Skip to content

Commit a90d8db

Browse files
jonsimantova-maurice
jonsimantov
authored and
a-maurice
committed
Add Flatbuffer verification to desktop auth persistence. Added some logs for if
the data does not parse correctly. PiperOrigin-RevId: 246431803
1 parent 4a61369 commit a90d8db

File tree

1 file changed

+34
-22
lines changed

1 file changed

+34
-22
lines changed

auth/src/desktop/user_desktop.cc

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -475,32 +475,44 @@ void AssignLoadedData(const Future<std::string>& future, void* auth_data) {
475475
// Decode to flatbuffer
476476
std::string decoded;
477477
if (!UserDataPersist::HexDecode(loaded_string, &decoded)) {
478-
return; // Invalid data.
478+
LogWarning("Auth: Error decoding persistent user data.");
479+
return;
480+
}
481+
482+
// Verify the Flatbuffer is valid.
483+
flatbuffers::Verifier verifier(
484+
reinterpret_cast<const uint8_t*>(decoded.c_str()), decoded.length());
485+
if (!VerifyUserDataDesktopBuffer(verifier)) {
486+
LogWarning("Auth: Error verifying persistent user data.");
487+
return;
479488
}
480489

481490
auto userData = GetUserDataDesktop(decoded.c_str());
482-
if (userData != nullptr) {
483-
UserData loaded_user;
484-
loaded_user.uid = userData->uid()->c_str();
485-
loaded_user.email = userData->email()->c_str();
486-
loaded_user.display_name = userData->display_name()->c_str();
487-
loaded_user.photo_url = userData->photo_url()->c_str();
488-
loaded_user.provider_id = userData->provider_id()->c_str();
489-
loaded_user.phone_number = userData->phone_number()->c_str();
490-
loaded_user.is_anonymous = userData->is_anonymous();
491-
loaded_user.is_email_verified = userData->is_email_verified();
492-
loaded_user.id_token = userData->id_token()->c_str();
493-
loaded_user.refresh_token = userData->refresh_token()->c_str();
494-
loaded_user.access_token = userData->access_token()->c_str();
495-
loaded_user.access_token_expiration_date =
496-
userData->access_token_expiration_date();
497-
loaded_user.has_email_password_credential =
498-
userData->has_email_password_credential();
499-
loaded_user.last_sign_in_timestamp = userData->last_sign_in_timestamp();
500-
loaded_user.creation_timestamp = userData->creation_timestamp();
501-
502-
UserView::ResetUser(static_cast<AuthData*>(auth_data), loaded_user);
491+
if (userData == nullptr) {
492+
LogWarning("Auth: Error reading persistent user data.");
493+
return;
503494
}
495+
496+
UserData loaded_user;
497+
loaded_user.uid = userData->uid()->c_str();
498+
loaded_user.email = userData->email()->c_str();
499+
loaded_user.display_name = userData->display_name()->c_str();
500+
loaded_user.photo_url = userData->photo_url()->c_str();
501+
loaded_user.provider_id = userData->provider_id()->c_str();
502+
loaded_user.phone_number = userData->phone_number()->c_str();
503+
loaded_user.is_anonymous = userData->is_anonymous();
504+
loaded_user.is_email_verified = userData->is_email_verified();
505+
loaded_user.id_token = userData->id_token()->c_str();
506+
loaded_user.refresh_token = userData->refresh_token()->c_str();
507+
loaded_user.access_token = userData->access_token()->c_str();
508+
loaded_user.access_token_expiration_date =
509+
userData->access_token_expiration_date();
510+
loaded_user.has_email_password_credential =
511+
userData->has_email_password_credential();
512+
loaded_user.last_sign_in_timestamp = userData->last_sign_in_timestamp();
513+
loaded_user.creation_timestamp = userData->creation_timestamp();
514+
515+
UserView::ResetUser(static_cast<AuthData*>(auth_data), loaded_user);
504516
}
505517

506518
Future<std::string> UserDataPersist::LoadUserData(AuthData* auth_data) {

0 commit comments

Comments
 (0)