Fix keychain access issues caused by prewarming (#9622)

rosalyntan · web-flow · commit dc4518504579 · 2022-04-19T16:03:01.000-07:00
* Try listening to `UIApplicationProtectedDataDidBecomeAvailable`.

* Handle platform availability.

* More platform availability handling.

* Fix static analysis issue.

* Update changelog.
diff --git a/FirebaseAuth/CHANGELOG.md b/FirebaseAuth/CHANGELOG.md
@@ -1,5 +1,6 @@
 # v9.0.0
 - [fixed] **Breaking change:** Fixed an ObjC-to-Swift API conversion error where `getStoredUser(forAccessGroup:)` returned a non-optional type. This change is breaking for Swift users only (#8599).
+- [fixed] Fixed an iOS 15 keychain access issue related to prewarming. (#8695)
 
 # v8.14.0
 - [added] Started to collect the Firebase user agent for Firebase Auth. (#9066)
diff --git a/FirebaseAuth/Sources/Auth/FIRAuth.m b/FirebaseAuth/Sources/Auth/FIRAuth.m
@@ -420,6 +420,12 @@ @implementation FIRAuth {
           UIApplicationDidEnterBackgroundNotification.
    */
   id<NSObject> _applicationDidEnterBackgroundObserver;
+
+  /** @var _protectedDataDidBecomeAvailableObserver
+      @brief An opaque object to act as the observer for
+     UIApplicationProtectedDataDidBecomeAvailable.
+   */
+  id<NSObject> _protectedDataDidBecomeAvailableObserver;
 }
 
 + (void)load {
@@ -485,65 +491,107 @@ - (nullable instancetype)initWithAPIKey:(NSString *)APIKey
     _firebaseAppName = [appName copy];
 #if TARGET_OS_IOS
     _settings = [[FIRAuthSettings alloc] init];
+
+    [GULAppDelegateSwizzler proxyOriginalDelegateIncludingAPNSMethods];
+    [GULSceneDelegateSwizzler proxyOriginalSceneDelegate];
+#endif  // TARGET_OS_IOS
+
+#if TARGET_OS_IOS || TARGET_OS_TV || TARGET_OS_MACCATALYST
     static Class applicationClass = nil;
     // iOS App extensions should not call [UIApplication sharedApplication], even if UIApplication
     // responds to it.
     if (![GULAppEnvironmentUtil isAppExtension]) {
       Class cls = NSClassFromString(@"UIApplication");
-      if (cls && [cls respondsToSelector:NSSelectorFromString(@"sharedApplication")]) {
+      if (cls && [cls respondsToSelector:@selector(sharedApplication)]) {
         applicationClass = cls;
       }
     }
     UIApplication *application = [applicationClass sharedApplication];
-
-    [GULAppDelegateSwizzler proxyOriginalDelegateIncludingAPNSMethods];
-    [GULSceneDelegateSwizzler proxyOriginalSceneDelegate];
-#endif  // TARGET_OS_IOS
-
-    // Continue with the rest of initialization in the work thread.
-    __weak FIRAuth *weakSelf = self;
-    dispatch_async(FIRAuthGlobalWorkQueue(), ^{
-      // Load current user from Keychain.
-      FIRAuth *strongSelf = weakSelf;
-      if (!strongSelf) {
-        return;
-      }
-      NSString *keychainServiceName =
-          [FIRAuth keychainServiceNameForAppName:strongSelf->_firebaseAppName];
-      if (keychainServiceName) {
-        strongSelf->_keychainServices =
-            [[FIRAuthKeychainServices alloc] initWithService:keychainServiceName];
-        strongSelf.storedUserManager =
-            [[FIRAuthStoredUserManager alloc] initWithServiceName:keychainServiceName];
+    if ([application respondsToSelector:@selector(isProtectedDataAvailable)]) {
+      if ([application isProtectedDataAvailable]) {
+        [self protectedDataInitialization];
+      } else {
+        // Add listener for UIApplicationProtectedDataDidBecomeAvailable.
+        self->_protectedDataDidBecomeAvailableObserver = [[NSNotificationCenter defaultCenter]
+            addObserverForName:UIApplicationProtectedDataDidBecomeAvailable
+                        object:nil
+                         queue:nil
+                    usingBlock:^(NSNotification *notification) {
+                      [self protectedDataInitialization];
+                    }];
       }
+    } else {
+      [self protectedDataInitialization];
+    }
+#else
+    [self protectedDataInitialization];
+#endif  // TARGET_OS_IOS || TARGET_OS_TV || TARGET_OS_MACCATALYST
+  }
+  return self;
+}
 
-      NSError *error;
-      NSString *storedUserAccessGroup =
-          [strongSelf.storedUserManager getStoredUserAccessGroupWithError:&error];
-      if (!error) {
-        if (!storedUserAccessGroup) {
-          FIRUser *user;
-          if ([strongSelf getUser:&user error:&error]) {
-            strongSelf.tenantID = user.tenantID;
-            [strongSelf updateCurrentUser:user byForce:NO savingToDisk:NO error:&error];
-            self->_lastNotifiedUserToken = user.rawAccessToken;
-          } else {
-            FIRLogError(kFIRLoggerAuth, @"I-AUT000001",
-                        @"Error loading saved user when starting up: %@", error);
-          }
+- (void)protectedDataInitialization {
+#if TARGET_OS_IOS || TARGET_OS_TV || TARGET_OS_MACCATALYST
+  [[NSNotificationCenter defaultCenter] removeObserver:_protectedDataDidBecomeAvailableObserver
+                                                  name:UIApplicationProtectedDataDidBecomeAvailable
+                                                object:nil];
+#endif  // TARGET_OS_IOS || TARGET_OS_TV || TARGET_OS_MACCATALYST
+  // Continue with the rest of initialization in the work thread.
+  __weak FIRAuth *weakSelf = self;
+  dispatch_async(FIRAuthGlobalWorkQueue(), ^{
+    // Load current user from Keychain.
+    FIRAuth *strongSelf = weakSelf;
+    if (!strongSelf) {
+      return;
+    }
+    NSString *keychainServiceName =
+        [FIRAuth keychainServiceNameForAppName:strongSelf->_firebaseAppName];
+    if (keychainServiceName) {
+      strongSelf->_keychainServices =
+          [[FIRAuthKeychainServices alloc] initWithService:keychainServiceName];
+      strongSelf.storedUserManager =
+          [[FIRAuthStoredUserManager alloc] initWithServiceName:keychainServiceName];
+    }
+
+    NSError *error;
+    NSString *storedUserAccessGroup =
+        [strongSelf.storedUserManager getStoredUserAccessGroupWithError:&error];
+    if (!error) {
+      if (!storedUserAccessGroup) {
+        FIRUser *user;
+        if ([strongSelf getUser:&user error:&error]) {
+          strongSelf.tenantID = user.tenantID;
+          [strongSelf updateCurrentUser:user byForce:NO savingToDisk:NO error:&error];
+          self->_lastNotifiedUserToken = user.rawAccessToken;
         } else {
-          [strongSelf internalUseUserAccessGroup:storedUserAccessGroup error:&error];
-          if (error) {
-            FIRLogError(kFIRLoggerAuth, @"I-AUT000001",
-                        @"Error loading saved user when starting up: %@", error);
-          }
+          FIRLogError(kFIRLoggerAuth, @"I-AUT000001",
+                      @"Error loading saved user when starting up: %@", error);
         }
       } else {
-        FIRLogError(kFIRLoggerAuth, @"I-AUT000001",
-                    @"Error loading saved user when starting up: %@", error);
+        [strongSelf internalUseUserAccessGroup:storedUserAccessGroup error:&error];
+        if (error) {
+          FIRLogError(kFIRLoggerAuth, @"I-AUT000001",
+                      @"Error loading saved user when starting up: %@", error);
+        }
       }
+    } else {
+      FIRLogError(kFIRLoggerAuth, @"I-AUT000001", @"Error loading saved user when starting up: %@",
+                  error);
+    }
 
 #if TARGET_OS_IOS
+    static Class applicationClass = nil;
+    // iOS App extensions should not call [UIApplication sharedApplication], even if UIApplication
+    // responds to it.
+    if (![GULAppEnvironmentUtil isAppExtension]) {
+      Class cls = NSClassFromString(@"UIApplication");
+      if (cls && [cls respondsToSelector:@selector(sharedApplication)]) {
+        applicationClass = cls;
+      }
+    }
+    UIApplication *application = [applicationClass sharedApplication];
+
+    if (application) {
       // Initialize for phone number auth.
       strongSelf->_tokenManager = [[FIRAuthAPNSTokenManager alloc] initWithApplication:application];
 
@@ -553,17 +601,16 @@ - (nullable instancetype)initWithAPIKey:(NSString *)APIKey
       strongSelf->_notificationManager = [[FIRAuthNotificationManager alloc]
            initWithApplication:application
           appCredentialManager:strongSelf->_appCredentialManager];
+    }
 
-      [GULAppDelegateSwizzler registerAppDelegateInterceptor:strongSelf];
+    [GULAppDelegateSwizzler registerAppDelegateInterceptor:strongSelf];
 #if ((TARGET_OS_IOS || TARGET_OS_TV) && (__IPHONE_OS_VERSION_MAX_ALLOWED >= 130000))
-      if (@available(iOS 13, tvos 13, *)) {
-        [GULSceneDelegateSwizzler registerSceneDelegateInterceptor:strongSelf];
-      }
+    if (@available(iOS 13, tvos 13, *)) {
+      [GULSceneDelegateSwizzler registerSceneDelegateInterceptor:strongSelf];
+    }
 #endif  // ((TARGET_OS_IOS || TARGET_OS_TV) && (__IPHONE_OS_VERSION_MAX_ALLOWED >= 130000))
 #endif  // TARGET_OS_IOS
-    });
-  }
-  return self;
+  });
 }
 
 - (void)dealloc {
