Add auth hash to external Id (#797)

* Add auth to setExternalId
* Add tests for new functionality
* Add failure block to external id methods
* Add tests for external id auth validation

Author: Jeasmine

iOS_SDK/OneSignalDevApp/OneSignalDevApp/ViewController.m

@@ -177,14 +177,16 @@ - (void)handleMessageAction:(NSString *)actionId {
 
 - (IBAction)setExternalUserId:(UIButton *)sender {
     NSString* externalUserId = self.externalUserIdTextField.text;
-    [OneSignal setExternalUserId:externalUserId withCompletion:^(NSDictionary *results) {
+    [OneSignal setExternalUserId:externalUserId withSuccess:^(NSDictionary *results) {
         NSLog(@"External user id update complete with results: %@", results.description);
+    } withFailure:^(NSError *error) {
     }];
 }
 
 - (IBAction)removeExternalUserId:(UIButton *)sender {
     [OneSignal removeExternalUserId:^(NSDictionary *results) {
         NSLog(@"External user id update complete with results: %@", results.description);
+    } withFailure:^(NSError *error) {
     }];
 }
 

iOS_SDK/OneSignalSDK/Source/OneSignal.h

@@ -585,12 +585,14 @@ typedef void (^OSEmailSuccessBlock)();
 
 // External user id
 // Typedefs defining completion blocks for updating the external user id
-typedef void (^OSUpdateExternalUserIdBlock)(NSDictionary* results);
+typedef void (^OSUpdateExternalUserIdFailureBlock)(NSError *error);
+typedef void (^OSUpdateExternalUserIdSuccessBlock)(NSDictionary *results);
 
 + (void)setExternalUserId:(NSString * _Nonnull)externalId;
-+ (void)setExternalUserId:(NSString * _Nonnull)externalId withCompletion:(OSUpdateExternalUserIdBlock _Nullable)completionBlock;
++ (void)setExternalUserId:(NSString * _Nonnull)externalId withSuccess:(OSUpdateExternalUserIdSuccessBlock _Nullable)successBlock withFailure:(OSUpdateExternalUserIdFailureBlock _Nullable)failureBlock;
++ (void)setExternalUserId:(NSString *)externalId withExternalIdAuthHashToken:(NSString *)hashToken withSuccess:(OSUpdateExternalUserIdSuccessBlock _Nullable)successBlock withFailure:(OSUpdateExternalUserIdFailureBlock _Nullable)failureBlock;
 + (void)removeExternalUserId;
-+ (void)removeExternalUserId:(OSUpdateExternalUserIdBlock _Nullable)completionBlock;
++ (void)removeExternalUserId:(OSUpdateExternalUserIdSuccessBlock _Nullable)successBlock withFailure:(OSUpdateExternalUserIdFailureBlock _Nullable)failureBlock;
 
 // In-App Messaging triggers
 + (void)addTrigger:(NSString * _Nonnull)key withValue:(id _Nonnull)value;

iOS_SDK/OneSignalSDK/Source/OneSignal.m

@@ -206,10 +206,12 @@ @implementation OneSignal
 BOOL requestedProvisionalAuthorization = false;
 BOOL usesAutoPrompt = false;
 
+static BOOL requiresUserIdAuth = false;
 static BOOL providesAppNotificationSettings = false;
 
 static BOOL performedOnSessionRequest = false;
 static NSString *pendingExternalUserId;
+static NSString *pendingExternalUserIdHashToken;
 
 static OSNotificationDisplayType _inFocusDisplayType = OSNotificationDisplayTypeInAppAlert;
 + (void)setInFocusDisplayType:(OSNotificationDisplayType)value {
@@ -493,6 +495,7 @@ + (void)clearStatics {
     sessionLaunchTime = [NSDate date];
     performedOnSessionRequest = false;
     pendingExternalUserId = nil;
+    pendingExternalUserIdHashToken = nil;
 
     _trackerFactory = nil;
     _sessionManager = nil;
@@ -844,6 +847,9 @@ + (void)downloadIOSParamsWithAppId:(NSString *)appId {
                 delayedEmailParameters = nil;
             }
         }
+        if (result[IOS_REQUIRES_USER_ID_AUTHENTICATION]) {
+            requiresUserIdAuth = [result[IOS_REQUIRES_USER_ID_AUTHENTICATION] boolValue];
+        }
 
         if (!usesAutoPrompt && result[IOS_USES_PROVISIONAL_AUTHORIZATION] != (id)[NSNull null]) {
             [OneSignalUserDefaults.initStandard saveBoolForKey:OSUD_USES_PROVISIONAL_PUSH_AUTHORIZATION withValue:[result[IOS_USES_PROVISIONAL_AUTHORIZATION] boolValue]];
@@ -1676,7 +1682,11 @@ + (void)registerUserInternal {
     if (pendingExternalUserId && ![self.existingPushExternalUserId isEqualToString:pendingExternalUserId])
         dataDic[@"external_user_id"] = pendingExternalUserId;
 
+    if (pendingExternalUserIdHashToken)
+        dataDic[@"external_user_id_auth_hash"] = pendingExternalUserIdHashToken;
+    
     pendingExternalUserId = nil;
+    pendingExternalUserIdHashToken = nil;
 
     let deviceModel = [OneSignalHelper getDeviceVariant];
     if (deviceModel)
@@ -2609,41 +2619,56 @@ + (void)setExternalUserId:(NSString * _Nonnull)externalId {
     if ([self shouldLogMissingPrivacyConsentErrorWithMethodName:@"setExternalUserId:"])
         return;
 
-    [self setExternalUserId:externalId withCompletion:nil];
+    [self setExternalUserId:externalId withSuccess:nil withFailure:nil];
+}
+
++ (void)setExternalUserId:(NSString * _Nonnull)externalId withSuccess:(OSUpdateExternalUserIdSuccessBlock _Nullable)successBlock withFailure:(OSUpdateExternalUserIdFailureBlock _Nullable)failureBlock {
+    // return if the user has not granted privacy permissions
+    if ([self shouldLogMissingPrivacyConsentErrorWithMethodName:@"setExternalUserId:withSuccess:withFailure:"])
+        return;
+    
+    [self setExternalUserId:externalId withExternalIdAuthHashToken:nil withSuccess:successBlock withFailure:failureBlock];
 }
 
-+ (void)setExternalUserId:(NSString * _Nonnull)externalId withCompletion:(OSUpdateExternalUserIdBlock _Nullable)completionBlock {
++ (void)setExternalUserId:(NSString *)externalId withExternalIdAuthHashToken:(NSString *)hashToken withSuccess:(OSUpdateExternalUserIdSuccessBlock _Nullable)successBlock withFailure:(OSUpdateExternalUserIdFailureBlock _Nullable)failureBlock {
 
     // return if the user has not granted privacy permissions
-    if ([self shouldLogMissingPrivacyConsentErrorWithMethodName:@"setExternalUserId:withCompletion:"])
+    if ([self shouldLogMissingPrivacyConsentErrorWithMethodName:@"setExternalUserId:withExternalIdAuthHashToken:withSuccess:withFailure:"])
         return;
 
     // Can't set the external id if init is not done or the app id or user id has not ben set yet
     if (!performedOnSessionRequest) {
         // will be sent as part of the registration/on_session request
         pendingExternalUserId = externalId;
+        pendingExternalUserIdHashToken = hashToken;
         return;
     } else if (!self.currentSubscriptionState.userId || !self.app_id) {
         [OneSignal onesignal_Log:ONE_S_LL_WARN message:[NSString stringWithFormat:@"Attempted to set external user id, but %@ is not set", self.app_id == nil ? @"app_id" : @"user_id"]];
+        if (failureBlock)
+            failureBlock([NSError errorWithDomain:@"com.onesignal" code:0 userInfo:@{@"error" : [NSString stringWithFormat:@"%@ is not set", self.app_id == nil ? @"app_id" : @"user_id"]}]);
+        return;
+    } else if (requiresUserIdAuth && (!hashToken || hashToken.length == 0)) {
+        [OneSignal onesignal_Log:ONE_S_LL_ERROR message:@"External Id authentication (auth token) is set to REQUIRED for this application. Please provide an auth token from your backend server or change the setting in the OneSignal dashboard."];
+        if (failureBlock)
+            failureBlock([NSError errorWithDomain:@"com.onesignal.externalUserId" code:0 userInfo:@{@"error" : @"External User Id authentication (auth token) is set to REQUIRED for this application. Please provide an auth token from your backend server or change the setting in the OneSignal dashboard."}]);
         return;
     }
 
     // Begin constructing the request for the external id update
     let requests = [NSMutableDictionary new];
-    requests[@"push"] = [OSRequestUpdateExternalUserId withUserId:externalId withOneSignalUserId:self.currentSubscriptionState.userId appId:self.app_id];
+    requests[@"push"] = [OSRequestUpdateExternalUserId withUserId:externalId withUserIdHashToken:hashToken withOneSignalUserId:self.currentSubscriptionState.userId appId:self.app_id];
 
     // Check if the email has been set, this will decide on updtaing the external id for the email channel
     if ([self isEmailSetup])
-        requests[@"email"] = [OSRequestUpdateExternalUserId withUserId:externalId withOneSignalUserId:self.currentEmailSubscriptionState.emailUserId appId:self.app_id];
+        requests[@"email"] = [OSRequestUpdateExternalUserId withUserId:externalId withUserIdHashToken:hashToken withOneSignalUserId:self.currentEmailSubscriptionState.emailUserId appId:self.app_id];
 
     // Make sure this is not a duplicate request, if the email and push channels are aligned correctly with the same external id
     if (![self shouldUpdateExternalUserId:externalId withRequests:requests]) {
         // Use callback to return success for both cases here, since push and
         //  email (if email is not setup, email is not included) have been set already
         let results = [self getDuplicateExternalUserIdResponse:externalId withRequests:requests];
-        if (completionBlock)
-            completionBlock(results);
-        
+        if (successBlock)
+            successBlock(results);
         return;
     }
 
@@ -2654,8 +2679,8 @@ + (void)setExternalUserId:(NSString * _Nonnull)externalId withCompletion:(OSUpda
         if (results[@"email"] && results[@"email"][@"success"] && [results[@"email"][@"success"] boolValue])
             [OneSignalUserDefaults.initStandard saveStringForKey:OSUD_EMAIL_EXTERNAL_USER_ID withValue:externalId];
 
-        if (completionBlock)
-            completionBlock(results);
+        if (successBlock)
+            successBlock(results);
     }];
 }
 
@@ -2664,15 +2689,15 @@ + (void)removeExternalUserId {
     if ([self shouldLogMissingPrivacyConsentErrorWithMethodName:@"removeExternalUserId"])
         return;
 
-    [self setExternalUserId:@"" withCompletion:nil];
+    [self setExternalUserId:@""];
 }
 
-+ (void)removeExternalUserId:(OSUpdateExternalUserIdBlock _Nullable)completionBlock {
++ (void)removeExternalUserId:(OSUpdateExternalUserIdSuccessBlock _Nullable)successBlock withFailure:(OSUpdateExternalUserIdFailureBlock _Nullable)failureBlock {
     // return if the user has not granted privacy permissions
     if ([self shouldLogMissingPrivacyConsentErrorWithMethodName:@"removeExternalUserId:"])
         return;
 
-    [self setExternalUserId:@"" withCompletion:completionBlock];
+    [self setExternalUserId:@"" withSuccess:successBlock withFailure:failureBlock];
 }
 
 + (NSString*)existingPushExternalUserId {

iOS_SDK/OneSignalSDK/Source/OneSignalCommonDefines.h

@@ -121,6 +121,7 @@
 // iOS Parameter Names
 #define IOS_USES_PROVISIONAL_AUTHORIZATION @"uses_provisional_auth"
 #define IOS_REQUIRES_EMAIL_AUTHENTICATION @"require_email_auth"
+#define IOS_REQUIRES_USER_ID_AUTHENTICATION @"require_user_id_auth"
 #define IOS_RECEIVE_RECEIPTS_ENABLE @"receive_receipts_enable"
 #define IOS_OUTCOMES_V2_SERVICE_ENABLE @"v2_enabled"
 

iOS_SDK/OneSignalSDK/Source/Requests.h

@@ -137,7 +137,7 @@ NS_ASSUME_NONNULL_END
 @end
 
 @interface OSRequestUpdateExternalUserId : OneSignalRequest
-+ (instancetype _Nonnull)withUserId:(NSString * _Nullable)externalId withOneSignalUserId:(NSString * _Nonnull)userId appId:(NSString * _Nonnull)appId;
++ (instancetype _Nonnull)withUserId:(NSString * _Nullable)externalId withUserIdHashToken:(NSString * _Nullable)hashToken withOneSignalUserId:(NSString *)userId appId:(NSString *)appId;
 @end
 
 @interface OSRequestSendOutcomesV1ToServer : OneSignalRequest

iOS_SDK/OneSignalSDK/Source/Requests.m

@@ -447,12 +447,17 @@ + (instancetype)withAppId:(NSString *)appId previewUUID:(NSString *)previewUUID
 @end
 
 @implementation OSRequestUpdateExternalUserId
-+ (instancetype _Nonnull)withUserId:(NSString * _Nullable)externalId withOneSignalUserId:(NSString *)userId appId:(NSString *)appId {
++ (instancetype _Nonnull)withUserId:(NSString * _Nullable)externalId withUserIdHashToken:(NSString * _Nullable)hashToken withOneSignalUserId:(NSString *)userId appId:(NSString *)appId {
     NSString *msg = [NSString stringWithFormat:@"App ID: %@, external ID: %@", appId, externalId];
     [OneSignal onesignal_Log:ONE_S_LL_DEBUG message:msg];
 
     let request = [OSRequestUpdateExternalUserId new];
-    request.parameters = @{@"app_id" : appId, @"external_user_id" : externalId ?: @""};
+    NSMutableDictionary *parametres = [NSMutableDictionary new];
+    [parametres setObject:appId forKey:@"app_id"];
+    [parametres setObject:externalId ?: @"" forKey:@"external_user_id"];
+    if (hashToken && [hashToken length] > 0)
+        [parametres setObject:hashToken forKey:@"external_user_id_auth_hash"];
+    request.parameters = parametres;
     request.method = PUT;
     request.path = [NSString stringWithFormat:@"players/%@", userId];
 

iOS_SDK/OneSignalSDK/UnitTests/RequestTests.m

@@ -45,6 +45,7 @@ @implementation RequestTests {
     NSString *testAppId;
     NSString *testUserId;
     NSString *testExternalUserId;
+    NSString *testExternalUserIdHashToken;
     NSString *testEmailUserId;
     NSString *testMessageId;
     NSString *testEmailAddress;
@@ -67,6 +68,7 @@ - (void)setUp {
     testUserId = @"test_user_id";
     testEmailUserId = @"test_email_user_id";
     testExternalUserId = @"test_external_id";
+    testExternalUserIdHashToken = @"testExternalUserIdHashToken";
     testEmailAddress = @"[email protected]";
     testMessageId = @"test_message_id";
     testInAppMessageId = @"test_in_app_message_id";
@@ -672,7 +674,7 @@ - (void)testLoadMessageContent {
 }
 
 - (void)testSendExternalUserId {
-    let request = [OSRequestUpdateExternalUserId withUserId:testExternalUserId withOneSignalUserId:testUserId appId:testAppId];
+    let request = [OSRequestUpdateExternalUserId withUserId:testExternalUserId withUserIdHashToken:nil withOneSignalUserId:testUserId appId:testAppId];
 
     let correctUrl = correctUrlWithPath([NSString stringWithFormat:@"players/%@", testUserId]);
 
@@ -681,4 +683,14 @@ - (void)testSendExternalUserId {
     XCTAssertTrue(checkHttpBody(request.urlRequest.HTTPBody, @{@"app_id" : testAppId, @"external_user_id" : testExternalUserId}));
 }
 
+- (void)testSendExternalWithAuthUserId {
+    let request = [OSRequestUpdateExternalUserId withUserId:testExternalUserId withUserIdHashToken:testExternalUserIdHashToken withOneSignalUserId:testUserId appId:testAppId];
+
+    let correctUrl = correctUrlWithPath([NSString stringWithFormat:@"players/%@", testUserId]);
+
+    XCTAssertTrue([correctUrl isEqualToString:request.urlRequest.URL.absoluteString]);
+
+    XCTAssertTrue(checkHttpBody(request.urlRequest.HTTPBody, @{@"app_id" : testAppId, @"external_user_id" : testExternalUserId, @"external_user_id_auth_hash" : testExternalUserIdHashToken}));
+}
+
 @end

iOS_SDK/OneSignalSDK/UnitTests/Shadows/OneSignalClientOverrider.h

@@ -43,6 +43,7 @@
 +(void)runBackgroundThreads;
 +(NSString *)lastHTTPRequestType;
 +(void)setRequiresEmailAuth:(BOOL)required;
++(void)setRequiresExternalIdAuth:(BOOL)required;
 +(BOOL)hasExecutedRequestOfType:(Class)type;
 +(void)setShouldUseProvisionalAuth:(BOOL)provisional;
 +(void)disableExecuteRequestOverride:(BOOL)disable;

iOS_SDK/OneSignalSDK/UnitTests/Shadows/OneSignalClientOverrider.m

@@ -50,6 +50,7 @@ @implementation OneSignalClientOverrider
 static dispatch_queue_t executionQueue;
 static NSString *lastHTTPRequestType;
 static BOOL requiresEmailAuth = false;
+static BOOL requiresExternalIdAuth = false;
 static BOOL shouldUseProvisionalAuthorization = false; //new in iOS 12 (aka Direct to History)
 static BOOL disableOverride = false;
 static NSMutableArray<OneSignalRequest *> *executedRequests;
@@ -76,6 +77,7 @@ + (NSDictionary*)iosParamsResponse {
     return @{
         @"fba": @true,
         IOS_REQUIRES_EMAIL_AUTHENTICATION : @(requiresEmailAuth),
+        IOS_REQUIRES_USER_ID_AUTHENTICATION : @(requiresExternalIdAuth),
         IOS_USES_PROVISIONAL_AUTHORIZATION : @(shouldUseProvisionalAuthorization),
         OUTCOMES_PARAM : iOSParamsOutcomes
     };
@@ -258,6 +260,8 @@ + (void)reset:(XCTestCase*)testInstance {
     [executedRequests removeAllObjects];
     mockResponses = [NSMutableDictionary new];
     iOSParamsOutcomes = @{};
+    requiresEmailAuth = false;
+    requiresExternalIdAuth = false;
 }
 
 + (void)setLastHTTPRequest:(NSDictionary*)value {
@@ -287,6 +291,10 @@ + (void)setRequiresEmailAuth:(BOOL)required {
     requiresEmailAuth = required;
 }
 
++ (void)setRequiresExternalIdAuth:(BOOL)required {
+    requiresExternalIdAuth = required;
+}
+
 + (void)setShouldUseProvisionalAuth:(BOOL)provisional {
     shouldUseProvisionalAuthorization = provisional;
 }

iOS_SDK/OneSignalSDK/UnitTests/UnitTestCommonMethods.h

@@ -31,6 +31,7 @@
 #import "UIApplication+OneSignal.h"
 #import "OneSignalNotificationCategoryController.h"
 
+#define TEST_EXTERNAL_USER_ID_HASH_TOKEN @"i_am_a_test_external_user_id_hash_token"
 #define TEST_EXTERNAL_USER_ID @"i_am_a_test_external_user_id"
 #define TEST_EMAIL @"[email protected]"