Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auth] Forward secure coding calls for TOTPMultiFactorInfo #13592

Merged
merged 7 commits into from
Sep 7, 2024
Merged

[Auth] Forward secure coding calls for TOTPMultiFactorInfo #13592

merged 7 commits into from
Sep 7, 2024

Conversation

ncooke3
Copy link
Member

@ncooke3 ncooke3 commented Sep 5, 2024
edited
Loading

Fix #13591

nickcooke@nickcooke-mac firebase-3 % git grep "\.totpInfo" -- FirebaseAuth/Sources/Swift
FirebaseAuth/Sources/Swift/Backend/AuthBackend.swift:          } else if let _ = enrollment.totpInfo {
FirebaseAuth/Sources/Swift/MultiFactor/MultiFactor.swift:        } else if enrollment.totpInfo != nil {

ncooke3
ncooke3 commented Sep 5, 2024
View reviewed changes
FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultiFactorInfo.swift
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Despite being marked unavailable, this class's init?(coder:) is actually called when totp is registered:

firebase-ios-sdk/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactor.swift

Line 289 in 60b6dd5

coder.encode(enrolledFactors, forKey: kEnrolledFactorsCodingKey)

paulb777
paulb777 approved these changes Sep 6, 2024
View reviewed changes
Copy link
Member

@paulb777 paulb777 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Will need to be cherry-picked to 11.2 branch as well.

@ncooke3
Copy link
Member Author

ncooke3 commented Sep 6, 2024

I'm not sure now is the time to address it, but TOTPMultiFactorInfo is not public but PhoneMultiFactorInfo is. This also applies to 10.29.0.

ncooke3
ncooke3 commented Sep 6, 2024
View reviewed changes
FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultiFactorInfo.swift
Comment on lines -25 to -26
/// This is the totp info for the second factor.
let totpInfo: NSObject?
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typing this with a more specific type (dictionary) added a more code to cast it during encoding and decoding. I stepped back and see that this property is never read from (it's only read from from the AuthProtoMFAEnrollment.swift class). I think it's better to just remove it as it's addition is more confusing.

@ncooke3
Copy link
Member Author

ncooke3 commented Sep 6, 2024

I was able to successfully enroll via TOTP in the sample app using these changes.

@ncooke3 ncooke3 merged commit 424516b into main Sep 7, 2024
56 checks passed
@ncooke3 ncooke3 deleted the nc/totp-auth branch September 7, 2024 00:34
ncooke3 added a commit that referenced this pull request Sep 7, 2024
@ncooke3
[Auth] Forward secure coding calls for TOTPMultiFactorInfo (#13592)
3d2c41e
ncooke3 added a commit that referenced this pull request Sep 8, 2024
@ncooke3
[Release] Cherry-pick #13592 into release-11.2 (#13602)
1fc52ab
This was referenced Sep 30, 2024
Closed
Merged
Merged
@firebase firebase locked and limited conversation to collaborators Oct 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@paulb777 paulb777 paulb777 approved these changes

@Xiaoshouzi-gh Xiaoshouzi-gh Awaiting requested review from Xiaoshouzi-gh

Assignees
No one assigned
Labels
api: auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Critical bug FirebaseAuth.TOTPMultiFactorInfo in v11.0.0 - v11.1.0
3 participants
@ncooke3 @paulb777 @google-oss-bot