Merge branch 'main' into dependabot/npm_and_yarn/appium-test/ip-1.1.9

auth0 · Jan 23, 2025 · 0bfe0ce · 0bfe0ce
2 parents 2ba085a + 157684e
commit 0bfe0ce
Show file tree

Hide file tree

Showing 50 changed files with 633 additions and 270 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1 @@
-*	@auth0/dx-sdks-engineer
+*	@auth0/project-dx-sdks-engineer-codeowner
diff --git a/.github/actions/rl-scanner/action.yml b/.github/actions/rl-scanner/action.yml
@@ -0,0 +1,73 @@
+
+name: 'RL-Security-Scanner'
+description: 'Runs the Reversing Labs scanner on a specified artifact.'
+inputs:
+  artifact-path:
+    description: 'Path to the artifact to be scanned.'
+    required: true
+  version:
+    description: 'Version of the artifact.'
+    required: true
+
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install Python dependencies
+      shell: bash
+      run: |
+        pip install boto3 requests
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
+        aws-region: 'us-east-1'
+        mask-aws-account-id: true
+
+    - name: Install RL Wrapper
+      shell: bash
+      run: |
+        pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+
+    - name: Run RL Scanner
+      shell: bash
+      env:
+        RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
+        RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
+        SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
+        PYTHONUNBUFFERED: 1
+      run: |
+        if [ ! -f "${{ inputs.artifact-path }}" ]; then
+          echo "Artifact not found: ${{ inputs.artifact-path }}"
+          exit 1
+        fi
+
+        rl-wrapper \
+          --artifact "${{ inputs.artifact-path }}" \
+          --version "${{ inputs.version }}" \
+          --name "${{ github.event.repository.name }}" \
+          --repository "${{ github.repository }}" \
+          --commit "${{ github.sha }}" \
+          --build-env "github_actions" \
+          --suppress_output
+
+        # Check the outcome of the scanner
+        if [ $? -ne 0 ]; then
+          echo "RL Scanner failed."
+          echo "scan-status=failed" >> $GITHUB_ENV
+          exit 1
+        else
+          echo "RL Scanner passed."
+          echo "scan-status=success" >> $GITHUB_ENV
+        fi
+
+outputs:
+    scan-status:
+        description: 'The outcome of the scan process.'
+        value: ${{ env.scan-status }}
diff --git a/.github/actions/setup-darwin/action.yml b/.github/actions/setup-darwin/action.yml
@@ -49,7 +49,7 @@ runs:
       shell: bash
 
     - name: Set up Ruby
-      uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939
+      uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # Pinned to version 1.176.0
       with:
           bundler-cache: true
           cache-version: 1

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -18,16 +18,9 @@ env:
     java: 11
 
 jobs:
-    authorize:
-      name: Authorize
-      environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
-      runs-on: ubuntu-latest
-      steps:
-        - run: true
 
     analyze-auth0_flutter:
         name: Analyze auth0_flutter Flutter package
-        needs: authorize
         runs-on: ubuntu-latest
 
         steps:
@@ -51,7 +44,6 @@ jobs:
 
     analyze-auth0_flutter_platform_interface:
         name: Analyze auth0_flutter_platform_interface Flutter package
-        needs: authorize
         runs-on: ubuntu-latest
 
         steps:
@@ -71,7 +63,6 @@ jobs:
 
     test-auth0_flutter:
         name: Test auth0_flutter Flutter package
-        needs: authorize
         runs-on: ubuntu-latest
 
         steps:
@@ -103,7 +94,6 @@ jobs:
 
     test-auth0_flutter_platform_interface:
         name: Test auth0_flutter_platform_interface Flutter package
-        needs: authorize
         runs-on: ubuntu-latest
 
         steps:
@@ -129,7 +119,6 @@ jobs:
 
     test-ios-unit:
         name: Run native iOS unit tests using Xcode ${{ matrix.xcode }}
-        needs: authorize
         runs-on: macos-13
         environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
 
@@ -172,7 +161,6 @@ jobs:
 
     test-ios-smoke:
         name: Run native iOS smoke tests using Xcode ${{ matrix.xcode }}
-        needs: authorize
         runs-on: macos-13-large
         environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
 
@@ -207,7 +195,6 @@ jobs:
 
     test-macos-unit:
         name: Run native macOS unit tests using Xcode ${{ matrix.xcode }}
-        needs: authorize
         runs-on: macos-13
         environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
 
@@ -244,7 +231,6 @@ jobs:
 
     test-macos-smoke:
         name: Run native macOS smoke tests using Xcode ${{ matrix.xcode }}
-        needs: authorize
         runs-on: macos-13
         environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
 
@@ -279,7 +265,6 @@ jobs:
 
     test-android-unit:
         name: Run native Android unit tests
-        needs: authorize
         runs-on: ubuntu-latest
         environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
 
@@ -318,7 +303,6 @@ jobs:
 
     # test-android-smoke:
     #     name: Run native Android smoke tests using API-level ${{ matrix.android-api }}
-    #     needs: authorize
     #     runs-on: macos-latest-xl
     #     environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
 

diff --git a/.github/workflows/pr-title-checker.yml b/.github/workflows/pr-title-checker.yml
@@ -1,6 +1,6 @@
 name: "PR Title Checker"
 on:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - edited

diff --git a/.github/workflows/publish-af.yml b/.github/workflows/publish-af.yml
@@ -5,13 +5,31 @@ on:
     tags:
       - 'af-v[0-9]+.[0-9]+.[0-9]+*'
 
+permissions:
+  contents: write
+  id-token: write
+
 env:
   flutter: '3.x'
 
 jobs:
+  rl-scanner:
+    uses: ./.github/workflows/rl-scanner.yml
+    with:
+      flutter: '3.x'
+      artifact-name: 'auth0-flutter-af.zip'
+    secrets:
+      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
   publish:
     name: Publish auth0_flutter to pub.dev
     environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
+    needs: rl-scanner
     runs-on: ubuntu-latest
 
     permissions:

diff --git a/.github/workflows/publish-afpi.yml b/.github/workflows/publish-afpi.yml
@@ -5,13 +5,31 @@ on:
     tags:
       - 'afpi-v[0-9]+.[0-9]+.[0-9]+*'
 
+permissions:
+  contents: write
+  id-token: write
+
 env:
   flutter: '3.x'
 
 jobs:
+  rl-scanner:
+    uses: ./.github/workflows/rl-scanner.yml
+    with:
+      flutter: '3.x'
+      artifact-name: 'auth0-flutter-afpi.zip'
+    secrets:
+      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
   publish:
     name: Publish auth0_flutter_platform_interface to pub.dev
     environment: ${{ github.event.pull_request.head.repo.fork && 'external' || 'internal' }}
+    needs: rl-scanner
     runs-on: ubuntu-latest
 
     permissions:

diff --git a/.github/workflows/rl-scanner.yml b/.github/workflows/rl-scanner.yml
@@ -0,0 +1,76 @@
+name: RL-Secure-Workflow
+
+on:
+  workflow_call:
+    inputs:
+      flutter:
+        required: true
+        type: string
+      artifact-name:
+        required: true
+        type: string
+    secrets:
+      RLSECURE_LICENSE:
+        required: true
+      RLSECURE_SITE_KEY:
+        required: true
+      SIGNAL_HANDLER_TOKEN:
+        required: true
+      PRODSEC_TOOLS_USER:
+        required: true
+      PRODSEC_TOOLS_TOKEN:
+        required: true
+      PRODSEC_TOOLS_ARN:
+        required: true
+
+
+
+jobs:
+  rl-scanner:
+    name: Run Reversing Labs Scanner
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
+    runs-on: ubuntu-latest
+    outputs:
+      scan-status: ${{ steps.rl-scan-conclusion.outcome }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha || github.ref }}
+
+      - name: Set up Flutter
+        uses: subosito/flutter-action@2783a3f08e1baf891508463f8c6653c258246225
+        with:
+          flutter-version: ${{ inputs.flutter }}
+          channel: stable
+          cache: true
+
+      - name: Build package
+        shell: bash
+        run: |
+          zip -r ${{ inputs.artifact-name }} ./*
+
+      - name: Get Artifact Version
+        id: get_version
+        run: |
+          version=$(awk -F"'" '/const String version/ {print $2}' auth0_flutter/lib/src/version.dart)
+          echo "version=$version" >> $GITHUB_OUTPUT
+
+
+      - name: Run Reversing Labs Scanner
+        id: rl-scan-conclusion
+        uses: ./.github/actions/rl-scanner
+        with:
+          artifact-path: "$(pwd)/${{ inputs.artifact-name }}"
+          version: "${{ steps.get_version.outputs.version }}"
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+          PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+          PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
+      - name: Output scan result
+        run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -27,9 +27,9 @@ UIAutomator interacts with device emulators, ensure an emulator for Android is r
 The above tests rely on a couple of environment variables that can be defined in **/auth0_flutter/example/.env**:
 
 - `AUTH0_DOMAIN`: Auth0 Domain
-- `AUTH0_CLIENT_ID`: Auth0 Client Id
-- `USER_EMAIL`: Email to log into the configured Auth0 Domain and Client Id
-- `USER_PASSWORD`: Password to log into the configured Auth0 Domain and Client Id
+- `AUTH0_CLIENT_ID`: Auth0 Client ID
+- `USER_EMAIL`: Email to log into the configured Auth0 Domain and Client ID
+- `USER_PASSWORD`: Password to log into the configured Auth0 Domain and Client ID
 
 ### Running the tests
 

diff --git a/README.md b/README.md
@@ -20,19 +20,16 @@ For general support or usage questions, use the [Auth0 Community](https://commun
 
 **Do not report security vulnerabilities on the public GitHub issue tracker.** The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
 
-## What is Auth0?
+---
 
-Auth0 helps you to:
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: light)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+    <source media="(prefers-color-scheme: dark)" srcset="https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png" width="150">
+    <img alt="Auth0 Logo" src="https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png" width="150">
+  </picture>
+</p>
 
-- Add authentication with [multiple sources](https://auth0.com/docs/authenticate/identity-providers), either social identity providers such as **Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce** (amongst others), or enterprise identity systems like **Windows Azure AD, Google Apps, Active Directory, ADFS, or any SAML identity provider**.
-- Add authentication through more traditional **[username/password databases](https://auth0.com/docs/authenticate/database-connections/custom-db)**.
-- Add support for **[linking different user accounts](https://auth0.com/docs/manage-users/user-accounts/user-account-linking)** with the same user.
-- Support for generating signed [JSON web tokens](https://auth0.com/docs/secure/tokens/json-web-tokens) to call your APIs and **flow the user identity** securely.
-- Analytics of how, when, and where users are logging in.
-- Pull data from other sources and add it to the user profile through [JavaScript Actions](https://auth0.com/docs/customize/actions).
+<p align="center">Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more check out <a href="https://auth0.com/why-auth0">Why Auth0?</a></p>
 
-**Why Auth0?** Because you should save time, be happy, and focus on what really matters: building your product.
-
-## License
-
-This project is licensed under Apache License 2.0. See the [LICENSE](LICENSE) file for more information.
+<p align="center">This project is licensed under the MIT license. See the <a href="./LICENSE"> LICENSE</a> file for more info.</p>
diff --git a/auth0_flutter/CHANGELOG.md b/auth0_flutter/CHANGELOG.md
@@ -1,5 +1,30 @@
 # Change Log
 
+## [af-v1.7.2](https://github.com/auth0/auth0-flutter/tree/af-v1.7.2) (2024-05-09)
+[Full Changelog](https://github.com/auth0/auth0-flutter/compare/af-v1.7.1...af-v1.7.2)
+
+**Fixed**
+- (af) chore: upgraded dependency on Auth0.swift to 2.7.2 [\#451](https://github.com/auth0/auth0-flutter/pull/451) ([desusai7](https://github.com/desusai7))
+- ci: upgraded setup-ruby action version to 1.176.0 [\#452](https://github.com/auth0/auth0-flutter/pull/452) ([desusai7](https://github.com/desusai7))
+
+## [af-v1.7.1](https://github.com/auth0/auth0-flutter/tree/af-v1.7.1) (2024-05-03)
+[Full Changelog](https://github.com/auth0/auth0-flutter/compare/af-v1.7.0...af-v1.7.1)
+
+**Fixed**
+- (af) chore: upgraded dependency on Auth0.swift to 2.7.1 to fix the declaration of privacy manifest [\#448](https://github.com/auth0/auth0-flutter/pull/448) ([desusai7](https://github.com/desusai7))
+
+## [af-v1.7.0](https://github.com/auth0/auth0-flutter/tree/af-v1.7.0) (2024-04-22)
+[Full Changelog](https://github.com/auth0/auth0-flutter/compare/af-v1.6.0...af-v1.7.0)
+
+**Added**
+- iOS - Bump Auth0 dependency version [\#435](https://github.com/auth0/auth0-flutter/pull/435) ([martin-headspace](https://github.com/martin-headspace))
+
+## [af-v1.6.0](https://github.com/auth0/auth0-flutter/tree/af-v1.6.0) (2024-03-18)
+[Full Changelog](https://github.com/auth0/auth0-flutter/compare/af-v1.5.0...af-v1.6.0)
+
+**Added**
+- Add support for HTTPS redirect URLs [SDK-4754] [\#417](https://github.com/auth0/auth0-flutter/pull/417) ([Widcket](https://github.com/Widcket))
+
 ## [af-v1.5.0](https://github.com/auth0/auth0-flutter/tree/af-v1.5.0) (2023-12-15)
 [Full Changelog](https://github.com/auth0/auth0-flutter/compare/af-v1.4.1...af-v1.5.0)
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		* @auth0/dx-sdks-engineer
		* @auth0/project-dx-sdks-engineer-codeowner