fix(ios): harden registerPushToken (empty token unregisters, strict hex)#34
Open
aramslegit wants to merge 1 commit into
Open
fix(ios): harden registerPushToken (empty token unregisters, strict hex)#34aramslegit wants to merge 1 commit into
aramslegit wants to merge 1 commit into
Conversation
- An empty token now clears the device token via `setDeviceToken(Data())`
("unregister"); previously it early-returned, so there was no way to
unregister a push token through the wrapper (e.g. on notification opt-out).
- The hex APNs token is parsed strictly: throw on odd-length or non-hex
input instead of silently skipping invalid bytes, which would register a
truncated/garbage token with no error surfaced to the caller.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two small robustness fixes to iOS
registerPushToken(ios/ExpoCrispSdkModule.swift). Follow-up to #33 (mentioned there as standalone fixes).1. Empty token should unregister
Today, passing an empty string early-returns, so there is no way to unregister a push token through the wrapper (e.g. when a user opts out of notifications and you want Crisp to stop routing pushes to the device). The fix treats an empty/whitespace token as "unregister" and clears the device token via
CrispSDK.setDeviceToken(Data()).2. Strict hex parsing
The previous parser silently skipped invalid bytes and accepted odd-length input:
A malformed token would register a truncated/garbage device token with no error surfaced to the caller. The fix throws on odd-length or non-hex input (valid APNs tokens are 64 hex chars), so a bad token fails loudly instead of half-registering.
Testing
Both behaviors run in production in a shipping app (1fifty): the empty-token path is used to clear registration on notification opt-out; the strict parse guards the bridge boundary. Verified on a physical iOS device.
Backward compatibility
registerPushToken('')doing nothing, that changes — but a no-op on empty was almost certainly unintended (there was no other way to unregister).Android's
registerPushTokenhas the sameif (token.isNotEmpty())early-return, but I left it out of this PR because the Android Crisp SDK has no obvious public "clear token" call to mirrorsetDeviceToken(Data()); happy to address it too if you can point me at the right API.