From 04615e5568af549fb79d8b1ed59dbbce29ddb5f9 Mon Sep 17 00:00:00 2001 From: Mike Hardy Date: Mon, 13 Feb 2023 16:16:38 -0500 Subject: [PATCH] fix(app-check, ios): debugToken in config on iOS works now previously you had to configure it in the simulator environment at startup, now we dynamically stuff it into the running process environment --- docs/app-check/usage/index.md | 22 ++++++------------- package.json | 10 ++++----- packages/app-check/e2e/appcheck.e2e.js | 1 + .../ios/RNFBAppCheck/RNFBAppCheckProvider.m | 20 +++++++---------- 4 files changed, 21 insertions(+), 32 deletions(-) diff --git a/docs/app-check/usage/index.md b/docs/app-check/usage/index.md index 7f8e60c797..355f6fe4a1 100644 --- a/docs/app-check/usage/index.md +++ b/docs/app-check/usage/index.md @@ -117,8 +117,6 @@ rnfbProvider.configure({ }); ``` -Note that the available - ### Install the Custom Provider Once you have the custom provider configured, install it in app-check using the firebase-js-sdk compatible API: @@ -143,13 +141,7 @@ The [official documentation](https://firebase.google.com/docs/app-check/web/cust ### on iOS -App Check may be used in CI environments by following the upstream documentation to configure a debug token shared with your app in the CI environment. - -In certain react-native testing scenarios it may be difficult to access the shared secret, but the react-native-firebase testing app for e2e testing does successfully fetch App Check tokens via setting an environment variable and initializing the debug provider before firebase configure in AppDelegate.m for iOS. - -This method mainly consists of setting an environment variable in a way that it is visible to the Simulator as it starts up. That environment variable is automatically seen and used by the Firebase Debug provider on iOS. - -In a future release, the debugToken parameter of the CustomProvider apple options should allow for more dynamic configuration, PRs to the Apple CustomProvider are welcome if you are motivated to implement this feature. +The react-native-firebase CustomProvider implementation allows for runtime configuration of the `debug` provider as well as a `debugToken` in the `android` CustomProvider options. This allows the easy use of a token pre-configured in the Firebase console, allowing for dynamic configuration and testing of AppCheck in CI environments or Android Emulators. ### on Android @@ -159,20 +151,20 @@ There are a variety of other ways to obtain and configure debug tokens for AppCh #### A) When testing on an actual android device (debug build) -1. Start your application on the android device. -2. Use `$adb logcat | grep DebugAppCheckProvider` to grab your temporary secret from the android logs. The output should look lit this: +1. Start your application on the android device. +2. Use `$adb logcat | grep DebugAppCheckProvider` to grab your temporary secret from the android logs. The output should look lit this: D DebugAppCheckProvider: Enter this debug secret into the allow list in the Firebase Console for your project: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX -3. In the [Project Settings > App Check](https://console.firebase.google.com/project/_/settings/appcheck) section of the Firebase console, choose _Manage debug tokens_ from your app's overflow menu. Then, register the debug token you logged in the previous step. +3. In the [Project Settings > App Check](https://console.firebase.google.com/project/_/settings/appcheck) section of the Firebase console, choose _Manage debug tokens_ from your app's overflow menu. Then, register the debug token you logged in the previous step. #### B) Specifying a generated `FIREBASE_APP_CHECK_DEBUG_TOKEN` -- building for CI/CD (debug build) When you want to test using an Android virtual device -or- when you prefer to (re)use a token of your choice -- e.g. when configuring a CI/CD pipeline -- use the following steps: -1. In the [Project Settings > App Check](https://console.firebase.google.com/project/_/settings/appcheck) section of the Firebase console, choose _Manage debug tokens_ from your app's overflow menu. Then, register a new debug token by clicking the _Add debug token_ button, then _Generate token_. -2. Pass the token you created in the previous step by supplying a `FIREBASE_APP_CHECK_DEBUG_TOKEN` environment variable to the process that build your react-native android app. e.g.: +1. In the [Project Settings > App Check](https://console.firebase.google.com/project/_/settings/appcheck) section of the Firebase console, choose _Manage debug tokens_ from your app's overflow menu. Then, register a new debug token by clicking the _Add debug token_ button, then _Generate token_. +2. Pass the token you created in the previous step by supplying a `FIREBASE_APP_CHECK_DEBUG_TOKEN` environment variable to the process that build your react-native android app. e.g.: FIREBASE_APP_CHECK_DEBUG_TOKEN="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" react-native run-android @@ -203,6 +195,6 @@ When using expo-dev-client, the process is a little different, especially on an } ``` -3. Rebuild your development client: +3. Rebuild your development client: eas build --profile development --platform android diff --git a/package.json b/package.json index a17786faf0..68fccc298c 100644 --- a/package.json +++ b/package.json @@ -42,11 +42,11 @@ "tests:android:emulator:forward": ".github/workflows/scripts/adb_all_emulators.sh 'reverse tcp:8081 tcp:8081'", "tests:ios:build": "cd tests && yarn detox build --configuration ios.sim.debug", "tests:ios:build-release": "cd tests && yarn detox build --configuration ios.sim.release", - "tests:ios:test": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF yarn detox test --configuration ios.sim.debug --loglevel warn", - "tests:ios:test:debug": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF yarn detox test --configuration ios.sim.debug --loglevel warn --inspect", - "tests:ios:test-reuse": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 SIMCTL_CHILD_FIRAAppCheckDebugToken=\"698956B2-187B-49C6-9E25-C3F3530EEBAF\" yarn detox test --configuration ios.sim.debug --reuse --loglevel warn", - "tests:ios:test-cover": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF ./node_modules/.bin/nyc yarn detox test --configuration ios.sim.debug --loglevel warn", - "tests:ios:test-cover-reuse": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF node_modules/.bin/nyc yarn detox test --configuration ios.sim.debug --reuse --loglevel warn", + "tests:ios:test": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 yarn detox test --configuration ios.sim.debug --loglevel warn", + "tests:ios:test:debug": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 yarn detox test --configuration ios.sim.debug --loglevel warn --inspect", + "tests:ios:test-reuse": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 yarn detox test --configuration ios.sim.debug --reuse --loglevel warn", + "tests:ios:test-cover": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 ./node_modules/.bin/nyc yarn detox test --configuration ios.sim.debug --loglevel warn", + "tests:ios:test-cover-reuse": "cd tests && SIMCTL_CHILD_GULGeneratedClassDisposeDisabled=1 node_modules/.bin/nyc yarn detox test --configuration ios.sim.debug --reuse --loglevel warn", "tests:ios:pod:install": "cd tests && rm -rf ios/ReactNativeFirebaseDemo.xcworkspace && yarn pod-install", "format:markdown": "prettier --write \"docs/**/*.md\"" }, diff --git a/packages/app-check/e2e/appcheck.e2e.js b/packages/app-check/e2e/appcheck.e2e.js index 440c1925b6..2e4a6d052a 100644 --- a/packages/app-check/e2e/appcheck.e2e.js +++ b/packages/app-check/e2e/appcheck.e2e.js @@ -27,6 +27,7 @@ describe('appCheck()', function () { }, apple: { provider: 'debug', + debugToken: '698956B2-187B-49C6-9E25-C3F3530EEBAF', }, web: { provider: 'debug', diff --git a/packages/app-check/ios/RNFBAppCheck/RNFBAppCheckProvider.m b/packages/app-check/ios/RNFBAppCheck/RNFBAppCheckProvider.m index 6415b7048e..f5eea0fc0f 100644 --- a/packages/app-check/ios/RNFBAppCheck/RNFBAppCheckProvider.m +++ b/packages/app-check/ios/RNFBAppCheck/RNFBAppCheckProvider.m @@ -38,18 +38,14 @@ - (void)configure:(FIRApp *)app // - determine if debugToken is provided via nullable arg if ([providerName isEqualToString:@"debug"]) { - // TODO: Currently not handling debugToken argument, relying on existing environment - // variable configuration style. - // - maybe directly setting an environment variable could work? - // https://stackoverflow.com/questions/27139589/whats-the-idiomatic-way-of-setting-an-environment-variable-in-objective-c-coco - // - ...otherwise if env var does not work - // - subclass style: RNFBAppCheckDebugProvider, and we should print local token - // - if a debugToken parameter was supplied, set - // RNFBAppCheckDebugProvider.configuredDebugToken - // - print local token - // https://github.com/firebase/firebase-ios-sdk/blob/c7e95996ff/FirebaseAppCheck/Sources/DebugProvider/FIRAppCheckDebugProviderFactory.m - // - print if current token in provided by configuration, by environment variable, or local - // token? + // The firebase-ios-sdk debug app check provider will take a token from environment if it + // exists: + if (debugToken != nil) { + // We have a debug token, so just need to stuff it in the environment and it will hook up + char *key = "FIRAAppCheckDebugToken", *value = [debugToken UTF8String]; + int overwrite = 1; + setenv(key, value, overwrite); + } self.delegateProvider = [[FIRAppCheckDebugProvider new] initWithApp:app]; }