Merge pull request #774 from Iterable/JWT_Improvement_Part2

Jwt improvement part2

Author: Ayyanchira

swift-sdk.xcodeproj/project.pbxproj

@@ -404,6 +404,8 @@
 		E9003E012BF4DF15004AB45B /* RetryPolicy.swift in Sources */ = {isa = PBXBuildFile; fileRef = E9003E002BF4DF15004AB45B /* RetryPolicy.swift */; };
 		E9BF47962B46D5DC0033DB69 /* IterableEmbeddedView.swift in Sources */ = {isa = PBXBuildFile; fileRef = E9BF47952B46D5DC0033DB69 /* IterableEmbeddedView.swift */; };
 		E9BF47982B46DEB30033DB69 /* IterableEmbeddedView.xib in Resources */ = {isa = PBXBuildFile; fileRef = E9BF47972B46DEB30033DB69 /* IterableEmbeddedView.xib */; };
+		E9FF7FD12BFCBD90000409ED /* AuthFailure.swift in Sources */ = {isa = PBXBuildFile; fileRef = E9FF7FD02BFCBD90000409ED /* AuthFailure.swift */; };
+		E9FF7FD32BFCBDB9000409ED /* AuthFailureReason.swift in Sources */ = {isa = PBXBuildFile; fileRef = E9FF7FD22BFCBDB9000409ED /* AuthFailureReason.swift */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -809,6 +811,8 @@
 		E9003E002BF4DF15004AB45B /* RetryPolicy.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RetryPolicy.swift; sourceTree = "<group>"; };
 		E9BF47952B46D5DC0033DB69 /* IterableEmbeddedView.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = IterableEmbeddedView.swift; sourceTree = "<group>"; };
 		E9BF47972B46DEB30033DB69 /* IterableEmbeddedView.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = IterableEmbeddedView.xib; sourceTree = "<group>"; };
+		E9FF7FD02BFCBD90000409ED /* AuthFailure.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AuthFailure.swift; sourceTree = "<group>"; };
+		E9FF7FD22BFCBDB9000409ED /* AuthFailureReason.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AuthFailureReason.swift; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -1065,6 +1069,8 @@
 				AC3C10F8213F46A900A9B839 /* IterableLogging.swift */,
 				ACA8D1A221910C66001B1332 /* IterableMessaging.swift */,
 				AC78F0E6253D7F09006378A5 /* IterablePushNotificationMetadata.swift */,
+				E9FF7FD02BFCBD90000409ED /* AuthFailure.swift */,
+				E9FF7FD22BFCBDB9000409ED /* AuthFailureReason.swift */,
 				E9003E002BF4DF15004AB45B /* RetryPolicy.swift */,
 			);
 			path = "swift-sdk";
@@ -2121,6 +2127,7 @@
 				551FA7582988A8FC0072D0A9 /* IterableEmbeddedManagerProtocol.swift in Sources */,
 				AC776DA6211A1B8A00C27C27 /* IterableRequestUtil.swift in Sources */,
 				55DD2053269FA28200773CC7 /* IterableInAppManagerProtocol.swift in Sources */,
+				E9FF7FD32BFCBDB9000409ED /* AuthFailureReason.swift in Sources */,
 				ACEDF41D2183C2EC000B9BFE /* Pending.swift in Sources */,
 				552A0AA7280E1FDA00A80963 /* DeepLinkManager.swift in Sources */,
 				E9BF47962B46D5DC0033DB69 /* IterableEmbeddedView.swift in Sources */,
@@ -2153,6 +2160,7 @@
 				AC347B5C20E5A7E1003449CF /* APNSTypeChecker.swift in Sources */,
 				ACD2B84F25B15CFA005D7A90 /* RequestSender.swift in Sources */,
 				AC3A336D24F65579008225BA /* RequestProcessorUtil.swift in Sources */,
+				E9FF7FD12BFCBD90000409ED /* AuthFailure.swift in Sources */,
 				55DD2041269FA24400773CC7 /* IterableInAppMessage.swift in Sources */,
 				AC8E7CA524C7555E0039605F /* CoreDataUtil.swift in Sources */,
 				AC1AA1C624EBB2DC00F29C6B /* IterableTaskRunner.swift in Sources */,

swift-sdk/AuthFailure.swift

@@ -0,0 +1,33 @@
+//
+//  AuthFailure.swift
+//  swift-sdk
+//
+//  Created by HARDIK MASHRU on 21/05/24.
+//  Copyright © 2024 Iterable. All rights reserved.
+//
+
+import Foundation
+@objc public class AuthFailure: NSObject {
+
+    /// userId or email of the signed-in user
+    public let userKey: String?
+
+    /// the authToken which caused the failure
+    public let failedAuthToken: String?
+
+    /// the timestamp of the failed request
+    public let failedRequestTime: Int
+
+    /// indicates a reason for failure
+    public let failureReason: AuthFailureReason
+
+    public init(userKey: String?,
+                failedAuthToken: String?,
+                failedRequestTime: Int,
+                failureReason: AuthFailureReason) {
+        self.userKey = userKey
+        self.failedAuthToken = failedAuthToken
+        self.failedRequestTime = failedRequestTime
+        self.failureReason = failureReason
+    }
+}

swift-sdk/AuthFailureReason.swift

@@ -0,0 +1,23 @@
+//
+//  AuthFailureReason.swift
+//  swift-sdk
+//
+//  Created by HARDIK MASHRU on 21/05/24.
+//  Copyright © 2024 Iterable. All rights reserved.
+//
+
+import Foundation
+@objc public enum AuthFailureReason: Int {
+    case authTokenExpired
+    case authTokenGenericError
+    case authTokenExpirationInvalid
+    case authTokenSignatureInvalid
+    case authTokenFormatInvalid
+    case authTokenInvalidated
+    case authTokenPayloadInvalid
+    case authTokenUserKeyInvalid
+    case authTokenNull
+    case authTokenGenerationError
+    case authTokenMissing
+    case authTokenInvalid
+}

swift-sdk/Internal/AuthManager.swift

@@ -156,9 +156,7 @@ class AuthManager: IterableAuthManagerProtocol {
                 onSuccess?(authToken)
             }
         } else {
-            delegate?.onTokenRegistrationFailed("auth token was nil, scheduling auth token retrieval in \(getNextRetryInterval()) seconds")
-            
-            /// by default, schedule a refresh for 10s
+            handleAuthFailure(failedAuthToken: nil, reason: .authTokenNull)
             scheduleAuthTokenRefreshTimer(interval: getNextRetryInterval(), successCallback: onSuccess)
         }
 
@@ -167,13 +165,17 @@ class AuthManager: IterableAuthManagerProtocol {
         storeAuthToken()
     }
 
+    func handleAuthFailure(failedAuthToken: String?, reason: AuthFailureReason) {
+        delegate?.onAuthFailure(AuthFailure(userKey: IterableUtil.getEmailOrUserId(), failedAuthToken: failedAuthToken, failedRequestTime: IterableUtil.secondsFromEpoch(for: dateProvider.currentDate), failureReason: reason))
+    }
+    
     private func queueAuthTokenExpirationRefresh(_ authToken: String?, onSuccess: AuthTokenRetrievalHandler? = nil) -> Bool {
         ITBInfo()
 
         clearRefreshTimer()
 
         guard let authToken = authToken, let expirationDate = AuthManager.decodeExpirationDateFromAuthToken(authToken) else {
-            delegate?.onTokenRegistrationFailed("auth token was nil or could not decode an expiration date, scheduling auth token retrieval in 10 seconds")
+            handleAuthFailure(failedAuthToken: authToken, reason: .authTokenPayloadInvalid)
 
             /// schedule a default timer of 10 seconds if we fall into this case
             scheduleAuthTokenRefreshTimer(interval: getNextRetryInterval(), successCallback: onSuccess)

swift-sdk/Internal/IterableUtil.swift

@@ -51,6 +51,17 @@ import UIKit
     static func secondsFromEpoch(for date: Date) -> Int {
         Int(date.timeIntervalSince1970)
     }
+    
+    static func getEmailOrUserId() -> String? {
+        let email = IterableAPI.email
+        let userId = IterableAPI.userId
+        if email != nil {
+            return email
+        } else if userId != nil {
+            return userId
+        }
+        return nil
+    }
 
     // given "var1", "val1", "var2", "val2" as input
     // this will return "var1: val1, var2: val2"

swift-sdk/Internal/OfflineRequestProcessor.swift

@@ -350,6 +350,7 @@ struct OfflineRequestProcessor: RequestProcessorProtocol {
                                               withIdentifier: identifier)
             result.onError { error in
                 if error.httpStatusCode == 401, RequestProcessorUtil.matchesJWTErrorCode(error.iterableCode) {
+                    authManager?.handleAuthFailure(failedAuthToken: authManager?.getAuthToken(), reason: RequestProcessorUtil.getMappedErrorCodeForMessage(error.reason ?? ""))
                     authManager?.setIsLastAuthTokenValid(false)
                     let retryInterval = authManager?.getNextRetryInterval() ?? 1
                     DispatchQueue.main.async {

swift-sdk/Internal/RequestProcessorUtil.swift

@@ -19,6 +19,7 @@ struct RequestProcessorUtil {
         .onError { error in
             if error.httpStatusCode == 401, matchesJWTErrorCode(error.iterableCode) {
                 ITBError("invalid JWT token, trying again: \(error.reason ?? "")")
+                authManager?.handleAuthFailure(failedAuthToken: authManager?.getAuthToken(), reason: getMappedErrorCodeForMessage(error.reason ?? ""))
                 authManager?.setIsLastAuthTokenValid(false)
                 let retryInterval = authManager?.getNextRetryInterval() ?? 1
                 DispatchQueue.main.async {
@@ -56,7 +57,6 @@ struct RequestProcessorUtil {
             } else if error.httpStatusCode == 401, error.iterableCode == JsonValue.Code.badApiKey {
                 ITBError(error.reason)
             }
-            
             if let onFailure = onFailure {
                 onFailure(error.reason, error.data)
             } else {
@@ -78,6 +78,30 @@ struct RequestProcessorUtil {
         }
         result.resolve(with: value)
     }
+    
+    public static func getMappedErrorCodeForMessage(_ reason: String) -> AuthFailureReason {
+        
+        switch reason.lowercased() {
+            case "exp must be less than 1 year from iat":
+                return .authTokenExpirationInvalid
+            case "jwt format is invalid":
+                return .authTokenFormatInvalid
+            case "jwt token is expired":
+                return .authTokenExpired
+            case "jwt is invalid":
+                return .authTokenSignatureInvalid
+            case "jwt payload requires a value for userid or email", "email could not be found":
+                return .authTokenUserKeyInvalid
+            case "jwt token has been invalidated":
+                return .authTokenInvalidated
+            case "invalid payload":
+                return .authTokenPayloadInvalid
+            case "jwt authorization header is not set":
+                return .authTokenMissing
+            default:
+            return .authTokenInvalid
+        }
+    }
 
     private static func reportFailure(result: Fulfill<SendRequestValue, SendRequestError>,
                                       error: SendRequestError,

swift-sdk/IterableAuthManagerProtocol.swift

@@ -11,6 +11,7 @@ import Foundation
     func scheduleAuthTokenRefreshTimer(interval: TimeInterval, isScheduledRefresh: Bool, successCallback: AuthTokenRetrievalHandler?)
     func setNewToken(_ newToken: String)
     func logoutUser()
+    func handleAuthFailure(failedAuthToken: String?, reason: AuthFailureReason)
     func pauseAuthRetries(_ pauseAuthRetry: Bool)
     func setIsLastAuthTokenValid(_ isValid: Bool)
     func getNextRetryInterval() -> Double

swift-sdk/IterableConfig.swift

@@ -55,7 +55,7 @@ import Foundation
 /// The delegate for getting the authentication token
 @objc public protocol IterableAuthDelegate: AnyObject {
     @objc func onAuthTokenRequested(completion: @escaping AuthTokenRetrievalHandler)
-    @objc func onTokenRegistrationFailed(_ reason: String?)
+    @objc func onAuthFailure(_ authFailure: AuthFailure)
 }
 
 /// Iterable Configuration Object. Use this when initializing the API.

tests/common/MockAuthManager.swift

@@ -9,6 +9,14 @@ import Foundation
 @testable import IterableSDK
 
 class MockAuthManager: IterableAuthManagerProtocol {
+    
+    var shouldRetry = true
+    var retryWasRequested = false
+
+    func handleAuthFailure(failedAuthToken: String?, reason: IterableSDK.AuthFailureReason) {
+        
+    }
+
     func requestNewAuthToken(hasFailedPriorAuth: Bool, onSuccess: ((String?) -> Void)?, shouldIgnoreRetryPolicy: Bool) {
         if shouldRetry {
             // Simulate the authManager obtaining a new token
@@ -38,8 +46,6 @@ class MockAuthManager: IterableAuthManagerProtocol {
         return 0
     }
 
-    var shouldRetry = true
-    var retryWasRequested = false
 
     func getAuthToken() -> String? {
         return "AuthToken"

tests/unit-tests/AuthTests.swift

@@ -684,7 +684,7 @@ class AuthTests: XCTestCase {
                 }
             }
 
-            func onTokenRegistrationFailed(_ reason: String?) {
+            func onAuthFailure(_ authFailure: AuthFailure) {
 
             }
         }
@@ -717,7 +717,7 @@ class AuthTests: XCTestCase {
                 completion(AuthTests.authToken)
             }
 
-            func onTokenRegistrationFailed(_ reason: String?) {
+            func onAuthFailure(_ authFailure: AuthFailure) {
 
             }
         }
@@ -768,7 +768,7 @@ class AuthTests: XCTestCase {
                 }
             }
 
-            func onTokenRegistrationFailed(_ reason: String?) {
+            func onAuthFailure(_ authFailure: AuthFailure) {
 
             }
         }
@@ -907,7 +907,7 @@ class AuthTests: XCTestCase {
             completion(authTokenGenerator())
         }
 
-        func onTokenRegistrationFailed(_ reason: String?) {
+        func onAuthFailure(_ authFailure: AuthFailure) {
 
         }
     }