search

torusresearch / customauth-swift-sdk

Swift SDK that allows applications to directly interact with the Torus Network, similar to how Torus Wallet does.
BSD 3-Clause "New" or "Revised" License
10 stars 17 forks source link

Crash on login using Google #27

Closed dbart01 closed 2 years ago

dbart01 commented 3 years ago

We're seeing a crash on login using Google login

This was reported on iPhone 11 Pro running iOS 15.0.2

Verifier setup for reference:

let config = SubVerifierDetails(
    loginType: .web,
    loginProvider: .google,
    clientId: "redacted",
    verifierName: "redacted",
    redirectURL: "redacted"
)

self.torus = TorusSwiftDirectSDK(
    aggregateVerifierType: .singleLogin,
    aggregateVerifierName: "redacted",
    subVerifierDetails: [config],
    network: .MAINNET
)

Screen Shot 2021-11-02 at 9 24 27 AM

YZhenY commented 3 years ago

can we take a look at this @michaellee8

michaellee8 commented 3 years ago

We're seeing a crash on login using Google login

This was reported on iPhone 11 Pro running iOS 15.0.2

Verifier setup for reference:

let config = SubVerifierDetails(
    loginType: .web,
    loginProvider: .google,
    clientId: "redacted",
    verifierName: "redacted",
    redirectURL: "redacted"
)

self.torus = TorusSwiftDirectSDK(
    aggregateVerifierType: .singleLogin,
    aggregateVerifierName: "redacted",
    subVerifierDetails: [config],
    network: .MAINNET
)

Screen Shot 2021-11-02 at 9 24 27 AM

Hello, can you provide the logs?

dbart01 commented 3 years ago

Sorry I don't have logs. It was captured remotely by TestFlight crash reporting.

dbart01 commented 3 years ago

I should mention that the version of TorusDirectSDK we we're using at the time was v1.0.3.

michaellee8 commented 3 years ago

Sorry I don't have logs. It was captured remotely by TestFlight crash reporting.

I see, was that reproducible? One of the possible reason causing this crash could be the use of force unwraps we previously do, which is now replaced by proper unwrap handling in latest version.

dbart01 commented 3 years ago

It was reproducible on those devices - as in, the crash was consistent. We don't have a way to verify, right now, whether or not the new version of the SDK addresses those crashes.

metallicalfa2 commented 3 years ago

Could you send me an invitation to the app (TestFlight)?

vantam87 commented 2 years ago

Hi @michaellee8, we got a crash on login using Google also. It seems the data is nil I think. Could you please have a look at it again? We're using CustomAuth 2.1.0 FYI

Screen Shot 2022-05-06 at 09 02 04
michaellee8 commented 2 years ago

Hi @michaellee8, we got a crash on login using Google also. It seems the data is nil I think. Could you please have a look at it again? We're using CustomAuth 2.1.0 FYI

Screen Shot 2022-05-06 at 09 02 04

@vantam87

Can you state the verifier configuration and version that is being used?

vantam87 commented 2 years ago

Hi @michaellee8,

I appreciate your help in advance.

We're using version 2.1.0. The config like below to keep verifierId and idToken what removed from the lib CustomAuth. Could you please let us know if we are missing something?

// Custom handle signle logins to keep verifierId and idToken which was removed in the lib
private func handleSingleLogins(_ loginProvider: LoginProviders, verifier: String) -> Promise<[String: Any]> {
    let subVerifier = SubVerifierDetails(
        loginType: .web,
        loginProvider: loginProvider,
        clientId: Constants.Credential.Torus.clientId,
        verifierName: verifier,
        redirectURL: Constants.Credential.Torus.redirectURL,
        browserRedirectURL: Constants.Credential.Torus.browserRedirectURL
    )
    let customAuth = CustomAuth(
        aggregateVerifierType: .singleLogin,
        aggregateVerifierName: verifier,
        subVerifierDetails: [subVerifier],
        network: Constants.Torus.network
    )
    customAuth.authorizeURLHandler = .external
    let loginURL = subVerifier.getLoginURL()
    let (tempPromise, seal) = Promise<[String: Any]>.pending()
    customAuth.observeCallback { url in
        let responseParameters = customAuth.parseURL(url: url)
        subVerifier.getUserInfo(responseParameters: responseParameters).then { newData -> Promise<[String: Any]> in
            let verifierId = newData["verifierId"] as? String ?? ""
            let idToken = newData["tokenForKeys"] as? String ?? ""
            return customAuth.getTorusKey(
                verifier: verifier, verifierId: verifierId, idToken: idToken, userData: newData
            )
        }.done { data in
            seal.fulfill(data)
        }.catch { err in
            seal.reject(err)
        }
    }
    customAuth.openURL(url: loginURL, view: nil, modalPresentationStyle: UIModalPresentationStyle.fullScreen)
    return tempPromise
}
michaellee8 commented 2 years ago

@vantam87 by any chance u can have a log to the actual request used in the login process? Like some sort of request logger with charles proxy or proxyman? You can send it to michael@tor.us if u have security concerns.

vantam87 commented 2 years ago

Hi @michaellee8,

Thank you for your quick response.

We cannot reproduce the crash from our side, we got it from firebase crashlytics. It rarely happens in our application. The crash report that the data below is null, is it possible to omit force unwrap it? https://github.com/torusresearch/customauth-swift-sdk/blob/a4fb843fabdfd19905b7e215f40ebab4a184c9ed/Sources/CustomAuth/Handlers/GoogleLoginHandler.swift#L113

michaellee8 commented 2 years ago

Sure, let me make a patch that can prevent the force unwrap. @vantam87

vantam87 commented 2 years ago

cool, thanks @michaellee8