Skip to content

Commit

Permalink
Merge pull request #3 from yourparkingspace/feature/MOB-2095
Browse files Browse the repository at this point in the history
MOB-2095: [IOS] clear tokens from OAuth client if refresh fails
  • Loading branch information
dsmailes authored Dec 1, 2023
2 parents 388c27b + f8de8bc commit 7c3f3dc
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 1 deletion.
12 changes: 12 additions & 0 deletions Sources/OAuthClient/OAuthClient.swift
Original file line number Diff line number Diff line change
Expand Up @@ -55,27 +55,39 @@ public class OAuthClient: Client {
guard let self = self else { return }
guard error == nil else {
DispatchQueue.main.async {
if case .refresh = grantType {
self.clearTokens()
}
completion(.failure(error!))
}
return
}

guard let response = response as? HTTPURLResponse else {
DispatchQueue.main.async {
if case .refresh = grantType {
self.clearTokens()
}
completion(.failure(OAuthClientError.genericWithMessage("No Response")))
}
return
}

if response.statusCode != 200 {
DispatchQueue.main.async {
if case .refresh = grantType {
self.clearTokens()
}
completion(.failure(OAuthClientError.genericWithMessage("Invalid status code. Expecting 200, got \(response.statusCode)")))
}
return
}

guard let data = data, data.isEmpty == false else {
DispatchQueue.main.async {
if case .refresh = grantType {
self.clearTokens()
}
completion(.failure(OAuthClientError.genericWithMessage("No data received")))
}
return
Expand Down
2 changes: 1 addition & 1 deletion Sources/OAuthClient/OAuthGrantType.swift
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

import Foundation

public enum OAuthGrantType {
public enum OAuthGrantType: Equatable {
/// A client credentials grant type - no params needed
case clientCredentials

Expand Down
41 changes: 41 additions & 0 deletions Tests/OAuthClientTests/OAuthClientTests.swift
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,47 @@ class OAuthClientTests: XCTestCase {
let _ = keychain.remove(withKey: OAuthGrantType.password("", "").storageKey)
}

func testTokensRemovedIfInvalidRefresh() throws {
let _ = keychain.remove(withKey: "password")
let _ = keychain.remove(withKey: "client")

let jsonData = TestStrings.oAuthTokenResponseExpiredWithRefresh.data(using: .utf8)

let tokenToStore = try JSONDecoder().decode(OAuthAccessToken.self, from: jsonData!)

try keychain.add(tokenToStore, withKey: "password")
try keychain.add(tokenToStore, withKey: "client")

XCTAssertEqual(keychain.keychainItems.count, 2)

let passwordToken: OAuthAccessToken? = try keychain.read(withKey: "password")
let clientToken: OAuthAccessToken? = try keychain.read(withKey: "client")

XCTAssertNotNil(passwordToken)
XCTAssertNotNil(clientToken)

MockURLProtocol.requestHandler = { request in
let response = HTTPURLResponse(url: request.url!, statusCode: 500, httpVersion: nil, headerFields: nil)!
return (response, nil)
}

let expect = expectation(description: "Token is returned")

client.requestToken(for: .refresh((passwordToken?.refreshToken)!), completion: { result in
switch result {
case .success(_):
XCTFail()
case .failure(_):
XCTAssertNil(self.keychain.keychainItems["password"])
XCTAssertNil(self.keychain.keychainItems["client"])
XCTAssertEqual(self.keychain.keychainItems.count, 0)
expect.fulfill()
}
})

waitForExpectations(timeout: 5, handler: nil)
}

func testClientCanDecodeTokenWhenRequested() throws {

let mockToken = TestStrings.oAuthTokenResponse.data(using: .utf8)
Expand Down

0 comments on commit 7c3f3dc

Please sign in to comment.