diff options
author | 2017-09-13 23:45:07 -0700 | |
---|---|---|
committer | 2017-09-13 23:45:07 -0700 | |
commit | b8f70da4ee4310b48addf046923a090d52839bef (patch) | |
tree | 3a7913f3c4f1a410d98178b4878ebef074c89ad7 /Firebase | |
parent | dc02ea958408b81444d6e43ede81334ad1ee0752 (diff) |
Adds event ID validation to verify phone number (#263)
* Adds event ID validation to verify phone number
Diffstat (limited to 'Firebase')
-rw-r--r-- | Firebase/Auth/Source/AuthProviders/Phone/FIRPhoneAuthProvider.m | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/Firebase/Auth/Source/AuthProviders/Phone/FIRPhoneAuthProvider.m b/Firebase/Auth/Source/AuthProviders/Phone/FIRPhoneAuthProvider.m index 3613233..3a098a5 100644 --- a/Firebase/Auth/Source/AuthProviders/Phone/FIRPhoneAuthProvider.m +++ b/Firebase/Auth/Source/AuthProviders/Phone/FIRPhoneAuthProvider.m @@ -153,14 +153,19 @@ NSString *const kReCAPTCHAURLStringFormat = @"https://%@/__/auth/handler?%@"; completion(nil, error); return; } - [self reCAPTCHAURLWithCompletion:^(NSURL *_Nullable reCAPTCHAURL, - NSError *_Nullable error) { + NSMutableString *eventID = [[NSMutableString alloc] init]; + for(int i=0; i<10; i++) { + [eventID appendString: + [NSString stringWithFormat:@"%c", 'a' + arc4random_uniform('z' - 'a' + 1)]]; + } + [self reCAPTCHAURLWithEventID:eventID completion:^(NSURL *_Nullable reCAPTCHAURL, + NSError *_Nullable error) { if (error) { callBackOnMainThread(nil, error); return; } FIRAuthURLCallbackMatcher callbackMatcher = ^BOOL(NSURL *_Nullable callbackURL) { - return [self isVerifyAppURL:callbackURL]; + return [self isVerifyAppURL:callbackURL eventID:eventID]; }; [_auth.authURLPresenter presentURL:reCAPTCHAURL UIDelegate:UIDelegate @@ -275,7 +280,7 @@ NSString *const kReCAPTCHAURLStringFormat = @"https://%@/__/auth/handler?%@"; @param URL The url to be checked against the authType string. @return Whether or not the URL matches authType. */ -- (BOOL)isVerifyAppURL:(nullable NSURL *)URL { +- (BOOL)isVerifyAppURL:(nullable NSURL *)URL eventID:(NSString *)eventID { if (!URL) { return NO; } @@ -297,7 +302,8 @@ NSString *const kReCAPTCHAURLStringFormat = @"https://%@/__/auth/handler?%@"; NSURL *deeplinkURL = [NSURL URLWithString:URLQueryItems[@"deep_link_id"]]; NSDictionary<NSString *, NSString *> *deeplinkQueryItems = [NSDictionary gtm_dictionaryWithHttpArgumentsString:deeplinkURL.query]; - if ([deeplinkQueryItems[@"authType"] isEqualToString:kAuthTypeVerifyApp]) { + if ([deeplinkQueryItems[@"authType"] isEqualToString:kAuthTypeVerifyApp] && + [deeplinkQueryItems[@"eventId"] isEqualToString:eventID]) { return YES; } return NO; @@ -423,7 +429,7 @@ NSString *const kReCAPTCHAURLStringFormat = @"https://%@/__/auth/handler?%@"; }]; } -- (void)reCAPTCHAURLWithCompletion:(FIRReCAPTCHAURLCallBack)completion { +- (void)reCAPTCHAURLWithEventID:(NSString *)eventID completion:(FIRReCAPTCHAURLCallBack)completion { [self fetchAuthDomainWithCompletion:^(NSString *_Nullable authDomain, NSError *_Nullable error) { if (error) { @@ -438,7 +444,8 @@ NSString *const kReCAPTCHAURLStringFormat = @"https://%@/__/auth/handler?%@"; @"authType" : kAuthTypeVerifyApp, @"ibi" : bundleID ?: @"", @"clientId" : clienID, - @"v" : [FIRAuthBackend authUserAgent] + @"v" : [FIRAuthBackend authUserAgent], + @"eventId" : eventID, }]; if (_auth.requestConfiguration.languageCode) { urlArguments[@"hl"] = _auth.requestConfiguration.languageCode; |