Campus Express token auth state fix

pennlabs · Mar 1, 2022 · 6e89245 · 6e89245
1 parent cab5fdd
commit 6e89245
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/PennMobile/Dining/Controllers/DiningLoginController.swift b/PennMobile/Dining/Controllers/DiningLoginController.swift
@@ -37,7 +37,7 @@ class DiningLoginController: UIViewController, WKUIDelegate, WKNavigationDelegat
         var url = URL(string: urlStr)!
         url.appendQueryItem(name: "response_type", value: "code")
         url.appendQueryItem(name: "client_id", value: clientId)
-        url.appendQueryItem(name: "state", value: "abc")
+        url.appendQueryItem(name: "state", value: stateString)
         url.appendQueryItem(name: "scope", value: "read")
         url.appendQueryItem(name: "code_challenge", value: codeChallenge)
         url.appendQueryItem(name: "code_challenge_method", value: "S256")
@@ -54,6 +54,8 @@ class DiningLoginController: UIViewController, WKUIDelegate, WKNavigationDelegat
 
     private let codeVerifier = String.randomString(length: 64)
 
+    private let state = String.randomString(length: 64)
+
     private var codeChallenge: String {
         var challenge = hash(string: codeVerifier, encoding: .base64)
         challenge.removeAll(where: { $0 == "=" })
@@ -62,11 +64,19 @@ class DiningLoginController: UIViewController, WKUIDelegate, WKNavigationDelegat
         return challenge
     }
 
+    private var stateString: String {
+        var state = state
+        state.removeAll(where: { $0 == "=" })
+        state = state.replacingOccurrences(of: "+", with: "-")
+        state = state.replacingOccurrences(of: "/", with: "_")
+        return state
+    }
+
     func webView(_ webView: WKWebView, decidePolicyFor navigationResponse: WKNavigationResponse, decisionHandler: @escaping (WKNavigationResponsePolicy) -> Void) {
         if let url = navigationResponse.response.url, url.absoluteString.contains("https://pennlabs.org/pennmobile/ios/campus_express_callback/") {
             let queryParams = url.queryParameters
 
-            guard queryParams["state"] == "abc" else { print("ERROR"); return }
+            guard queryParams["state"] == stateString else { return }
 
             if let code = queryParams["code"] {
                 var url = URL(string: "https://prod.campusexpress.upenn.edu/api/v1/oauth/token")!

diff --git a/PennMobile/Dining/SwiftUI/DiningViewModelSwiftUI.swift b/PennMobile/Dining/SwiftUI/DiningViewModelSwiftUI.swift
@@ -26,7 +26,6 @@ class DiningViewModelSwiftUI: ObservableObject {
 
     init() {
         refreshVenues()
-        refreshBalance()
     }
 
     func refreshVenues() {
@@ -79,6 +78,8 @@ class DiningViewModelSwiftUI: ObservableObject {
                 self.diningBalance = DiningBalance(diningDollars: "0.0", regularVisits: 0, guestVisits: 0, addOnVisits: 0)
                 return
             }
+
+        print(diningToken)
             DiningAPI.instance.getDiningBalance(diningToken: diningToken) { balance in
                 guard let balance = balance else {
                     return

diff --git a/PennMobile/Setup + Navigation/RootViewController.swift b/PennMobile/Setup + Navigation/RootViewController.swift
@@ -115,7 +115,6 @@ class RootViewController: UIViewController, NotificationRequestable, ShowsAlert
 
         UserDBManager.shared.getWhartonStatus { result in
             if let isWharton = try? result.get() {
-                print(isWharton)
                 UserDefaults.standard.set(isInWharton: isWharton)
             }
         }