-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trusted Entitlements
: re-enable public API
#2621
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NachoSoto
force-pushed
the
re-enable-verification
branch
from
June 11, 2023 18:28
367da2d
to
509e3a9
Compare
NachoSoto
changed the title
[WIP] Introduced
[WIP] Introduced Jun 11, 2023
Entitlement Vericication
Entitlement Verification
NachoSoto
force-pushed
the
re-enable-verification
branch
3 times, most recently
from
June 13, 2023 00:03
157cb14
to
f056004
Compare
NachoSoto
changed the title
[WIP] Introduced
[WIP] Re-enable Jun 13, 2023
Entitlement Verification
Entitlement Verification
public API
NachoSoto
force-pushed
the
re-enable-verification
branch
3 times, most recently
from
June 13, 2023 20:22
f8592f5
to
a36c254
Compare
Codecov Report
@@ Coverage Diff @@
## main #2621 +/- ##
==========================================
+ Coverage 86.30% 86.49% +0.18%
==========================================
Files 214 214
Lines 15376 15376
==========================================
+ Hits 13271 13299 +28
+ Misses 2105 2077 -28
|
NachoSoto
changed the title
[WIP] Re-enable
[WIP] Jun 26, 2023
Entitlement Verification
public APITrusted Entitlements
: re-enable public API
NachoSoto
force-pushed
the
re-enable-verification
branch
3 times, most recently
from
June 27, 2023 20:29
813db34
to
7db168a
Compare
NachoSoto
force-pushed
the
re-enable-verification
branch
3 times, most recently
from
July 6, 2023 17:00
249d5fe
to
ea3f6d7
Compare
NachoSoto
force-pushed
the
re-enable-verification
branch
from
July 7, 2023 04:25
ea3f6d7
to
bc21a0e
Compare
NachoSoto
changed the title
[WIP]
Jul 7, 2023
Trusted Entitlements
: re-enable public APITrusted Entitlements
: re-enable public API
NachoSoto
force-pushed
the
re-enable-verification
branch
2 times, most recently
from
July 7, 2023 04:43
3a28743
to
68f6db7
Compare
tonidero
reviewed
Jul 10, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, just a comment about the enforced
mode
Tests/TestingApps/PurchaseTesterSwiftUI/Shared/Extensions/Extensions.swift
Outdated
Show resolved
Hide resolved
NachoSoto
force-pushed
the
re-enable-verification
branch
2 times, most recently
from
July 10, 2023 14:13
0207281
to
e5141e2
Compare
NachoSoto
force-pushed
the
re-enable-verification
branch
from
July 10, 2023 14:15
e5141e2
to
a587d67
Compare
Holding off until we verify #2744 is all green. |
tonidero
approved these changes
Jul 11, 2023
This was referenced Jul 11, 2023
NachoSoto
added a commit
that referenced
this pull request
Jul 11, 2023
**This is an automatic release.** ### New Features * `Trusted Entitlements`: (#2621) via NachoSoto (@NachoSoto) This new feature prevents MitM attacks between the SDK and the RevenueCat server. With verification enabled, the SDK ensures that the response created by the server was not modified by a third-party, and the entitlements received are exactly what was sent. This is 100% opt-in. `EntitlementInfos` have a new `VerificationResult` property, which will indicate the validity of the responses when this feature is enabled. ```swift let purchases = Purchases.configure( with: Configuration .builder(withAPIKey: "") .with(entitlementVerificationMode: .informational) ) let customerInfo = try await purchases.customerInfo() if !customerInfo.entitlements.verification.isVerified { print("Entitlements could not be verified") } ``` You can learn more from [the documentation](https://www.revenuecat.com/docs/trusted-entitlements). ### Other Changes * `TrustedEntitlements`: new `VerificationResult.isVerified` (#2788) via NachoSoto (@NachoSoto) * `Refactor`: extracted `Collection.subscript(safe:)` (#2779) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: added link to docs in `ErrorCode.signatureVerificationFailed` (#2783) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: improved documentation (#2782) via NachoSoto (@NachoSoto) * `Tests`: fixed flaky failure with asynchronous check (#2777) via NachoSoto (@NachoSoto) * `Integration Tests`: re-enable signature verification tests (#2744) via NachoSoto (@NachoSoto) * `CI`: remove `Jazzy` (#2775) via NachoSoto (@NachoSoto) * `Signing`: inject `ClockType` to ensure hardcoded signatures don't fail when intermediate key expires (#2771) via NachoSoto (@NachoSoto) --------- Co-authored-by: NachoSoto <ignaciosoto90@gmail.com>
tonidero
added a commit
to RevenueCat/purchases-hybrid-common
that referenced
this pull request
Nov 17, 2023
) Depends on RevenueCat/purchases-ios#2621 and RevenueCat/purchases-android#1105. --------- Co-authored-by: Toni Rico <antonio.rico.diez@revenuecat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is reverting #2350 and #2417