From a9247d0362927252d98a7b55f652bb17663c3a39 Mon Sep 17 00:00:00 2001 From: Mel <78050250+mludowise-stripe@users.noreply.github.com> Date: Thu, 7 Apr 2022 16:29:08 -0700 Subject: [PATCH] Fix VerificationClientSecret format (#964) --- CHANGELOG.md | 5 +++++ .../Source/VerificationClientSecret.swift | 14 +++++--------- .../Unit/VerificationClientSecretTest.swift | 3 +++ 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10b863682f8..c395028e954 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## x.x.x 2022-x-x + +### Identity +* [Fixed] Fixes VerificationClientSecret (Thanks [Masataka-n](https://github.com/Masataka-n)!) + ## 22.1.0 2022-04-04 * [Changed] Localization improvements. ### Identity diff --git a/StripeIdentity/StripeIdentity/Source/VerificationClientSecret.swift b/StripeIdentity/StripeIdentity/Source/VerificationClientSecret.swift index 60357f24d37..ef264f04aa1 100644 --- a/StripeIdentity/StripeIdentity/Source/VerificationClientSecret.swift +++ b/StripeIdentity/StripeIdentity/Source/VerificationClientSecret.swift @@ -22,24 +22,20 @@ extension VerificationClientSecret { - returns: nil if the client secret is invalid */ init?(string: String) { - // NOTE(mludowise): Setting `maxSplits` to `expectedComponentsCount` - // means that if there are too many underscores, the components will be - // equal to `expectedComponentsCount + 1`. - // This means strings like "vi__123_secret_456" will fail validation. let components = string .trimmingCharacters(in: .whitespacesAndNewlines) .split(separator: "_", - maxSplits: VerificationClientSecret.expectedComponentsCount, + maxSplits: VerificationClientSecret.expectedComponentsCount - 1, omittingEmptySubsequences: false) - // Matching regex /^((vi|vs)_[0-9a-zA-Z]+)_secret_([0-9a-zA-Z]+)$/ - guard components.count == VerificationClientSecret.expectedComponentsCount && + // Matching regex /^((vi|vs)_[0-9a-zA-Z]+)_secret_(.+)$/ + guard components.count >= VerificationClientSecret.expectedComponentsCount && (components[0] == "vi" || components[0] == "vs") && !components[1].isEmpty && (components[1].rangeOfCharacter(from: CharacterSet.alphanumerics.inverted) == nil) && components[2] == "secret" && - !components[3].isEmpty && - (components[3].rangeOfCharacter(from: CharacterSet.alphanumerics.inverted) == nil) else { + !components[3].isEmpty + else { return nil } diff --git a/StripeIdentity/StripeIdentityTests/Unit/VerificationClientSecretTest.swift b/StripeIdentity/StripeIdentityTests/Unit/VerificationClientSecretTest.swift index 703a48d91d1..c426a8ee488 100644 --- a/StripeIdentity/StripeIdentityTests/Unit/VerificationClientSecretTest.swift +++ b/StripeIdentity/StripeIdentityTests/Unit/VerificationClientSecretTest.swift @@ -17,6 +17,9 @@ final class VerificationClientSecretTest: XCTestCase { verifySecret(secretString: " vi_abc123_secret_xyz456 ", expectedSessionId: "vi_abc123", expectedUrlToken: "xyz456") verifySecret(secretString: "vs_abc123_secret_xyz456", expectedSessionId: "vs_abc123", expectedUrlToken: "xyz456") verifySecret(secretString: " vs_abc123_secret_xyz456 ", expectedSessionId: "vs_abc123", expectedUrlToken: "xyz456") + verifySecret(secretString: "vi_abc123_secret_test_xyz456", expectedSessionId: "vi_abc123", expectedUrlToken: "test_xyz456") + verifySecret(secretString: "vi_abc123_secret_live_xyz456", expectedSessionId: "vi_abc123", expectedUrlToken: "live_xyz456") + verifySecret(secretString: "vi_abc123_secret_somestring___xyz456", expectedSessionId: "vi_abc123", expectedUrlToken: "somestring___xyz456") } func testInvalidSecrets() {