Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Valet 4.0] Require that App ID Prefix be explicitly passed into Shared Access Group Valets #218

Merged
merged 6 commits into from
Apr 12, 2020

Conversation

dfed
Copy link
Collaborator

@dfed dfed commented Feb 25, 2020

This PR removes the magic that automatically determined the shared access group.

There are two big drivers behind this PR:

  1. [Valet 4.0] Remove .always accessibility specifier #197 made this code significantly more complex, since the app ID prefix could no longer always be accessed. This is discussed some in [Public Beta] Valet 4 wishlist #179 (comment).
  2. The auto-magical determining of the App ID prefix is non-deterministic on particular iOS versions when an app has gone through the process of changing its App ID prefix. Airbnb found that on iOS 12, the sharedAccessGroupPrefix returned the old App ID, where on iOS 13 the sharedAccessGroupPrefix returned our new App ID. This non-determinism was only found on App Store signed builds – debug builds worked. Given the possibility of incorrect behavior by this code, we believe it is best to be explicit.

Note that I need to add this change to the Valet 4 migration guide prior to merging Valet 4 to master. I'm tracking that in #179 (comment)

@dfed dfed mentioned this pull request Feb 25, 2020
10 tasks
fdiaz
fdiaz previously approved these changes Feb 25, 2020
Copy link
Collaborator

@fdiaz fdiaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much easier to read 👍

README.md Outdated
@@ -128,14 +128,14 @@ In addition to allowing the storage of strings, Valet allows the storage of `Dat
### Sharing Secrets Among Multiple Applications

```swift
let mySharedValet = Valet.sharedAccessGroupValet(with: Identifier(nonEmpty: "Druidia")!, accessibility: .whenUnlocked)
let mySharedValet = Valet.sharedAccessGroupValet(with: Identifier(nonEmpty: "AppID12345.Druidia")!, accessibility: .whenUnlocked)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might be cleaner to create a distinct SharedAccessGroupIdentifier that takes two separate strings (the shared access group id and the Valet id), rather than using Identifier here. That way it is more obvious what this identifier is, and consumers don't have to know that it needs to be formatted as two strings concatenated with a period.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this a lot. Made code changes in 5078ffc. Changes to documentation incoming.

@dfed dfed dismissed fdiaz’s stale review February 25, 2020 22:53

Dismissing Francisco's review since major changes have occurred since he reviewed

@codecov-io
Copy link

codecov-io commented Feb 25, 2020

Codecov Report

Merging #218 into develop--4.0 will decrease coverage by 0.33%.
The diff coverage is 87.66%.

Impacted file tree graph

@@               Coverage Diff                @@
##           develop--4.0     #218      +/-   ##
================================================
- Coverage         85.77%   85.44%   -0.34%     
================================================
  Files                14       15       +1     
  Lines              1097     1065      -32     
================================================
- Hits                941      910      -31     
+ Misses              156      155       -1
Impacted Files Coverage Δ
Sources/Valet/Internal/SecItem.swift 84.53% <ø> (-1.83%) ⬇️
Sources/Valet/SharedAccessGroupIdentifier.swift 100% <100%> (ø)
Sources/Valet/SecureEnclave.swift 51.85% <100%> (ø) ⬆️
Sources/Valet/SecureEnclaveValet.swift 75.94% <82.35%> (+1.53%) ⬆️
Sources/Valet/Valet.swift 88.25% <86.17%> (-2.69%) ⬇️
Sources/Valet/SinglePromptSecureEnclaveValet.swift 75.78% <87.5%> (+1.27%) ⬆️
Sources/Valet/Internal/Service.swift 97.61% <88.88%> (-0.24%) ⬇️

@@ -377,10 +386,10 @@ public final class Valet: NSObject {
case .standard:
serviceAttribute = Service.standard(with: configuration, identifier: identifier, accessibilityDescription: accessibilityDescription)
#if os(macOS)
case .sharedAccessGroupOverride:
serviceAttribute = Service.sharedAccessGroup(with: configuration, explicitlySetIdentifier: identifier, accessibilityDescription: accessibilityDescription)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a bug before (only on the develop--4.0 branch).

It occurs to me that I need to enable explicitly set identifiers that use shared access groups more thought. Right now you can only name your explicitly set shared access group to use the same identifier as your keychain entitlement, which isn't terribly human-readable. I can tackle this in a follow-up PR, as this is an existing shortcoming.

@dfed dfed merged commit 1dfa2ff into develop--4.0 Apr 12, 2020
@dfed dfed deleted the dfed--make-app-id-prefix-explicit branch April 12, 2020 19:41
@dfed dfed changed the title Require that App ID Prefix be explicitly passed into Shared Access Group Valets [Valet 4.0] Require that App ID Prefix be explicitly passed into Shared Access Group Valets Apr 12, 2020
dfed added a commit that referenced this pull request Jun 13, 2020
* Do not build branch build on every push on PR branches

* Update cocoapods

* Start validating podspec on Xcode 11

* Drop Xcode 9 and 10 support

* Swift version to 5.0

* Bump minor version of osx_image on .travis.yml in order to access simulators for older OSes

* Bump destination for iOS 11 to get CI working

* Update tests to reflext iOS 13 simulator's inability to store items that require a passcode to be set

* Enable running CI on iOS 10, tvOS 10, and watchOS 3

* Allow kSecAttrService to be a customer-friendly string on Mac

* Add a section to the README on choosing the best identifier on a Mac

* Update README documentation on choosing a user-friendly identifier

* Add ObjC compat layer for new initializers

* Remove Always accessibility specifier

* Ensure test environment is signed before testing shared access keychain

* Add migration helper methods

* Use throws rather than return types to indicate error.

* Get rid of ErrorHandler

* couldNotReadKeychain -> .couldNotAccessKeychain

* Make Objective-C bridging methods for accessing values with prompt redundant

* Swift 5 updates

* Bring API in line with Apple's naming guidelines

* Adopt Swift 5 syntax, and enable support for SinglePromptSecureEnclaveValet on tvOS

* Fix migrateObjectsFromAlwaysAccessible methods

* Fix warning introduced by merge

* Bump version to 4.0.0

* Get new migration methods working with Catalina

* Update README

* Set up code coverage

* Run more tests on a single machine

* Standardize method naming

* Run test coverage on every target

* Modernize doc comments

* Remove returns

* Use SeeAlso

* Modernize doc comments

* Add Warning

* Add objc example

* findOrCreate(explicitlySet must use a key that combines service, configuration, accessibility, and sharedAccessGroup to prevent returning the wrong Valet

* Utilize testEnvironmentIsSigned before using shared keychains

* Use explicitlySetSharedAccessGroupIdentifier when dealing with shared access groups

* removeAllObjects() to avoid collisions in tests

* Fail test on setup failure

* Update whitespace

* containsObject(forKey should throw in Swift

* Introduce Throws doc comment

* Catch closer to the source

* Add simple Objective-C compatibility layer tests

* Update copyright

* Fixup whitespace

* try? less in tests

* If deleting items throws, then we should surface the failure.

* Remove runtime assert, since we will throw the error anyways

* Update Mac tests to use try on containsObject

* Add description to KeychainError

* Fix macOS tests after throwing on removeAllObjects in setUp

* Increase test coverage of error files

* Use permutation valet rather than vanillaValet multiple times

* Indentation and test separation

* Add comment re why we're checking for errSecInteractionNotAllowed

* Better comment formatting

* Use Throws rather than Note

* Add final to test classes

* Rename internal containsObject methods to performCopy

* [Valet 4.0] Add explicit tests for CloudAccessibility (#210)

* [Valet 4.0] Get SinglePromptSecureEnclaveIntegrationTests running on tvOS (#209)

* Get SinglePromptSecureEnclaveIntegrationTests running on tvOS

* Make SinglePromptSecureEnclaveValet available on tvOS 11, not tvOS 10

* [Valet 4.0] Add explicit tests for Configuration (#211)

* Use CaseIterable instead of allValues where possible (#212)

* Get ValetTouchIDTest building again

* Require that App ID Prefix be explicitly passed into Shared Access Group Valets (#218)

* Require that App ID Prefix be explicitly passed into Shared Access Group Valets

* Add App ID prefix to tests

* Create and adopt SharedAccessGroupIdentifier

* Update documentation

* [Valet 4.0] Update migration guide (#221)

* Update migration guide for Valet 4.0

* NickEntin feedback

Co-Authored-By: Nick Entin <nckentn@gmail.com>

* Remove version from Package.swift (#223)

* Add headerdoc comment for removing an object from the keychain

* Update headerdoc comments for parameters of type SharedAccessGroupIdentifier

* Update headerdoc comment for migration method

* Update headerdoc comments for objc compatibility methods

* Rename MigrationError cases with `InQueryResult` to `ToMigrate` (#227)

* Rename InQueryResult -> ToMigrate

* Update comments

* Fix typo in README (#229)

* Create 'Changing an Accessibility Value After Persisting Data' section in README (#232)

* Use correct Valet name in README example

* Create Changing an Accessibility Value After Persisting Data section

* Get watchOS tests running locally (#233)

* Support sharing keychain items using App Groups (#230)

* Add App Group group.valet.test

* Update syntax for Swift 5

* Enable SharedAccessGroup code to semantically handle AppGroups. Rename SharedAccessGroup -> SharedGroup

* README updates

* Add sharedAppGroupIdentifier tests to Valet

* Add sharedAppGroupIdentifier test to SecureEnclave

* Add sharedAppGroupIdentifier test to SinglePromptSecureEnclave

* Add objective-c compatibility layer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants