Add support for handling UserRecoverableAuthException (flutter#771)

bparrishMines · web-flow · commit b889b40bb4ea · 2018-09-21T11:26:00.000-07:00
diff --git a/packages/google_sign_in/CHANGELOG.md b/packages/google_sign_in/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 3.1.0
+
+* Add support to recover authentication for Android.
+
 ## 3.0.6
 
 * Remove flaky displayName assertion
diff --git a/packages/google_sign_in/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java b/packages/google_sign_in/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java
@@ -15,6 +15,7 @@
 import android.support.annotation.NonNull;
 import android.util.Log;
 import com.google.android.gms.auth.GoogleAuthUtil;
+import com.google.android.gms.auth.UserRecoverableAuthException;
 import com.google.android.gms.auth.api.Auth;
 import com.google.android.gms.auth.api.signin.GoogleSignIn;
 import com.google.android.gms.auth.api.signin.GoogleSignInAccount;
@@ -89,7 +90,8 @@ public void onMethodCall(MethodCall call, Result result) {
 
       case METHOD_GET_TOKENS:
         String email = call.argument("email");
-        delegate.getTokens(result, email);
+        boolean shouldRecoverAuth = call.argument("shouldRecoverAuth");
+        delegate.getTokens(result, email, shouldRecoverAuth);
         break;
 
       case METHOD_SIGN_OUT:
@@ -134,8 +136,11 @@ public void init(
     /**
      * Gets an OAuth access token with the scopes that were specified during initialization for the
      * user with the specified email address.
+     *
+     * <p>If shouldRecoverAuth is set to true and user needs to recover authentication for method to
+     * complete, the method will attempt to recover authentication and rerun method.
      */
-    public void getTokens(final Result result, final String email);
+    public void getTokens(final Result result, final String email, final boolean shouldRecoverAuth);
 
     /**
      * Signs the user out. Their credentials may remain valid, meaning they'll be able to silently
@@ -161,6 +166,7 @@ public void init(
    */
   public static final class Delegate implements IDelegate {
     private static final int REQUEST_CODE = 53293;
+    private static final int REQUEST_CODE_RECOVER_AUTH = 12345;
     private static final int REQUEST_CODE_RESOLVE_ERROR = 1001;
 
     private static final String ERROR_REASON_EXCEPTION = "exception";
@@ -170,6 +176,8 @@ public static final class Delegate implements IDelegate {
     private static final String ERROR_REASON_SIGN_IN_CANCELED = "sign_in_canceled";
     private static final String ERROR_REASON_SIGN_IN_REQUIRED = "sign_in_required";
     private static final String ERROR_REASON_SIGN_IN_FAILED = "sign_in_failed";
+    private static final String ERROR_FAILURE_TO_RECOVER_AUTH = "failed_to_recover_auth";
+    private static final String ERROR_USER_RECOVERABLE_AUTH = "user_recoverable_auth";
 
     private static final String STATE_RESOLVING_ERROR = "resolving_error";
 
@@ -199,11 +207,15 @@ public GoogleSignInAccount getCurrentAccount() {
     }
 
     private void checkAndSetPendingOperation(String method, Result result) {
+      checkAndSetPendingOperation(method, result, null);
+    }
+
+    private void checkAndSetPendingOperation(String method, Result result, Object data) {
       if (pendingOperation != null) {
         throw new IllegalStateException(
             "Concurrent operations detected: " + pendingOperation.method + ", " + method);
       }
-      pendingOperation = new PendingOperation(method, result);
+      pendingOperation = new PendingOperation(method, result, data);
     }
 
     /**
@@ -308,9 +320,13 @@ public void signIn(Result result) {
     /**
      * Gets an OAuth access token with the scopes that were specified during initialization for the
      * user with the specified email address.
+     *
+     * <p>If shouldRecoverAuth is set to true and user needs to recover authentication for method to
+     * complete, the method will attempt to recover authentication and rerun method.
      */
     @Override
-    public void getTokens(final Result result, final String email) {
+    public void getTokens(
+        final Result result, final String email, final boolean shouldRecoverAuth) {
       // TODO(issue/11107): Add back the checkAndSetPendingOperation once getTokens is properly
       // gated from Dart code. Change result.success/error calls below to use finishWith()
       if (email == null) {
@@ -342,7 +358,31 @@ public void run(Future<String> tokenFuture) {
                 // instead of the value we cached during sign in. At least, that's
                 // how it works on iOS.
                 result.success(tokenResult);
-              } catch (ExecutionException e) {
+              } catch (final ExecutionException e) {
+                if (e.getCause() instanceof UserRecoverableAuthException) {
+                  if (shouldRecoverAuth) {
+                    registrar
+                        .activity()
+                        .runOnUiThread(
+                            new Runnable() {
+                              @Override
+                              public void run() {
+                                UserRecoverableAuthException exception =
+                                    (UserRecoverableAuthException) e.getCause();
+                                checkAndSetPendingOperation(METHOD_GET_TOKENS, result, email);
+                                registrar
+                                    .activity()
+                                    .startActivityForResult(
+                                        exception.getIntent(), REQUEST_CODE_RECOVER_AUTH);
+                              }
+                            });
+                  } else {
+                    result.error(ERROR_USER_RECOVERABLE_AUTH, e.getLocalizedMessage(), null);
+                  }
+
+                  return;
+                }
+
                 Log.e(TAG, "Exception getting access token", e);
                 result.error(ERROR_REASON_EXCEPTION, e.getCause().getMessage(), null);
               } catch (InterruptedException e) {
@@ -439,10 +479,12 @@ private void finishWithError(String errorCode, String errorMessage) {
     private static class PendingOperation {
       final String method;
       final Result result;
+      final Object data;
 
-      PendingOperation(String method, Result result) {
+      PendingOperation(String method, Result result, Object data) {
         this.method = method;
         this.result = result;
+        this.data = data;
       }
     }
 
@@ -464,6 +506,19 @@ public boolean onActivityResult(int requestCode, int resultCode, Intent data) {
           } else if (pendingOperation != null && pendingOperation.method.equals(METHOD_INIT)) {
             finishWithError(ERROR_REASON_CONNECTION_FAILED, String.valueOf(resultCode));
           }
+          return true;
+        } else if (requestCode == REQUEST_CODE_RECOVER_AUTH) {
+          if (resultCode == Activity.RESULT_OK
+              && pendingOperation != null
+              && pendingOperation.method.equals(METHOD_GET_TOKENS)) {
+            getTokens(pendingOperation.result, (String) pendingOperation.data, false);
+            pendingOperation = null;
+          } else {
+            finishWithError(
+                ERROR_FAILURE_TO_RECOVER_AUTH,
+                "Failed attempt to recover authentication for user " + pendingOperation.data);
+          }
+
           return true;
         }
 
diff --git a/packages/google_sign_in/lib/google_sign_in.dart b/packages/google_sign_in/lib/google_sign_in.dart
@@ -40,6 +40,14 @@ class GoogleSignInAccount implements GoogleIdentity {
     assert(id != null);
   }
 
+  // These error codes must match with ones declared on Android and iOS sides.
+
+  /// Error code indicating there was a failed attempt to recover user authentication.
+  static const String kFailedToRecoverAuthError = 'failed_to_recover_auth';
+
+  /// Error indicating that authentication can be recovered with user action;
+  static const String kUserRecoverableAuthError = 'user_recoverable_auth';
+
   @override
   final String displayName;
 
@@ -55,6 +63,16 @@ class GoogleSignInAccount implements GoogleIdentity {
   final String _idToken;
   final GoogleSignIn _googleSignIn;
 
+  /// Retrieve [GoogleSignInAuthentication] for this account.
+  ///
+  /// [shouldRecoverAuth] sets whether to attempt to recover authentication if
+  /// user action is needed. If an attempt to recover authentication fails a
+  /// [PlatformException] is thrown with possible error code
+  /// [kFailedToRecoverAuthError].
+  ///
+  /// Otherwise, if [shouldRecoverAuth] is false and the authentication can be
+  /// recovered by user action a [PlatformException] is thrown with error code
+  /// [kUserRecoverableAuthError].
   Future<GoogleSignInAuthentication> get authentication async {
     if (_googleSignIn.currentUser != this) {
       throw StateError('User is no longer signed in.');
@@ -63,7 +81,10 @@ class GoogleSignInAccount implements GoogleIdentity {
     final Map<dynamic, dynamic> response =
         await GoogleSignIn.channel.invokeMethod(
       'getTokens',
-      <String, dynamic>{'email': email},
+      <String, dynamic>{
+        'email': email,
+        'shouldRecoverAuth': true,
+      },
     );
     // On Android, there isn't an API for refreshing the idToken, so re-use
     // the one we obtained on login.
diff --git a/packages/google_sign_in/pubspec.yaml b/packages/google_sign_in/pubspec.yaml
@@ -3,7 +3,7 @@ description: Flutter plugin for Google Sign-In, a secure authentication system
   for signing in with a Google account on Android and iOS.
 author: Flutter Team <flutter-dev@googlegroups.com>
 homepage: https://github.com/flutter/plugins/tree/master/packages/google_sign_in
-version: 3.0.6
+version: 3.1.0
 
 flutter:
   plugin:
diff --git a/packages/google_sign_in/test/google_sign_in_test.dart b/packages/google_sign_in/test/google_sign_in_test.dart
@@ -29,6 +29,10 @@ void main() {
       'signOut': null,
       'disconnect': null,
       'isSignedIn': true,
+      'getTokens': <dynamic, dynamic>{
+        'idToken': '123',
+        'accessToken': '456',
+      },
     };
 
     final List<MethodCall> log = <MethodCall>[];
@@ -327,6 +331,26 @@ void main() {
         ],
       );
     });
+
+    test('authentication', () async {
+      await googleSignIn.signIn();
+      log.clear();
+
+      final GoogleSignInAccount user = googleSignIn.currentUser;
+      final GoogleSignInAuthentication auth = await user.authentication;
+
+      expect(auth.accessToken, '456');
+      expect(auth.idToken, '123');
+      expect(
+        log,
+        <Matcher>[
+          isMethodCall('getTokens', arguments: <String, dynamic>{
+            'email': 'john.doe@gmail.com',
+            'shouldRecoverAuth': true,
+          }),
+        ],
+      );
+    });
   });
 
   group('GoogleSignIn with fake backend', () {
