Remove force unwrapping of incoming url parameters

MarkPerkins · MarkPerkins · commit ef76cb54cba9 · 2024-06-21T12:18:09.000-04:00
Avoid unnecessary crashes due to unrelated incoming URLs by:
- guard against existence of URL components.
- guard against query parameters
- validate required cookies
*bonus: discard result from user defaults synchronization.
diff --git a/templates/swift/Sources/OAuth/WebAuthComponent.swift.twig b/templates/swift/Sources/OAuth/WebAuthComponent.swift.twig
@@ -53,17 +53,25 @@ public class WebAuthComponent {
     ///   - url: The URL containing the cookie
     ///
     public static func handleIncomingCookie(from url: URL) {
-        let components = URLComponents(string: url.absoluteString)!
 
-        let cookieParts = [String: String](uniqueKeysWithValues: components.queryItems!.map {
-            ($0.name, $0.value!)
+        guard let components = URLComponents(string: url.absoluteString),
+            let queryItems = components.queryItems else {
+            return
+        }
+        
+        let cookieParts = [String: String](uniqueKeysWithValues: queryItems.compactMap { item in
+            item.value.map { (item.name, $0) }
         })
 
-        var domain = cookieParts["domain"]!
+        guard let validatedCookieParts = validateRequiredCookieParts(cookieParts) else {
+            return
+        }
+        
+        var domain = validatedCookieParts.domain
         domain.remove(at: domain.startIndex)
+        let key = validatedCookieParts.key
+        let secret = validatedCookieParts.secret
 
-        let key: String = cookieParts["key"]!
-        let secret: String = cookieParts["secret"]!
         let path: String? = cookieParts["path"]
         let expires: String? = cookieParts["expires"]
         let maxAge: String? = cookieParts["maxAge"]
@@ -92,7 +100,7 @@ public class WebAuthComponent {
             cookie += "; secure"
         }
 
-        let existing = UserDefaults.standard.stringArray(forKey: domain)
+        _ = UserDefaults.standard.stringArray(forKey: domain)
         let new = [cookie]
 
         UserDefaults.standard.set(new, forKey: domain)
@@ -103,6 +111,15 @@ public class WebAuthComponent {
         )
     }
 
+    private static func validateRequiredCookieParts(_ cookieParts: [String: String]) -> (domain: String, key: String, secret: String)? {
+        guard let domain = cookieParts["domain"],
+                let key = cookieParts["key"],
+                let secret = cookieParts["secret"] else {
+            return nil
+        }
+        return (domain, key, secret)
+    }
+
     ///
     /// Trigger a web auth callback
     ///
