Request objects - update to consider JWT

* User request instances already have a `prepareForExecution()` method that indicates if this request can be sent yet. For example, does the onesignal ID exist to make this request.
* Use this existing method to check for auth and block sending this request if auth is required but invalid, or auth is unknown, etc.

* OSRequestFetchUser will have onesignalId as a property, regardless of JWT on or off. The aliasLabel and aliasId pair is already expected to be onesignal ID, so make it explicit.
* Keeping the onesignal ID can be used to know if the user has actually been created on the server and to check for the post-create cool-off period. The request will be translated to use the onesignal ID or the external ID based on JWT on/off.

Requests Updated:
* OSRequestCreateUser
* OSRequestFetchUser
* OSRequestAddAliases
* OSRequestRemoveAlias
* OSRequestUpdateProperties

Requests Not Allowed with Identity Verification:
* OSRequestFetchIdentityBySubscription
* OSRequestIdentifyUser

Author: nan-li

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Executors/OSUserExecutor.swift

@@ -254,7 +254,7 @@ extension OSUserExecutor {
                    let identity = request.parameters?["identity"] as? [String: String],
                    let onesignalId = request.identityModel.onesignalId,
                    identity[OS_EXTERNAL_ID] != nil {
-                    self.fetchUser(aliasLabel: OS_ONESIGNAL_ID, aliasId: onesignalId, identityModel: request.identityModel)
+                    self.fetchUser(onesignalId: onesignalId, identityModel: request.identityModel)
                 } else {
                     self.executePendingRequests()
                 }
@@ -314,7 +314,7 @@ extension OSUserExecutor {
                     return
                 }
 
-                self.fetchUser(aliasLabel: OS_ONESIGNAL_ID, aliasId: onesignalId, identityModel: request.identityModel)
+                self.fetchUser(onesignalId: onesignalId, identityModel: request.identityModel)
             }
         } onFailure: { error in
             OneSignalLog.onesignalLog(.LL_ERROR, message: "OSUserExecutor executeFetchIdentityBySubscriptionRequest failed with error: \(error.debugDescription)")
@@ -375,7 +375,7 @@ extension OSUserExecutor {
             if OneSignalUserManagerImpl.sharedInstance.isCurrentUser(request.identityModelToUpdate) {
                 // Add onesignal ID to new records because an immediate fetch may not return the newly-applied external ID
                 self.newRecordsState.add(onesignalId, true)
-                self.fetchUser(aliasLabel: OS_ONESIGNAL_ID, aliasId: onesignalId, identityModel: request.identityModelToUpdate)
+                self.fetchUser(onesignalId: onesignalId, identityModel: request.identityModelToUpdate)
             } else {
                 self.executePendingRequests()
             }
@@ -417,8 +417,8 @@ extension OSUserExecutor {
         }
     }
 
-    func fetchUser(aliasLabel: String, aliasId: String, identityModel: OSIdentityModel, onNewSession: Bool = false) {
-        let request = OSRequestFetchUser(identityModel: identityModel, aliasLabel: aliasLabel, aliasId: aliasId, onNewSession: onNewSession)
+    func fetchUser(onesignalId: String, identityModel: OSIdentityModel, onNewSession: Bool = false) {
+        let request = OSRequestFetchUser(identityModel: identityModel, onesignalId: onesignalId, onNewSession: onNewSession)
 
         appendToQueue(request)
 

iOS_SDK/OneSignalSDK/OneSignalUser/Source/OneSignalUserManagerImpl.swift

@@ -566,7 +566,7 @@ extension OneSignalUserManagerImpl {
 
         // Fetch the user's data if there is a onesignal_id
         if let onesignalId = onesignalId {
-            userExecutor!.fetchUser(aliasLabel: OS_ONESIGNAL_ID, aliasId: onesignalId, identityModel: user.identityModel, onNewSession: true)
+            userExecutor!.fetchUser(onesignalId: onesignalId, identityModel: user.identityModel, onNewSession: true)
         } else {
             // It is possible to init a user from cache who is missing the onesignalId
             // This can happen if any createUser or identifyUser requests are cached

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestAddAliases.swift

@@ -38,18 +38,21 @@ class OSRequestAddAliases: OneSignalRequest, OSUserRequest {
     var identityModel: OSIdentityModel
     let aliases: [String: String]
 
-    /// requires a `onesignal_id` to send this request
+    /// Needs `onesignal_id` without JWT on or `external_id` with valid JWT to send this request
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        if let onesignalId = identityModel.onesignalId,
-           newRecordsState.canAccess(onesignalId),
-           let appId = OneSignalConfigManager.getAppId()
-        {
-            self.addJWTHeader(identityModel: identityModel)
-            self.path = "apps/\(appId)/users/by/\(OS_ONESIGNAL_ID)/\(onesignalId)/identity"
-            return true
-        } else {
+        let alias = getAlias(identityModel: identityModel)
+        guard
+            let onesignalId = identityModel.onesignalId,
+            newRecordsState.canAccess(onesignalId),
+            let aliasIdToUse = alias.id,
+            let appId = OneSignalConfigManager.getAppId(),
+            addJWTHeaderIsValid(identityModel: identityModel)
+        else {
             return false
         }
+
+        self.path = "apps/\(appId)/users/by/\(alias.label)/\(aliasIdToUse)/identity"
+        return true
     }
 
     init(aliases: [String: String], identityModel: OSIdentityModel) {

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestCreateSubscription.swift

@@ -43,18 +43,21 @@ class OSRequestCreateSubscription: OneSignalRequest, OSUserRequest {
     var subscriptionModel: OSSubscriptionModel
     var identityModel: OSIdentityModel
 
-    // Need the onesignal_id of the user
+    /// Needs the `onesignal_id` without JWT on or `external_id` with valid JWT to send this request
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        if let onesignalId = identityModel.onesignalId,
-           newRecordsState.canAccess(onesignalId),
-           let appId = OneSignalConfigManager.getAppId()
-        {
-            self.addJWTHeader(identityModel: identityModel)
-            self.path = "apps/\(appId)/users/by/\(OS_ONESIGNAL_ID)/\(onesignalId)/subscriptions"
-            return true
-        } else {
+        let alias = getAlias(identityModel: identityModel)
+        guard
+            let onesignalId = identityModel.onesignalId,
+            newRecordsState.canAccess(onesignalId),
+            let aliasIdToUse = alias.id,
+            let appId = OneSignalConfigManager.getAppId(),
+            addJWTHeaderIsValid(identityModel: identityModel)
+        else {
             return false
         }
+
+        self.path = "apps/\(appId)/users/by/\(alias.label)/\(aliasIdToUse)/subscriptions"
+        return true
     }
 
     init(subscriptionModel: OSSubscriptionModel, identityModel: OSIdentityModel) {

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestCreateUser.swift

@@ -45,6 +45,7 @@ class OSRequestCreateUser: OneSignalRequest, OSUserRequest {
     var pushSubscriptionModel: OSSubscriptionModel?
     var originalPushToken: String?
 
+    // TODO: JWT 🔐 confirm existence of external ID is already addressed before getting here
     /// Checks if the subscription ID can be accessed, if a subscription is being included in the request
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
         guard let appId = OneSignalConfigManager.getAppId() else {
@@ -59,8 +60,12 @@ class OSRequestCreateUser: OneSignalRequest, OSUserRequest {
             return false
         }
 
+        guard addJWTHeaderIsValid(identityModel: identityModel) else {
+            OneSignalLog.onesignalLog(.LL_DEBUG, message: "Cannot generate the create user request yet due to auth.")
+            return false
+        }
+
         _ = self.addPushSubscriptionIdToAdditionalHeaders()
-        self.addJWTHeader(identityModel: identityModel)
         self.path = "apps/\(appId)/users"
         return true
     }

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestFetchIdentityBySubscription.swift

@@ -39,22 +39,19 @@ class OSRequestFetchIdentityBySubscription: OneSignalRequest, OSUserRequest {
     var identityModel: OSIdentityModel
     var pushSubscriptionModel: OSSubscriptionModel
 
+    /// Only send this request if Identity Verification is off.
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        // newRecordsState is unused for this request
-        guard let appId = OneSignalConfigManager.getAppId() else {
-            OneSignalLog.onesignalLog(.LL_DEBUG, message: "Cannot generate the FetchIdentityBySubscription request due to null app ID.")
+        guard
+            let appId = OneSignalConfigManager.getAppId(),
+            let subscriptionId = pushSubscriptionModel.subscriptionId,
+            OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired == false
+        else {
+            OneSignalLog.onesignalLog(.LL_ERROR, message: "Cannot generate the FetchIdentityBySubscription request.")
             return false
         }
 
-        if let subscriptionId = pushSubscriptionModel.subscriptionId {
-            self.path = "apps/\(appId)/subscriptions/\(subscriptionId)/user/identity"
-            return true
-        } else {
-            // This is an error, and should never happen
-            OneSignalLog.onesignalLog(.LL_ERROR, message: "Cannot generate the FetchIdentityBySubscription request due to null subscriptionId.")
-            self.path = ""
-            return false
-        }
+        self.path = "apps/\(appId)/subscriptions/\(subscriptionId)/user/identity"
+        return true
     }
 
     init(identityModel: OSIdentityModel, pushSubscriptionModel: OSSubscriptionModel) {

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestFetchUser.swift

@@ -40,35 +40,39 @@ class OSRequestFetchUser: OneSignalRequest, OSUserRequest {
     }
 
     let identityModel: OSIdentityModel
-    let aliasLabel: String
-    let aliasId: String
     let onNewSession: Bool
 
+    /// This should always be `OS_ONESIGNAL_ID` even with JWT on, as a way to know if the user has been created on the server and for the post-create cool off period
+    let onesignalId: String
+
+    // TODO: JWT 🔐 Is external ID already handled by this time? Or do we need to check the alias here?
+    /// Needs `onesignal_id` without JWT on or `external_id` with valid JWT to send this request
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        guard let appId = OneSignalConfigManager.getAppId(),
-              newRecordsState.canAccess(aliasId)
+        let alias = getAlias(identityModel: identityModel)
+        guard
+            let aliasIdToUse = alias.id,
+            let appId = OneSignalConfigManager.getAppId(),
+            newRecordsState.canAccess(onesignalId),
+            addJWTHeaderIsValid( identityModel: identityModel)
         else {
-            OneSignalLog.onesignalLog(.LL_DEBUG, message: "Cannot generate the fetch user request for \(aliasLabel): \(aliasId) yet.")
+            OneSignalLog.onesignalLog(.LL_DEBUG, message: "Cannot generate the fetch user request for \(alias) yet.")
             return false
         }
-        self.addJWTHeader(identityModel: identityModel)
-        self.path = "apps/\(appId)/users/by/\(aliasLabel)/\(aliasId)"
+        self.path = "apps/\(appId)/users/by/\(alias.label)/\(aliasIdToUse)"
         return true
     }
 
-    init(identityModel: OSIdentityModel, aliasLabel: String, aliasId: String, onNewSession: Bool) {
+    init(identityModel: OSIdentityModel, onesignalId: String, onNewSession: Bool) {
         self.identityModel = identityModel
-        self.aliasLabel = aliasLabel
-        self.aliasId = aliasId
+        self.onesignalId = onesignalId
         self.onNewSession = onNewSession
-        self.stringDescription = "<OSRequestFetchUser with \(aliasLabel): \(aliasId)>"
+        self.stringDescription = "<OSRequestFetchUser with \(OS_ONESIGNAL_ID): \(onesignalId)>"
         super.init()
         self.method = GET
     }
 
     func encode(with coder: NSCoder) {
-        coder.encode(aliasLabel, forKey: "aliasLabel")
-        coder.encode(aliasId, forKey: "aliasId")
+        coder.encode(onesignalId, forKey: "onesignalId")
         coder.encode(identityModel, forKey: "identityModel")
         coder.encode(onNewSession, forKey: "onNewSession")
         coder.encode(method.rawValue, forKey: "method") // Encodes as String
@@ -78,19 +82,17 @@ class OSRequestFetchUser: OneSignalRequest, OSUserRequest {
     required init?(coder: NSCoder) {
         guard
             let identityModel = coder.decodeObject(forKey: "identityModel") as? OSIdentityModel,
-            let aliasLabel = coder.decodeObject(forKey: "aliasLabel") as? String,
-            let aliasId = coder.decodeObject(forKey: "aliasId") as? String,
+            let onesignalId = coder.decodeObject(forKey: "onesignalId") as? String,
             let rawMethod = coder.decodeObject(forKey: "method") as? UInt32,
             let timestamp = coder.decodeObject(forKey: "timestamp") as? Date
         else {
             // Log error
             return nil
         }
         self.identityModel = identityModel
-        self.aliasLabel = aliasLabel
-        self.aliasId = aliasId
+        self.onesignalId = onesignalId
         self.onNewSession = coder.decodeBool(forKey: "onNewSession")
-        self.stringDescription = "<OSRequestFetchUser with \(aliasLabel): \(aliasId)>"
+        self.stringDescription = "<OSRequestFetchUser with \(OS_ONESIGNAL_ID): \(onesignalId)>"
         super.init()
         self.method = HTTPMethod(rawValue: rawMethod)
         self.timestamp = timestamp

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestIdentifyUser.swift

@@ -48,20 +48,20 @@ class OSRequestIdentifyUser: OneSignalRequest, OSUserRequest {
     let aliasId: String
 
     /// requires a `onesignal_id` to send this request
+    /// Only  send this request if Identity Verification is off
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        if let onesignalId = identityModelToIdentify.onesignalId,
-           newRecordsState.canAccess(onesignalId),
-           let appId = OneSignalConfigManager.getAppId()
-        {
-            self.addJWTHeader(identityModel: identityModelToIdentify)
-            self.path = "apps/\(appId)/users/by/\(OS_ONESIGNAL_ID)/\(onesignalId)/identity"
-            return true
-        } else {
-            // self.path is non-nil, so set to empty string
-            self.path = ""
+        guard
+            let onesignalId = identityModelToIdentify.onesignalId,
+            newRecordsState.canAccess(onesignalId),
+            let appId = OneSignalConfigManager.getAppId(),
+            OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired == false
+        else {
             OneSignalLog.onesignalLog(.LL_DEBUG, message: "Cannot generate the Identify User request yet.")
             return false
         }
+
+        self.path = "apps/\(appId)/users/by/\(OS_ONESIGNAL_ID)/\(onesignalId)/identity"
+        return true
     }
 
     /**

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestRemoveAlias.swift

@@ -38,17 +38,21 @@ class OSRequestRemoveAlias: OneSignalRequest, OSUserRequest {
     let labelToRemove: String
     var identityModel: OSIdentityModel
 
+    /// Needs `onesignal_id` without JWT on or `external_id` with valid JWT to send this request
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        if let onesignalId = identityModel.onesignalId,
-           newRecordsState.canAccess(onesignalId),
-           let appId = OneSignalConfigManager.getAppId()
-        {
-            self.addJWTHeader(identityModel: identityModel)
-            self.path = "apps/\(appId)/users/by/\(OS_ONESIGNAL_ID)/\(onesignalId)/identity/\(labelToRemove)"
-            return true
-        } else {
+        let alias = getAlias(identityModel: identityModel)
+        guard
+            let onesignalId = identityModel.onesignalId,
+            newRecordsState.canAccess(onesignalId),
+            let aliasIdToUse = alias.id,
+            let appId = OneSignalConfigManager.getAppId(),
+            addJWTHeaderIsValid(identityModel: identityModel)
+        else {
             return false
         }
+
+        self.path = "apps/\(appId)/users/by/\(alias.label)/\(aliasIdToUse)/identity/\(labelToRemove)"
+        return true
     }
 
     init(labelToRemove: String, identityModel: OSIdentityModel) {

iOS_SDK/OneSignalSDK/OneSignalUser/Source/Requests/OSRequestUpdateProperties.swift

@@ -37,20 +37,22 @@ class OSRequestUpdateProperties: OneSignalRequest, OSUserRequest {
 
     var identityModel: OSIdentityModel
 
-    // TODO: Decide if addPushSubscriptionIdToAdditionalHeadersIfNeeded should block.
-    // Note Android adds it to requests, if the push sub ID exists
+    /// Needs `onesignal_id` without JWT on or `external_id` with valid JWT to send this request
     func prepareForExecution(newRecordsState: OSNewRecordsState) -> Bool {
-        if let onesignalId = identityModel.onesignalId,
-           newRecordsState.canAccess(onesignalId),
-           let appId = OneSignalConfigManager.getAppId()
-        {
-            _ = self.addPushSubscriptionIdToAdditionalHeaders()
-            self.addJWTHeader(identityModel: identityModel)
-            self.path = "apps/\(appId)/users/by/\(OS_ONESIGNAL_ID)/\(onesignalId)"
-            return true
-        } else {
+        let alias = getAlias(identityModel: identityModel)
+        guard
+            let onesignalId = identityModel.onesignalId,
+            newRecordsState.canAccess(onesignalId),
+            let aliasIdToUse = alias.id,
+            let appId = OneSignalConfigManager.getAppId(),
+            addJWTHeaderIsValid(identityModel: identityModel)
+        else {
             return false
         }
+
+        _ = self.addPushSubscriptionIdToAdditionalHeaders()
+        self.path = "apps/\(appId)/users/by/\(alias.label)/\(aliasIdToUse)"
+        return true
     }
 
     init(params: [String: Any], identityModel: OSIdentityModel) {