[Link] Delete invalid session cookies (#985)

* Delete invalid cookies * Add test
stripe · Apr 14, 2022 · f6dbfa8 · f6dbfa8
1 parent aa87c49
commit f6dbfa8
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 2 deletions.
diff --git a/Stripe/STPAPIClient+Link.swift b/Stripe/STPAPIClient+Link.swift
@@ -23,7 +23,8 @@ extension STPAPIClient {
             parameters["email_address"] = email.lowercased()
         }
 
-        if let cookies = cookieStore.formattedSessionCookies() {
+        let cookies = cookieStore.formattedSessionCookies()
+        if let cookies = cookies {
             parameters["cookies"] = cookies
         }
 
@@ -40,8 +41,14 @@ extension STPAPIClient {
             endpoint: endpoint,
             parameters: parameters
         ) { lookupResponse, _, error in
-            if case .found(let consumerSession) = lookupResponse?.responseType {
+            switch lookupResponse?.responseType {
+            case .found(let consumerSession):
                 consumerSession.updateCookie(withStore: cookieStore)
+            case .notFound(_) where cookies != nil:
+                // Delete invalid cookie, if any
+                cookieStore.delete(key: cookieStore.sessionCookieKey)
+            default:
+                break
             }
 
             completion(lookupResponse, error)

diff --git a/Tests/Tests/ConsumerSessionTests.swift b/Tests/Tests/ConsumerSessionTests.swift
@@ -43,6 +43,34 @@ class ConsumerSessionTests: XCTestCase {
         wait(for: [expectation], timeout: STPTestingNetworkRequestTimeout)
     }
 
+    func testLookupSession_shouldDeleteInvalidSessionCookies() {
+        let expectation = self.expectation(description: "Lookup ConsumerSession")
+
+        cookieStore.write(key: cookieStore.sessionCookieKey, value: "bad_session_cookie", allowSync: false)
+
+        ConsumerSession.lookupSession(for: nil, with: apiClient, cookieStore: cookieStore) { lookupResponse, error in
+            XCTAssertNil(error, "Unexpected error received")
+
+            if let lookupResponse = lookupResponse {
+                switch lookupResponse.responseType {
+                case .notFound(_):
+                    // Expected response type.
+                    break
+
+                case .noAvailableLookupParams, .found(_):
+                    XCTFail("Unexpected response type: \(lookupResponse.responseType)")
+                }
+            } else {
+                XCTFail("Received nil ConsumerSession.LookupResponse")
+            }
+
+            expectation.fulfill()
+        }
+
+        wait(for: [expectation], timeout: STPTestingNetworkRequestTimeout)
+        XCTAssertNil(cookieStore.read(key: cookieStore.sessionCookieKey), "Invalid cookie not deleted")
+    }
+
     func testLookupSession_cookieOnly() {
         _ = createVerifiedConsumerSession()
         let expectation = self.expectation(description: "loookup consumersession")