment.
The pre-built frameworks are release, yeah. But also for people integrating with CocoaPods / SPM, their production builds are release by default.
|
|
||
| @available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.2, *) | ||
| static func randomNonce() -> Data { | ||
| return Data(ChaChaPoly.Nonce()) |
| } | ||
|
|
||
| init(method: Method, path: Path, nonce: Data?) { | ||
| assert(nonce == nil || nonce?.count == Data.nonceLength) |
There was a problem hiding this comment.
Hmm when we deploy the library, we deploy the release version I think right? so this shouldn't affect developers. Also, seems like we've already done that in a few places in the codebase, so I'm ok with it 👍
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
dfe3bd9
to
113cadd
Compare
NachoSoto
force-pushed
the
http-client-request-uuid
branch
from
113cadd
to
5ab771e
Compare
| if self.path.authenticated { | ||
| result += authHeaders | ||
| } | ||
|
|
||
| if let nonce = self.nonce { | ||
| result += HTTPClient.nonceHeader(with: nonce) | ||
| } |
There was a problem hiding this comment.
is there any situation where the nonce should be nil but the path.authenticated = true?
If not, we should try to consolidate the conditions and probably log if they're not simultaneously met
There was a problem hiding this comment.
The /health endpoint is one example.
| /// Creates an `HTTPRequest` with a `nonce`. | ||
| @available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.2, *) | ||
| static func createIntegrityEnforcedRequestRequest(method: Method, path: Path) -> Self { | ||
| return .init(method: method, path: path, nonce: Data.randomNonce()) | ||
| } |
There was a problem hiding this comment.
technically we're verifying integrity and authenticity and the same time, right? maybe we could have the name reflect that?
also, typo here: RequestRequest
There was a problem hiding this comment.
technically we're verifying integrity and authenticity and the same time, right? maybe we could have the name reflect that?
How about HTTPRequest.createWithResponseVerification?
also, typo here: RequestRequest
Thanks 🤦🏻 I noticed that in the next PR, I'll fix it.
**This is an automatic release.** ### Dependency Updates * Bump fastlane-plugin-revenuecat_internal from `738f255` to `9255366` (#2264) via dependabot[bot] (@dependabot[bot]) * Update `Gemfile.lock` (#2254) via Cesar de la Vega (@vegaro) ### Other Changes * `HTTPClient`: added support for sending `X-Nonce` (#2214) via NachoSoto (@NachoSoto) * `Configuration`: added (`internal` for now) API to load public key (#2215) via NachoSoto (@NachoSoto) * Replaced `Any` uses for workaround with `Box` (#2250) via NachoSoto (@NachoSoto) * `HTTPClientTests`: fixed failing test with missing assertions (#2262) via NachoSoto (@NachoSoto) * `HTTPClientTests`: refactored tests to use `waitUntil` (#2257) via NachoSoto (@NachoSoto) * PurchaseTester: Add Receipt Inspector UI (#2249) via Andy Boedo (@aboedo) * Adds dependabot (#2259) via Cesar de la Vega (@vegaro) * `StoreKit1WrapperTests`: avoid using `Bool.random` to fix flaky code coverage (#2258) via NachoSoto (@NachoSoto) * `IntroEligibilityCalculator`: changed logic to handle products with no subscription group (#2247) via NachoSoto (@NachoSoto)
…2267)⚠️ 🎉 This also changes integration tests to use `EntitlementVerificationLevel.enforced` so that integration tests fail if signatures are invalid. #### Depends on: - https://github.com/RevenueCat/khepri/pull/5191 - https://github.com/RevenueCat/khepri/pull/5204 - #2214 - #2215 - #2216 - #2272 _Marking this as `feat`ure because it contains a new error in `PurchasesDiagnostics.Error`_
Fixes CSDK-631.