fix(gotrue): ignore 401 and 404 errors on sign out (#179)

* fi: ignore 401 and 404 errors on sign out

* test(gotrue): mock APIClient

* Move session check inside do/catch block

* Fix code check

Author: grdsdev

Examples/Examples.xcodeproj/xcshareddata/xcschemes/UserManagement.xcscheme

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+   LastUpgradeVersion = "1510"
+   version = "1.7">
+   <BuildAction
+      parallelizeBuildables = "YES"
+      buildImplicitDependencies = "YES">
+      <BuildActionEntries>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "79FEFFAB2B07873600D36347"
+               BuildableName = "UserManagement.app"
+               BlueprintName = "UserManagement"
+               ReferencedContainer = "container:Examples.xcodeproj">
+            </BuildableReference>
+         </BuildActionEntry>
+      </BuildActionEntries>
+   </BuildAction>
+   <TestAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      shouldAutocreateTestPlan = "YES">
+   </TestAction>
+   <LaunchAction
+      buildConfiguration = "Debug"
+      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      launchStyle = "0"
+      useCustomWorkingDirectory = "NO"
+      ignoresPersistentStateOnLaunch = "NO"
+      debugDocumentVersioning = "YES"
+      debugServiceExtension = "internal"
+      allowLocationSimulation = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "79FEFFAB2B07873600D36347"
+            BuildableName = "UserManagement.app"
+            BlueprintName = "UserManagement"
+            ReferencedContainer = "container:Examples.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </LaunchAction>
+   <ProfileAction
+      buildConfiguration = "Release"
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      savedToolIdentifier = ""
+      useCustomWorkingDirectory = "NO"
+      debugDocumentVersioning = "YES">
+      <BuildableProductRunnable
+         runnableDebuggingMode = "0">
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "79FEFFAB2B07873600D36347"
+            BuildableName = "UserManagement.app"
+            BlueprintName = "UserManagement"
+            ReferencedContainer = "container:Examples.xcodeproj">
+         </BuildableReference>
+      </BuildableProductRunnable>
+   </ProfileAction>
+   <AnalyzeAction
+      buildConfiguration = "Debug">
+   </AnalyzeAction>
+   <ArchiveAction
+      buildConfiguration = "Release"
+      revealArchiveInOrganizer = "YES">
+   </ArchiveAction>
+</Scheme>

Sources/GoTrue/GoTrueClient.swift

@@ -130,7 +130,7 @@ public actor GoTrueClient {
   /// - Parameters:
   ///   - configuration: The client configuration.
   public init(configuration: Configuration) {
-    let api = APIClient(http: HTTPClient(fetchHandler: configuration.fetch))
+    let api = APIClient.live(http: HTTPClient(fetchHandler: configuration.fetch))
 
     self.init(
       configuration: configuration,
@@ -347,7 +347,7 @@ public actor GoTrueClient {
 
     let (codeChallenge, codeChallengeMethod) = prepareForPKCE()
 
-    try await api.execute(
+    _ = try await api.execute(
       .init(
         path: "/otp",
         method: .post,
@@ -382,7 +382,7 @@ public actor GoTrueClient {
     captchaToken: String? = nil
   ) async throws {
     await sessionManager.remove()
-    try await api.execute(
+    _ = try await api.execute(
       .init(
         path: "/otp",
         method: .post,
@@ -587,25 +587,36 @@ public actor GoTrueClient {
   }
 
   /// Signs out the current user, if there is a logged in user.
-  /// If using `SignOutScope.others` scope, no `AuthChangeEvent.signedOut` event is fired.
+  ///
+  /// If using ``SignOutScope/others`` scope, no ``AuthChangeEvent/signedOut`` event is fired.
   /// - Parameter scope: Specifies which sessions should be logged out.
-    public func signOut(scope: SignOutScope = .global) async throws {
+  public func signOut(scope: SignOutScope = .global) async throws {
     do {
+      // Make sure we have a valid session.
       _ = try await sessionManager.session()
+
       try await api.authorizedExecute(
         .init(
           path: "/logout",
           method: .post,
           query: [URLQueryItem(name: "scope", value: scope.rawValue)]
         )
       )
-      if scope != .others {
-        await sessionManager.remove()
-        eventEmitter.emit(.signedOut, session: nil)
-      }
     } catch {
+      // ignore 404s since user might not exist anymore
+      // ignore 401s since an invalid or expired JWT should sign out the current session
+      let ignoredCodes = Set([404, 401])
+
+      if case let GoTrueError.api(apiError) = error, let code = apiError.code,
+         !ignoredCodes.contains(code)
+      {
+        throw error
+      }
+    }
+
+    if scope != .others {
+      await sessionManager.remove()
       eventEmitter.emit(.signedOut, session: nil)
-      throw error
     }
   }
 
@@ -734,7 +745,7 @@ public actor GoTrueClient {
   ) async throws {
     let (codeChallenge, codeChallengeMethod) = prepareForPKCE()
 
-    try await api.execute(
+    _ = try await api.execute(
       .init(
         path: "/recover",
         method: .post,

Sources/GoTrue/Internal/APIClient.swift

@@ -1,46 +1,45 @@
 import Foundation
 @_spi(Internal) import _Helpers
 
-actor APIClient {
-  private var configuration: GoTrueClient.Configuration {
-    Dependencies.current.value!.configuration
-  }
+struct APIClient: Sendable {
+  var execute: @Sendable (_ request: Request) async throws -> Response
+}
 
-  private var sessionManager: SessionManager {
-    Dependencies.current.value!.sessionManager
-  }
+extension APIClient {
+  static func live(http: HTTPClient) -> Self {
+    var configuration: GoTrueClient.Configuration {
+      Dependencies.current.value!.configuration
+    }
 
-  let http: HTTPClient
+    return APIClient(
+      execute: { request in
+        var request = request
+        request.headers.merge(configuration.headers) { r, _ in r }
 
-  init(http: HTTPClient) {
-    self.http = http
+        let response = try await http.fetch(request, baseURL: configuration.url)
+
+        guard (200 ..< 300).contains(response.statusCode) else {
+          let apiError = try configuration.decoder.decode(
+            GoTrueError.APIError.self,
+            from: response.data
+          )
+          throw GoTrueError.api(apiError)
+        }
+
+        return response
+      }
+    )
   }
+}
 
+extension APIClient {
   @discardableResult
   func authorizedExecute(_ request: Request) async throws -> Response {
-    let session = try await sessionManager.session()
+    let session = try await Dependencies.current.value!.sessionManager.session()
 
     var request = request
     request.headers["Authorization"] = "Bearer \(session.accessToken)"
 
     return try await execute(request)
   }
-
-  @discardableResult
-  func execute(_ request: Request) async throws -> Response {
-    var request = request
-    request.headers.merge(configuration.headers) { r, _ in r }
-
-    let response = try await http.fetch(request, baseURL: configuration.url)
-
-    guard (200 ..< 300).contains(response.statusCode) else {
-      let apiError = try configuration.decoder.decode(
-        GoTrueError.APIError.self,
-        from: response.data
-      )
-      throw GoTrueError.api(apiError)
-    }
-
-    return response
-  }
 }

Sources/GoTrue/Types.swift

@@ -576,13 +576,15 @@ public struct AuthMFAGetAuthenticatorAssuranceLevelResponse: Decodable, Hashable
   public let currentAuthenticationMethods: [AMREntry]
 }
 
-public enum SignOutScope: String {
-    /// All sessions by this account will be signed out.
-    case global
-    /// Only this session will be signed out.
-    case local
-    /// All other sessions except the current one will be signed out. When using `others`, there is no `AuthChangeEvent.signedOut` event fired on the current session.
-    case others
+public enum SignOutScope: String, Sendable {
+  /// All sessions by this account will be signed out.
+  case global
+  /// Only this session will be signed out.
+  case local
+  /// All other sessions except the current one will be signed out. When using
+  /// ``SignOutScope/others``, there is no ``AuthChangeEvent/signedOut`` event fired on the current
+  /// session.
+  case others
 }
 
 // MARK: - Encodable & Decodable