fix(auth): store code verifier in keychain (#502)

grdsdev · web-flow · commit b86154a9aa80 · 2024-08-14T15:03:44.000-03:00
diff --git a/Sources/Auth/AuthClient.swift b/Sources/Auth/AuthClient.swift
@@ -68,6 +68,7 @@ public final class AuthClient: Sendable {
       configuration: configuration,
       http: HTTPClient(configuration: configuration),
       api: APIClient(clientID: clientID),
+      codeVerifierStorage: .live(clientID: clientID),
       sessionStorage: .live(clientID: clientID),
       sessionManager: .live(clientID: clientID)
     )
diff --git a/Sources/Auth/Defaults.swift b/Sources/Auth/Defaults.swift
@@ -57,6 +57,4 @@ extension AuthClient.Configuration {
 
   /// The default value when initializing a ``AuthClient`` instance.
   public static let defaultAutoRefreshToken: Bool = true
-
-  static let defaultStorageKey = "supabase.auth.token"
 }
diff --git a/Sources/Auth/Internal/CodeVerifierStorage.swift b/Sources/Auth/Internal/CodeVerifierStorage.swift
@@ -8,12 +8,36 @@ struct CodeVerifierStorage: Sendable {
 }
 
 extension CodeVerifierStorage {
-  static var live: Self {
-    let code = LockIsolated(String?.none)
+  static func live(clientID: AuthClientID) -> Self {
+    var configuration: AuthClient.Configuration { Dependencies[clientID].configuration }
+    var key: String { "\(configuration.storageKey ?? STORAGE_KEY)-code-verifier" }
 
     return Self(
-      get: { code.value },
-      set: { code.setValue($0) }
+      get: {
+        do {
+          guard let data = try configuration.localStorage.retrieve(key: key) else {
+            configuration.logger?.debug("Code verifier not found.")
+            return nil
+          }
+          return String(decoding: data, as: UTF8.self)
+        } catch {
+          configuration.logger?.error("Failure loading code verifier: \(error.localizedDescription)")
+          return nil
+        }
+      },
+      set: { code in
+        do {
+          if let code, let data = code.data(using: .utf8) {
+            try configuration.localStorage.store(key: key, value: data)
+          } else if code == nil {
+            try configuration.localStorage.remove(key: key)
+          } else {
+            configuration.logger?.error("Code verifier is not a valid UTF8 string.")
+          }
+        } catch {
+          configuration.logger?.error("Failure storing code verifier: \(error.localizedDescription)")
+        }
+      }
     )
   }
 }
diff --git a/Sources/Auth/Internal/Contants.swift b/Sources/Auth/Internal/Contants.swift
@@ -8,3 +8,4 @@
 import Foundation
 
 let EXPIRY_MARGIN: TimeInterval = 30
+let STORAGE_KEY = "supabase.auth.token"
diff --git a/Sources/Auth/Internal/Dependencies.swift b/Sources/Auth/Internal/Dependencies.swift
@@ -6,12 +6,13 @@ struct Dependencies: Sendable {
   var configuration: AuthClient.Configuration
   var http: any HTTPClientType
   var api: APIClient
+  var codeVerifierStorage: CodeVerifierStorage
   var sessionStorage: SessionStorage
   var sessionManager: SessionManager
 
   var eventEmitter = AuthStateChangeEventEmitter()
   var date: @Sendable () -> Date = { Date() }
-  var codeVerifierStorage = CodeVerifierStorage.live
+
   var urlOpener: URLOpener = .live
 
   var encoder: JSONEncoder { configuration.encoder }
diff --git a/Sources/Auth/Internal/SessionStorage.swift b/Sources/Auth/Internal/SessionStorage.swift
@@ -28,7 +28,7 @@ struct SessionStorage {
 extension SessionStorage {
   static func live(clientID: AuthClientID) -> SessionStorage {
     var key: String {
-      Dependencies[clientID].configuration.storageKey ?? AuthClient.Configuration.defaultStorageKey
+      Dependencies[clientID].configuration.storageKey ?? STORAGE_KEY
     }
 
     var oldKey: String { "supabase.session" }
diff --git a/Supabase.xcworkspace/xcshareddata/swiftpm/Package.resolved b/Supabase.xcworkspace/xcshareddata/swiftpm/Package.resolved
diff --git a/Tests/AuthTests/MockHelpers.swift b/Tests/AuthTests/MockHelpers.swift
@@ -1,3 +1,4 @@
+import ConcurrencyExtras
 import Foundation
 import TestHelpers
 
@@ -23,7 +24,19 @@ extension Dependencies {
     ),
     http: HTTPClientMock(),
     api: APIClient(clientID: AuthClientID()),
+    codeVerifierStorage: CodeVerifierStorage.mock,
     sessionStorage: SessionStorage.live(clientID: AuthClientID()),
     sessionManager: SessionManager.live(clientID: AuthClientID())
   )
 }
+
+extension CodeVerifierStorage {
+  static var mock: CodeVerifierStorage {
+    let code = LockIsolated<String?>(nil)
+
+    return Self(
+      get: { code.value },
+      set: { code.setValue($0) }
+    )
+  }
+}
diff --git a/Tests/AuthTests/SessionManagerTests.swift b/Tests/AuthTests/SessionManagerTests.swift
@@ -36,6 +36,7 @@ final class SessionManagerTests: XCTestCase {
       ),
       http: http,
       api: APIClient(clientID: clientID),
+      codeVerifierStorage: .mock,
       sessionStorage: SessionStorage.live(clientID: clientID),
       sessionManager: SessionManager.live(clientID: clientID)
     )
diff --git a/Tests/AuthTests/StoredSessionTests.swift b/Tests/AuthTests/StoredSessionTests.swift
@@ -17,6 +17,7 @@ final class StoredSessionTests: XCTestCase {
       ),
       http: HTTPClientMock(),
       api: .init(clientID: clientID),
+      codeVerifierStorage: .mock,
       sessionStorage: .live(clientID: clientID),
       sessionManager: .live(clientID: clientID)
     )

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ public final class AuthClient: Sendable {`
`68`	`68`	`configuration: configuration,`
`69`	`69`	`http: HTTPClient(configuration: configuration),`
`70`	`70`	`api: APIClient(clientID: clientID),`
	`71`	`+ codeVerifierStorage: .live(clientID: clientID),`
`71`	`72`	`sessionStorage: .live(clientID: clientID),`
`72`	`73`	`sessionManager: .live(clientID: clientID)`
`73`	`74`	`)`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,4 @@ extension AuthClient.Configuration {`
`57`	`57`
`58`	`58`	/// The default value when initializing a ``AuthClient`` instance.
`59`	`59`	`public static let defaultAutoRefreshToken: Bool = true`
`60`		`-`
`61`		`- static let defaultStorageKey = "supabase.auth.token"`
`62`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,3 +8,4 @@`
`8`	`8`	`import Foundation`
`9`	`9`
`10`	`10`	`let EXPIRY_MARGIN: TimeInterval = 30`
	`11`	`+let STORAGE_KEY = "supabase.auth.token"`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ struct SessionStorage {`
`28`	`28`	`extension SessionStorage {`
`29`	`29`	`static func live(clientID: AuthClientID) -> SessionStorage {`
`30`	`30`	`var key: String {`
`31`		`- Dependencies[clientID].configuration.storageKey ?? AuthClient.Configuration.defaultStorageKey`
	`31`	`+ Dependencies[clientID].configuration.storageKey ?? STORAGE_KEY`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`var oldKey: String { "supabase.session" }`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ final class SessionManagerTests: XCTestCase {`
`36`	`36`	`),`
`37`	`37`	`http: http,`
`38`	`38`	`api: APIClient(clientID: clientID),`
	`39`	`+ codeVerifierStorage: .mock,`
`39`	`40`	`sessionStorage: SessionStorage.live(clientID: clientID),`
`40`	`41`	`sessionManager: SessionManager.live(clientID: clientID)`
`41`	`42`	`)`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ final class StoredSessionTests: XCTestCase {`
`17`	`17`	`),`
`18`	`18`	`http: HTTPClientMock(),`
`19`	`19`	`api: .init(clientID: clientID),`
	`20`	`+ codeVerifierStorage: .mock,`
`20`	`21`	`sessionStorage: .live(clientID: clientID),`
`21`	`22`	`sessionManager: .live(clientID: clientID)`
`22`	`23`	`)`