MBL-1268: Check for 'canceled' param in login redirect

kickstarter · Mar 11, 2024 · 2e2db3e · 2e2db3e
1 parent 0dadd81
commit 2e2db3e
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 5 deletions.
diff --git a/Kickstarter-iOS/Features/LoginTout/Controller/LoginToutViewController.swift b/Kickstarter-iOS/Features/LoginTout/Controller/LoginToutViewController.swift
@@ -432,7 +432,7 @@ public final class LoginToutViewController: UIViewController, MFMailComposeViewC
         )
         alert.addAction(UIAlertAction(title: Strings.login_errors_button_ok(), style: .cancel))
         self?.present(alert, animated: true)
-      case .cancelled:
+      case .canceled:
         // Do nothing
         break
       }

diff --git a/Library/OAuth.swift b/Library/OAuth.swift
@@ -7,7 +7,7 @@ import KsApi
 public enum OAuthAuthorizationResult {
   case loggedIn
   case failure(errorMessage: String)
-  case cancelled
+  case canceled
 }
 
 public struct OAuth {
@@ -76,7 +76,7 @@ public struct OAuth {
       if let authenticationError = error as? ASWebAuthenticationSessionError,
         authenticationError.code == .canceledLogin {
         DispatchQueue.main.async {
-          onComplete(.cancelled)
+          onComplete(.canceled)
         }
       } else {
         DispatchQueue.main.async {
@@ -87,6 +87,13 @@ public struct OAuth {
       return
     }
 
+    guard !self.isRedirectURLCanceled(url) else {
+      DispatchQueue.main.async {
+        onComplete(.canceled)
+      }
+      return
+    }
+
     guard let code = codeFromRedirectURL(url) else {
       DispatchQueue.main.async {
         onComplete(.failure(errorMessage: Strings.Something_went_wrong_please_try_again()))
@@ -132,4 +139,13 @@ public struct OAuth {
     let components = URLComponents(url: redirectURL, resolvingAgainstBaseURL: false)
     return components?.queryItems?.first(where: { $0.name == "code" })?.value
   }
+
+  private static func isRedirectURLCanceled(_ url: URL?) -> Bool {
+    guard let redirectURL = url else {
+      return false
+    }
+
+    let components = URLComponents(url: redirectURL, resolvingAgainstBaseURL: false)
+    return components?.queryItems?.first(where: { $0.name == "canceled" && $0.value == "true" }) != nil
+  }
 }
diff --git a/Library/OAuthTests.swift b/Library/OAuthTests.swift
@@ -29,7 +29,7 @@ final class OAuthTests: XCTestCase {
     }
   }
 
-  func testHandleRedirect_missingRedirectCode_fails() {
+  func testHandleRedirect_missingRedirectCodeWithNoCancelParam_fails() {
     self.verifyRedirectAsync(
       redirectURL: URL(string: "ksrauth2://authenticate?foo=bar"),
       error: nil,
@@ -43,10 +43,24 @@ final class OAuthTests: XCTestCase {
     }
   }
 
+  func testHandleRedirect_missingRedirectCodeAndIncludesCancelParam_cancels() {
+    self.verifyRedirectAsync(
+      redirectURL: URL(string: "ksrauth2://authenticate?canceled=true"),
+      error: nil,
+      verifier: ""
+    ) { result in
+      if case .canceled = result {
+        // Success
+      } else {
+        XCTFail("Expected call to be cancelled")
+      }
+    }
+  }
+
   func testHandleRedirect_cancellationError_cancels() {
     let cancelledError = ASWebAuthenticationSessionError(.canceledLogin)
     verifyRedirectAsync(redirectURL: nil, error: cancelledError, verifier: "") { result in
-      if case .cancelled = result {
+      if case .canceled = result {
         // Success
       } else {
         XCTFail("Expected call to be canceled")