Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIWA: fix the app not logging out after Apple credential is revoked when account has 2FA #2961

Merged
merged 5 commits into from
Oct 20, 2020
Merged

SIWA: fix the app not logging out after Apple credential is revoked when account has 2FA #2961

merged 5 commits into from
Oct 20, 2020

Conversation

jaclync
Copy link
Contributor

@jaclync jaclync commented Oct 13, 2020
edited
Loading

Fixes #2960

Changes

  • Saved Apple ID to Keychain only when authentication is complete (more details in this comment). Reset local Apple ID when tapping on the login CTA in case the user changes to sign in with another method
  • In AppleIDCredentialChecker, handled some edge cases:
    • Removed Apple ID from Keychain on logout
    • On credentialRevokedNotification from Apple, only log out the app if Apple ID is saved in Keychain (currently signed in with Apple)
  • Removed unused code in LoginPrologueViewController that I noticed from debugging

Testing

SIWA with 2FA

  • Start with a WordPress.com account with 2FA that is connected to Apple and linked to at least one WC store with Jetpack
  • Log in to the app with SIWA to a store, wait for some data to load
  • Close the app
  • Go to Settings app > Apple ID > Password & Security > Apps using Apple ID and revoke access for WordPress
  • Open the app again --> the app should be logged out

SIWA, restart authentication with another method, revoke credentials

  • Start with a WordPress.com account with 2FA that is connected to Apple and linked to at least one WC store with Jetpack
  • Log in to the app with SIWA to a store, wait for some data to load
  • On the One-Time Password screen, tap "<" in the navigation bar to go back to login prologue
  • Log in with another method (Google or username/password) and wait for the app to load some data
  • Go to Settings app > Apple ID > Password & Security > Apps using Apple ID and revoke access for WordPress
  • Open the app again --> the app should not be logged out

Update release notes:

  • I have considered if this change warrants user-facing release notes and have added them to RELEASE-NOTES.txt if necessary.

@jaclync jaclync added the type: bug A confirmed bug. label Oct 13, 2020
@jaclync jaclync added this to the 5.3 milestone Oct 13, 2020
@jaclync jaclync requested a review from a team October 13, 2020 03:43
@jaclync jaclync self-assigned this Oct 13, 2020
@peril-woocommerce
Copy link

You can trigger optional UI/connected tests for these changes by visiting CircleCI here.

@peril-woocommerce
Copy link

You can trigger an installable build for these changes by visiting CircleCI here.

@jaclync jaclync modified the milestones: 5.3, 5.4 Oct 19, 2020
Ecarrion
Ecarrion approved these changes Oct 19, 2020
View reviewed changes
Copy link
Contributor

@Ecarrion Ecarrion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finally got to test this and works good for me! 🚀

@jaclync
Copy link
Contributor Author

jaclync commented Oct 20, 2020

Thank you for testing this @Ecarrion! 💟

@jaclync jaclync merged commit 3bdade4 into develop Oct 20, 2020
@jaclync jaclync deleted the issue/2960-siwa-2fa branch October 20, 2020 01:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ecarrion Ecarrion Ecarrion approved these changes

Assignees

@jaclync jaclync

Labels
type: bug A confirmed bug.
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.

SIWA: Apple credential can't be revoked when account has 2FA
2 participants
@jaclync @Ecarrion