Prepare release 2.2.1 (#114)

* Fix Retrieve Existing request ID behavior for PROCESSING state (#95)

* Fix Retrieve Existing request ID behavior for PENDING state

* Add distinction between Pending & Processing

* Code cleanup (and research on proguard rules being handed to consumers) (#98)

* Add proguard rules to project for automatic client consumption

* Fix constant name after renaming class

* Concrete R8 rules are actually not needed

* Add enum for GrantType (#99)

* Update Robolectric dependency (#102)

* Update changelog

* Use Epoch usec for Analytics timestamp (#107)

* Add UT for Analytics (#108)

* Refresh Auth Token for Customer Request (#109)

* Initial support for Unauthorized Customer Request refresh

* Add useful docs about token refresh window

* Improve logging for CashAppCashAppPayImpl

* Use Duration instead of Long for better time handling

* Remove not needed call to interrupt

* Schedule auth token refresh on `startWithExistingCustomerRequest` when status is "pending"

* Support deferred auth token refresh upon authorize call

* Better thread safety and handling

* Update comment

* Add new Refreshing state (#110)

* Add Refreshing state

* Use better explicit tag for logging

* Abstract thread managment away from main class (#113)

* Redact PII for logs and metrics (#112)

* Redact PII for logs and metrics

* Add UTs for PiiString

* Swap redact with unredacted defaults

* Redact more fields; move redaction step to encoding

* Prepare release 2.2.1

* Add changelog

Author: pedronveloso

CHANGELOG.md

@@ -1,3 +1,12 @@
+# 2.2.1
+
+Here's what has changed on this release:
+
+ - Information that can be considered PII is now marked as such by implementing the interface `PiiContent`.
+   - This is possibly a breaking change, but in practice for the majority of people out there, these shouldn't be properties that you're using.
+  - Improved Thread management to prevent memory leaks and unexpected behavior.
+
+
 # 2.2.0
 
 In this release of our open source SDK, we've made a significant update that involves modifying the date types within our returned payloads from string to Instant. Please note that this modification is a breaking change. Here's what has been altered:

build.gradle

@@ -52,11 +52,11 @@ subprojects { subproject ->
   }
 }
 
-def NEXT_VERSION = "2.2.1-SNAPSHOT"
+def NEXT_VERSION = "2.2.2-SNAPSHOT"
 
 allprojects {
   group = 'app.cash.paykit'
-  version = '2.2.0'
+  version = '2.2.1'
 
   plugins.withId("com.vanniktech.maven.publish.base") {
     mavenPublishing {

core/src/main/java/app/cash/paykit/core/analytics/PayKitAnalyticsEventDispatcherImpl.kt

@@ -42,6 +42,7 @@ import app.cash.paykit.core.models.analytics.payloads.AnalyticsInitializationPay
 import app.cash.paykit.core.models.common.Action
 import app.cash.paykit.core.models.common.NetworkResult.Failure
 import app.cash.paykit.core.models.common.NetworkResult.Success
+import app.cash.paykit.core.models.pii.PiiString
 import app.cash.paykit.core.models.request.CustomerRequestDataFactory.CHANNEL_IN_APP
 import app.cash.paykit.core.models.response.CustomerResponseData
 import app.cash.paykit.core.models.response.Grant
@@ -67,7 +68,7 @@ internal class PayKitAnalyticsEventDispatcherImpl(
   private val sdkEnvironment: String,
   private val payKitAnalytics: PayKitAnalytics,
   private val networkManager: NetworkManager,
-  private val moshi: Moshi = MoshiProvider.provideDefault(),
+  private val moshi: Moshi = MoshiProvider.provideDefault(redactPii = true),
   private val uuidManager: UUIDManager = UUIDManagerRealImpl(),
   private val clock: Clock = ClockRealImpl(),
 ) : PayKitAnalyticsEventDispatcher {
@@ -233,8 +234,8 @@ internal class PayKitAnalyticsEventDispatcherImpl(
       action = stateToAnalyticsAction(actionType),
       createActions = apiActionsAsJson,
       createChannel = CHANNEL_IN_APP,
-      createRedirectUrl = redirectUri,
-      createReferenceId = possibleReferenceId,
+      createRedirectUrl = redirectUri?.let { PiiString(redirectUri) },
+      createReferenceId = possibleReferenceId?.let { PiiString(possibleReferenceId) },
       environment = sdkEnvironment,
     )
   }

core/src/main/java/app/cash/paykit/core/impl/CashAppCashAppPayImpl.kt

@@ -52,6 +52,11 @@ import app.cash.paykit.core.models.response.STATUS_APPROVED
 import app.cash.paykit.core.models.response.STATUS_PENDING
 import app.cash.paykit.core.models.response.STATUS_PROCESSING
 import app.cash.paykit.core.models.sdk.CashAppPayPaymentAction
+import app.cash.paykit.core.utils.SingleThreadManager
+import app.cash.paykit.core.utils.SingleThreadManagerImpl
+import app.cash.paykit.core.utils.ThreadPurpose.CHECK_APPROVAL_STATUS
+import app.cash.paykit.core.utils.ThreadPurpose.DEFERRED_REFRESH
+import app.cash.paykit.core.utils.ThreadPurpose.REFRESH_AUTH_TOKEN
 import app.cash.paykit.core.utils.orElse
 import kotlinx.datetime.Clock
 import kotlin.time.Duration
@@ -67,6 +72,7 @@ internal class CashAppCashAppPayImpl(
   private val analyticsEventDispatcher: PayKitAnalyticsEventDispatcher,
   private val payKitLifecycleListener: CashAppPayLifecycleObserver,
   private val useSandboxEnvironment: Boolean = false,
+  private val singleThreadManager: SingleThreadManager = SingleThreadManagerImpl(),
   initialState: CashAppPayState = NotStarted,
   initialCustomerResponseData: CustomerResponseData? = null,
 ) : CashAppPay, CashAppPayLifecycleListener {
@@ -75,9 +81,6 @@ internal class CashAppCashAppPayImpl(
 
   private var customerResponseData: CustomerResponseData? = initialCustomerResponseData
 
-  private var checkForApprovalThread: Thread? = null
-  private var refreshUnauthorizedThread: Thread? = null
-
   private var currentState: CashAppPayState = initialState
     set(value) {
       field = value
@@ -265,24 +268,20 @@ internal class CashAppCashAppPayImpl(
    */
   private fun deferredAuthorizeCustomerRequest() {
     // Stop the thread that refreshes the customer request.
-    try {
-      refreshUnauthorizedThread?.interrupt()
-    } catch (e: Exception) {
-      logError("Error while interrupting previous thread. Exception: $e")
-    }
+    singleThreadManager.interruptThread(REFRESH_AUTH_TOKEN)
 
     currentState = Refreshing
 
     logInfo("Will refresh customer request before proceeding with authorization.")
-    Thread {
+    singleThreadManager.createThread(DEFERRED_REFRESH) {
       val networkResult = networkManager.retrieveUpdatedRequestData(
         clientId,
         customerResponseData!!.id,
       )
       if (networkResult is Failure) {
         logError("Failed to refresh expired auth token customer request.")
         currentState = CashAppPayExceptionState(networkResult.exception)
-        return@Thread
+        return@createThread
       }
       logInfo("Refreshed customer request with SUCCESS")
       customerResponseData = (networkResult as Success).data.customerResponseData
@@ -357,12 +356,7 @@ internal class CashAppCashAppPayImpl(
     analyticsEventDispatcher.shutdown()
 
     // Stop any polling operations that might be running.
-    try {
-      refreshUnauthorizedThread?.interrupt()
-      checkForApprovalThread?.interrupt()
-    } catch (e: Exception) {
-      logError("Error while interrupting threads. Exception: $e")
-    }
+    singleThreadManager.interruptAllThreads()
   }
 
   private fun enforceRegisteredStateUpdatesListener() {
@@ -376,14 +370,14 @@ internal class CashAppCashAppPayImpl(
   }
 
   private fun poolTransactionStatus() {
-    checkForApprovalThread = Thread {
+    singleThreadManager.createThread(CHECK_APPROVAL_STATUS) {
       val networkResult = networkManager.retrieveUpdatedRequestData(
         clientId,
         customerResponseData!!.id,
       )
       if (networkResult is Failure) {
         currentState = CashAppPayExceptionState(networkResult.exception)
-        return@Thread
+        return@createThread
       }
       customerResponseData = (networkResult as Success).data.customerResponseData
 
@@ -397,47 +391,39 @@ internal class CashAppCashAppPayImpl(
           try {
             Thread.sleep(500)
           } catch (e: InterruptedException) {
-            return@Thread
+            return@createThread
           }
 
           poolTransactionStatus()
-          return@Thread
+          return@createThread
         }
 
         // Unsuccessful transaction.
         setStateFinished(false)
       }
-    }
-    checkForApprovalThread?.safeStart(errorMessage = "Could not start checkForApprovalThread.")
+    }.safeStart(errorMessage = "Could not start checkForApprovalThread.")
   }
 
   private fun refreshUnauthorizedCustomerRequest(delay: Duration) {
-    // Before starting a new thread, cancel any previous one.
-    try {
-      refreshUnauthorizedThread?.interrupt()
-    } catch (e: Exception) {
-      logError("Error while interrupting previous thread. Exception: $e")
-    }
-
-    refreshUnauthorizedThread = Thread {
+    singleThreadManager.createThread(REFRESH_AUTH_TOKEN) {
       try {
         Thread.sleep(delay.inWholeMilliseconds)
       } catch (e: InterruptedException) {
-        return@Thread
+        return@createThread
       }
 
       // Stop refreshing if the request has expired.
       val currentTime = Clock.System.now()
       val hasExpired = customerResponseData?.expiresAt?.let { expiresAt -> currentTime > expiresAt } ?: false
       if (hasExpired) {
         logError("Customer request has expired. Stopping refresh.")
-        return@Thread
+        return@createThread
       }
 
       if (currentState !is ReadyToAuthorize) {
         // In this case, we don't want to retry since we're in a state that doesn't allow it.
         logError("Not refreshing unauthorized customer request because state is not ReadyToAuthorize")
-        return@Thread
+        return@createThread
       }
 
       val networkResult = networkManager.retrieveUpdatedRequestData(
@@ -449,14 +435,12 @@ internal class CashAppCashAppPayImpl(
 
         // Retry refreshing unauthorized customer request.
         refreshUnauthorizedCustomerRequest(delay)
-        return@Thread
+        return@createThread
       }
       logInfo("Refreshed customer request with SUCCESS")
       customerResponseData = (networkResult as Success).data.customerResponseData
       refreshUnauthorizedCustomerRequest(delay)
-    }
-
-    refreshUnauthorizedThread?.safeStart("Could not start refreshUnauthorizedThread.", onError = {
+    }.safeStart("Could not start refreshUnauthorizedThread.", onError = {
       refreshUnauthorizedCustomerRequest(delay)
     })
   }

core/src/main/java/app/cash/paykit/core/models/analytics/payloads/AnalyticsCustomerRequestPayload.kt

@@ -15,6 +15,7 @@
  */
 package app.cash.paykit.core.models.analytics.payloads
 
+import app.cash.paykit.core.models.pii.PiiString
 import com.squareup.moshi.Json
 import com.squareup.moshi.JsonClass
 
@@ -60,11 +61,11 @@ data class AnalyticsCustomerRequestPayload(
 
   // The redirect URL when creating a Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_create_redirect_url")
-  val createRedirectUrl: String? = null,
+  val createRedirectUrl: PiiString? = null,
 
   // The reference ID when creating a Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_create_reference_id")
-  val createReferenceId: String? = null,
+  val createReferenceId: PiiString? = null,
 
   // A string built from the metadata when creating a Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_create_metadata")
@@ -96,7 +97,7 @@ data class AnalyticsCustomerRequestPayload(
 
   // The redirect URL of the Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_redirect_url")
-  val redirectUrl: String? = null,
+  val redirectUrl: PiiString? = null,
 
   // The created at timestamp of the Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_created_at")
@@ -120,7 +121,7 @@ data class AnalyticsCustomerRequestPayload(
 
   // The reference ID of the Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_reference_id")
-  val referenceId: String? = null,
+  val referenceId: PiiString? = null,
 
   // The name of the Requester Profile in the Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_requester_name")
@@ -132,7 +133,7 @@ data class AnalyticsCustomerRequestPayload(
 
   // The Cashtag of the Customer Profile in the Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_customer_cashtag")
-  val customerCashTag: String? = null,
+  val customerCashTag: PiiString? = null,
 
   // A string built from the metadata in the Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_metadata")
@@ -148,7 +149,7 @@ data class AnalyticsCustomerRequestPayload(
 
   // The reference ID when updating a Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_update_reference_id")
-  val updateReferenceId: String? = null,
+  val updateReferenceId: PiiString? = null,
 
   // The redirect URL when creating a Customer Request.
   @Json(name = "mobile_cap_pk_customer_request_update_metadata")

core/src/main/java/app/cash/paykit/core/models/pii/PiiContent.kt

@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2023 Cash App
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package app.cash.paykit.core.models.pii
+
+/**
+ * This is a marker interface for PII content (Personal Identifiable Information). It is meant to signal to the developer that a object
+ * of this class contains PII and should be treated as such.
+ */
+interface PiiContent

core/src/main/java/app/cash/paykit/core/models/pii/PiiString.kt

@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2023 Cash App
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package app.cash.paykit.core.models.pii
+
+/**
+ * A string that has been classified as Personal Identifiable Information (PII).
+ *
+ */
+class PiiString(private var value: String) : PiiContent {
+
+  override fun toString(): String {
+    return value
+  }
+}

core/src/main/java/app/cash/paykit/core/models/request/CustomerRequestData.kt

@@ -16,6 +16,7 @@
 package app.cash.paykit.core.models.request
 
 import app.cash.paykit.core.models.common.Action
+import app.cash.paykit.core.models.pii.PiiString
 import com.squareup.moshi.Json
 import com.squareup.moshi.JsonClass
 
@@ -26,5 +27,5 @@ data class CustomerRequestData(
   @Json(name = "channel")
   val channel: String?,
   @Json(name = "redirect_url")
-  val redirectUri: String?,
+  val redirectUri: PiiString?,
 )

core/src/main/java/app/cash/paykit/core/models/request/CustomerRequestDataFactory.kt

@@ -16,6 +16,7 @@
 package app.cash.paykit.core.models.request
 
 import app.cash.paykit.core.models.common.Action
+import app.cash.paykit.core.models.pii.PiiString
 import app.cash.paykit.core.models.sdk.CashAppPayPaymentAction
 import app.cash.paykit.core.models.sdk.CashAppPayPaymentAction.OnFileAction
 import app.cash.paykit.core.models.sdk.CashAppPayPaymentAction.OneTimeAction
@@ -53,7 +54,7 @@ object CustomerRequestDataFactory {
       CustomerRequestData(
         actions = actions,
         channel = CHANNEL_IN_APP,
-        redirectUri = redirectUri,
+        redirectUri = redirectUri?.let { PiiString(redirectUri) },
       )
     }
   }

core/src/main/java/app/cash/paykit/core/models/response/CustomerProfile.kt

@@ -15,6 +15,7 @@
  */
 package app.cash.paykit.core.models.response
 
+import app.cash.paykit.core.models.pii.PiiString
 import com.squareup.moshi.Json
 import com.squareup.moshi.JsonClass
 
@@ -23,5 +24,5 @@ data class CustomerProfile(
   @Json(name = "id")
   val id: String,
   @Json(name = "cashtag")
-  val cashTag: String,
+  val cashTag: PiiString,
 )