fastlane-plugin-firebase_app_distribution 0.3.3 → 0.3.4.pre.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8a1fbbe97c9bb43345aa73b821b9a0f192bbd0f6820917923927377880f58b03
-  data.tar.gz: 40cf095bae9f86eb68015545991ccdcae9b2024851cb2e991d12c6f145cf68f8
+  metadata.gz: 91839fcf765eec633a450478d6ea098749fbe5aface36f1ee02b0b054a4df3cf
+  data.tar.gz: 5548c844a4c5bfb9bd99b8895d0a2d83f2a2af0c77e030df97629183684096a2
 SHA512:
-  metadata.gz: 6b1c43fd6f71064334580d10842a1e1b31904e769140124ea5bbca7f6111771c5611fc9e74e08e6b5039ee38e8a0996f020a0ae2abdccd2f0f9438273b2514b4
-  data.tar.gz: 32491201cbcc854397f498b7c7064d296fe4220396afdf46d3c9a600e58af1f0af8ba9a2b74a4127cc6d87639fb6e9320cf4173076f9bf9a03b9a675c83bdaa8
+  metadata.gz: 86be9d6224a6fbc54124a5f9de5d35932086eca74541b43a7adf4c23d4b4d2ffc88a0c7b8e17f6cd6aa8a4755225856e3164f622d0df52f357795e91ad7a8e57
+  data.tar.gz: ef77e82347bee131ab33ec38cb9c14b95db3c0b3e09969af2cf3e5c9544c4ecb5fbdb64e7d9792098f3060ba7ad18c918b27ad412b8910e109353d2a88bbc59e

data/lib/fastlane/plugin/firebase_app_distribution/actions/firebase_app_distribution_login.rb

@@ -1,11 +1,9 @@
 require 'googleauth'
-require 'googleauth/stores/file_token_store'
 require "fileutils"
 
 module Fastlane
   module Actions
     class FirebaseAppDistributionLoginAction < Action
-      OOB_URI = "urn:ietf:wg:oauth:2.0:oob"
       SCOPE = "https://www.googleapis.com/auth/cloud-platform"
 
       # In this type of application, the client secret is not treated as a secret.
@@ -14,24 +12,65 @@ module Fastlane
       CLIENT_SECRET = "j9iVZfS8kkCEFUPaAeJV0sAi"
 
       def self.run(params)
+        callback_uri = "http://localhost:#{params[:port]}"
         client_id = Google::Auth::ClientId.new(CLIENT_ID, CLIENT_SECRET)
-        authorizer = Google::Auth::UserAuthorizer.new(client_id, SCOPE, nil)
-        url = authorizer.get_authorization_url(base_url: OOB_URI)
+        authorizer = Google::Auth::UserAuthorizer.new(client_id, SCOPE, nil, callback_uri)
+
+        # Create an anti-forgery state token as described here:
+        # https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
+        state = SecureRandom.hex(16)
+        url = authorizer.get_authorization_url(state: state)
 
         UI.message("Open the following address in your browser and sign in with your Google account:")
         UI.message(url)
-        UI.message("")
-        code = UI.input("Enter the resulting code here: ")
-        credentials = authorizer.get_credentials_from_code(code: code, base_url: OOB_URI)
-        UI.message("")
 
+        response_params = get_authorization_code(params[:port])
+
+        # Confirm that the state in the response matches the state token used to
+        # generate the authorization URL.
+        unless state == response_params['state'][0]
+          UI.crash!('An error has occurred. The state parameter in the authorization response does not match the expected state, which could mean that a malicious attacker is trying to make a login request.')
+        end
+
+        user_credentials = authorizer.get_credentials_from_code(
+          code: response_params['code'][0]
+        )
         UI.success("Set the refresh token as the FIREBASE_TOKEN environment variable")
-        UI.success("Refresh Token: #{credentials.refresh_token}")
-      rescue Signet::AuthorizationError
-        UI.error("The code you entered is invalid. Copy and paste the code and try again.")
+        UI.success("Refresh Token: #{user_credentials.refresh_token}")
       rescue => error
         UI.error(error.to_s)
-        UI.crash!("An error has occured, please login again.")
+        UI.crash!("An error has occurred, please login again.")
+      end
+
+      def self.get_authorization_code(port)
+        begin
+          server = TCPServer.open(port)
+        rescue Errno::EADDRINUSE => error
+          UI.error(error.to_s)
+          UI.crash!("Port #{port} is in use. Please specify a different one using the port parameter.")
+        end
+        client = server.accept
+        callback_request = client.readline
+        # Use a regular expression to extract the request line from the first line of
+        # the callback request, e.g.:
+        #   GET /?code=AUTH_CODE&state=XYZ&scope=... HTTP/1.1
+        matcher = /GET +([^ ]+)/.match(callback_request)
+        response_params = CGI.parse(URI.parse(matcher[1]).query) unless matcher.nil?
+
+        client.puts("HTTP/1.1 200 OK")
+        client.puts("Content-Type: text/html")
+        client.puts("")
+        client.puts("<b>")
+        if response_params['code'].nil?
+          client.puts("Failed to retrieve authorization code.")
+        else
+          client.puts("Authorization code was successfully retrieved.")
+        end
+        client.puts("</b>")
+        client.puts("<p>Please check the console output.</p>")
+        client.close
+
+        return response_params
       end
 
       #####################################################
@@ -55,6 +94,18 @@ module Fastlane
       def self.is_supported?(platform)
         [:ios, :android].include?(platform)
       end
+
+      def self.available_options
+        [
+          FastlaneCore::ConfigItem.new(key: :port,
+                                       env_name: "FIREBASEAPPDISTRO_LOGIN_PORT",
+                                       description: "Port for the local web server which receives the response from Google's authorization server",
+                                       default_value: "8081",
+                                       optional: true,
+                                       type: String)
+
+        ]
+      end
     end
   end
 end

data/lib/fastlane/plugin/firebase_app_distribution/helper/firebase_app_distribution_helper.rb

@@ -24,13 +24,12 @@ module Fastlane
         value
       end
 
-      # Returns the array representation of a string with comma seperated values.
-      #
-      # Does not work with strings whose individual values have spaces. EX "Hello World" the space will be removed to "HelloWorld"
+      # Returns the array representation of a string with trimmed comma
+      # seperated values.
       def string_to_array(string)
         return nil if string.nil? || string.empty?
-        string_array = string.gsub(/\s+/, '').split(",")
-        return string_array
+        # Strip string and then strip individual values
+        string.strip.split(",").map(&:strip)
       end
 
       def parse_plist(path)

data/lib/fastlane/plugin/firebase_app_distribution/version.rb

@@ -1,5 +1,5 @@
 module Fastlane
   module FirebaseAppDistribution
-    VERSION = "0.3.3"
+    VERSION = "0.3.4.pre.1"
   end
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: fastlane-plugin-firebase_app_distribution
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.4.pre.1
 platform: ruby
 authors:
 - Stefan Natchev
 - Manny Jimenez
 - Alonso Salas Infante
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-22 00:00:00.000000000 Z
+date: 2022-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -138,7 +138,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.127.1
-description: 
+description:
 email:
 - snatchev@google.com
 - mannyjimenez@google.com
@@ -168,7 +168,7 @@ homepage: https://github.com/fastlane/fastlane-plugin-firebase_app_distribution
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -179,12 +179,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.2.32
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Release your beta builds to Firebase App Distribution. https://firebase.google.com/docs/app-distribution
 test_files: []