[Auth] Persistence with secure interface

+ Remove early access flag
+ save/load with secure interface
+ add encode/decode to raw flatbuffer data
+ add fake internal impl

PiperOrigin-RevId: 245321552

Author: cynthiajiang

app/src/util_desktop.cc

@@ -0,0 +1,65 @@
+/*
+ * Copyright 2016 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "app/src/util_desktop.h"
+
+#include "app/src/log.h"
+#include "openssl/base64.h"
+
+namespace firebase {
+
+bool Base64Encode(const std::string& input, std::string* output) {
+  size_t base64_length = 0;
+  if ((EVP_EncodedLength(&base64_length, input.size()) == 0) ||
+      (base64_length == 0)) {
+    LogError("Failed base64 EVP_EncodedLength(%s)", input.c_str());
+    return false;
+  }
+  output->resize(base64_length);
+  if (EVP_EncodeBlock(reinterpret_cast<uint8_t*>(&(*output)[0]),
+                      reinterpret_cast<const uint8_t*>(&input[0]),
+                      input.size()) == 0u) {
+    LogError("Failed base64 EVP_EncodeBlock()");
+    return false;
+  }
+  // Trim the terminating null character.
+  output->resize(base64_length - 1);
+  return true;
+}
+
+bool Base64Decode(const std::string& input, std::string* output) {
+  size_t decoded_length = 0;
+  if ((EVP_DecodedLength(&decoded_length, input.size()) == 0) ||
+      (decoded_length == 0)) {
+    LogError("Failed to get decoded length for input(%s)", input.c_str());
+    return false;
+  }
+  std::string buffer;
+  buffer.resize(decoded_length);
+  if (EVP_DecodeBase64(reinterpret_cast<uint8_t*>(&(buffer)[0]),
+                       &decoded_length, decoded_length,
+                       reinterpret_cast<const uint8_t*>(&(input)[0]),
+                       input.size()) == 0) {
+    LogError("Failed to decode input");
+    return false;
+  }
+  // Decoded length includes null termination, remove.
+  buffer.resize(buffer.size() - 1);
+  output->assign(buffer);
+  return true;
+}
+
+}  // namespace firebase

app/src/util_desktop.h

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2016 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FIREBASE_APP_CLIENT_CPP_SRC_UTIL_DESKTOP_H_
+#define FIREBASE_APP_CLIENT_CPP_SRC_UTIL_DESKTOP_H_
+
+#include <string>
+
+namespace firebase {
+
+// Encoding the input string with base64, and set to output.
+bool Base64Encode(const std::string& input, std::string* output);
+
+// Decoding the input string with base64, and set to output.
+bool Base64Decode(const std::string& input, std::string* output);
+
+}  // namespace firebase
+
+#endif  // FIREBASE_APP_CLIENT_CPP_SRC_UTIL_DESKTOP_H_

auth/src/desktop/auth_desktop.cc

@@ -205,11 +205,8 @@ void Auth::InitPlatformAuth(AuthData* const auth_data) {
       internal::FnAuthStopTokenListener,
       Auth::StopTokenRefreshThreadForRegistry);
 
-#ifdef FIREBASE_EARLY_ACCESS_PREVIEW
   // Load existing UserData
   InitializeUserDataPersist(auth_data);
-#endif  // FIREBASE_EARLY_ACCESS_PREVIEW
-
   InitializeTokenRefresher(auth_data);
 }
 
@@ -233,9 +230,7 @@ void Auth::DestroyPlatformAuth(AuthData* const auth_data) {
     auth_data->id_token_listeners.clear();
   }
 
-#ifdef FIREBASE_EARLY_ACCESS_PREVIEW
   DestroyUserDataPersist(auth_data);
-#endif  // FIREBASE_EARLY_ACCESS_PREVIEW
 
   UserView::ClearUser(auth_data);
 
@@ -424,19 +419,16 @@ void ResetTokenRefreshCounter(AuthData* auth_data) {
   auth_impl->token_refresh_thread.WakeThread();
 }
 
-#ifdef FIREBASE_EARLY_ACCESS_PREVIEW
 void InitializeUserDataPersist(AuthData* auth_data) {
   auto auth_impl = static_cast<AuthImpl*>(auth_data->auth_impl);
-  auth_data->auth->AddAuthStateListener(&(auth_impl->user_data_persist));
-  auth_impl->user_data_persist.LoadUserData(auth_data);
+  auth_data->auth->AddAuthStateListener(auth_impl->user_data_persist.get());
+  auth_impl->user_data_persist->LoadUserData(auth_data);
 }
 
 void DestroyUserDataPersist(AuthData* auth_data) {
   auto auth_impl = static_cast<AuthImpl*>(auth_data->auth_impl);
-  auth_impl->user_data_persist.Destroy();
-  auth_data->auth->RemoveAuthStateListener(&(auth_impl->user_data_persist));
+  auth_data->auth->RemoveAuthStateListener(auth_impl->user_data_persist.get());
 }
-#endif  // FIREBASE_EARLY_ACCESS_PREVIEW
 
 void IdTokenRefreshThread::WakeThread() { wakeup_sem_.Post(); }
 

auth/src/desktop/auth_desktop.h

@@ -102,7 +102,9 @@ class IdTokenRefreshThread {
 
 // The desktop-specific Auth implementation.
 struct AuthImpl {
-  AuthImpl() : async_sem(0), active_async_calls(0) {}
+  AuthImpl() : async_sem(0), active_async_calls(0) {
+    user_data_persist = MakeUnique<UserDataPersist>();
+  }
 
   // The application's API key.
   std::string api_key;
@@ -113,9 +115,8 @@ struct AuthImpl {
 
   // Thread responsible for refreshing the auth token periodically.
   IdTokenRefreshThread token_refresh_thread;
-#ifdef FIREBASE_EARLY_ACCESS_PREVIEW
-  UserDataPersist user_data_persist;
-#endif  // FIREBASE_EARLY_ACCESS_PREVIEW
+  // Instance responsible for user data persistence.
+  UniquePtr<UserDataPersist> user_data_persist;
   // Synchronization primitives used for managing threads spawned by CallAsync.
   Semaphore async_sem;
   Mutex async_mutex;
@@ -128,10 +129,8 @@ const int kMinutesPerTokenRefresh = 58;
 const int kMsPerTokenRefresh =
     kMinutesPerTokenRefresh * internal::kMillisecondsPerMinute;
 
-#ifdef FIREBASE_EARLY_ACCESS_PREVIEW
 void InitializeUserDataPersist(AuthData* auth_data);
 void DestroyUserDataPersist(AuthData* auth_data);
-#endif  // FIREBASE_EARLY_ACCESS_PREVIEW
 
 }  // namespace auth
 }  // namespace firebase

auth/src/desktop/secure/user_secure_fake_internal.cc

@@ -0,0 +1,94 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "auth/src/desktop/secure/user_secure_fake_internal.h"
+
+#include <dirent.h>
+
+#include <cstdio>
+#include <fstream>
+
+namespace firebase {
+namespace auth {
+namespace secure {
+
+UserSecureFakeInternal::UserSecureFakeInternal(const char* secure_path)
+    : secure_path_(secure_path) {}
+
+UserSecureFakeInternal::~UserSecureFakeInternal() {}
+
+std::string UserSecureFakeInternal::LoadUserData(const std::string& app_name) {
+  std::string output;
+  std::string filename = GetFilePath(app_name);
+
+  std::ifstream infile;
+  infile.open(filename, std::ios::binary);
+  if (infile.fail()) {
+    return "";
+  }
+
+  infile.seekg(0, std::ios::end);
+  int64_t length = infile.tellg();
+  infile.seekg(0, std::ios::beg);
+  output.resize(length);
+  infile.read(&*output.begin(), length);
+  if (infile.fail()) {
+    return "";
+  }
+  infile.close();
+  return output;
+}
+
+void UserSecureFakeInternal::SaveUserData(const std::string& app_name,
+                                          const std::string& user_data) {
+  std::string filename = GetFilePath(app_name);
+
+  std::ofstream ofile(filename, std::ios::binary);
+  ofile.write(user_data.c_str(), user_data.length());
+  ofile.close();
+}
+
+void UserSecureFakeInternal::DeleteUserData(const std::string& app_name) {
+  std::string filename = GetFilePath(app_name);
+  std::ifstream infile;
+  infile.open(filename, std::ios::binary);
+  if (infile.fail()) {
+    return;
+  }
+  infile.close();
+  std::remove(filename.c_str());
+}
+
+void UserSecureFakeInternal::DeleteAllData() {
+  // These are data types defined in the "dirent" header
+  DIR* theFolder = opendir(secure_path_.c_str());
+  struct dirent* next_file;
+
+  while ((next_file = readdir(theFolder)) != nullptr) {
+    // build the path for each file in the folder
+    std::string filepath = secure_path_ + "/";
+    filepath.append(next_file->d_name);
+    remove(filepath.c_str());
+  }
+  closedir(theFolder);
+}
+
+std::string UserSecureFakeInternal::GetFilePath(const std::string& app_name) {
+  std::string filepath = secure_path_ + "/" + app_name + "_bin";
+  return filepath;
+}
+
+}  // namespace secure
+}  // namespace auth
+}  // namespace firebase

auth/src/desktop/secure/user_secure_fake_internal.h

@@ -0,0 +1,51 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_SECURE_USER_SECURE_FAKE_INTERNAL_H_
+#define FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_SECURE_USER_SECURE_FAKE_INTERNAL_H_
+
+#include <string>
+
+#include "auth/src/desktop/secure/user_secure_internal.h"
+
+namespace firebase {
+namespace auth {
+namespace secure {
+
+// Fake implementation for the secure manager of user data.
+class UserSecureFakeInternal : public UserSecureInternal {
+ public:
+  explicit UserSecureFakeInternal(const char* secure_path);
+  ~UserSecureFakeInternal() override;
+
+  std::string LoadUserData(const std::string& app_name) override;
+
+  void SaveUserData(const std::string& app_name,
+                    const std::string& user_data) override;
+
+  void DeleteUserData(const std::string& app_name) override;
+
+  void DeleteAllData() override;
+
+ private:
+  std::string GetFilePath(const std::string& app_name);
+
+  const std::string secure_path_;
+};
+
+}  // namespace secure
+}  // namespace auth
+}  // namespace firebase
+
+#endif  // FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_SECURE_USER_SECURE_FAKE_INTERNAL_H_