Fix VerificationClientSecret format (#964)

stripe · Apr 7, 2022 · a9247d0 · a9247d0
1 parent ae0eb4a
commit a9247d0
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## x.x.x 2022-x-x
+
+### Identity
+* [Fixed] Fixes VerificationClientSecret (Thanks [Masataka-n](https://github.com/Masataka-n)!)
+
 ## 22.1.0 2022-04-04
 * [Changed] Localization improvements.
 ### Identity

diff --git a/StripeIdentity/StripeIdentity/Source/VerificationClientSecret.swift b/StripeIdentity/StripeIdentity/Source/VerificationClientSecret.swift
@@ -22,24 +22,20 @@ extension VerificationClientSecret {
      - returns: nil if the client secret is invalid
      */
     init?(string: String) {
-        // NOTE(mludowise): Setting `maxSplits` to `expectedComponentsCount`
-        // means that if there are too many underscores, the components will be
-        // equal to `expectedComponentsCount + 1`.
-        // This means strings like "vi__123_secret_456" will fail validation.
         let components = string
             .trimmingCharacters(in: .whitespacesAndNewlines)
             .split(separator: "_",
-                   maxSplits: VerificationClientSecret.expectedComponentsCount,
+                   maxSplits: VerificationClientSecret.expectedComponentsCount - 1,
                    omittingEmptySubsequences: false)
 
-        // Matching regex /^((vi|vs)_[0-9a-zA-Z]+)_secret_([0-9a-zA-Z]+)$/
-        guard components.count == VerificationClientSecret.expectedComponentsCount &&
+        // Matching regex /^((vi|vs)_[0-9a-zA-Z]+)_secret_(.+)$/
+        guard components.count >= VerificationClientSecret.expectedComponentsCount &&
                 (components[0] == "vi" || components[0] == "vs") &&
                 !components[1].isEmpty &&
                 (components[1].rangeOfCharacter(from: CharacterSet.alphanumerics.inverted) == nil) &&
                 components[2] == "secret" &&
-                !components[3].isEmpty &&
-                (components[3].rangeOfCharacter(from: CharacterSet.alphanumerics.inverted) == nil) else {
+                !components[3].isEmpty
+        else {
             return nil
         }
 

diff --git a/StripeIdentity/StripeIdentityTests/Unit/VerificationClientSecretTest.swift b/StripeIdentity/StripeIdentityTests/Unit/VerificationClientSecretTest.swift
@@ -17,6 +17,9 @@ final class VerificationClientSecretTest: XCTestCase {
         verifySecret(secretString: " vi_abc123_secret_xyz456 ", expectedSessionId: "vi_abc123", expectedUrlToken: "xyz456")
         verifySecret(secretString: "vs_abc123_secret_xyz456", expectedSessionId: "vs_abc123", expectedUrlToken: "xyz456")
         verifySecret(secretString: " vs_abc123_secret_xyz456 ", expectedSessionId: "vs_abc123", expectedUrlToken: "xyz456")
+        verifySecret(secretString: "vi_abc123_secret_test_xyz456", expectedSessionId: "vi_abc123", expectedUrlToken: "test_xyz456")
+        verifySecret(secretString: "vi_abc123_secret_live_xyz456", expectedSessionId: "vi_abc123", expectedUrlToken: "live_xyz456")
+        verifySecret(secretString: "vi_abc123_secret_somestring___xyz456", expectedSessionId: "vi_abc123", expectedUrlToken: "somestring___xyz456")
     }
 
     func testInvalidSecrets() {