add trackVerifiedToken() #270
Conversation
nickpatrick
requested review from
tjulien,
tderouin,
corypisano,
lmeier and
jsani-radar
| if (encrypted) { | ||
| if (!tokenObj) { | ||
| return completionHandler(status, nil, nil, nil, nil, nil, nil); | ||
| } | ||
|
|
||
| NSString *token = (NSString *)tokenObj; | ||
|
|
||
| return completionHandler(status, nil, nil, nil, nil, nil, token); | ||
| } |
There was a problem hiding this comment.
This codepath is completely forgoing updating the event & location update handlers, trips, & place updating.
As such, trackVerified and trackVerifiedEncrypted behave significantly differently -- wonder how we should make it clear to users the difference in behavior and effects (could see myself getting confused by this).
There was a problem hiding this comment.
Will mention on /documentation. Most people using this aren't going to be using startTracking(), so shouldn't cause unexpected behavior in practice
Example/Example/AppDelegate.swift
Outdated
| Radar.setDelegate(self) | ||
|
|
||
| Radar.trackVerified { status, location, events, user in | ||
|
|
There was a problem hiding this comment.
I ran into a weird issue with this:
Radar.trackVerifiedEncrypted{ ( status, token ) in
NSLog("Got token:")
NSLog(token!)
}
The token printed was truncated to 1,024 characters, but the token returned from the server was 7,000+ characters.
While running the debugger, and clicking Copy, would sometimes copy the truncated value, but not always:
I had to run print (void)CFShow(token) in the debugging console to show the entire token to confirm it was being captured.
There was a problem hiding this comment.
I ran into a similar issue testing on Android where logcat lines seem to be truncated to 4000 chars, but my token was something like 4300. I just printed it in two parts. In any case, I reverted this. We can revisit inclusion in sample app when we revisit sample app code more broadly
RadarSDK/Include/Radar.h
Outdated
|
|
||
| Receives the request status and, if successful, a JSON Web Token (JWT) containing an array of the events generated and the user. Decrypt the JWT server-side using your private key. | ||
|
|
||
| @see https://radar.com/documentation/sdk/ios |
There was a problem hiding this comment.
should we be pointing to the iOS docs or fraud docs? comments above the callback and method are inconsistent at the moment
There was a problem hiding this comment.
Good catch, will update
| @@ -219,7 +219,7 @@ + (void)trackOnceWithLocation:(CLLocation *)location completionHandler:(RadarTra | |||
| replayed:NO | |||
| beacons:nil | |||
There was a problem hiding this comment.
is there a use case where a customer would want the payload encrypted through the vanilla trackOnce call and not necessarily need SSL pinning? wondering if we should add an encrypted option here too
There was a problem hiding this comment.
I don't think there is, I think if they want the encrypted payload they have to do the full trackVerified experience.
| @@ -219,7 +219,7 @@ + (void)trackOnceWithLocation:(CLLocation *)location completionHandler:(RadarTra | |||
| replayed:NO | |||
| beacons:nil | |||
| completionHandler:^(RadarStatus status, NSDictionary *_Nullable res, NSArray<RadarEvent *> *_Nullable events, RadarUser *_Nullable user, | |||
| NSArray<RadarGeofence *> *_Nullable nearbyGeofences, RadarConfig *_Nullable config) { | |||
| NSArray<RadarGeofence *> *_Nullable nearbyGeofences, RadarConfig *_Nullable config, NSString *_Nullable token) { | |||
There was a problem hiding this comment.
do we call out anywhere that the rest of the objects in this callback will be nil if token is present?
There was a problem hiding this comment.
This callback is only ever used internally, not worried about it
RadarSDK/RadarUtils.m
Outdated
| NSString *testPath = @"/private/JailbreakTest.txt"; | ||
| NSData *data = [@"This is a test." dataUsingEncoding:NSUTF8StringEncoding]; | ||
|
|
||
| NSError *error; | ||
| [data writeToFile:testPath options:NSDataWritingAtomic error:&error]; | ||
|
|
||
| // If no error occurred, the device is likely jailbroken | ||
| if (!error) { | ||
| NSLog(@"failed check 2"); | ||
| [[NSFileManager defaultManager] removeItemAtPath:testPath error:nil]; | ||
| return YES; | ||
| } |
There was a problem hiding this comment.
The first test makes sense to me.
For this test here, I'd love to read up on why this test works — is there a SO or other resource you can point me to?
There was a problem hiding this comment.
This doesn't actually work, reverting
| @@ -86,6 +87,7 @@ typedef void (^_Nonnull RadarSyncLogsAPICompletionHandler)(RadarStatus status); | |||
| attestationString:(NSString *_Nullable)attestationString | |||
| keyId:(NSString *_Nullable)keyId | |||
| attestationError:(NSString *_Nullable)attestationError | |||
| encrypted:(BOOL)encrypted | |||
There was a problem hiding this comment.
was going to suggest we think about changing this to verified given discussion in slack & recent changes, but of course that's already used.. 🤔
There was a problem hiding this comment.
Looking at the JWT docs, I think encoded instead of encrypted would perhaps be most accurate
There was a problem hiding this comment.
Thinking we can change param or endpoint name or switch to a project setting later on
There was a problem hiding this comment.
token param or POST /track/token endpoint are both options, too
* First part of offline replay * Fix kotlin errors * Fix params for replays * Extend timeout * Fix unallocated val bug * Fix nowMS bug * Fix connectTimeout numbers * Bump version to 3.5.12-beta.2 to cut a prerelease * Bump nexus client timeout * Fix bugs in buffer logic * bump version to 3.5.11-beta.6
* publish SNAPSHOT releases from pre-releases not from pushing to develop (#259) * don't publish pre-releases to maven as a release * publish SNAPSHOTs from pre-releases not from pushing to develop * MOB-57: update the README with more detail on example app (#260) Co-authored-by: Jason R Tibbetts <[email protected]> Co-authored-by: Nick Patrick <[email protected]> Co-authored-by: Tim Julien <[email protected]> * Surface center, radius, and location for geofences & places (#267) * Surface center, radius, and location for geofences & places * rely on geofence's geometry for center and radius, add test * RAD-5747 Anonymous config call in `trackOnce` (#266) * add config call for anonymous before track * add boolean for track usage * usage enum not bool * resume usage * move config track usage call later in the call stack * move config track usage call later in the call stack * use anon val * bump version * 3.5.11 version bump --------- Co-authored-by: Jason R Tibbetts <[email protected]> Co-authored-by: Nick Patrick <[email protected]> Co-authored-by: Tim Julien <[email protected]> * Include approachingThreshold in tripOptions (#261) * Include approachingThreshold in trip options helper functions * Only include in dictionary if > 0, add test * Offline replay (#270) * First part of offline replay * Fix kotlin errors * Fix params for replays * Extend timeout * Fix unallocated val bug * Fix nowMS bug * Fix connectTimeout numbers * Bump version to 3.5.12-beta.2 to cut a prerelease * Bump nexus client timeout * Fix bugs in buffer logic * bump version to 3.5.11-beta.6 * dont fire event listeners for custom events (#263) * publish beta's the same way we publish final releases (#273) * publish beta's the same way we publish final releases * Delete radar-snapshot-action.yml * Update build.gradle * Always clear last location if successful track (#272) * Always clear last location if succesful track * Always use System.currentTimeMillis() * Always clear ReplayBuffer upon successful request --------- Co-authored-by: Tim Julien <[email protected]> * version bump * set replay = NONE for continuous * not beta anymore --------- Co-authored-by: Travis Derouin <[email protected]> Co-authored-by: Jason R Tibbetts <[email protected]> Co-authored-by: Nick Patrick <[email protected]> Co-authored-by: Liam Meier <[email protected]> Co-authored-by: David Goodfellow <[email protected]> Co-authored-by: jsani-radar <[email protected]>
No description provided.