From 1ca4d585115ba6d777e25000f1e2bb2f53188af6 Mon Sep 17 00:00:00 2001 From: James Frost Date: Fri, 21 Jan 2022 16:58:16 +0000 Subject: [PATCH 1/4] Sharing Authorization: Move auth url components to their own enum --- ...haringAuthorizationWebViewController.swift | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift b/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift index 9a02d0f5cd66..cec6e28ce642 100644 --- a/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift +++ b/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift @@ -25,20 +25,23 @@ class SharingAuthorizationWebViewController: WPWebViewController { } private static let loginURL = "https://wordpress.com/wp-login.php" - private static let authorizationPrefix = "https://public-api.wordpress.com/connect/" - private static let requestActionParameter = "action=request" - private static let verifyActionParameter = "action=verify" - private static let denyActionParameter = "action=deny" - - // Special handling for the inconsistent way that services respond to a user's choice to decline - // oauth authorization. - // Right now we have no clear way to know if Tumblr fails. This is something we should try - // fixing moving forward. - // Path does not set the action param or call the callback. It forwards to its own URL ending in /decline. - private static let declinePath = "/decline" - private static let userRefused = "oauth_problem=user_refused" - private static let authorizationDenied = "denied=" - private static let accessDenied = "error=access_denied" + + private enum AuthorizeURLComponents { + static let verifyActionParameter = "action=verify" + static let denyActionParameter = "action=deny" + static let requestActionParameter = "action=request" + + static let declinePath = "/decline" + static let authorizationPrefix = "https://public-api.wordpress.com/connect/" + static let accessDenied = "error=access_denied" + + // Special handling for the inconsistent way that services respond to a user's choice to decline + // oauth authorization. + // Right now we have no clear way to know if Tumblr fails. This is something we should try + // fixing moving forward. + // Path does not set the action param or call the callback. It forwards to its own URL ending in /decline. + static let userRefused = "oauth_problem=user_refused" + } /// Verification loading -- dismiss on completion /// @@ -148,37 +151,37 @@ class SharingAuthorizationWebViewController: WPWebViewController { let requested = url.absoluteString // Path oauth declines are handled by a redirect to a path.com URL, so check this first. - if requested.range(of: SharingAuthorizationWebViewController.declinePath) != nil { + if requested.range(of: AuthorizeURLComponents.declinePath) != nil { return .deny } - if !requested.hasPrefix(SharingAuthorizationWebViewController.authorizationPrefix) { + if !requested.hasPrefix(AuthorizeURLComponents.authorizationPrefix) { return .none } - if requested.range(of: SharingAuthorizationWebViewController.requestActionParameter) != nil { + if requested.range(of: AuthorizeURLComponents.requestActionParameter) != nil { return .request } // Check the rest of the various decline ranges - if requested.range(of: SharingAuthorizationWebViewController.denyActionParameter) != nil { + if requested.range(of: AuthorizeURLComponents.denyActionParameter) != nil { return .deny } // LinkedIn - if requested.range(of: SharingAuthorizationWebViewController.userRefused) != nil { + if requested.range(of: AuthorizeURLComponents.userRefused) != nil { return .deny } // Facebook and Google+ - if requested.range(of: SharingAuthorizationWebViewController.accessDenied) != nil { + if requested.range(of: AuthorizeURLComponents.accessDenied) != nil { return .deny } // If we've made it this far and verifyRange is found then we're *probably* // verifying the oauth request. There are edge cases ( :cough: tumblr :cough: ) // where verification is declined and we get a false positive. - if requested.range(of: SharingAuthorizationWebViewController.verifyActionParameter) != nil { + if requested.range(of: AuthorizeURLComponents.verifyActionParameter) != nil { return .verify } From b0f8c79bf3e668343d7eed80ad41ed7c7e59dc3f Mon Sep 17 00:00:00 2001 From: James Frost Date: Fri, 21 Jan 2022 19:45:41 +0000 Subject: [PATCH 2/4] Publicize: Switch authorize components to use enum cases --- ...haringAuthorizationWebViewController.swift | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift b/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift index cec6e28ce642..653be4871fd6 100644 --- a/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift +++ b/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift @@ -26,21 +26,25 @@ class SharingAuthorizationWebViewController: WPWebViewController { private static let loginURL = "https://wordpress.com/wp-login.php" - private enum AuthorizeURLComponents { - static let verifyActionParameter = "action=verify" - static let denyActionParameter = "action=deny" - static let requestActionParameter = "action=request" + private enum AuthorizeURLComponents: String { + case verifyActionParameter = "action=verify" + case denyActionParameter = "action=deny" + case requestActionParameter = "action=request" - static let declinePath = "/decline" - static let authorizationPrefix = "https://public-api.wordpress.com/connect/" - static let accessDenied = "error=access_denied" + case declinePath = "/decline" + case authorizationPrefix = "https://public-api.wordpress.com/connect/" + case accessDenied = "error=access_denied" // Special handling for the inconsistent way that services respond to a user's choice to decline // oauth authorization. // Right now we have no clear way to know if Tumblr fails. This is something we should try // fixing moving forward. // Path does not set the action param or call the callback. It forwards to its own URL ending in /decline. - static let userRefused = "oauth_problem=user_refused" + case userRefused = "oauth_problem=user_refused" + + func containedIn(_ url: URL) -> Bool { + url.absoluteString.contains(rawValue) + } } /// Verification loading -- dismiss on completion @@ -148,42 +152,43 @@ class SharingAuthorizationWebViewController: WPWebViewController { // MARK: - URL Interpretation private func authorizeAction(from url: URL) -> AuthorizeAction { - let requested = url.absoluteString - // Path oauth declines are handled by a redirect to a path.com URL, so check this first. - if requested.range(of: AuthorizeURLComponents.declinePath) != nil { + if AuthorizeURLComponents.declinePath.containedIn(url) { return .deny } - if !requested.hasPrefix(AuthorizeURLComponents.authorizationPrefix) { + if !url.absoluteString.hasPrefix(AuthorizeURLComponents.authorizationPrefix.rawValue) { return .none } - if requested.range(of: AuthorizeURLComponents.requestActionParameter) != nil { + if AuthorizeURLComponents.requestActionParameter.containedIn(url) { return .request } // Check the rest of the various decline ranges - if requested.range(of: AuthorizeURLComponents.denyActionParameter) != nil { + if AuthorizeURLComponents.denyActionParameter.containedIn(url) { return .deny } // LinkedIn - if requested.range(of: AuthorizeURLComponents.userRefused) != nil { + if AuthorizeURLComponents.userRefused.containedIn(url) { return .deny } // Facebook and Google+ - if requested.range(of: AuthorizeURLComponents.accessDenied) != nil { + if AuthorizeURLComponents.accessDenied.containedIn(url) { return .deny } // If we've made it this far and verifyRange is found then we're *probably* // verifying the oauth request. There are edge cases ( :cough: tumblr :cough: ) // where verification is declined and we get a false positive. - if requested.range(of: AuthorizeURLComponents.verifyActionParameter) != nil { + if AuthorizeURLComponents.verifyActionParameter.containedIn(url) { return .verify } + return .verify + } + return .unknown } From 62629ac11ac5b0e5d12b9178f7e220c750e1e419 Mon Sep 17 00:00:00 2001 From: James Frost Date: Fri, 21 Jan 2022 19:45:59 +0000 Subject: [PATCH 3/4] Publicize authorize: Add new Facebook cases --- .../Blog/SharingAuthorizationWebViewController.swift | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift b/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift index 653be4871fd6..8a86963d52be 100644 --- a/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift +++ b/WordPress/Classes/ViewRelated/Blog/SharingAuthorizationWebViewController.swift @@ -35,6 +35,10 @@ class SharingAuthorizationWebViewController: WPWebViewController { case authorizationPrefix = "https://public-api.wordpress.com/connect/" case accessDenied = "error=access_denied" + case state = "state" + case code = "code" + case error = "error" + // Special handling for the inconsistent way that services respond to a user's choice to decline // oauth authorization. // Right now we have no clear way to know if Tumblr fails. This is something we should try @@ -186,9 +190,16 @@ class SharingAuthorizationWebViewController: WPWebViewController { if AuthorizeURLComponents.verifyActionParameter.containedIn(url) { return .verify } + + // Facebook + if AuthorizeURLComponents.state.containedIn(url) && AuthorizeURLComponents.code.containedIn(url) { return .verify } + // Facebook failure + if AuthorizeURLComponents.state.containedIn(url) && AuthorizeURLComponents.error.containedIn(url) { + return .unknown + } return .unknown } From 1cfe665ea0bd25a3053641df467f63891deec456 Mon Sep 17 00:00:00 2001 From: James Frost Date: Fri, 21 Jan 2022 19:55:19 +0000 Subject: [PATCH 4/4] Updated release notes --- RELEASE-NOTES.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt index 591b7464cdff..aace0b786efb 100644 --- a/RELEASE-NOTES.txt +++ b/RELEASE-NOTES.txt @@ -17,6 +17,7 @@ * [*] Block editor: Highlight text: fix applying formatting for non-selected text [https://github.com/wordpress-mobile/gutenberg-mobile/pull/4471] * [**] Block editor: Fix Android handling of Hebrew and Indonesian translations [https://github.com/wordpress-mobile/gutenberg-mobile/pull/4397] * [***] Self-hosted sites: Fixed a crash when saving media and no Internet connection was available. [#17759] +* [*] Publicize: Fixed an issue where a successful login was not automatically detected when connecting a Facebook account to Publicize. [#17803] 19.0 -----