Fixes NSSecureCoding (breaks backward compatibly)#315
Conversation
Codecov Report
@@ Coverage Diff @@
## master #315 +/- ##
==========================================
+ Coverage 74.05% 74.13% +0.08%
==========================================
Files 58 58
Lines 5076 5084 +8
==========================================
+ Hits 3759 3769 +10
+ Misses 1317 1315 -2
Continue to review full report at Codecov.
|
|
Good catch. Can you sign the CLA so we can review & merge this? |
Sure. |
|
Good catch. What a pain! I think the third option is the only choice, it's one thing to break API compatibility, but it's another to break all the existing serialized data. Can you add that backwards-compatibility logic that you proposed into the PR? |
|
Will do. I will also add tests to make sure the fix works. |
|
Unfortunately, I didn't found a way to accomplish what I wanted with backward compatibility. @WilliamDenniss up to you to decide what to do with this issue. For my code, I removed secure coding when using AppAuth. |
|
@StevenEWright any thoughts on this? |
|
Can we avoid catching exceptions and still maintain backwards compatibility by checking like: |
|
OK... we are talking about this offline, and I just wanted to update the thread with more info. Here is where the problem starts: AppAuth-iOS/Source/OIDServiceConfiguration.m Line 161 in 65ef95c This is where we decode the TL;DR: I don't believe any current serialized This may change the calculus of "backwards compatibility". If no current serialized data is decodable - then maintaining "backwards compatibility" is a moot point. We need to understand if there are other cases where this wouldn't be a problem (like maybe persisting But, if there are no current use cases where this does actually work, then we should just fix it properly and not worry about the "backwards compatibility" issue. Still looking.... |
|
Steve and I spent a bit of time debugging this. Our conclusion is that the root object of your discovery doc JSON was likely an array, and not a dictionary. I'm remiss for not asking for that data in the first place, but we reverse-engineered your code to assume that your doc must be an array. This line means that you'll accept an The fact that your discovery doc failed to decode, but then "succeeded" with your fix, we believe indicates it was an NSArray (else why would adding The official samples serialize and deserialize |
I found quite interesting bug in
OIDServiceDiscoveryNSSecureCodingimplementation:if
discoveryDictionarycontainsNSArrays as values, secure unarchive fails with exception:value for key 'NS.objects' was of unexpected class NSArray. Allowed classes are {( OIDServiceDiscovery )}.I found a way to fix this, but this breaks all current users archives.
The question is what can we do about this? I can think of the following variants:
NSSecureCodingis supported, while it is not.initWithCoder:in a way that will be able to decode old archives, but the new ones will be created with new secure coding implementation.Below is possible variant of 3rd option: