MBL-1161: Add code to handle storing/retrieving/deleting Keychain items #1944
Conversation
| return Bundle.main.bundleIdentifier ?? "com.kickstarter.kickstarter" | ||
| } | ||
|
|
||
| public static func deleteAllPasswords() throws { |
There was a problem hiding this comment.
Many of these functions were inspired by the example code @chris-laidlaw-kickstarter sent, here: https://www.advancedswift.com/secure-private-data-keychain-swift
| } | ||
| } | ||
|
|
||
| public static func storePassword(_ password: String, forAccount account: String) throws { |
There was a problem hiding this comment.
Probably worth noting - I decided to keep the nomenclature of this code fairly close to the way the keychain actually works, which uses "accounts" and "passwords". In our case, we're going to be storing an OAuth token against some bit of user data (probably a user e-mail or a user ID). I plan on writing a quick little extension when we integrate this code with the rest of the app to make that clearer:
extension Keychain {
public static func storeOAuthToken(_ token: String, forUserID id: Int) {
self.storePassword(token, forAccount: "\(id)")
}
}
| @@ -9128,6 +9153,7 @@ | |||
| SDKROOT = iphoneos; | |||
| SUPPORTS_MACCATALYST = NO; | |||
| SWIFT_VERSION = 5.0; | |||
| TEST_HOST = "$(BUILT_PRODUCTS_DIR)/KickDebug.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/KickDebug"; | |||
There was a problem hiding this comment.
This is the change that was required to get the unit tests to work. It's fairly innocuous looking in Xcode. Annoyingly, I can't find any good documentation around test hosts - my guess is that it actually boots the app, which might increase the runtime for Library-Tests. I'll keep an eye on that.
Without this switch, all code accessing the Keychain in the unit test fails due to invalid entitlements, which is a very odd error (considering that unit tests aren't signed or entitled in any meaningful way.)
amy-at-kickstarter
force-pushed
the
feat/adyer/MBL-1161/add-keychain-code
branch
from
c1f69bd
to
30debcc
Compare
amy-at-kickstarter
changed the title
|
|
||
| public struct Keychain { | ||
| private static var serviceName: String { | ||
| return Bundle.main.bundleIdentifier ?? "com.kickstarter.kickstarter" |
There was a problem hiding this comment.
The documentation for this is poor; I think it can be an arbitrary string, but the bundle ID seems like a nice value to use.
amy-at-kickstarter
force-pushed
the
feat/adyer/MBL-1161/add-keychain-code
branch
from
30debcc
to
7174fb5
Compare
| @@ -7256,6 +7324,7 @@ | |||
| A7D1F9441C850B7C000D41D5 /* Kickstarter-iOS */, | |||
| A755113B1C8642B3005355CF /* Library-iOS */, | |||
| A75511441C8642B3005355CF /* Library-iOSTests */, | |||
| E113BD802B7D255000D3A809 /* Library-Keychain-iOSTests */, | |||
There was a problem hiding this comment.
OK, to get these tests to work, I had to make a new testing bundle, which is hosted, which just contains a single test, KeychainTests. Using an app host for Library-iOSTests breaks several tests, but without using the app host, KeychainTests will fail.
These changes look like this in the GUI:
| BlueprintName = "Library-Keychain-iOSTests" | ||
| ReferencedContainer = "container:Kickstarter.xcodeproj"> | ||
| </BuildableReference> | ||
| </TestableReference> |
There was a problem hiding this comment.
This schema change is so that when you test Library-iOS, it runs both Library-iOSTests and Library-Keychain-iOSTests
Generated by 馃毇 Danger |
Tests work!
|
This is just so we can test a single file, KeychainTests, in a hosted environment, without affecting the rest of our tests.
amy-at-kickstarter
force-pushed
the
feat/adyer/MBL-1161/add-keychain-code
branch
from
7174fb5
to
1d0040b
Compare
馃摬 What
This PR adds
Keychain.swift, which contains a utility methods for interacting with the system keychain.馃 Why
Currently we store our authentication tokens in
UserDefaults, which is insecure. As part of migrating to OAuth, both iOS and Android want to use their equivalent system keychains, which is the correct/recommended implementation for login data.This is the first step in that - writing code that allows us to actually interact with the keychain.