Update Auth0.Android to resolve CVE-2023-3635 (#660)

Co-authored-by: Evan Sims <[email protected]>
auth0 · Nov 15, 2023 · afba853 · afba853
1 parent 084e6de
commit afba853
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 23 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -4,12 +4,12 @@ plugins {
 apply plugin: 'kotlin-android'
 
 android {
-    compileSdkVersion 30
+    compileSdkVersion 33
 
     defaultConfig {
         applicationId "com.auth0.android.lock.app"
         minSdkVersion 21
-        targetSdkVersion 30
+        targetSdkVersion 33
         versionCode 1
         versionName "1.0"
         manifestPlaceholders = [auth0Domain: "@string/com_auth0_domain", auth0Scheme: "demo"]
@@ -48,6 +48,6 @@ dependencies {
     implementation project(':lock')
     implementation 'androidx.appcompat:appcompat:1.3.0'
     implementation 'com.google.android.material:material:1.4.0'
-    implementation "androidx.core:core-ktx:1.6.0"
+    implementation "androidx.core:core-ktx:1.9.0"
     implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
 }
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -12,6 +12,7 @@
 
         <activity
             android:name=".DemoActivity"
+            android:exported="true"
             android:label="@string/app_name">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />

diff --git a/build.gradle b/build.gradle
@@ -1,7 +1,7 @@
 // Top-level build file where you can add configuration options common to all sub-projects/modules.
 
 buildscript {
-    ext.kotlin_version = '1.6.20'
+    ext.kotlin_version = '1.9.0'
     repositories {
         mavenCentral()
         maven {
@@ -10,9 +10,7 @@ buildscript {
         google()
     }
     dependencies {
-        // AGP 4.2.2 breaks 'unitTestVariants' usage
-        // See: https://github.com/openid/AppAuth-Android/issues/707
-        classpath 'com.android.tools.build:gradle:4.1.3'
+        classpath 'com.android.tools.build:gradle:4.2.2'
         classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
     }
 }

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,5 @@
-#Tue Jul 16 12:08:59 ART 2019
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.7.1-all.zip
diff --git a/lib/build.gradle b/lib/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.auth0.gradle.oss-library.android" version "0.15.1"
+    id "com.auth0.gradle.oss-library.android" version "0.18.0"
 }
 
 logger.lifecycle("Using version ${version} for ${name}")
@@ -23,11 +23,11 @@ oss {
 }
 
 android {
-    compileSdkVersion 30
+    compileSdkVersion 31
 
     defaultConfig {
         minSdkVersion 21
-        targetSdkVersion 30
+        targetSdkVersion 31
         versionCode 1
         versionName project.version
         consumerProguardFiles '../proguard/proguard-gson.pro', '../proguard/proguard-otto.pro', '../proguard/proguard-lock-2.pro'
@@ -51,13 +51,6 @@ android {
         }
     }
 
-    unitTestVariants.all {
-        it.mergedFlavor.manifestPlaceholders += [
-            auth0Domain: "johndoe.auth0.com",
-            auth0Scheme: "test"
-        ]
-    }
-
     compileOptions {
         sourceCompatibility 1.8
         targetCompatibility 1.8
@@ -71,14 +64,14 @@ dependencies {
     implementation 'com.google.android.material:material:1.4.0'
     implementation 'com.google.code.gson:gson:2.8.9'
     implementation 'com.squareup:otto:1.3.8'
-    api 'com.auth0.android:auth0:2.8.1'
+    api 'com.auth0.android:auth0:2.10.2'
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'org.hamcrest:hamcrest-library:2.2'
     testImplementation 'org.robolectric:robolectric:4.4'
     testImplementation 'org.mockito:mockito-core:3.7.7'
-    testImplementation 'com.squareup.okhttp3:okhttp:4.10.0'
-    testImplementation 'com.squareup.okhttp3:mockwebserver:4.10.0'
-    testImplementation 'com.squareup.okhttp3:okhttp-tls:4.10.0'
+    testImplementation 'com.squareup.okhttp3:okhttp:4.12.0'
+    testImplementation 'com.squareup.okhttp3:mockwebserver:4.12.0'
+    testImplementation 'com.squareup.okhttp3:okhttp-tls:4.12.0'
     testImplementation 'com.jayway.awaitility:awaitility:1.7.0'
     testImplementation 'androidx.test.espresso:espresso-intents:3.4.0'
 }
diff --git a/lib/src/test/AndroidManifest.xml b/lib/src/test/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.auth0.android.lock">
+
+    <uses-permission android:name="android.permission.INTERNET" />
+
+    <application>
+        <!--Auth0 WebAuthProvider-->
+        <activity
+            android:name="com.auth0.android.provider.RedirectActivity"
+            tools:node="remove">
+        </activity>
+        <!--Auth0 WebAuthProvider End-->
+
+        <!--Auth0 Lock-->
+        <activity
+            android:name="com.auth0.android.lock.LockActivity"
+            tools:node="remove"/>
+        <!--Auth0 Lock End-->
+
+        <!--Auth0 PasswordlessLock-->
+        <activity
+            android:name="com.auth0.android.lock.PasswordlessLockActivity"
+            tools:node="remove">
+        </activity>
+        <!--Auth0 PasswordlessLock End-->
+
+        <!--Auth0 Lock Passwordless SMS Country Code Selection-->
+        <activity
+            android:name="com.auth0.android.lock.CountryCodeActivity"
+            tools:node="remove"/>
+        <!--Auth0 Lock Passwordless SMS Country Code Selection-->
+    </application>
+
+</manifest>