fire Jwt callback from subscription executor

Includes tests

Currently delete and update requests don't have an identity model attached. This may need to be changed for JWT

Author: emawby

iOS_SDK/OneSignalSDK/OneSignal.xcodeproj/project.pbxproj

@@ -356,6 +356,7 @@
 		DE2D8F4A2947D86200844084 /* OneSignalOutcomes.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DE7D188027037F43002D3A5D /* OneSignalOutcomes.framework */; };
 		DE3568EA2C88F56600AF447C /* PropertyExecutorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = DE3568E92C88F56600AF447C /* PropertyExecutorTests.swift */; };
 		DE3568EC2C88F5BD00AF447C /* OneSignalExecutorMocks.swift in Sources */ = {isa = PBXBuildFile; fileRef = DE3568EB2C88F5BD00AF447C /* OneSignalExecutorMocks.swift */; };
+		DE3568F02C89067400AF447C /* SubscriptionsExecutorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = DE3568EF2C89067400AF447C /* SubscriptionsExecutorTests.swift */; };
 		DE3784842888CFF900453A8E /* OneSignalUser.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DE69E19B282ED8060090BB3D /* OneSignalUser.framework */; };
 		DE3784852888D00300453A8E /* OneSignalUser.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DE69E19B282ED8060090BB3D /* OneSignalUser.framework */; };
 		DE3784862888D00B00453A8E /* OneSignalUser.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = DE69E19B282ED8060090BB3D /* OneSignalUser.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
@@ -1518,6 +1519,7 @@
 		DE20425D24E21C2C00350E4F /* UIApplication+OneSignal.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "UIApplication+OneSignal.m"; sourceTree = "<group>"; };
 		DE3568E92C88F56600AF447C /* PropertyExecutorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PropertyExecutorTests.swift; sourceTree = "<group>"; };
 		DE3568EB2C88F5BD00AF447C /* OneSignalExecutorMocks.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OneSignalExecutorMocks.swift; sourceTree = "<group>"; };
+		DE3568EF2C89067400AF447C /* SubscriptionsExecutorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SubscriptionsExecutorTests.swift; sourceTree = "<group>"; };
 		DE3CD2FE270FA9F200A5BECD /* OSOutcomes.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OSOutcomes.m; sourceTree = "<group>"; };
 		DE51DDE3294262AB0073D5C4 /* OSRemoteParamController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OSRemoteParamController.m; sourceTree = "<group>"; };
 		DE51DDE4294262AB0073D5C4 /* OSRemoteParamController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OSRemoteParamController.h; sourceTree = "<group>"; };
@@ -2207,6 +2209,7 @@
 			children = (
 				3CF11E3C2C6D6155002856F5 /* UserExecutorTests.swift */,
 				DE3568E92C88F56600AF447C /* PropertyExecutorTests.swift */,
+				DE3568EF2C89067400AF447C /* SubscriptionsExecutorTests.swift */,
 			);
 			path = Executors;
 			sourceTree = "<group>";
@@ -4149,6 +4152,7 @@
 				3C67F77A2BEB2B710085A0F0 /* SwitchUserIntegrationTests.swift in Sources */,
 				3CC063EE2B6D7FE8002BB07F /* OneSignalUserTests.swift in Sources */,
 				3CC890352C5BF9A7002CB4CC /* UserConcurrencyTests.swift in Sources */,
+				DE3568F02C89067400AF447C /* SubscriptionsExecutorTests.swift in Sources */,
 				3CDE664C2BFC2A56006DA114 /* OneSignalUserObjcTests.m in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Executors/OSSubscriptionOperationExecutor.swift

@@ -278,6 +278,12 @@ class OSSubscriptionOperationExecutor: OSOperationExecutor {
             }
         }
     }
+    
+    func handleUnauthorizedError(externalId: String, error: NSError) {
+        if (jwtConfig.isRequired ?? false) {
+            OneSignalUserManagerImpl.sharedInstance.invalidateJwtForExternalId(externalId: externalId, error: error)
+        }
+    }
 
     func executeCreateSubscriptionRequest(_ request: OSRequestCreateSubscription, inBackground: Bool) {
         guard !request.sentToClient else {
@@ -331,6 +337,11 @@ class OSSubscriptionOperationExecutor: OSOperationExecutor {
                         // The subscription has been deleted along with the user, so remove the subscription_id but keep the same push subscription model
                         OneSignalUserManagerImpl.sharedInstance.pushSubscriptionModel?.subscriptionId = nil
                         OneSignalUserManagerImpl.sharedInstance._logout()
+                    } else if responseType == .unauthorized && (self.jwtConfig.isRequired ?? false) {
+                        if let externalId = request.identityModel.externalId {
+                            self.handleUnauthorizedError(externalId: externalId, error: nsError)
+                        }
+                        request.sentToClient = false
                     } else if responseType != .retryable {
                         // Fail, no retry, remove from cache and queue
                         self.addRequestQueue.removeAll(where: { $0 == request})
@@ -375,7 +386,13 @@ class OSSubscriptionOperationExecutor: OSOperationExecutor {
             self.dispatchQueue.async {
                 if let nsError = error as? NSError {
                     let responseType = OSNetworkingUtils.getResponseStatusType(nsError.code)
-                    if responseType != .retryable {
+                    if responseType == .unauthorized && (self.jwtConfig.isRequired ?? false) {
+                         // ECM The delete subscription request doesn't have an identity model?
+                         if let externalId = OneSignalUserManagerImpl.sharedInstance.user.identityModel.externalId {
+                            self.handleUnauthorizedError(externalId: externalId, error: nsError)
+                        }
+                        request.sentToClient = false
+                    } else if responseType != .retryable {
                         // Fail, no retry, remove from cache and queue
                         // If this request returns a missing status, that is ok as this is a delete request
                         self.removeRequestQueue.removeAll(where: { $0 == request})
@@ -417,7 +434,13 @@ class OSSubscriptionOperationExecutor: OSOperationExecutor {
             self.dispatchQueue.async {
                 if let nsError = error as? NSError {
                     let responseType = OSNetworkingUtils.getResponseStatusType(nsError.code)
-                    if responseType != .retryable {
+                    if responseType == .unauthorized && (self.jwtConfig.isRequired ?? false) {
+                         // ECM The update subscription request doesn't have an identity model?
+                         if let externalId = OneSignalUserManagerImpl.sharedInstance.user.identityModel.externalId {
+                            self.handleUnauthorizedError(externalId: externalId, error: nsError)
+                        }
+                        request.sentToClient = false
+                    } else if responseType != .retryable {
                         // Fail, no retry, remove from cache and queue
                         self.updateRequestQueue.removeAll(where: { $0 == request})
                         OneSignalUserDefaults.initShared().saveCodeableData(forKey: OS_SUBSCRIPTION_EXECUTOR_UPDATE_REQUEST_QUEUE_KEY, withValue: self.updateRequestQueue)

iOS_SDK/OneSignalSDK/OneSignalUserMocks/MockUserDefines.swift

@@ -5,5 +5,8 @@ public let userB_OSID = "test_user_b_onesignal_id"
 public let userB_EUID = "test_user_b_external_id"
 
 public let testPushSubId = "test_push_subscription_id"
-
+public let testEmailSubId = "test_email_subscription_id"
+public let testPushToken = "2b7347630b72265c83b1c1d2227f563ce6169d5aaf274b06f1a1fadf3a04be69"
 public let userA_JwtToken = "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMTM5YmQ2Zi00NTFmLTQzOGMtODg4Ni00ZTBmMGZlM2EwODUiLCJleHAiOjE3MjUzOTY3NTksImlkZW50aXR5Ijp7ImV4dGVybmFsX2lkIjoiZWxsaW90MTE0MCJ9LCJzdWJzY3JpcHRpb25zIjpbeyJ0eXBlIjoiRW1haWwiLCJ0b2tlbiI6InRlc3RAZG9tYWluLmNvbSJ9LHsidHlwZSI6IlNNUyIsInRva2VuIjoiKzEyMzQ1Njc4In1dfQ.wmtt8mH7wYpxmUDyx_l8ktfF4Eg-6y_4iOSsIEl3AxuQ5pEriCIRj-3P-NmSPO3jsSAGPeBRZQ-rRS5j-LbN1w"
+
+public let userA_email = "[email protected]"

iOS_SDK/OneSignalSDK/OneSignalUserMocks/MockUserRequests.swift

@@ -128,6 +128,21 @@ extension MockUserRequests {
 
         client.setMockFailureResponseForRequest(request:"<OSRequestUpdateProperties with parameters: \(params.toSortedString())>", error: error)
     }
+    
+    public static func setUnauthorizedAddEmailFailureResponse(with client: MockOneSignalClient, email: String) {
+        let error = testUnauthorizedailureError()
+        client.setMockFailureResponseForRequest(request:"<OSRequestCreateSubscription with token: \(email)>", error: error)
+    }
+    
+    public static func setUnauthorizedRemoveEmailFailureResponse(with client: MockOneSignalClient, email: String) {
+        let error = testUnauthorizedailureError()
+        client.setMockFailureResponseForRequest(request:"<OSRequestDeleteSubscription with subscriptionModel: \(email)>", error: error)
+    }
+    
+    public static func setUnauthorizedUpdateSubscriptionFailureResponse(with client: MockOneSignalClient, token: String) {
+        let error = testUnauthorizedailureError()
+        client.setMockFailureResponseForRequest(request:"OSRequestUpdateSubscription with subscriptionObject: [\"token\": \"\(token)\"]", error: error)
+    }
 
     public static func setDefaultIdentifyUserResponses(with client: MockOneSignalClient, externalId: String, conflicted: Bool = false) {
         var osid: String

iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/PropertyExecutorTests.swift

@@ -113,7 +113,7 @@ final class PropertyExecutorTests: XCTestCase {
         XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestUpdateProperties.self))
     }
 
-    func testCreateUser_IdentityVerificationRequired_withInvalidToken() {
+    func testUpdateProperty_IdentityVerificationRequired_withInvalidToken() {
         /* Setup */
         let mocks = Mocks()
         mocks.setAuthRequired(true)

iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/SubscriptionsExecutorTests.swift

@@ -0,0 +1,196 @@
+/*
+ Modified MIT License
+ 
+ Copyright 2024 OneSignal
+ 
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ 
+ 1. The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ 
+ 2. All copies of substantial portions of the Software may only be used in connection
+with services provided by OneSignal.
+ 
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+ */
+
+import XCTest
+import OneSignalCore
+import OneSignalOSCore
+import OneSignalCoreMocks
+import OneSignalOSCoreMocks
+import OneSignalUserMocks
+@testable import OneSignalUser
+
+private class Mocks: OneSignalExecutorMocks {
+    var subscriptionExecutor: OSSubscriptionOperationExecutor!
+
+    override init() {
+        super.init()
+        subscriptionExecutor = OSSubscriptionOperationExecutor(newRecordsState: newRecordsState, jwtConfig: jwtConfig)
+    }
+}
+
+final class SubscriptionExecutorTests: XCTestCase {
+
+    override func setUpWithError() throws {
+        OneSignalCoreMocks.clearUserDefaults()
+        OneSignalUserMocks.reset()
+        // App ID is set because requests have guards against null App ID
+        OneSignalConfigManager.setAppId("test-app-id")
+        // Temp. logging to help debug during testing
+        OneSignalLog.setLogLevel(.LL_VERBOSE)
+    }
+
+    override func tearDownWithError() throws { }
+    
+    func testAddEmailSendsWhenProcessed() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(false)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+        
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        let email = userA_email
+        MockUserRequests.setAddEmailResponse(with: mocks.client, email: email)
+        mocks.subscriptionExecutor.enqueueDelta(OSDelta(name: OS_ADD_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .email, address: email, subscriptionId: nil, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: OSSubscriptionType.email.rawValue, value:email))
+
+        /* When */
+        mocks.subscriptionExecutor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        
+        /* Then */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestCreateSubscription.self))
+    }
+    
+    func testAddEmail_IdentityVerificationRequired_butNoToken() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+        
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        let email = userA_email
+        MockUserRequests.setAddEmailResponse(with: mocks.client, email: email)
+        mocks.subscriptionExecutor.enqueueDelta(OSDelta(name: OS_ADD_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .email, address: email, subscriptionId: nil, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: OSSubscriptionType.email.rawValue, value:email))
+
+        /* When */
+        mocks.subscriptionExecutor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        
+        /* Then */
+        XCTAssertFalse(mocks.client.hasExecutedRequestOfType(OSRequestCreateSubscription.self))
+    }
+    
+    func testAddEmail_IdentityVerificationRequired_withToken() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+        
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        user.identityModel.jwtBearerToken = userA_JwtToken
+        let email = userA_email
+        MockUserRequests.setAddEmailResponse(with: mocks.client, email: email)
+        mocks.subscriptionExecutor.enqueueDelta(OSDelta(name: OS_ADD_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .email, address: email, subscriptionId: nil, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: OSSubscriptionType.email.rawValue, value:email))
+
+        /* When */
+        mocks.subscriptionExecutor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        
+        /* Then */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestCreateSubscription.self))
+    }
+    
+    func testAddEmail_IdentityVerificationRequired_withInvalidToken() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+        
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        user.identityModel.jwtBearerToken = userA_JwtToken
+        let email = userA_email
+        MockUserRequests.setUnauthorizedAddEmailFailureResponse(with: mocks.client, email: email)
+        mocks.subscriptionExecutor.enqueueDelta(OSDelta(name: OS_ADD_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .email, address: email, subscriptionId: nil, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: OSSubscriptionType.email.rawValue, value:email))
+        
+        var invalidatedCallbackWasCalled = false
+        OneSignalUserManagerImpl.sharedInstance.User.onJwtInvalidated { event in
+            XCTAssertTrue(event.message == "token has invalid claims: token is expired")
+            invalidatedCallbackWasCalled = true
+        }
+
+        /* When */
+        mocks.subscriptionExecutor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        
+        /* Then */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestCreateSubscription.self))
+        XCTAssertTrue(invalidatedCallbackWasCalled)
+    }
+    
+    func testDeleteEmail_IdentityVerificationRequired_withInvalidToken() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+        
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        user.identityModel.jwtBearerToken = userA_JwtToken
+        let email = userA_email
+        MockUserRequests.setUnauthorizedRemoveEmailFailureResponse(with: mocks.client, email: email)
+        mocks.subscriptionExecutor.enqueueDelta(OSDelta(name: OS_REMOVE_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .email, address: email, subscriptionId: testEmailSubId, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: OSSubscriptionType.email.rawValue, value:email))
+        
+        var invalidatedCallbackWasCalled = false
+        OneSignalUserManagerImpl.sharedInstance.User.onJwtInvalidated { event in
+            XCTAssertTrue(event.message == "token has invalid claims: token is expired")
+            invalidatedCallbackWasCalled = true
+        }
+
+        /* When */
+        mocks.subscriptionExecutor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        
+        /* Then */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestDeleteSubscription.self))
+        XCTAssertTrue(invalidatedCallbackWasCalled)
+    }
+    
+    func testUpdateSubscription_IdentityVerificationRequired_withInvalidToken() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+        
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        user.identityModel.jwtBearerToken = userA_JwtToken
+        let token = testPushToken
+        MockUserRequests.setUnauthorizedUpdateSubscriptionFailureResponse(with: mocks.client, token: token)
+        mocks.subscriptionExecutor.enqueueDelta(OSDelta(name: OS_UPDATE_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .push, address: token, subscriptionId: testPushSubId, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: "token", value:token))
+        
+        var invalidatedCallbackWasCalled = false
+        OneSignalUserManagerImpl.sharedInstance.User.onJwtInvalidated { event in
+            XCTAssertTrue(event.message == "token has invalid claims: token is expired")
+            invalidatedCallbackWasCalled = true
+        }
+
+        /* When */
+        mocks.subscriptionExecutor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        
+        /* Then */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestUpdateSubscription.self))
+        XCTAssertTrue(invalidatedCallbackWasCalled)
+    }
+}