search

furaiev / amazon-cognito-identity-dart-2

Unofficial Amazon Cognito Identity Provider Dart SDK, to easily add user sign-up and sign-in to your mobile and web apps with AWS.
MIT License
188 stars 114 forks source link

bug(fatal): CognitoUser.getSession throws TypeError when storage returns null for clockDrift #221

Closed bjoernahrens closed 1 year ago

bjoernahrens commented 1 year ago

This bug was introduced in 3.1.0 by commit 1a43b15e03f2953e1d563be36f887d65fa15de3a

In CognitoUser line 195-196

195:    final clockDriftValue = await storage.getItem(clockDriftKey);
196:    final clockDrift = int.tryParse(clockDriftValue);

CognitoStorage.getItem returns a dynamic type, which is really not optimal as then the Dart Analyzer ignores the fact that the value might be null.

In this case, the value returned in line 195 is null if no value was saved before. However, int.tryParse has the following signature

  int? tryParse(String source, {int? radix});

The parameter source is a non-optional string. When given null, Dart will throw a TypeError at runtime.

Errors are usually not caught, so an app using this will crash.

furaiev commented 1 year ago

@bjoernahrens thank you for reporting,

@AndreiMisiukevich could you please take a look?

AndreiMisiukevich commented 1 year ago

@furaiev sure!

@bjoernahrens nice catch! I agree that it makes more sense to refactor code and replace dynamics with nullable Strings for easier maintenance.

furaiev commented 1 year ago

@bjoernahrens thanks for reporting, @AndreiMisiukevich thanks for fast fix!

bjoernahrens commented 1 year ago

Thank you for fixing it so quickly, really appreciated 👍

Definitely agree that it should be typed instead of dynamic.