Ilyas Hallak
ec432a037c
Add complete OAuth 2.0 Authorization Code Flow with PKCE as alternative to API token authentication, with automatic server detection and graceful fallback to classic login. **OAuth Core (RFC 7636 PKCE):** - PKCEGenerator: S256 challenge generation for secure code exchange - OAuth DTOs: Client registration, token request/response models - OAuthClient, OAuthToken, AuthenticationMethod domain models - API.swift: registerOAuthClient() and exchangeOAuthToken() endpoints - OAuthRepository + POAuthRepository protocol **Browser Integration (ASWebAuthenticationSession):** - OAuthSession: Wraps native authentication session - OAuthFlowCoordinator: Orchestrates 5-phase OAuth flow - readeck:// URL scheme for OAuth callback handling - State verification for CSRF protection - User cancellation handling **Token Management:** - KeychainHelper: OAuth token storage alongside API tokens - TokenProvider: getOAuthToken(), setOAuthToken(), getAuthMethod() - AuthenticationMethod enum to distinguish token types - AuthRepository: loginWithOAuth(), getAuthenticationMethod() - Endpoint persistence in both Keychain and Settings **Server Feature Detection:** - ServerInfo extended with features array and supportsOAuth flag - GET /api/info endpoint integration (backward compatible) - GetServerInfoUseCase with optional endpoint parameter **User Profile Integration:** - ProfileApiClient: Fetch user data via GET /api/profile - UserProfileDto with username, email, provider information - GetUserProfileUseCase: Extract username from profile - Username saved and displayed for OAuth users (like classic auth) **Automatic OAuth Flow (No User Selection):** - OnboardingServerView: 2-phase flow (endpoint → auto-OAuth or classic) - OAuth attempted automatically if server supports it - Fallback to username/password on OAuth failure or unsupported - SettingsServerViewModel: checkServerOAuthSupport(), loginWithOAuth() **Cleanup & Refactoring:** - Remove all #if os(iOS) && !APP_EXTENSION conditionals - Remove LoginMethodSelectionView (no longer needed) - Remove switchToClassicLogin() method - Factories updated with OAuth dependencies **Testing:** - PKCEGeneratorTests: Verify RFC 7636 compliance - ServerInfoTests: Feature detection and backward compatibility - Mock implementations for all OAuth components **Documentation:** - docs/OAuth2-Implementation-Plan.md: Complete implementation guide - openapi.json: Readeck API specification **Scopes Requested:** - bookmarks:read, bookmarks:write, profile:read OAuth users now have full feature parity with classic authentication. Server auto-detects OAuth support via /info endpoint. Seamless UX with browser-based login and automatic fallback.
46 lines
993 B
Swift
46 lines
993 B
Swift
//
|
|
// BuildEnvironment.swift
|
|
// readeck
|
|
//
|
|
// Created by Ilyas Hallak on 15.12.25.
|
|
//
|
|
|
|
import Foundation
|
|
|
|
// MARK: - Build Environment Detection
|
|
|
|
extension Bundle {
|
|
/// Returns true if running in DEBUG build (Xcode development)
|
|
var isDebugBuild: Bool {
|
|
#if DEBUG
|
|
return true
|
|
#else
|
|
return false
|
|
#endif
|
|
}
|
|
|
|
/// Returns true if running in TestFlight (beta distribution)
|
|
var isTestFlightBuild: Bool {
|
|
#if DEBUG
|
|
return false
|
|
#else
|
|
guard let path = self.appStoreReceiptURL?.path else {
|
|
return false
|
|
}
|
|
return path.contains("sandboxReceipt")
|
|
#endif
|
|
}
|
|
|
|
/// Returns true if running in Production (App Store release)
|
|
var isProduction: Bool {
|
|
#if DEBUG
|
|
return false
|
|
#else
|
|
guard let path = self.appStoreReceiptURL?.path else {
|
|
return true
|
|
}
|
|
return !path.contains("sandboxReceipt")
|
|
#endif
|
|
}
|
|
}
|