Add callback listeners to the cordova redirect handler

Author: sam-gc

packages-exp/auth-exp/src/core/auth/auth_event_manager.ts

@@ -32,8 +32,8 @@ const EVENT_DUPLICATION_CACHE_DURATION_MS = 10 * 60 * 1000;
 export class AuthEventManager implements EventManager {
   private readonly cachedEventUids: Set<string> = new Set();
   private readonly consumers: Set<AuthEventConsumer> = new Set();
-  private queuedRedirectEvent: AuthEvent | null = null;
-  private hasHandledPotentialRedirect = false;
+  protected queuedRedirectEvent: AuthEvent | null = null;
+  protected hasHandledPotentialRedirect = false;
   private lastProcessedEventTime = Date.now();
 
   constructor(private readonly auth: Auth) {}

packages-exp/auth-exp/src/core/errors.ts

@@ -402,6 +402,7 @@ type GenericAuthErrorParams = {
     | AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH
     | AuthErrorCode.INTERNAL_ERROR
     | AuthErrorCode.MFA_REQUIRED
+    | AuthErrorCode.NO_AUTH_EVENT
   >]: {
     appName: AppName;
     email?: string;
@@ -413,6 +414,7 @@ export interface AuthErrorParams extends GenericAuthErrorParams {
   [AuthErrorCode.ARGUMENT_ERROR]: { appName?: AppName };
   [AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH]: { appName?: AppName };
   [AuthErrorCode.INTERNAL_ERROR]: { appName?: AppName };
+  [AuthErrorCode.NO_AUTH_EVENT]: { appName?: AppName };
   [AuthErrorCode.MFA_REQUIRED]: {
     appName: AppName;
     serverResponse: IdTokenMfaResponse;

packages-exp/auth-exp/src/platform_cordova/plugins.ts

@@ -25,14 +25,20 @@ declare namespace cordova.plugins.browsertab {
 }
 
 declare namespace cordova.InAppBrowser {
-  function open(url: string, target: string, options: string): unknown;
+  function open(url: string, target: string, options: string): InAppBrowserRef;
 }
 
 declare namespace universalLinks {
-  function subscribe(n: null, cb: (event: unknown) => void): void;
+  function subscribe(n: null, cb: (event: Record<string, string>|null) => void): void;
 }
 
 declare namespace BuildInfo {
   const packageName: string;
   const displayName: string;
 }
+
+declare function handleOpenUrl(url: string): void;
+
+declare interface InAppBrowserRef {
+  close?: () => void;
+}

packages-exp/auth-exp/src/platform_cordova/popup_redirect/popup_redirect.test.ts

@@ -25,13 +25,15 @@ import { SingletonInstantiator } from '../../core/util/instantiator';
 import {
   AuthEvent,
   AuthEventType,
+  EventManager,
   PopupRedirectResolver
 } from '../../model/popup_redirect';
-import { cordovaPopupRedirectResolver } from './popup_redirect';
+import { CordovaAuthEventManager, cordovaPopupRedirectResolver } from './popup_redirect';
 import { GoogleAuthProvider } from '../../core/providers/google';
 import * as utils from './utils';
 import * as events from './events';
 import { FirebaseError } from '@firebase/util';
+import { stubSingleTimeout, TimerTripFn } from '../../../test/helpers/timeout_stub';
 
 use(chaiAsPromised);
 use(sinonChai);
@@ -85,6 +87,164 @@ describe('platform_cordova/popup_redirect/popup_redirect', () => {
     });
   });
 
+  describe('_initialize', () => {
+    const NO_EVENT_TIMER_ID = 10001;
+    const PACKAGE_NAME = 'my.package';
+    const NOT_PACKAGE_NAME = 'not.my.package';
+    let universalLinksCb: ((eventData: Record<string, string>|null) => unknown)|null;
+    let tripNoEventTimer: TimerTripFn;
+
+    beforeEach(() => {
+      tripNoEventTimer = stubSingleTimeout(NO_EVENT_TIMER_ID);
+      window.universalLinks = {
+          subscribe(_unused, cb) {
+          universalLinksCb = cb;
+        },
+      };
+      window.BuildInfo = {
+        packageName: PACKAGE_NAME,
+        displayName: '',
+      };
+      sinon.stub(window, 'clearTimeout');
+    });
+
+    afterEach(() => {
+      universalLinksCb = null;
+    });
+
+    function event(manager: EventManager): Promise<AuthEvent> {
+      return new Promise(resolve => {
+        (manager as CordovaAuthEventManager).addPassiveListener(resolve);
+      });
+    }
+
+    context('when no event is present', () => {
+      it('clears local storage and dispatches no-event event', async () => {
+        const promise = event(await resolver._initialize(auth));
+        tripNoEventTimer();
+        const {error, ...rest} = await promise;
+
+        expect(error).to.be.instanceOf(FirebaseError).with.property('code', 'auth/no-auth-event');
+        expect(rest).to.eql({
+          type: AuthEventType.UNKNOWN,
+          eventId: null,
+          sessionId: null,
+          urlResponse: null,
+          postBody: null,
+          tenantId: null,
+        });
+        expect(events._getAndRemoveEvent).to.have.been.called;
+      });
+    });
+
+    context('when an event is present', () => {
+      it('clears the no event timeout',async () => {
+        await resolver._initialize(auth);
+        await universalLinksCb!({});
+        expect(window.clearTimeout).to.have.been.calledWith(NO_EVENT_TIMER_ID);
+      });
+
+      it('signals no event if no url in event data', async () => {
+        const promise = event(await resolver._initialize(auth));
+        await universalLinksCb!({});
+        const {error, ...rest} = await promise;
+
+        expect(error).to.be.instanceOf(FirebaseError).with.property('code', 'auth/no-auth-event');
+        expect(rest).to.eql({
+          type: AuthEventType.UNKNOWN,
+          eventId: null,
+          sessionId: null,
+          urlResponse: null,
+          postBody: null,
+          tenantId: null,
+        });
+      });
+
+      it('signals no event if partial parse turns up null', async () => {
+        const promise = event(await resolver._initialize(auth));
+        eventsStubs._eventFromPartialAndUrl.returns(null);
+        eventsStubs._getAndRemoveEvent.returns(Promise.resolve({
+          type: AuthEventType.REAUTH_VIA_REDIRECT,
+        } as AuthEvent));
+        await universalLinksCb!({url: 'foo-bar'});
+        const {error, ...rest} = await promise;
+
+        expect(error).to.be.instanceOf(FirebaseError).with.property('code', 'auth/no-auth-event');
+        expect(rest).to.eql({
+          type: AuthEventType.UNKNOWN,
+          eventId: null,
+          sessionId: null,
+          urlResponse: null,
+          postBody: null,
+          tenantId: null,
+        });
+      });
+
+      it('signals the final event if partial expansion success', async () => {
+        const finalEvent = {
+          type: AuthEventType.REAUTH_VIA_REDIRECT,
+          postBody: 'foo',
+        };
+        eventsStubs._getAndRemoveEvent.returns(Promise.resolve({
+          type: AuthEventType.REAUTH_VIA_REDIRECT,
+        } as AuthEvent));
+
+        const promise = event(await resolver._initialize(auth));
+        eventsStubs._eventFromPartialAndUrl.returns(finalEvent as AuthEvent);
+        await universalLinksCb!({url: 'foo-bar'});
+        expect(await promise).to.eq(finalEvent);
+        expect(events._eventFromPartialAndUrl).to.have.been.calledWith(
+          {type: AuthEventType.REAUTH_VIA_REDIRECT},
+          'foo-bar'
+        );
+      });
+    });
+
+    context('when using global handleOpenUrl callback', () => {
+      it('ignores inbound callbacks that are not for this app', async () => {
+        await resolver._initialize(auth);
+        handleOpenUrl(`${NOT_PACKAGE_NAME}://foo`);
+
+        // Clear timeout is called in the handler so we can check that
+        expect(window.clearTimeout).not.to.have.been.called;
+      });
+
+      it('passes through callback if package name matches', async () => {
+        await resolver._initialize(auth);
+        handleOpenUrl(`${PACKAGE_NAME}://foo`);
+        expect(window.clearTimeout).to.have.been.calledWith(NO_EVENT_TIMER_ID);
+      });
+
+      it('signals the final event if partial expansion success', async () => {
+        const finalEvent = {
+          type: AuthEventType.REAUTH_VIA_REDIRECT,
+          postBody: 'foo',
+        };
+        eventsStubs._getAndRemoveEvent.returns(Promise.resolve({
+          type: AuthEventType.REAUTH_VIA_REDIRECT,
+        } as AuthEvent));
+
+        const promise = event(await resolver._initialize(auth));
+        eventsStubs._eventFromPartialAndUrl.returns(finalEvent as AuthEvent);
+        handleOpenUrl(`${PACKAGE_NAME}://foo`);
+        expect(await promise).to.eq(finalEvent);
+        expect(events._eventFromPartialAndUrl).to.have.been.calledWith(
+          {type: AuthEventType.REAUTH_VIA_REDIRECT},
+          `${PACKAGE_NAME}://foo`
+        );
+      });
+
+      it('calls the dev existing handleOpenUrl function', async () => {
+        const oldHandleOpenUrl = sinon.stub();
+        window.handleOpenUrl = oldHandleOpenUrl;
+
+        await resolver._initialize(auth);
+        handleOpenUrl(`${PACKAGE_NAME}://foo`);
+        expect(oldHandleOpenUrl).to.have.been.calledWith(`${PACKAGE_NAME}://foo`);
+      });
+    });
+  });
+
   describe('_openPopup', () => {
     it('throws an error', () => {
       expect(() =>

packages-exp/auth-exp/src/platform_cordova/popup_redirect/popup_redirect.ts

@@ -20,26 +20,67 @@ import * as externs from '@firebase/auth-types-exp';
 import { browserSessionPersistence } from '../../platform_browser/persistence/session_storage';
 import { Auth } from '../../model/auth';
 import {
+  AuthEvent,
   AuthEventType,
-  EventManager,
   PopupRedirectResolver
 } from '../../model/popup_redirect';
 import { AuthPopup } from '../../platform_browser/util/popup';
-import { _fail } from '../../core/util/assert';
+import { _createError, _fail } from '../../core/util/assert';
 import { AuthErrorCode } from '../../core/errors';
 import {
   _checkCordovaConfiguration,
   _generateHandlerUrl,
   _performRedirect
 } from './utils';
-import { _generateNewEvent } from './events';
+import { _eventFromPartialAndUrl, _generateNewEvent, _getAndRemoveEvent } from './events';
+import { AuthEventManager } from '../../core/auth/auth_event_manager';
+
+/** 
+ * How long to wait for the initial auth event before concluding no
+ * redirect pending
+ */
+const INITIAL_EVENT_TIMEOUT_MS = 500;
+
+/** Custom AuthEventManager that adds passive listeners to events */
+export class CordovaAuthEventManager extends AuthEventManager {
+  private readonly passiveListeners: Set<(e: AuthEvent) => void> = new Set();
+
+  addPassiveListener(cb: (e: AuthEvent) => void): void {
+    this.passiveListeners.add(cb);
+  }
+
+  removePassiveListener(cb: (e: AuthEvent) => void): void {
+    this.passiveListeners.delete(cb);
+  }
+
+  // In a Cordova environment, this manager can live through multiple redirect
+  // operations
+  resetRedirect(): void {
+    this.queuedRedirectEvent = null;
+    this.hasHandledPotentialRedirect = false;
+  }
+
+  /** Override the onEvent method */
+  onEvent(event: AuthEvent): boolean {
+    this.passiveListeners.forEach(cb => cb(event));
+    return super.onEvent(event);
+  }
+}
 
 class CordovaPopupRedirectResolver implements PopupRedirectResolver {
   readonly _redirectPersistence = browserSessionPersistence;
+  private readonly eventManagers: Record<string, CordovaAuthEventManager> = {};
+
   _completeRedirectFn: () => Promise<null> = async () => null;
 
-  _initialize(_auth: Auth): Promise<EventManager> {
-    throw new Error('Method not implemented.');
+  async _initialize(auth: Auth): Promise<CordovaAuthEventManager> {
+    const key = auth._key();
+    if (!this.eventManagers[key]) {
+      const manager = new CordovaAuthEventManager(auth);
+      this.eventManagers[key] = manager;
+      this.attachCallbackListeners(auth, manager);
+    }
+    return this.eventManagers[key];
   }
 
   _openPopup(auth: Auth): Promise<AuthPopup> {
@@ -64,6 +105,66 @@ class CordovaPopupRedirectResolver implements PopupRedirectResolver {
   ): void {
     throw new Error('Method not implemented.');
   }
+
+  private attachCallbackListeners(auth: Auth, manager: AuthEventManager): void {
+    const noEvent: AuthEvent = {
+      type: AuthEventType.UNKNOWN,
+      eventId: null,
+      sessionId: null,
+      urlResponse: null,
+      postBody: null,
+      tenantId: null,
+      error: _createError(AuthErrorCode.NO_AUTH_EVENT),
+    };
+
+    const noEventTimeout = setTimeout(async () => {
+      // We didn't see that initial event. Clear any pending object and
+      // dispatch no event
+      await _getAndRemoveEvent(auth);
+      manager.onEvent(noEvent);
+    }, INITIAL_EVENT_TIMEOUT_MS);
+
+    const universalLinksCb = async (eventData: Record<string, string>|null): Promise<void> => {
+      // We have an event so we can clear the no event timeout
+      clearTimeout(noEventTimeout);
+
+      const partialEvent = await _getAndRemoveEvent(auth);
+      let finalEvent: AuthEvent|null = noEvent;
+      // Start with the noEvent
+      if (partialEvent && eventData?.['url']) {
+        finalEvent = _eventFromPartialAndUrl(partialEvent, eventData['url']);
+      }
+      manager.onEvent(finalEvent || noEvent);
+    };
+
+    // iOS 7 or 8 custom URL schemes.
+    // This is also the current default behavior for iOS 9+.
+    // For this to work, cordova-plugin-customurlscheme needs to be installed.
+    // https://github.com/EddyVerbruggen/Custom-URL-scheme
+    // Do not overwrite the existing developer's URL handler.
+    const existingHandleOpenUrl = window.handleOpenUrl;
+    window.handleOpenUrl = async url => {
+      if (url.toLowerCase().startsWith(`${BuildInfo.packageName.toLowerCase()}://`)) {
+        // We want this intentionally to float
+        // eslint-disable-next-line @typescript-eslint/no-floating-promises
+        universalLinksCb({url});
+      }
+      // Call the developer's handler if it is present.
+      if (typeof existingHandleOpenUrl === 'function') {
+        try {
+          existingHandleOpenUrl(url);
+        } catch (e) {
+          // This is a developer error. Don't stop the flow of the SDK.
+          console.error(e);
+        }
+      }
+    };
+
+    // Universal links subscriber doesn't exist for iOS, so we need to check
+    if (typeof universalLinks.subscribe === 'function') {
+      universalLinks.subscribe(null, universalLinksCb);
+    }
+  }
 }
 
 /**

packages-exp/auth-exp/test/helpers/timeout_stub.ts

@@ -17,7 +17,7 @@
 
 import * as sinon from 'sinon';
 
-interface TimerTripFn {
+export interface TimerTripFn {
   (): void;
 }