Merge pull request #565 from Iterable/jay/MOB-4436-encrypt-auth-data

roninopf · web-flow · commit ab600a53327e · 2022-07-15T11:07:33.000-07:00
[MOB-4436] encrypt auth data
diff --git a/swift-sdk/Constants.swift b/swift-sdk/Constants.swift
@@ -60,6 +60,8 @@ enum Const {
         static let serviceName = "itbl_keychain"
         
         enum Key {
+            static let email = "itbl_email"
+            static let userId = "itbl_userid"
             static let authToken = "itbl_auth_token"
         }
     }
diff --git a/swift-sdk/Internal/IterableKeychain.swift b/swift-sdk/Internal/IterableKeychain.swift
@@ -5,17 +5,56 @@
 import Foundation
 
 class IterableKeychain {
+    var email: String? {
+        get {
+            let data = wrapper.data(forKey: Const.Keychain.Key.email)
+            
+            return data.flatMap { String(data: $0, encoding: .utf8) }
+        }
+        
+        set {
+            guard let token = newValue,
+                  let data = token.data(using: .utf8) else {
+                wrapper.removeValue(forKey: Const.Keychain.Key.email)
+                return
+            }
+            
+            wrapper.set(data, forKey: Const.Keychain.Key.email)
+        }
+        
+    }
+    
+    var userId: String? {
+        get {
+            let data = wrapper.data(forKey: Const.Keychain.Key.userId)
+            
+            return data.flatMap { String(data: $0, encoding: .utf8) }
+        }
+        
+        set {
+            guard let token = newValue,
+                  let data = token.data(using: .utf8) else {
+                wrapper.removeValue(forKey: Const.Keychain.Key.userId)
+                return
+            }
+            
+            wrapper.set(data, forKey: Const.Keychain.Key.userId)
+        }
+    }
+    
     var authToken: String? {
         get {
             let data = wrapper.data(forKey: Const.Keychain.Key.authToken)
+            
             return data.flatMap { String(data: $0, encoding: .utf8) }
         }
         set {
             guard let token = newValue,
                   let data = token.data(using: .utf8) else {
-                      wrapper.removeValue(forKey: Const.Keychain.Key.authToken)
-                      return
-                  }
+                wrapper.removeValue(forKey: Const.Keychain.Key.authToken)
+                return
+            }
+            
             wrapper.set(data, forKey: Const.Keychain.Key.authToken)
         }
     }
@@ -69,14 +108,14 @@ class KeychainWrapper {
         
         return status == noErr ? result as? Data : nil
     }
-
+    
     @discardableResult
     func removeValue(forKey key: String) -> Bool {
         let keychainQueryDictionary: [String: Any] = setupKeychainQueryDictionary(forKey: key)
-
+        
         // Delete
         let status: OSStatus = SecItemDelete(keychainQueryDictionary as CFDictionary)
-
+        
         if status == errSecSuccess {
             return true
         } else {
@@ -98,7 +137,7 @@ class KeychainWrapper {
             return false
         }
     }
-
+    
     
     private let serviceName: String
     
@@ -120,14 +159,14 @@ class KeychainWrapper {
         
         return keychainQueryDictionary
     }
-
+    
     private func update(_ value: Data, forKey key: String) -> Bool {
         let keychainQueryDictionary: [String: Any] = setupKeychainQueryDictionary(forKey: key)
         let updateDictionary = [SecValueData: value]
         
         // Update
         let status: OSStatus = SecItemUpdate(keychainQueryDictionary as CFDictionary, updateDictionary as CFDictionary)
-
+        
         if status == errSecSuccess {
             return true
         } else {
@@ -150,3 +189,4 @@ class KeychainWrapper {
     private let SecMatchLimitOne = kSecMatchLimitOne
     private let SecReturnData: String = kSecReturnData as String
 }
+
diff --git a/swift-sdk/Internal/LocalStorage.swift b/swift-sdk/Internal/LocalStorage.swift
@@ -13,17 +13,17 @@ struct LocalStorage: LocalStorageProtocol {
     
     var userId: String? {
         get {
-            iterableUserDefaults.userId
+            keychain.userId
         } set {
-            iterableUserDefaults.userId = newValue
+            keychain.userId = newValue
         }
     }
     
     var email: String? {
         get {
-            iterableUserDefaults.email
+            keychain.email
         } set {
-            iterableUserDefaults.email = newValue
+            keychain.email = newValue
         }
     }
     
@@ -85,19 +85,36 @@ struct LocalStorage: LocalStorageProtocol {
     
     func upgrade() {
         ITBInfo()
-        moveJwtFromUserDefaultsToKeychain()
+        
+        /// moves `email`, `userId`, and `authToken` from `UserDefaults` to `IterableKeychain`
+        moveAuthDataFromUserDefaultsToKeychain()
     }
     
     // MARK: Private
     
     private let iterableUserDefaults: IterableUserDefaults
     private let keychain: IterableKeychain
-
-    private func moveJwtFromUserDefaultsToKeychain() {
+    
+    private func moveAuthDataFromUserDefaultsToKeychain() {
         if let userDefaultAuthToken = iterableUserDefaults.authToken, keychain.authToken == nil {
             keychain.authToken = userDefaultAuthToken
             iterableUserDefaults.authToken = nil
-            ITBInfo("updated: keychain auth token")
+            
+            ITBInfo("UPDATED: moved authToken from UserDefaults to IterableKeychain")
+        }
+        
+        if let userDefaultEmail = iterableUserDefaults.email, keychain.email == nil {
+            keychain.email = userDefaultEmail
+            iterableUserDefaults.email = nil
+            
+            ITBInfo("UPDATED: moved email from UserDefaults to IterableKeychain")
+        }
+        
+        if let userDefaultUserId = iterableUserDefaults.userId, keychain.userId == nil {
+            keychain.userId = userDefaultUserId
+            iterableUserDefaults.userId = nil
+            
+            ITBInfo("UPDATED: moved userId from UserDefaults to IterableKeychain")
         }
     }
 }
diff --git a/tests/unit-tests/LocalStorageTests.swift b/tests/unit-tests/LocalStorageTests.swift
@@ -33,6 +33,38 @@ class LocalStorageTests: XCTestCase {
         XCTAssertEqual(localStorage.email, email)
     }
     
+    func testAuthDataInKeychain() {
+        let testUserDefaults = LocalStorageTests.getTestUserDefaults()
+        let testKeychain = IterableKeychain.init(wrapper: KeychainWrapper.init(serviceName: "test-localstorage"))
+        
+        var localStorage = LocalStorage(userDefaults: testUserDefaults,
+                                        keychain: testKeychain)
+        
+        let userId = "user-id"
+        
+        localStorage.userId = userId
+        
+        XCTAssertNil(testUserDefaults.string(forKey: Const.UserDefault.userIdKey))
+        
+        XCTAssertEqual(testKeychain.userId, userId)
+        
+        let email = "test@example.com"
+        
+        localStorage.email = email
+        
+        XCTAssertNil(testUserDefaults.string(forKey: Const.UserDefault.emailKey))
+        
+        XCTAssertEqual(testKeychain.email, email)
+        
+        let authToken = "token"
+        
+        localStorage.authToken = authToken
+        
+        XCTAssertNil(testUserDefaults.string(forKey: Const.UserDefault.authTokenKey))
+        
+        XCTAssertEqual(testKeychain.authToken, authToken)
+    }
+    
     func testDDLChecked() throws {
         var localStorage = LocalStorage(userDefaults: LocalStorageTests.getTestUserDefaults())
         localStorage.ddlChecked = true

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,8 @@ enum Const {`
`60`	`60`	`static let serviceName = "itbl_keychain"`
`61`	`61`
`62`	`62`	`enum Key {`
	`63`	`+ static let email = "itbl_email"`
	`64`	`+ static let userId = "itbl_userid"`
`63`	`65`	`static let authToken = "itbl_auth_token"`
`64`	`66`	`}`
`65`	`67`	`}`