Skip to content

ETagManager: don't ignore failed etags with Signing.VerificationMode.informational#2331

Merged
NachoSoto merged 1 commit into
mainfrom
nacho/sdk-2928-cache-customerinfo-response-when
Mar 13, 2023
Merged

ETagManager: don't ignore failed etags with Signing.VerificationMode.informational#2331
NachoSoto merged 1 commit into
mainfrom
nacho/sdk-2928-cache-customerinfo-response-when

Conversation

@NachoSoto

@NachoSoto NachoSoto commented Mar 7, 2023

Copy link
Copy Markdown
Contributor

Essentially we don't want to modify any behavior on .informational mode. Everything will continue behaving normally, and simply report verification failures.

@NachoSoto NachoSoto requested a review from a team March 7, 2023 22:27
@codecov

codecov Bot commented Mar 7, 2023
edited
Loading

Copy link
Copy Markdown

Codecov Report

Merging #2331 (b611eaf) into main (4341745) will increase coverage by 0.03%.
The diff coverage is 100.00%.

❗ Current head b611eaf differs from pull request most recent head 036cc71. Consider uploading reports for the commit 036cc71 to get more accurate results

@@            Coverage Diff             @@
##             main    #2331      +/-   ##
==========================================
+ Coverage   86.50%   86.54%   +0.03%     
==========================================
  Files         189      188       -1     
  Lines       12779    12769      -10     
==========================================
- Hits        11055    11051       -4     
+ Misses       1724     1718       -6
Impacted Files Coverage Δ
Sources/Misc/Codable/AnyDecodable.swift 95.16% <ø> (ø)
Sources/Misc/Codable/AnyEncodable.swift 76.19% <ø> (ø)
Sources/Misc/Codable/IgnoreHashable.swift 100.00% <ø> (ø)
Sources/Misc/Codable/RawDataContainer.swift 64.70% <ø> (ø)
Sources/Misc/Concurrency/Atomic.swift 100.00% <ø> (ø)
Sources/Misc/Concurrency/Lock.swift 100.00% <ø> (ø)
Sources/Misc/Concurrency/OperationDispatcher.swift 61.29% <ø> (ø)
Sources/Misc/Concurrency/Purchases+async.swift 10.52% <ø> (ø)
Sources/Misc/Concurrency/Purchases+nonasync.swift 0.00% <ø> (ø)
...es/Misc/Concurrency/SynchronizedUserDefaults.swift 100.00% <ø> (ø)
... and 11 more

... and 9 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

tonidero
tonidero reviewed Mar 8, 2023
View reviewed changes

@tonidero tonidero left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one question... I think that the current way might be more future-proof, but I wonder if it's necessary.

Comment thread Sources/Networking/HTTPClient/ETagManager.swift
Base automatically changed from signature-folders to main March 13, 2023 18:25
@NachoSoto
ETagManager: don't ignore failed etags with `Signing.VerificationMo…
036cc71 
…de.informational`

Essentially we don't want to modify any behavior on `.informational` mode. Everything will continue behaving normally, and simply report verification failures.
@NachoSoto NachoSoto force-pushed the nacho/sdk-2928-cache-customerinfo-response-when branch from b611eaf to 036cc71 Compare March 13, 2023 19:15
@NachoSoto NachoSoto enabled auto-merge (squash) March 13, 2023 19:18
@NachoSoto NachoSoto merged commit 0475dac into main Mar 13, 2023
@NachoSoto NachoSoto deleted the nacho/sdk-2928-cache-customerinfo-response-when branch March 13, 2023 19:24
@RCGitBot RCGitBot mentioned this pull request May 3, 2023
Closed
This was referenced May 12, 2023
Closed
Merged
NachoSoto added a commit that referenced this pull request May 16, 2023
@NachoSoto @RCGitBot
Release/4.19.0 (#2491)
ce53ff4 
### New Features
* New `ErrorCode.signatureVerificationFailed` which will be used for an
upcoming feature

### Bugfixes
* `Purchases.deinit`: don't reset `Purchases.proxyURL` (#2346) via
NachoSoto (@NachoSoto)

<details>
<summary><b>Other Changes</b></summary>

* Introduced `Configuration.EntitlementVerificationMode` and
`VerificationResult` (#2277) via NachoSoto (@NachoSoto)
* `PurchasesDiagnostics`: added step to verify signature verification
(#2267) via NachoSoto (@NachoSoto)
* `HTTPClient`: added signature validation and introduced
`ErrorCode.signatureVerificationFailed` (#2272) via NachoSoto
(@NachoSoto)
* `ETagManager`: don't use ETags if response verification failed (#2347)
via NachoSoto (@NachoSoto)
* `Integration Tests`: removed `@preconcurrency import` (#2464) via
NachoSoto (@NachoSoto)
* Clean up: moved `ReceiptParserTests-Info.plist` out of root (#2460)
via NachoSoto (@NachoSoto)
* Update `CHANGELOG` (#2461) via NachoSoto (@NachoSoto)
* Update `SwiftSnapshotTesting` (#2453) via NachoSoto (@NachoSoto)
* Fixed docs (#2432) via Kaunteya Suryawanshi (@kaunteya)
* Remove unnecessary line break (#2435) via Andy Boedo (@aboedo)
* `ProductEntitlementMapping`: enabled entitlement mapping fetching
(#2425) via NachoSoto (@NachoSoto)
* `BackendPostReceiptDataTests`: increased timeout to fix flaky test
(#2426) via NachoSoto (@NachoSoto)
* Updated requirements to drop Xcode 13.x support (#2419) via NachoSoto
(@NachoSoto)
* `Integration Tests`: fixed flaky errors when loading offerings (#2420)
via NachoSoto (@NachoSoto)
* `PurchaseTester`: fixed compilation for `internal` entitlement
verification (#2417) via NachoSoto (@NachoSoto)
* `ETagManager`/`HTTPClient`: sending new `X-RC-Last-Refresh-Time`
header (#2373) via NachoSoto (@NachoSoto)
* `ETagManager`: don't send validation time if not present (#2490) via
NachoSoto (@NachoSoto)
* SwiftUI Sample Project: Refactor Package terms method to a computed
property (#2405) via Joseph Kokenge (@JOyo246)
* Clean up v3 load shedder integration tests (#2402) via Andy Boedo
(@aboedo)
* Fix iOS 12 compilation (#2394) via NachoSoto (@NachoSoto)
* Added new `VerificationResult.verifiedOnDevice` (#2379) via NachoSoto
(@NachoSoto)
* `PurchaseTester`: fix memory leaks (#2392) via Keita Watanabe
(@kitwtnb)
* Integration tests: add scheduled job (#2389) via Andy Boedo (@aboedo)
* Add lane for running iOS v3 load shedder integration tests (#2388) via
Andy Boedo (@aboedo)
* iOS v3 load shedder integration tests (#2387) via Andy Boedo (@aboedo)
* `Offline Entitlements`: created `LoadShedderIntegrationTests` (#2362)
via NachoSoto (@NachoSoto)
* Purchases.configure: log warning if attempting to use a static
appUserID (#2385) via Mark Villacampa (@MarkVillacampa)
* `SubscriberAttributesManagerIntegrationTests`: fixed flaky failures
(#2381) via NachoSoto (@NachoSoto)
* `@DefaultDecodable.Now`: fixed flaky test (#2374) via NachoSoto
(@NachoSoto)
* `PurchaseTesterSwiftUI`: fixed iOS compilation (#2376) via NachoSoto
(@NachoSoto)
* `SubscriberAttributesManagerIntegrationTests`: fixed potential race
condition (#2380) via NachoSoto (@NachoSoto)
* `Offline Entitlements`: create `CustomerInfo` from offline
entitlements (#2358) via NachoSoto (@NachoSoto)
* Added `@DefaultDecodable.Now` (#2372) via NachoSoto (@NachoSoto)
* `HTTPClient`: debug log when performing redirects (#2371) via
NachoSoto (@NachoSoto)
* `HTTPClient`: new flag to force server errors (#2370) via NachoSoto
(@NachoSoto)
* `OfferingsManager`: fixed Xcode 13.x build (#2369) via NachoSoto
(@NachoSoto)
* `Offline Entitlements`: store `ProductEntitlementMapping` in cache
(#2355) via NachoSoto (@NachoSoto)
* `Offline Entitlements`: added support for fetching
`ProductEntitlementMappingResponse` in `OfflineEntitlementsAPI` (#2353)
via NachoSoto (@NachoSoto)
* `Offline Entitlements`: created `ProductEntitlementMapping` (#2365)
via NachoSoto (@NachoSoto)
* Implemented `NetworkError.isServerDown` (#2367) via NachoSoto
(@NachoSoto)
* `ETagManager`: added test for 304 responses with no etag (#2360) via
NachoSoto (@NachoSoto)
* `TestLogHandler`: increased default capacity (#2357) via NachoSoto
(@NachoSoto)
* `OfferingsManager`: moved log to common method to remove hardcoded
string (#2363) via NachoSoto (@NachoSoto)
* `Offline Entitlements`: created `ProductEntitlementMappingResponse`
(#2351) via NachoSoto (@NachoSoto)
* `HTTPClient`: added test for 2xx response for request with etag
(#2361) via NachoSoto (@NachoSoto)
* `PurchaseTesterSwiftUI` improvements (#2345) via NachoSoto
(@NachoSoto)
* `ConfigureStrings`: fixed double-space typo (#2344) via NachoSoto
(@NachoSoto)
* `ETagManagerTests`: fixed tests on iOS 12 (#2349) via NachoSoto
(@NachoSoto)
* `DeviceCache`: simplified constructor (#2354) via NachoSoto
(@NachoSoto)
* `Trusted Entitlements`: changed all APIs to `internal` (#2350) via
NachoSoto (@NachoSoto)
* `VerificationResult.notRequested`: removed caching reference (#2337)
via NachoSoto (@NachoSoto)
* Finished signature verification `HTTPClient` tests (#2333) via
NachoSoto (@NachoSoto)
* `Configuration.Builder.with(entitlementVerificationMode:)`: improved
documentation (#2334) via NachoSoto (@NachoSoto)
* `ETagManager`: don't ignore failed etags with
`Signing.VerificationMode.informational` (#2331) via NachoSoto
(@NachoSoto)
* `IdentityManager`: clear `ETagManager` and `DeviceCache` if
verification is enabled but cached `CustomerInfo` is not (#2330) via
NachoSoto (@NachoSoto)
* Made `Configuration.EntitlementVerificationMode.enforced` unavailable
(#2329) via NachoSoto (@NachoSoto)
* Refactor: reorganized files in new Security and Misc folders (#2326)
via NachoSoto (@NachoSoto)
* `CustomerInfo`: use same grace period logic for active subscriptions
(#2327) via NachoSoto (@NachoSoto)
* `HTTPClient`: don't verify 4xx/5xx responses (#2322) via NachoSoto
(@NachoSoto)
* `EntitlementInfo`: request date is not optional (#2325) via NachoSoto
(@NachoSoto)
* `CustomerInfo`: removed `entitlementVerification` (#2320) via
NachoSoto (@NachoSoto)
* Renamed `VerificationResult.notVerified` to `.notRequested` (#2321)
via NachoSoto (@NachoSoto)
* `EntitlementInfo`: add a grace period limit to outdated entitlements
(#2288) via NachoSoto (@NachoSoto)
* Update `CustomerInfo.requestDate` from 304 responses (#2310) via
NachoSoto (@NachoSoto)
* `Signing`: added request time & eTag to signature verification (#2309)
via NachoSoto (@NachoSoto)
* `HTTPClient`: changed header search to be case-insensitive (#2308) via
NachoSoto (@NachoSoto)
* `HTTPClient`: automatically add `nonce` based on `HTTPRequest.Path`
(#2286) via NachoSoto (@NachoSoto)
* `PurchaseTester`: added ability to reload `CustomerInfo` with a custom
`CacheFetchPolicy` (#2312) via NachoSoto (@NachoSoto)
* Fix issue where underlying error information for product fetch errors
was not printed in log. (#2281) via Chris Vasselli (@chrisvasselli)
* `PurchaseTester`: added ability to set
`Configuration.EntitlementVerificationMode` (#2290) via NachoSoto
(@NachoSoto)
* SwiftUI: Paywall View should respond to changes on the UserView model
(#2297) via ConfusedVorlon (@ConfusedVorlon)
* Deprecate `usesStoreKit2IfAvailable` (#2293) via Andy Boedo (@aboedo)
* `Signing`: updated to use production public key (#2274) via NachoSoto
(@NachoSoto)
</details>

---------

Co-authored-by: RCGitBot <dev+RCGitBot@revenuecat.com>
NachoSoto added a commit to NachoSoto/purchases-ios that referenced this pull request May 17, 2023
@NachoSoto @RCGitBot
Release/4.19.0 (RevenueCat#2491)
d5a4b10 
### New Features
* New `ErrorCode.signatureVerificationFailed` which will be used for an
upcoming feature

### Bugfixes
* `Purchases.deinit`: don't reset `Purchases.proxyURL` (RevenueCat#2346) via
NachoSoto (@NachoSoto)

<details>
<summary><b>Other Changes</b></summary>

* Introduced `Configuration.EntitlementVerificationMode` and
`VerificationResult` (RevenueCat#2277) via NachoSoto (@NachoSoto)
* `PurchasesDiagnostics`: added step to verify signature verification
(RevenueCat#2267) via NachoSoto (@NachoSoto)
* `HTTPClient`: added signature validation and introduced
`ErrorCode.signatureVerificationFailed` (RevenueCat#2272) via NachoSoto
(@NachoSoto)
* `ETagManager`: don't use ETags if response verification failed (RevenueCat#2347)
via NachoSoto (@NachoSoto)
* `Integration Tests`: removed `@preconcurrency import` (RevenueCat#2464) via
NachoSoto (@NachoSoto)
* Clean up: moved `ReceiptParserTests-Info.plist` out of root (RevenueCat#2460)
via NachoSoto (@NachoSoto)
* Update `CHANGELOG` (RevenueCat#2461) via NachoSoto (@NachoSoto)
* Update `SwiftSnapshotTesting` (RevenueCat#2453) via NachoSoto (@NachoSoto)
* Fixed docs (RevenueCat#2432) via Kaunteya Suryawanshi (@kaunteya)
* Remove unnecessary line break (RevenueCat#2435) via Andy Boedo (@aboedo)
* `ProductEntitlementMapping`: enabled entitlement mapping fetching
(RevenueCat#2425) via NachoSoto (@NachoSoto)
* `BackendPostReceiptDataTests`: increased timeout to fix flaky test
(RevenueCat#2426) via NachoSoto (@NachoSoto)
* Updated requirements to drop Xcode 13.x support (RevenueCat#2419) via NachoSoto
(@NachoSoto)
* `Integration Tests`: fixed flaky errors when loading offerings (RevenueCat#2420)
via NachoSoto (@NachoSoto)
* `PurchaseTester`: fixed compilation for `internal` entitlement
verification (RevenueCat#2417) via NachoSoto (@NachoSoto)
* `ETagManager`/`HTTPClient`: sending new `X-RC-Last-Refresh-Time`
header (RevenueCat#2373) via NachoSoto (@NachoSoto)
* `ETagManager`: don't send validation time if not present (RevenueCat#2490) via
NachoSoto (@NachoSoto)
* SwiftUI Sample Project: Refactor Package terms method to a computed
property (RevenueCat#2405) via Joseph Kokenge (@JOyo246)
* Clean up v3 load shedder integration tests (RevenueCat#2402) via Andy Boedo
(@aboedo)
* Fix iOS 12 compilation (RevenueCat#2394) via NachoSoto (@NachoSoto)
* Added new `VerificationResult.verifiedOnDevice` (RevenueCat#2379) via NachoSoto
(@NachoSoto)
* `PurchaseTester`: fix memory leaks (RevenueCat#2392) via Keita Watanabe
(@kitwtnb)
* Integration tests: add scheduled job (RevenueCat#2389) via Andy Boedo (@aboedo)
* Add lane for running iOS v3 load shedder integration tests (RevenueCat#2388) via
Andy Boedo (@aboedo)
* iOS v3 load shedder integration tests (RevenueCat#2387) via Andy Boedo (@aboedo)
* `Offline Entitlements`: created `LoadShedderIntegrationTests` (RevenueCat#2362)
via NachoSoto (@NachoSoto)
* Purchases.configure: log warning if attempting to use a static
appUserID (RevenueCat#2385) via Mark Villacampa (@MarkVillacampa)
* `SubscriberAttributesManagerIntegrationTests`: fixed flaky failures
(RevenueCat#2381) via NachoSoto (@NachoSoto)
* `@DefaultDecodable.Now`: fixed flaky test (RevenueCat#2374) via NachoSoto
(@NachoSoto)
* `PurchaseTesterSwiftUI`: fixed iOS compilation (RevenueCat#2376) via NachoSoto
(@NachoSoto)
* `SubscriberAttributesManagerIntegrationTests`: fixed potential race
condition (RevenueCat#2380) via NachoSoto (@NachoSoto)
* `Offline Entitlements`: create `CustomerInfo` from offline
entitlements (RevenueCat#2358) via NachoSoto (@NachoSoto)
* Added `@DefaultDecodable.Now` (RevenueCat#2372) via NachoSoto (@NachoSoto)
* `HTTPClient`: debug log when performing redirects (RevenueCat#2371) via
NachoSoto (@NachoSoto)
* `HTTPClient`: new flag to force server errors (RevenueCat#2370) via NachoSoto
(@NachoSoto)
* `OfferingsManager`: fixed Xcode 13.x build (RevenueCat#2369) via NachoSoto
(@NachoSoto)
* `Offline Entitlements`: store `ProductEntitlementMapping` in cache
(RevenueCat#2355) via NachoSoto (@NachoSoto)
* `Offline Entitlements`: added support for fetching
`ProductEntitlementMappingResponse` in `OfflineEntitlementsAPI` (RevenueCat#2353)
via NachoSoto (@NachoSoto)
* `Offline Entitlements`: created `ProductEntitlementMapping` (RevenueCat#2365)
via NachoSoto (@NachoSoto)
* Implemented `NetworkError.isServerDown` (RevenueCat#2367) via NachoSoto
(@NachoSoto)
* `ETagManager`: added test for 304 responses with no etag (RevenueCat#2360) via
NachoSoto (@NachoSoto)
* `TestLogHandler`: increased default capacity (RevenueCat#2357) via NachoSoto
(@NachoSoto)
* `OfferingsManager`: moved log to common method to remove hardcoded
string (RevenueCat#2363) via NachoSoto (@NachoSoto)
* `Offline Entitlements`: created `ProductEntitlementMappingResponse`
(RevenueCat#2351) via NachoSoto (@NachoSoto)
* `HTTPClient`: added test for 2xx response for request with etag
(RevenueCat#2361) via NachoSoto (@NachoSoto)
* `PurchaseTesterSwiftUI` improvements (RevenueCat#2345) via NachoSoto
(@NachoSoto)
* `ConfigureStrings`: fixed double-space typo (RevenueCat#2344) via NachoSoto
(@NachoSoto)
* `ETagManagerTests`: fixed tests on iOS 12 (RevenueCat#2349) via NachoSoto
(@NachoSoto)
* `DeviceCache`: simplified constructor (RevenueCat#2354) via NachoSoto
(@NachoSoto)
* `Trusted Entitlements`: changed all APIs to `internal` (RevenueCat#2350) via
NachoSoto (@NachoSoto)
* `VerificationResult.notRequested`: removed caching reference (RevenueCat#2337)
via NachoSoto (@NachoSoto)
* Finished signature verification `HTTPClient` tests (RevenueCat#2333) via
NachoSoto (@NachoSoto)
* `Configuration.Builder.with(entitlementVerificationMode:)`: improved
documentation (RevenueCat#2334) via NachoSoto (@NachoSoto)
* `ETagManager`: don't ignore failed etags with
`Signing.VerificationMode.informational` (RevenueCat#2331) via NachoSoto
(@NachoSoto)
* `IdentityManager`: clear `ETagManager` and `DeviceCache` if
verification is enabled but cached `CustomerInfo` is not (RevenueCat#2330) via
NachoSoto (@NachoSoto)
* Made `Configuration.EntitlementVerificationMode.enforced` unavailable
(RevenueCat#2329) via NachoSoto (@NachoSoto)
* Refactor: reorganized files in new Security and Misc folders (RevenueCat#2326)
via NachoSoto (@NachoSoto)
* `CustomerInfo`: use same grace period logic for active subscriptions
(RevenueCat#2327) via NachoSoto (@NachoSoto)
* `HTTPClient`: don't verify 4xx/5xx responses (RevenueCat#2322) via NachoSoto
(@NachoSoto)
* `EntitlementInfo`: request date is not optional (RevenueCat#2325) via NachoSoto
(@NachoSoto)
* `CustomerInfo`: removed `entitlementVerification` (RevenueCat#2320) via
NachoSoto (@NachoSoto)
* Renamed `VerificationResult.notVerified` to `.notRequested` (RevenueCat#2321)
via NachoSoto (@NachoSoto)
* `EntitlementInfo`: add a grace period limit to outdated entitlements
(RevenueCat#2288) via NachoSoto (@NachoSoto)
* Update `CustomerInfo.requestDate` from 304 responses (RevenueCat#2310) via
NachoSoto (@NachoSoto)
* `Signing`: added request time & eTag to signature verification (RevenueCat#2309)
via NachoSoto (@NachoSoto)
* `HTTPClient`: changed header search to be case-insensitive (RevenueCat#2308) via
NachoSoto (@NachoSoto)
* `HTTPClient`: automatically add `nonce` based on `HTTPRequest.Path`
(RevenueCat#2286) via NachoSoto (@NachoSoto)
* `PurchaseTester`: added ability to reload `CustomerInfo` with a custom
`CacheFetchPolicy` (RevenueCat#2312) via NachoSoto (@NachoSoto)
* Fix issue where underlying error information for product fetch errors
was not printed in log. (RevenueCat#2281) via Chris Vasselli (@chrisvasselli)
* `PurchaseTester`: added ability to set
`Configuration.EntitlementVerificationMode` (RevenueCat#2290) via NachoSoto
(@NachoSoto)
* SwiftUI: Paywall View should respond to changes on the UserView model
(RevenueCat#2297) via ConfusedVorlon (@ConfusedVorlon)
* Deprecate `usesStoreKit2IfAvailable` (RevenueCat#2293) via Andy Boedo (@aboedo)
* `Signing`: updated to use production public key (RevenueCat#2274) via NachoSoto
(@NachoSoto)
</details>

---------

Co-authored-by: RCGitBot <dev+RCGitBot@revenuecat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonidero tonidero tonidero approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NachoSoto @tonidero