Added new VerificationResult.verifiedOnDevice (#2379)

NachoSoto · web-flow · commit 398293dd4f76 · 2023-04-10T08:37:46.000-07:00
This will be used to represent data that has been created and verified
locally.
diff --git a/Sources/Security/VerificationResult.swift b/Sources/Security/VerificationResult.swift
@@ -54,6 +54,9 @@ internal enum VerificationResult: Int {
     /// Entitlements were verified with our server.
     case verified = 1
 
+    /// Entitlements were created and verified on device through `StoreKit 2`.
+    case verifiedOnDevice = 3
+
     /// Entitlement verification failed, possibly due to a MiTM attack.
     /// ### Related Symbols
     /// - ``ErrorCode/signatureVerificationFailed``
@@ -77,20 +80,23 @@ extension VerificationResult {
         switch (cachedResult, responseResult) {
         case (.notRequested, .notRequested),
             (.verified, .verified),
+            (.verifiedOnDevice, .verifiedOnDevice),
             (.failed, .failed):
             return cachedResult
 
-        case (.verified, .notRequested): return .notRequested
-        case (.verified, .failed): return .failed
+        case (.verified, .notRequested), (.verifiedOnDevice, .notRequested): return .notRequested
+        case (.verified, .failed), (.verifiedOnDevice, .failed): return .failed
 
-        case (.notRequested, .verified): return .verified
+        case (.notRequested, .verified), (.notRequested, .verifiedOnDevice): return responseResult
         case (.notRequested, .failed): return .failed
 
         case (.failed, .notRequested): return .notRequested
         // If the cache verification failed, the etag won't be used
         // so the response would only be a 200 and not 304.
         // Therefore the cache verification error can be ignored
-        case (.failed, .verified): return .verified
+        case (.failed, .verified), (.failed, .verifiedOnDevice): return responseResult
+
+        case (.verifiedOnDevice, .verified), (.verified, .verifiedOnDevice): return responseResult
         }
     }
 
diff --git a/Tests/APITesters/ObjCAPITester/ObjCAPITester/RCVerificationResultAPI.m b/Tests/APITesters/ObjCAPITester/ObjCAPITester/RCVerificationResultAPI.m
@@ -17,6 +17,7 @@ + (void)checkAPI {
     switch (result) {
         case RCVerificationResultNotRequested:
         case RCVerificationResultVerified:
+        case RCVerificationResultVerifiedOnDevice:
         case RCVerificationResultFailed:
             break;
     }
diff --git a/Tests/APITesters/SwiftAPITester/SwiftAPITester/VerificationResultAPI.swift b/Tests/APITesters/SwiftAPITester/SwiftAPITester/VerificationResultAPI.swift
@@ -24,6 +24,7 @@ func checkVerificationResultAPI(_ mode: EntitlementVerificationMode = .disabled,
     switch result {
     case .notRequested,
             .verified,
+            .verifiedOnDevice,
             .failed:
         break
 
diff --git a/Tests/UnitTests/Security/SigningTests.swift b/Tests/UnitTests/Security/SigningTests.swift
@@ -297,28 +297,37 @@ class SigningTests: TestCase {
     func testVerificationResultWithSameCachedAndResponseResult() {
         expect(VerificationResult.from(cache: .notRequested, response: .notRequested)) == .notRequested
         expect(VerificationResult.from(cache: .verified, response: .verified)) == .verified
+        expect(VerificationResult.from(cache: .verifiedOnDevice, response: .verifiedOnDevice)) == .verifiedOnDevice
         expect(VerificationResult.from(cache: .failed, response: .failed)) == .failed
     }
 
     func testVerificationNotRequestedCachedResult() {
         expect(VerificationResult.from(cache: .notRequested,
                                        response: .verified)) == .verified
+        expect(VerificationResult.from(cache: .notRequested,
+                                       response: .verifiedOnDevice)) == .verifiedOnDevice
         expect(VerificationResult.from(cache: .notRequested,
                                        response: .failed)) == .failed
     }
 
     func testVerifiedCachedResult() {
         expect(VerificationResult.from(cache: .verified,
                                        response: .notRequested)) == .notRequested
+        expect(VerificationResult.from(cache: .verifiedOnDevice,
+                                       response: .notRequested)) == .notRequested
         expect(VerificationResult.from(cache: .verified,
                                        response: .failed)) == .failed
+        expect(VerificationResult.from(cache: .verifiedOnDevice,
+                                       response: .failed)) == .failed
     }
 
     func testFailedVerificationCachedResult() {
         expect(VerificationResult.from(cache: .failed,
                                        response: .notRequested)) == .notRequested
         expect(VerificationResult.from(cache: .failed,
                                        response: .verified)) == .verified
+        expect(VerificationResult.from(cache: .failed,
+                                       response: .verifiedOnDevice)) == .verifiedOnDevice
     }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ + (void)checkAPI {`
`17`	`17`	`switch (result) {`
`18`	`18`	`case RCVerificationResultNotRequested:`
`19`	`19`	`case RCVerificationResultVerified:`
	`20`	`+ case RCVerificationResultVerifiedOnDevice:`
`20`	`21`	`case RCVerificationResultFailed:`
`21`	`22`	`break;`
`22`	`23`	`}`