Skip to content

Commit

Permalink
Introduce fixture for CodeVerifier to remove implicit randomness
Browse files Browse the repository at this point in the history
  • Loading branch information
mokagio committed Feb 24, 2023
1 parent 114587c commit de65b51
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 7 deletions.
6 changes: 5 additions & 1 deletion WordPressAuthenticator.xcodeproj/project.pbxproj
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
1A21EE9822832BC300C940C6 /* WordPressComOAuthClientFacade+Swift.swift in Sources */ = {isa = PBXBuildFile; fileRef = 1A21EE9722832BC200C940C6 /* WordPressComOAuthClientFacade+Swift.swift */; };
1A4095182271AEFC009AA86D /* WPAuthenticator-Swift.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A4095152271AEFC009AA86D /* WPAuthenticator-Swift.h */; settings = {ATTRIBUTES = (Private, ); }; };
3108613125AFA4830022F75E /* PasteboardTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3108613025AFA4830022F75E /* PasteboardTests.swift */; };
3F107B0529A87AF0009B3658 /* CodeVerifier+Fixture.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3F107B0429A87AF0009B3658 /* CodeVerifier+Fixture.swift */; };
3F30A6B4299F10BD0004452F /* Character+URLSafe.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3F30A6B3299F10BD0004452F /* Character+URLSafe.swift */; };
3F30A6BA299F12E30004452F /* Character+URLSafeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */; };
3F338B6A289B877F0014ADC5 /* BuildkiteTestCollector in Frameworks */ = {isa = PBXBuildFile; productRef = 3F338B69289B877F0014ADC5 /* BuildkiteTestCollector */; };
Expand Down Expand Up @@ -264,6 +265,7 @@
3108613025AFA4830022F75E /* PasteboardTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PasteboardTests.swift; sourceTree = "<group>"; };
33FEF45B466FF8EAAE5F3923 /* Pods-WordPressAuthenticator.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-WordPressAuthenticator.release.xcconfig"; path = "Pods/Target Support Files/Pods-WordPressAuthenticator/Pods-WordPressAuthenticator.release.xcconfig"; sourceTree = "<group>"; };
37AFD4EF492B00CA7AEC11A3 /* Pods-WordPressAuthenticatorTests.release-alpha.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-WordPressAuthenticatorTests.release-alpha.xcconfig"; path = "Pods/Target Support Files/Pods-WordPressAuthenticatorTests/Pods-WordPressAuthenticatorTests.release-alpha.xcconfig"; sourceTree = "<group>"; };
3F107B0429A87AF0009B3658 /* CodeVerifier+Fixture.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CodeVerifier+Fixture.swift"; sourceTree = "<group>"; };
3F30A6B3299F10BD0004452F /* Character+URLSafe.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Character+URLSafe.swift"; sourceTree = "<group>"; };
3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Character+URLSafeTests.swift"; sourceTree = "<group>"; };
3F338B6B289B87E60014ADC5 /* UnitTests.xctestplan */ = {isa = PBXFileReference; lastKnownFileType = text; path = UnitTests.xctestplan; sourceTree = "<group>"; };
Expand Down Expand Up @@ -587,6 +589,8 @@
3FE8072329365FC20088420C /* GoogleSignIn */ = {
isa = PBXGroup;
children = (
3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */,
3F107B0429A87AF0009B3658 /* CodeVerifier+Fixture.swift */,
3F82E63829931D95003EFC16 /* CodeVerifierTests.swift */,
3F4E646F2990B7B3000DB555 /* Data+Base64URLTests.swift */,
3F82E63C29935E65003EFC16 /* Data+SHA256Tests.swift */,
Expand All @@ -600,7 +604,6 @@
3F82E6322993101A003EFC16 /* String+RandomTests.swift */,
3FE8071E2936558F0088420C /* URL+GoogleSignInTests.swift */,
3F879FDE293A501D005C2B48 /* URLRequest+GoogleSignInTests.swift */,
3F30A6B9299F12E30004452F /* Character+URLSafeTests.swift */,
);
path = GoogleSignIn;
sourceTree = "<group>";
Expand Down Expand Up @@ -1550,6 +1553,7 @@
3F82E6332993101A003EFC16 /* String+RandomTests.swift in Sources */,
4A1DEF4A29341B1F00322608 /* LoggingTests.m in Sources */,
3FEC44F9293A0F2900EBDECF /* ProofKeyForCodeExchangeTests.swift in Sources */,
3F107B0529A87AF0009B3658 /* CodeVerifier+Fixture.swift in Sources */,
CE16177821B70C1A00B82A47 /* WordPressAuthenticatorDisplayTextTests.swift in Sources */,
3F879FF4293A7F46005C2B48 /* GoogleOAuthTokenGetterTests.swift in Sources */,
B501C048208FC79C00D1E58F /* LoginFacadeTests.m in Sources */,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
@testable import WordPressAuthenticator

extension ProofKeyForCodeExchange.CodeVerifier {

/// A code verifier for testing purposes that is guaranteed to be valid and deterministic.
///
/// The reason we care about it being deterministic is because we don't want implicit randomness test.
/// The only place were we want to use random values in the `CodeVerifier` tests which explicitly check the random generation.
static func fixture() -> Self {
.init(value: (0..<minimumLength).map { _ in "a" }.joined())!
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import XCTest
class OAuthRequestBodyGoogleSignInTests: XCTestCase {

func testGoogleSignInTokenRequestBody() throws {
let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.makeRandomCodeVerifier()
let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.fixture()
let pkce = ProofKeyForCodeExchange(codeVerifier: codeVerifier, method: .plain)
let body = OAuthTokenRequestBody.googleSignInRequestBody(
clientId: GoogleClientId(string: "com.app.123-abc")!,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ class URLRequestOAuthTokenRequestTests: XCTestCase {
clientSecret: "b",
audience: "audience",
code: "c",
codeVerifier: ProofKeyForCodeExchange.CodeVerifier.makeRandomCodeVerifier(),
codeVerifier: ProofKeyForCodeExchange.CodeVerifier.fixture(),
grantType: "e",
redirectURI: "f"
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ import XCTest
class OAuthTokenRequestBodyTests: XCTestCase {

func testURLEncodedDataConversion() throws {
let codeVerifier = (0..<43).map { _ in "a" }.joined()
let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.fixture()
let body = OAuthTokenRequestBody(
clientId: "clientId",
clientSecret: "clientSecret",
audience: "audience",
code: "codeValue",
codeVerifier: try XCTUnwrap(ProofKeyForCodeExchange.CodeVerifier(value: codeVerifier)),
codeVerifier: codeVerifier,
grantType: "grantType",
redirectURI: "redirectUri"
)
Expand All @@ -21,7 +21,7 @@ class OAuthTokenRequestBodyTests: XCTestCase {

XCTAssertTrue(decodedData.contains("client_id=clientId"))
XCTAssertTrue(decodedData.contains("client_secret=clientSecret"))
XCTAssertTrue(decodedData.contains("code_verifier=\(codeVerifier)"))
XCTAssertTrue(decodedData.contains("code_verifier=\(codeVerifier.rawValue)"))
XCTAssertTrue(decodedData.contains("grant_type=grantType"))
XCTAssertTrue(decodedData.contains("redirect_uri=redirectUri"))
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import XCTest
class ProofKeyForCodeExchangeTests: XCTestCase {

func testCodeChallengeInPlainModeIsTheSameAsCodeVerifier() {
let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.makeRandomCodeVerifier()
let codeVerifier = ProofKeyForCodeExchange.CodeVerifier.fixture()

XCTAssertEqual(
ProofKeyForCodeExchange(codeVerifier: codeVerifier, method: .plain).codeCallenge,
Expand Down

0 comments on commit de65b51

Please sign in to comment.