Bugfix/nonce touchup (FormidableLabs#231)

* Revet sha265 -> sha256 * Wrap app in a SafeAreaView * Add useNonce param at the end of the the args instead of in the middle * Add a test for the nonce parameter * Add typescript definition for useNonce * Update readme to add useNonce
andreasantaca · Jan 31, 2019 · 6cf59be · 6cf59be
1 parent a83ce89
commit 6cf59be
Show file tree

Hide file tree

Showing 9 changed files with 99 additions and 19 deletions.
diff --git a/Example/AndroidExample/components/Page.js b/Example/AndroidExample/components/Page.js
@@ -1,11 +1,22 @@
 // @flow
 
+import React from 'react';
 import styled from 'styled-components/native';
 
-export default styled.ImageBackground.attrs({
-  source: require('../assets/background.jpg')
+const SafeArea = styled.SafeAreaView`
+  flex: 1;
+`;
+
+const Background = styled.ImageBackground.attrs({
+  source: require('../assets/background.jpg'),
 })`
   flex: 1;
   background-color: white;
   padding: 40px 10px 10px 10px;
 `;
+
+export default ({ children }) => (
+  <Background>
+    <SafeArea>{children}</SafeArea>
+  </Background>
+);
diff --git a/Example/Latest/components/Page.js b/Example/Latest/components/Page.js
@@ -1,11 +1,22 @@
 // @flow
 
+import React from 'react';
 import styled from 'styled-components/native';
 
-export default styled.ImageBackground.attrs({
+const SafeArea = styled.SafeAreaView`
+  flex: 1;
+`;
+
+const Background = styled.ImageBackground.attrs({
   source: require('../assets/background.jpg')
 })`
   flex: 1;
   background-color: white;
   padding: 40px 10px 10px 10px;
 `;
+
+export default ({ children }) => (
+  <Background>
+    <SafeArea>{children}</SafeArea>
+  </Background>
+);
diff --git a/Example/iOSCarthageExample/components/Page.js b/Example/iOSCarthageExample/components/Page.js
@@ -1,11 +1,22 @@
 // @flow
 
+import React from 'react';
 import styled from 'styled-components/native';
 
-export default styled.ImageBackground.attrs({
-  source: require('../assets/background.jpg')
+const SafeArea = styled.SafeAreaView`
+  flex: 1;
+`;
+
+const Background = styled.ImageBackground.attrs({
+  source: require('../assets/background.jpg'),
 })`
   flex: 1;
   background-color: white;
   padding: 40px 10px 10px 10px;
 `;
+
+export default ({ children }) => (
+  <Background>
+    <SafeArea>{children}</SafeArea>
+  </Background>
+);
diff --git a/Example/iOSPodsExample/components/Page.js b/Example/iOSPodsExample/components/Page.js
@@ -1,11 +1,22 @@
 // @flow
 
+import React from 'react';
 import styled from 'styled-components/native';
 
-export default styled.ImageBackground.attrs({
-  source: require('../assets/background.jpg')
+const SafeArea = styled.SafeAreaView`
+  flex: 1;
+`;
+
+const Background = styled.ImageBackground.attrs({
+  source: require('../assets/background.jpg'),
 })`
   flex: 1;
   background-color: white;
   padding: 40px 10px 10px 10px;
 `;
+
+export default ({ children }) => (
+  <Background>
+    <SafeArea>{children}</SafeArea>
+  </Background>
+);
diff --git a/README.md b/README.md
@@ -10,7 +10,6 @@
 
 Past documentation: [`3.1`](https://github.com/FormidableLabs/react-native-app-auth/tree/v3.1.0) [`3.0`](https://github.com/FormidableLabs/react-native-app-auth/tree/v3.0.0) [`2.x`](https://github.com/FormidableLabs/react-native-app-auth/tree/v2.0.0) [`1.x`](https://github.com/FormidableLabs/react-native-app-auth/tree/v1.0.1).
 
-
 React Native bridge for [AppAuth-iOS](https://github.com/openid/AppAuth-iOS) and
 [AppAuth-Android](https://github.com/openid/AppAuth-Android) SDKS for communicating with
 [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and
@@ -97,6 +96,7 @@ with optional overrides.
   Must be string values! E.g. setting `additionalParameters: { hello: 'world', foo: 'bar' }` would add
   `hello=world&foo=bar` to the authorization request.
 * **dangerouslyAllowInsecureHttpRequests** - (`boolean`) _ANDROID_ whether to allow requests over plain HTTP or with self-signed SSL certificates. :warning: Can be useful for testing against local server, _should not be used in production._ This setting has no effect on iOS; to enable insecure HTTP requests, add a [NSExceptionAllowsInsecureHTTPLoads exception](https://cocoacasts.com/how-to-add-app-transport-security-exception-domains) to your App Transport Security settings.
+* **useNonce** - (`boolean`) _IOS_ (default: true) optionally allows not sending the nonce parameter, to support non-compliant providers
 
 #### result
 
@@ -682,12 +682,12 @@ First, set up a your user pool in [the AWS console](https://eu-west-1.console.aw
 Now you need to set up your domain name. This will be on the left menu in your pool details page, under App Integration -> Domain Name. What this is depends on your preference. E.g. for AppAuth demo, mine is `https://app-auth-test.auth.eu-west-1.amazoncognito.com` as I chose `app-auth-test` as the domain and `eu-west-1` as the region.
 
 Finally, you need to configure your app client. Go to App Integration -> App Client Settings.
+
 1. Enable your newly created user pool under Enabled Identity Providers.
 2. Add the callback url (must be same as in your config, e.g. `com.myclientapp://myclient/redirect`)
 3. Enable the Authorization code grant
 4. Enable openid scope
 
-
 ```js
 const config = {
   clientId: '<YOUR_CLIENT_ID>',

diff --git a/index.d.ts b/index.d.ts
@@ -29,6 +29,7 @@ export type AuthConfiguration = BaseAuthConfiguration & {
   redirectUrl: string;
   additionalParameters?: BuiltInParameters & { [name: string]: string };
   dangerouslyAllowInsecureHttpRequests?: boolean;
+  useNonce?: boolean;
 };
 
 export interface AuthorizeResult {

diff --git a/index.js b/index.js
@@ -47,12 +47,13 @@ export const authorize = ({
     additionalParameters,
     serviceConfiguration,
   ];
+
   if (Platform.OS === 'android') {
     nativeMethodArguments.push(dangerouslyAllowInsecureHttpRequests);
-  } else {
-    // add a new useNonce param on iOS to support making it optional
-    const nonceParamIndex = 5;
-    nativeMethodArguments.splice(nonceParamIndex, 0, useNonce);
+  }
+
+  if (Platform.OS === 'ios') {
+    nativeMethodArguments.push(useNonce);
   }
 
   return RNAppAuth.authorize(...nativeMethodArguments);

diff --git a/index.spec.js b/index.spec.js
@@ -87,9 +87,9 @@ describe('AppAuth', () => {
         config.clientId,
         config.clientSecret,
         config.scopes,
-        config.useNonce,
         config.additionalParameters,
-        config.serviceConfiguration
+        config.serviceConfiguration,
+        config.useNonce
       );
     });
 
@@ -270,5 +270,39 @@ describe('AppAuth', () => {
         );
       });
     });
+
+    describe('iOS-specific useNonce parameter', () => {
+      beforeEach(() => {
+        require('react-native').Platform.OS = 'ios';
+      });
+
+      it('calls the native wrapper with default value `true`', () => {
+        authorize(config, { refreshToken: 'such-token' });
+        expect(mockAuthorize).toHaveBeenCalledWith(
+          config.issuer,
+          config.redirectUrl,
+          config.clientId,
+          config.clientSecret,
+          config.scopes,
+          config.additionalParameters,
+          config.serviceConfiguration,
+          true
+        );
+      });
+
+      it('calls the native wrapper with passed value `false`', () => {
+        authorize({ ...config, useNonce: false }, { refreshToken: 'such-token' });
+        expect(mockAuthorize).toHaveBeenCalledWith(
+          config.issuer,
+          config.redirectUrl,
+          config.clientId,
+          config.clientSecret,
+          config.scopes,
+          config.additionalParameters,
+          config.serviceConfiguration,
+          false
+        );
+      });
+    });
   });
 });
diff --git a/ios/RNAppAuth.m b/ios/RNAppAuth.m
@@ -36,9 +36,9 @@ - (dispatch_queue_t)methodQueue
                  clientId: (NSString *) clientId
                  clientSecret: (NSString *) clientSecret
                  scopes: (NSArray *) scopes
-                 useNonce: (BOOL *) useNonce
                  additionalParameters: (NSDictionary *_Nullable) additionalParameters
                  serviceConfiguration: (NSDictionary *_Nullable) serviceConfiguration
+                 useNonce: (BOOL *) useNonce
                  resolve: (RCTPromiseResolveBlock) resolve
                  reject: (RCTPromiseRejectBlock)  reject)
 {
@@ -152,8 +152,8 @@ + (nullable NSString *)codeChallengeS256ForVerifier:(NSString *)codeVerifier {
   // generates the code_challenge per spec https://tools.ietf.org/html/rfc7636#section-4.2
   // code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier)))
   // NB. the ASCII conversion on the code_verifier entropy was done at time of generation.
-  NSData *sha256Verifier = [OIDTokenUtilities sha256:codeVerifier];
-  return [OIDTokenUtilities encodeBase64urlNoPadding:sha256Verifier];
+    NSData *sha265Verifier = [OIDTokenUtilities sha265:codeVerifier];
+  return [OIDTokenUtilities encodeBase64urlNoPadding:sha265Verifier];
 }
 
 /*
@@ -277,7 +277,7 @@ - (NSDictionary*)formatResponse: (OIDTokenResponse*) response
     dateFormat.timeZone = [NSTimeZone timeZoneWithAbbreviation: @"UTC"];
     [dateFormat setLocale:[NSLocale localeWithLocaleIdentifier:@"en_US_POSIX"]];
     [dateFormat setDateFormat:@"yyyy-MM-dd'T'HH:mm:ss'Z'"];
-    
+
     return @{@"accessToken": response.accessToken ? response.accessToken : @"",
              @"accessTokenExpirationDate": response.accessTokenExpirationDate ? [dateFormat stringFromDate:response.accessTokenExpirationDate] : @"",
              @"additionalParameters": params,