Fix integration of credential persistence to use the app's bundle name (or project ID) instead of the generic app name, so that individual projects installed on the same machine don't step on each others' storage.

Also moves "fake" storage to a subdirectory that it creates in SaveUserData and removes in DeleteAllData.

PiperOrigin-RevId: 245854110

Author: jonsimantov

auth/src/desktop/auth_desktop.cc

@@ -421,6 +421,12 @@ void ResetTokenRefreshCounter(AuthData* auth_data) {
 
 void InitializeUserDataPersist(AuthData* auth_data) {
   auto auth_impl = static_cast<AuthImpl*>(auth_data->auth_impl);
+  // Combine bundle ID with project ID to create an app identifier.
+  std::string app_identifier = auth_data->app->options().package_name();
+  app_identifier += ".";
+  app_identifier += auth_data->app->options().project_id();
+  auth_impl->user_data_persist =
+      MakeUnique<UserDataPersist>(app_identifier.c_str());
   auth_data->auth->AddAuthStateListener(auth_impl->user_data_persist.get());
   auth_impl->user_data_persist->LoadUserData(auth_data);
 }

auth/src/desktop/auth_desktop.h

@@ -16,6 +16,7 @@
 #define FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_AUTH_DESKTOP_H_
 
 #include <memory>
+
 #include "app/rest/request.h"
 #include "app/src/semaphore.h"
 #include "app/src/thread.h"
@@ -102,9 +103,7 @@ class IdTokenRefreshThread {
 
 // The desktop-specific Auth implementation.
 struct AuthImpl {
-  AuthImpl() : async_sem(0), active_async_calls(0) {
-    user_data_persist = MakeUnique<UserDataPersist>();
-  }
+  AuthImpl() : async_sem(0), active_async_calls(0) {}
 
   // The application's API key.
   std::string api_key;

auth/src/desktop/secure/user_secure_darwin_internal.mm

@@ -21,11 +21,12 @@
 namespace auth {
 namespace secure {
 
-static const char kServicePrefix[] = "firebase.auth.cpp.cred/";
+static const char kServicePrefix[] = "";
+static const char kServiceSuffix[] = " [Firebase Auth]";
 static const int kMaxAllowedKeychainEntries = INT_MAX;
 
 UserSecureDarwinInternal::UserSecureDarwinInternal(const char* service) {
-  service_ = std::string(kServicePrefix) + service;
+  service_ = std::string(kServicePrefix) + service + std::string(kServiceSuffix);
 }
 
 UserSecureDarwinInternal::~UserSecureDarwinInternal() {}

auth/src/desktop/secure/user_secure_fake_internal.cc

@@ -15,6 +15,8 @@
 #include "auth/src/desktop/secure/user_secure_fake_internal.h"
 
 #include <dirent.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 
 #include <cstdio>
 #include <fstream>
@@ -52,6 +54,9 @@ std::string UserSecureFakeInternal::LoadUserData(const std::string& app_name) {
 
 void UserSecureFakeInternal::SaveUserData(const std::string& app_name,
                                           const std::string& user_data) {
+  // Make the directory in case it doesn't already exist, ignoring errors.
+  mkdir(secure_path_.c_str(), 0700);
+
   std::string filename = GetFilePath(app_name);
 
   std::ofstream ofile(filename, std::ios::binary);
@@ -85,6 +90,9 @@ void UserSecureFakeInternal::DeleteAllData() {
     remove(filepath.c_str());
   }
   closedir(theFolder);
+
+  // Remove the directory if it's empty, ignoring errors.
+  rmdir(secure_path_.c_str());
 }
 
 std::string UserSecureFakeInternal::GetFilePath(const std::string& app_name) {

auth/src/desktop/secure/user_secure_manager.cc

@@ -49,17 +49,9 @@ Mutex UserSecureManager::s_scheduler_mutex_;  // NOLINT
 scheduler::Scheduler* UserSecureManager::s_scheduler_;
 int32_t UserSecureManager::s_scheduler_ref_count_;
 
-#if defined(_WIN32) || defined(TARGET_OS_OSX) && TARGET_OS_OSX || \
-    defined(__linux__)
-const char kAuthKeyName[] = "com.google.firebase.auth.Keys";
-#else
-// fake internal would use current folder.
-const char kAuthKeyName[] = "./";
-#endif
-
-UserSecureManager::UserSecureManager()
+UserSecureManager::UserSecureManager(const char* app_id)
     : future_api_(kUserSecureFnCount), safe_this_(this) {
-  user_secure_ = MakeUnique<USER_SECURE_TYPE>(kAuthKeyName);
+  user_secure_ = MakeUnique<USER_SECURE_TYPE>(app_id);
   CreateScheduler();
 }
 

auth/src/desktop/secure/user_secure_manager.h

@@ -29,7 +29,7 @@ namespace secure {
 
 class UserSecureManager {
  public:
-  explicit UserSecureManager();
+  explicit UserSecureManager(const char* app_id);
   ~UserSecureManager();
 
   // Overloaded constructor to set the internal instance.

auth/src/desktop/secure/user_secure_windows_internal.cc

@@ -21,11 +21,13 @@ namespace firebase {
 namespace auth {
 namespace secure {
 
-static const char kNamespacePrefix[] = "firebase.auth.cpp.cred/";
+static const char kNamespacePrefix[] = "";
+static const char kNamespaceSuffix[] = " [Firebase Auth]";
 
 UserSecureWindowsInternal::UserSecureWindowsInternal(
     const char* key_namespace) {
-  namespace_ = std::string(kNamespacePrefix) + key_namespace;
+  namespace_ = std::string(kNamespacePrefix) + key_namespace +
+               std::string(kNamespaceSuffix);
 }
 
 UserSecureWindowsInternal::~UserSecureWindowsInternal() {}

auth/src/desktop/user_desktop.cc

@@ -396,8 +396,8 @@ Future<ResultT> DoReauthenticate(Promise<ResultT> promise,
 
 }  // namespace
 
-UserDataPersist::UserDataPersist() {
-  user_secure_manager_ = MakeUnique<secure::UserSecureManager>();
+UserDataPersist::UserDataPersist(const char* app_id) {
+  user_secure_manager_ = MakeUnique<secure::UserSecureManager>(app_id);
 }
 
 UserDataPersist::UserDataPersist(

auth/src/desktop/user_desktop.h

@@ -98,7 +98,7 @@ struct UserData : public UserInfoImpl {
 // os specific secret locations for security reason.
 class UserDataPersist : public firebase::auth::AuthStateListener {
  public:
-  UserDataPersist();
+  UserDataPersist(const char* app_id);
   ~UserDataPersist() {}
 
   // Overloaded constructor to set the internal instance.