Public API impl for JWT, User Manager, and callbacks

Author: jinliu9508

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/IOneSignal.kt

@@ -19,6 +19,11 @@ interface IOneSignal {
      */
     val isInitialized: Boolean
 
+    /**
+     * Whether the security feature to authenticate your external user ids is enabled
+     */
+    val useIdentityVerification: Boolean
+
     /**
      * The user manager for accessing user-scoped
      * management.
@@ -123,4 +128,16 @@ interface IOneSignal {
      * data is not cleared.
      */
     fun logout()
+
+    /**
+     * Update JWT token for a user
+     */
+    fun updateUserJwt(
+        externalId: String,
+        token: String,
+    )
+
+    fun addUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener)
+
+    fun removeUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener)
 }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/IUserJwtInvalidatedListener.kt

@@ -0,0 +1,16 @@
+package com.onesignal
+
+/** TODO: complete the comment part for this listener
+ * Implement this interface and provide an instance to [OneSignal.addUserJwtInvalidatedListner]
+ * in order to receive control when the JWT for the current user is invalidated.
+ *
+ * @see [User JWT Invalidated Event | OneSignal Docs](https://documentation.onesignal.com/docs/)
+ */
+interface IUserJwtInvalidatedListener {
+    /**
+     * Called when the JWT is invalidated
+     *
+     * @param event The user JWT that expired.
+     */
+    fun onUserJwtInvalidated(event: UserJwtInvalidatedEvent)
+}

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/OneSignal.kt

@@ -29,6 +29,13 @@ object OneSignal {
     val isInitialized: Boolean
         get() = oneSignal.isInitialized
 
+    /**
+     * Whether the security feature to authenticate your external user ids is enabled
+     */
+    @JvmStatic
+    val useIdentityVerification: Boolean
+        get() = oneSignal.useIdentityVerification
+
     /**
      * The current SDK version as a string.
      */
@@ -192,6 +199,24 @@ object OneSignal {
     @JvmStatic
     fun logout() = oneSignal.logout()
 
+    @JvmStatic
+    fun updateUserJwt(
+        externalId: String,
+        token: String,
+    ) {
+        oneSignal.updateUserJwt(externalId, token)
+    }
+
+    @JvmStatic
+    fun addUserJwtInvalidatedListner(listener: IUserJwtInvalidatedListener) {
+        oneSignal.addUserJwtInvalidatedListener(listener)
+    }
+
+    @JvmStatic
+    fun removeUserJwtInvalidatedListner(listener: IUserJwtInvalidatedListener) {
+        oneSignal.removeUserJwtInvalidatedListener(listener)
+    }
+
     private val oneSignal: IOneSignal by lazy {
         OneSignalImp()
     }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/UserJwtInvalidatedEvent.kt

@@ -0,0 +1,10 @@
+package com.onesignal
+
+/** TODO: jwt documentation
+ * The event passed into [IUserJwtInvalidatedListener.onUserJwtInvalidated], it provides access
+ * to the external ID whose JWT has just been invalidated.
+ *
+ */
+class UserJwtInvalidatedEvent(
+    val externalId: String,
+)

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/internal/OneSignalImp.kt

@@ -3,6 +3,7 @@ package com.onesignal.internal
 import android.content.Context
 import android.os.Build
 import com.onesignal.IOneSignal
+import com.onesignal.IUserJwtInvalidatedListener
 import com.onesignal.common.AndroidUtils
 import com.onesignal.common.DeviceUtils
 import com.onesignal.common.IDManager
@@ -18,8 +19,10 @@ import com.onesignal.common.threading.suspendifyOnThread
 import com.onesignal.core.CoreModule
 import com.onesignal.core.internal.application.IApplicationService
 import com.onesignal.core.internal.application.impl.ApplicationService
+import com.onesignal.core.internal.backend.ParamsObject
 import com.onesignal.core.internal.config.ConfigModel
 import com.onesignal.core.internal.config.ConfigModelStore
+import com.onesignal.core.internal.config.FetchParamsObserver
 import com.onesignal.core.internal.operations.IOperationRepo
 import com.onesignal.core.internal.preferences.IPreferencesService
 import com.onesignal.core.internal.preferences.PreferenceOneSignalKeys
@@ -56,6 +59,8 @@ import org.json.JSONObject
 internal class OneSignalImp : IOneSignal, IServiceProvider {
     override val sdkVersion: String = OneSignalUtils.SDK_VERSION
     override var isInitialized: Boolean = false
+    override val useIdentityVerification: Boolean
+        get() = configModel?.useIdentityVerification ?: true
 
     override var consentRequired: Boolean
         get() = configModel?.consentRequired ?: (_consentRequired == true)
@@ -247,6 +252,7 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
             // bootstrap services
             startupService.bootstrap()
 
+            resumeOperationRepoAfterFetchParams(configModel!!)
             if (forceCreateUser || !identityModelStore!!.model.hasProperty(IdentityConstants.ONESIGNAL_ID)) {
                 val legacyPlayerId =
                     preferencesService!!.getString(
@@ -284,7 +290,8 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
                         pushSubscriptionModel.id = legacyPlayerId
                         pushSubscriptionModel.type = SubscriptionType.PUSH
                         pushSubscriptionModel.optedIn =
-                            notificationTypes != SubscriptionStatus.NO_PERMISSION.value && notificationTypes != SubscriptionStatus.UNSUBSCRIBE.value
+                            notificationTypes != SubscriptionStatus.NO_PERMISSION.value &&
+                            notificationTypes != SubscriptionStatus.UNSUBSCRIBE.value
                         pushSubscriptionModel.address =
                             legacyUserSyncJSON.safeString("identifier") ?: ""
                         if (notificationTypes != null) {
@@ -357,12 +364,16 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
             currentIdentityOneSignalId = identityModelStore!!.model.onesignalId
 
             if (currentIdentityExternalId == externalId) {
+                // login is for same user that is already logged in, fetch (refresh)
+                // the current user.
+                identityModelStore!!.model.jwtToken = jwtBearerToken
                 return
             }
 
             // TODO: Set JWT Token for all future requests.
             createAndSwitchToNewUser { identityModel, _ ->
                 identityModel.externalId = externalId
+                identityModel.jwtToken = jwtBearerToken
             }
 
             newIdentityOneSignalId = identityModelStore!!.model.onesignalId
@@ -405,6 +416,7 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
                 return
             }
 
+            // calling createAndSwitchToNewUser() replaces model with a default empty jwt
             createAndSwitchToNewUser()
             operationRepo!!.enqueue(
                 LoginUserOperation(
@@ -413,9 +425,33 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
                     identityModelStore!!.model.externalId,
                 ),
             )
+        }
+    }
 
-            // TODO: remove JWT Token for all future requests.
+    override fun updateUserJwt(
+        externalId: String,
+        token: String,
+    ) {
+        // update the model with the given externalId
+        for (model in identityModelStore!!.store.list()) {
+            if (externalId == model.externalId) {
+                identityModelStore!!.model.jwtToken = token
+                operationRepo!!.setPaused(false)
+                operationRepo!!.forceExecuteOperations()
+                Logging.log(LogLevel.DEBUG, "JWT $token is updated for externalId $externalId")
+                return
+            }
         }
+
+        Logging.log(LogLevel.DEBUG, "No identity found for externalId $externalId")
+    }
+
+    override fun addUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener) {
+        user.addUserJwtInvalidatedListener(listener)
+    }
+
+    override fun removeUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener) {
+        user.removeUserJwtInvalidatedListener(listener)
     }
 
     private fun createAndSwitchToNewUser(
@@ -483,6 +519,23 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
         }
     }
 
+    private fun resumeOperationRepoAfterFetchParams(configModel: ConfigModel) {
+        // pause operation repo until useIdentityVerification is determined
+        operationRepo!!.setPaused(true)
+        configModel.addFetchParamsObserver(
+            object : FetchParamsObserver {
+                override fun onParamsFetched(params: ParamsObject) {
+                    // resume operations if identity verification is turned off or a jwt is cached
+                    if (params.useIdentityVerification == false || identityModelStore!!.model.jwtToken != null) {
+                        operationRepo!!.setPaused(false)
+                    } else {
+                        Logging.log(LogLevel.ERROR, "A valid JWT is required for user ${identityModelStore!!.model.externalId}.")
+                    }
+                }
+            },
+        )
+    }
+
     override fun <T> hasService(c: Class<T>): Boolean = services.hasService(c)
 
     override fun <T> getService(c: Class<T>): T = services.getService(c)

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/IUserManager.kt

@@ -1,5 +1,6 @@
 package com.onesignal.user
 
+import com.onesignal.IUserJwtInvalidatedListener
 import com.onesignal.OneSignal
 import com.onesignal.user.state.IUserStateObserver
 import com.onesignal.user.subscriptions.IPushSubscription
@@ -166,4 +167,11 @@ interface IUserManager {
      * Remove an observer from the user state.
      */
     fun removeObserver(observer: IUserStateObserver)
+
+    /**
+     * Add an event listener allowing user to be notified when the JWT is invalidated.
+     */
+    fun addUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener)
+
+    fun removeUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener)
 }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/UserManager.kt

@@ -1,5 +1,8 @@
 package com.onesignal.user.internal
 
+import com.onesignal.IUserJwtInvalidatedListener
+import com.onesignal.OneSignal
+import com.onesignal.UserJwtInvalidatedEvent
 import com.onesignal.common.IDManager
 import com.onesignal.common.OneSignalUtils
 import com.onesignal.common.events.EventProducer
@@ -41,6 +44,10 @@ internal open class UserManager(
 
     val changeHandlersNotifier = EventProducer<IUserStateObserver>()
 
+    val jwtInvalidatedCallback = EventProducer<IUserJwtInvalidatedListener>()
+
+    private var jwtTokenInvalidated: String? = null
+
     override val pushSubscription: IPushSubscription
         get() = _subscriptionManager.subscriptions.push
 
@@ -244,6 +251,16 @@ internal open class UserManager(
         changeHandlersNotifier.unsubscribe(observer)
     }
 
+    override fun addUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener) {
+        Logging.debug("OneSignal.addClickListener(listener: $listener)")
+        jwtInvalidatedCallback.subscribe(listener)
+    }
+
+    override fun removeUserJwtInvalidatedListener(listener: IUserJwtInvalidatedListener) {
+        Logging.debug("OneSignal.removeClickListener(listener: $listener)")
+        jwtInvalidatedCallback.unsubscribe(listener)
+    }
+
     override fun onModelReplaced(
         model: IdentityModel,
         tag: String,
@@ -253,10 +270,26 @@ internal open class UserManager(
         args: ModelChangedArgs,
         tag: String,
     ) {
-        if (args.property == IdentityConstants.ONESIGNAL_ID) {
-            val newUserState = UserState(args.newValue.toString(), externalId)
-            this.changeHandlersNotifier.fire {
-                it.onUserStateChange(UserChangedState(newUserState))
+        when (args.property) {
+            IdentityConstants.ONESIGNAL_ID -> {
+                val newUserState = UserState(args.newValue.toString(), externalId)
+                this.changeHandlersNotifier.fire {
+                    it.onUserStateChange(UserChangedState(newUserState))
+                }
+            }
+            IdentityConstants.JWT_TOKEN -> {
+                // Fire the event when the JWT has been invalidated.
+                val oldJwt = args.oldValue.toString()
+                val newJwt = args.newValue.toString()
+
+                // prevent same JWT from being invalidated twice in a row
+                if (OneSignal.useIdentityVerification && jwtTokenInvalidated != oldJwt && newJwt.isEmpty()) {
+                    jwtInvalidatedCallback.fire {
+                        it.onUserJwtInvalidated(UserJwtInvalidatedEvent((externalId)))
+                    }
+                }
+
+                jwtTokenInvalidated = oldJwt
             }
         }
     }