Address review comments for UseUserAccessGroup implementation

google-labs-jules[bot] · google-labs-jules[bot] · commit 993d778ad39d · 2025-06-27T20:41:48.000Z
This commit incorporates feedback from the code review:

- Updated Doxygen comments in `auth.h` for `UseUserAccessGroup` to refer to Firebase iOS SDK documentation for keychain details, removing the extensive inline explanation.
- Corrected the error code in `auth_ios.mm` from the non-existent `kAuthErrorUninitialized` to `kAuthErrorFailure` when `auth_data_` is null.
- Added a new integration test `TestUseUserAccessGroupDoesNotCrash` in `auth/integration_test/src/integration_test.cc`. This test calls the function with a sample group and nullptr, checking for `kAuthErrorNone` or `kAuthErrorKeychainError` on iOS (to ensure no crash even if keychain isn't fully set up in test env) and `kAuthErrorNone` on other platforms, primarily ensuring the calls do not crash.
diff --git a/auth/integration_test/src/integration_test.cc b/auth/integration_test/src/integration_test.cc
@@ -1043,6 +1043,35 @@ TEST_F(FirebaseAuthTest, TestWithCustomEmailAndPassword) {
   EXPECT_EQ(auth_->current_user().email(), kCustomTestEmail);
 }
 
+TEST_F(FirebaseAuthTest, TestUseUserAccessGroupDoesNotCrash) {
+  // This test primarily ensures that calling UseUserAccessGroup doesn't crash
+  // on any platform. On iOS, it would actually attempt to call the underlying
+  // OS function. On other platforms, it's a stub.
+  LogDebug("Calling UseUserAccessGroup with a test group name.");
+  firebase::auth::AuthError error =
+      auth_->UseUserAccessGroup("com.google.firebase.test.accessgroup");
+#if TARGET_OS_IPHONE
+  // On iOS, this might return an error if keychain sharing isn't set up
+  // for the test app, but it shouldn't crash. We accept kAuthErrorNone or
+  // kAuthErrorKeychainError.
+  EXPECT_THAT(error, AnyOf(firebase::auth::kAuthErrorNone,
+                           firebase::auth::kAuthErrorKeychainError));
+#else
+  // On other platforms, it should be a no-op and return kAuthErrorNone.
+  EXPECT_EQ(error, firebase::auth::kAuthErrorNone);
+#endif
+
+  LogDebug("Calling UseUserAccessGroup with nullptr.");
+  error = auth_->UseUserAccessGroup(nullptr);
+#if TARGET_OS_IPHONE
+  EXPECT_THAT(error, AnyOf(firebase::auth::kAuthErrorNone,
+                           firebase::auth::kAuthErrorKeychainError));
+#else
+  EXPECT_EQ(error, firebase::auth::kAuthErrorNone);
+#endif
+  LogDebug("UseUserAccessGroup calls completed.");
+}
+
 TEST_F(FirebaseAuthTest, TestAuthPersistenceWithAnonymousSignin) {
   // Automated test is disabled on linux due to the need to unlock the keystore.
   SKIP_TEST_ON_LINUX;
diff --git a/auth/src/include/firebase/auth.h b/auth/src/include/firebase/auth.h
@@ -505,11 +505,9 @@ class Auth {
   /// @brief Modifies this Auth instance to use the specified keychain access
   /// group.
   ///
-  /// Accessing the keychain requires that the application has the keychain
-  /// sharing capability and that the level of entitling access to the keychain
-  /// is `any` (런타임에 여러 앱에서 키체인 항목을 공유하도록 허용). See
-  /// https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps
-  /// for more details.
+  /// For more details on how to configure keychain access groups and capabilities
+  /// on iOS, please refer to the Firebase iOS SDK documentation and Apple's
+  /// documentation on keychain services.
   ///
   /// @note This method is only functional on iOS. On other platforms, it's a
   /// no-op and will return kAuthErrorNone.
@@ -518,7 +516,7 @@ class Auth {
   /// to use the default app bundle ID access group.
   ///
   /// @return kAuthErrorNone on success, or an AuthError code if an error
-  /// occurred.
+  /// occurred (iOS only).
   AuthError UseUserAccessGroup(const char* access_group);
 
   /// Returns the Auth object for an App. Creates the Auth if required.
diff --git a/auth/src/ios/auth_ios.mm b/auth/src/ios/auth_ios.mm
@@ -592,7 +592,7 @@ void SignInCallback(FIRUser *_Nullable user, NSError *_Nullable error,
 
 AuthError Auth::UseUserAccessGroup(const char* access_group) {
   if (!auth_data_) {
-    return kAuthErrorUninitialized;
+    return kAuthErrorFailure;  // Or a more specific "not initialized" error if available
   }
   NSString* ns_access_group = access_group ? @(access_group) : nil;
   NSError* error = nil;

Original file line number	Diff line number	Diff line change
`@@ -592,7 +592,7 @@ void SignInCallback(FIRUser _Nullable user, NSError _Nullable error,`
`592`	`592`
`593`	`593`	`AuthError Auth::UseUserAccessGroup(const char* access_group) {`
`594`	`594`	`if (!auth_data_) {`
`595`		`- return kAuthErrorUninitialized;`
	`595`	`+ return kAuthErrorFailure; // Or a more specific "not initialized" error if available`
`596`	`596`	`}`
`597`	`597`	`NSString* ns_access_group = access_group ? @(access_group) : nil;`
`598`	`598`	`NSError* error = nil;`