fastlane-plugin-firebase_app_distribution 0.3.2 → 0.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc1248f0ff34d8d0f74cafde4a839963d6d38bd73921bd7c5e8b02bd8b3fafeb
-  data.tar.gz: 7a890cb66dbff3157e3e7a490e5cfd7b994a3b7d6dfbee860afa8adc61038da0
+  metadata.gz: 95f39c2a13ac05b24c98fe9a6d1fc86b0b943c2863ef1828389456e6d6755760
+  data.tar.gz: b2bcc6f542c283d7bb2b8627dd09d4c1bcf2efb5831b5383a94a062cdc508df6
 SHA512:
-  metadata.gz: 2e97c2cc4f08ef9d3930305116c828e7b8fffb6a627958e502b1b9423e1cbe1b9505c06ec49d49d771cca353b371ee2aa4aa0f219f29c0cb90e41a028415f48f
-  data.tar.gz: dc8b9b8cfdce10575df9bb157c5a464967e7082a18f71c30ddd2e7bbffcfda2f2265c091f1c65e4faf0683888c93f87078fb8e720cd2339d970c06c85c4302b5
+  metadata.gz: 4c6cdc3695ceb9c9eb3cc5615e7f6a3cd5ce7a51abfb7f08ef782f82148b506b77993f58ce2b66543d43b0b529959f2bea2a52d3c57db165b4fa4a8bcc7c2db7
+  data.tar.gz: 00d23c9c049c7a1058d07e5f2df2eb05eb7a41ee8c7cf15aca07e3e524a99752f679d238eb99054367ebbb86ba95cc3391be007bb23f95817119345511f6e451

data/lib/fastlane/plugin/firebase_app_distribution/actions/firebase_app_distribution_action.rb

@@ -18,6 +18,10 @@ module Fastlane
       def self.run(params)
         params.values # to validate all inputs before looking for the ipa/apk/aab
 
+        if params[:debug]
+          UI.important("Warning: Debug logging enabled. Output may include sensitive information.")
+        end
+
         app_id = app_id_from_params(params)
         app_name = app_name_from_app_id(app_id)
         platform = lane_platform || platform_from_app_id(app_id)
@@ -197,12 +201,12 @@ module Fastlane
                                        type: String),
           FastlaneCore::ConfigItem.new(key: :groups,
                                        env_name: "FIREBASEAPPDISTRO_GROUPS",
-                                       description: "The groups used for distribution, separated by commas",
+                                       description: "The group aliases used for distribution, separated by commas",
                                        optional: true,
                                        type: String),
           FastlaneCore::ConfigItem.new(key: :groups_file,
                                        env_name: "FIREBASEAPPDISTRO_GROUPS_FILE",
-                                       description: "The groups used for distribution, separated by commas",
+                                       description: "The group aliases used for distribution, separated by commas",
                                        optional: true,
                                        type: String),
           FastlaneCore::ConfigItem.new(key: :testers,

data/lib/fastlane/plugin/firebase_app_distribution/actions/firebase_app_distribution_login.rb

@@ -1,11 +1,9 @@
 require 'googleauth'
-require 'googleauth/stores/file_token_store'
 require "fileutils"
 
 module Fastlane
   module Actions
     class FirebaseAppDistributionLoginAction < Action
-      OOB_URI = "urn:ietf:wg:oauth:2.0:oob"
       SCOPE = "https://www.googleapis.com/auth/cloud-platform"
 
       # In this type of application, the client secret is not treated as a secret.
@@ -14,24 +12,65 @@ module Fastlane
       CLIENT_SECRET = "j9iVZfS8kkCEFUPaAeJV0sAi"
 
       def self.run(params)
+        callback_uri = "http://localhost:#{params[:port]}"
         client_id = Google::Auth::ClientId.new(CLIENT_ID, CLIENT_SECRET)
-        authorizer = Google::Auth::UserAuthorizer.new(client_id, SCOPE, nil)
-        url = authorizer.get_authorization_url(base_url: OOB_URI)
+        authorizer = Google::Auth::UserAuthorizer.new(client_id, SCOPE, nil, callback_uri)
+
+        # Create an anti-forgery state token as described here:
+        # https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
+        state = SecureRandom.hex(16)
+        url = authorizer.get_authorization_url(state: state)
 
         UI.message("Open the following address in your browser and sign in with your Google account:")
         UI.message(url)
-        UI.message("")
-        code = UI.input("Enter the resulting code here: ")
-        credentials = authorizer.get_credentials_from_code(code: code, base_url: OOB_URI)
-        UI.message("")
 
+        response_params = get_authorization_code(params[:port])
+
+        # Confirm that the state in the response matches the state token used to
+        # generate the authorization URL.
+        unless state == response_params['state'][0]
+          UI.crash!('An error has occurred. The state parameter in the authorization response does not match the expected state, which could mean that a malicious attacker is trying to make a login request.')
+        end
+
+        user_credentials = authorizer.get_credentials_from_code(
+          code: response_params['code'][0]
+        )
         UI.success("Set the refresh token as the FIREBASE_TOKEN environment variable")
-        UI.success("Refresh Token: #{credentials.refresh_token}")
-      rescue Signet::AuthorizationError
-        UI.error("The code you entered is invalid. Copy and paste the code and try again.")
+        UI.success("Refresh Token: #{user_credentials.refresh_token}")
       rescue => error
         UI.error(error.to_s)
-        UI.crash!("An error has occured, please login again.")
+        UI.crash!("An error has occurred, please login again.")
+      end
+
+      def self.get_authorization_code(port)
+        begin
+          server = TCPServer.open(port)
+        rescue Errno::EADDRINUSE => error
+          UI.error(error.to_s)
+          UI.crash!("Port #{port} is in use. Please specify a different one using the port parameter.")
+        end
+        client = server.accept
+        callback_request = client.readline
+        # Use a regular expression to extract the request line from the first line of
+        # the callback request, e.g.:
+        #   GET /?code=AUTH_CODE&state=XYZ&scope=... HTTP/1.1
+        matcher = /GET +([^ ]+)/.match(callback_request)
+        response_params = CGI.parse(URI.parse(matcher[1]).query) unless matcher.nil?
+
+        client.puts("HTTP/1.1 200 OK")
+        client.puts("Content-Type: text/html")
+        client.puts("")
+        client.puts("<b>")
+        if response_params['code'].nil?
+          client.puts("Failed to retrieve authorization code.")
+        else
+          client.puts("Authorization code was successfully retrieved.")
+        end
+        client.puts("</b>")
+        client.puts("<p>Please check the console output.</p>")
+        client.close
+
+        return response_params
       end
 
       #####################################################
@@ -55,6 +94,18 @@ module Fastlane
       def self.is_supported?(platform)
         [:ios, :android].include?(platform)
       end
+
+      def self.available_options
+        [
+          FastlaneCore::ConfigItem.new(key: :port,
+                                       env_name: "FIREBASEAPPDISTRO_LOGIN_PORT",
+                                       description: "Port for the local web server which receives the response from Google's authorization server",
+                                       default_value: "8081",
+                                       optional: true,
+                                       type: String)
+
+        ]
+      end
     end
   end
 end

data/lib/fastlane/plugin/firebase_app_distribution/client/firebase_app_distribution_api_client.rb

@@ -46,7 +46,7 @@ module Fastlane
             request.headers[CONTENT_TYPE] = APPLICATION_JSON
           end
         rescue Faraday::ClientError
-          UI.user_error!("#{ErrorMessage::INVALID_TESTERS} \nEmails: #{emails} \nGroups: #{group_aliases}")
+          UI.user_error!("#{ErrorMessage::INVALID_TESTERS} \nEmails: #{emails} \nGroup Aliases: #{group_aliases}")
         end
         UI.success("✅ Added testers/groups.")
       end

data/lib/fastlane/plugin/firebase_app_distribution/helper/firebase_app_distribution_auth_client.rb

@@ -4,6 +4,8 @@ module Fastlane
   module Auth
     module FirebaseAppDistributionAuthClient
       TOKEN_CREDENTIAL_URI = "https://oauth2.googleapis.com/token"
+      REDACTION_EXPOSED_LENGTH = 5
+      REDACTION_CHARACTER = "X"
 
       # Returns the auth token for any of the auth methods (Firebase CLI token,
       # Google service account, firebase-tools). To ensure that a specific
@@ -73,8 +75,14 @@ module Fastlane
         client.fetch_access_token!
         client.access_token
       rescue Signet::AuthorizationError => error
-        log_authorization_error_details(error) if debug
-        UI.user_error!(ErrorMessage::REFRESH_TOKEN_ERROR)
+        error_message = ErrorMessage::REFRESH_TOKEN_ERROR
+        if debug
+          error_message += "\nRefresh token used: #{format_token(refresh_token)}\n"
+          error_message += error_details(error)
+        else
+          error_message += " #{debug_instructions}"
+        end
+        UI.user_error!(error_message)
       end
 
       def service_account(google_service_path, debug)
@@ -86,14 +94,32 @@ module Fastlane
       rescue Errno::ENOENT
         UI.user_error!("#{ErrorMessage::SERVICE_CREDENTIALS_NOT_FOUND}: #{google_service_path}")
       rescue Signet::AuthorizationError => error
-        log_authorization_error_details(error) if debug
-        UI.user_error!("#{ErrorMessage::SERVICE_CREDENTIALS_ERROR}: #{google_service_path}")
+        error_message = "#{ErrorMessage::SERVICE_CREDENTIALS_ERROR}: \"#{google_service_path}\""
+        if debug
+          error_message += "\n#{error_details(error)}"
+        else
+          error_message += ". #{debug_instructions}"
+        end
+        UI.user_error!(error_message)
+      end
+
+      def error_details(error)
+        "#{error.message}\nResponse status: #{error.response.status}"
+      end
+
+      def debug_instructions
+        "For more information, try again with firebase_app_distribution's \"debug\" parameter set to \"true\"."
       end
 
-      def log_authorization_error_details(error)
-        UI.error("Error fetching access token:")
-        UI.error(error.message)
-        UI.error("Response status: #{error.response.status}")
+      # Formats and redacts a token for printing out during debug logging. Examples:
+      #   'abcd' -> '"abcd"''
+      #   'abcdef1234' -> '"XXXXXf1234" (redacted)'
+      def format_token(str)
+        redaction_notice = str.length > REDACTION_EXPOSED_LENGTH ? " (redacted)" : ""
+        exposed_start_char = [str.length - REDACTION_EXPOSED_LENGTH, 0].max
+        exposed_characters = str[exposed_start_char, REDACTION_EXPOSED_LENGTH]
+        redacted_characters = REDACTION_CHARACTER * [str.length - REDACTION_EXPOSED_LENGTH, 0].max
+        "\"#{redacted_characters}#{exposed_characters}\"#{redaction_notice}"
       end
     end
   end

data/lib/fastlane/plugin/firebase_app_distribution/helper/firebase_app_distribution_error_message.rb

@@ -11,9 +11,9 @@ module ErrorMessage
   INVALID_APP_ID = "App Distribution could not find your app. Make sure to onboard your app by pressing the \"Get started\" button on the App Distribution page in the Firebase console: https://console.firebase.google.com/project/_/appdistribution. App ID"
   INVALID_PROJECT = "App Distribution could not find your Firebase project. Make sure to onboard an app in your project by pressing the \"Get started\" button on the App Distribution page in the Firebase console: https://console.firebase.google.com/project/_/appdistribution."
   INVALID_PATH = "Could not read content from"
-  INVALID_TESTERS = "Could not enable access for testers. Check that the groups exist and the tester emails are formatted correctly"
+  INVALID_TESTERS = "Could not enable access for testers. Check that the tester emails are formatted correctly, the groups exist and you are using group aliases (not group names) for specifying groups."
   INVALID_RELEASE_NOTES = "Failed to add release notes"
-  SERVICE_CREDENTIALS_ERROR = "App Distribution could not generate credentials from the service credentials file specified. Service Account Path"
+  SERVICE_CREDENTIALS_ERROR = "App Distribution could not generate credentials from the service credentials file specified"
   PLAY_ACCOUNT_NOT_LINKED = "This project is not linked to a Google Play account."
   APP_NOT_PUBLISHED = "This app is not published in the Google Play console."
   NO_APP_WITH_GIVEN_BUNDLE_ID_IN_PLAY_ACCOUNT = "App with matching package name does not exist in Google Play."

data/lib/fastlane/plugin/firebase_app_distribution/helper/firebase_app_distribution_helper.rb

@@ -24,13 +24,12 @@ module Fastlane
         value
       end
 
-      # Returns the array representation of a string with comma seperated values.
-      #
-      # Does not work with strings whose individual values have spaces. EX "Hello World" the space will be removed to "HelloWorld"
+      # Returns the array representation of a string with trimmed comma
+      # seperated values.
       def string_to_array(string)
         return nil if string.nil? || string.empty?
-        string_array = string.gsub(/\s+/, '').split(",")
-        return string_array
+        # Strip string and then strip individual values
+        string.strip.split(",").map(&:strip)
       end
 
       def parse_plist(path)

data/lib/fastlane/plugin/firebase_app_distribution/version.rb

@@ -1,5 +1,5 @@
 module Fastlane
   module FirebaseAppDistribution
-    VERSION = "0.3.2"
+    VERSION = "0.3.4"
   end
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: fastlane-plugin-firebase_app_distribution
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.3.4
 platform: ruby
 authors:
 - Stefan Natchev
 - Manny Jimenez
 - Alonso Salas Infante
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-15 00:00:00.000000000 Z
+date: 2022-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -138,7 +138,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.127.1
-description: 
+description:
 email:
 - snatchev@google.com
 - mannyjimenez@google.com
@@ -168,7 +168,7 @@ homepage: https://github.com/fastlane/fastlane-plugin-firebase_app_distribution
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -183,8 +183,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Release your beta builds to Firebase App Distribution. https://firebase.google.com/docs/app-distribution
 test_files: []