From afba85309c7b55ead4827b61b23fe381be1c9636 Mon Sep 17 00:00:00 2001
From: Poovamraj T T <poovamraj@gmail.com>
Date: Wed, 15 Nov 2023 20:27:32 +0100
Subject: [PATCH] Update Auth0.Android to resolve CVE-2023-3635 (#660)

Co-authored-by: Evan Sims <hello@evansims.com>
---
 app/build.gradle                         |  6 ++--
 app/src/main/AndroidManifest.xml         |  1 +
 build.gradle                             |  6 ++--
 gradle/wrapper/gradle-wrapper.properties |  3 +-
 lib/build.gradle                         | 21 +++++---------
 lib/src/test/AndroidManifest.xml         | 35 ++++++++++++++++++++++++
 6 files changed, 49 insertions(+), 23 deletions(-)
 create mode 100644 lib/src/test/AndroidManifest.xml

diff --git a/app/build.gradle b/app/build.gradle
index bf5db1b7..1fe72582 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -4,12 +4,12 @@ plugins {
 apply plugin: 'kotlin-android'
 
 android {
-    compileSdkVersion 30
+    compileSdkVersion 33
 
     defaultConfig {
         applicationId "com.auth0.android.lock.app"
         minSdkVersion 21
-        targetSdkVersion 30
+        targetSdkVersion 33
         versionCode 1
         versionName "1.0"
         manifestPlaceholders = [auth0Domain: "@string/com_auth0_domain", auth0Scheme: "demo"]
@@ -48,6 +48,6 @@ dependencies {
     implementation project(':lock')
     implementation 'androidx.appcompat:appcompat:1.3.0'
     implementation 'com.google.android.material:material:1.4.0'
-    implementation "androidx.core:core-ktx:1.6.0"
+    implementation "androidx.core:core-ktx:1.9.0"
     implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
 }
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 547ab583..e5cd8b99 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -12,6 +12,7 @@
 
         <activity
             android:name=".DemoActivity"
+            android:exported="true"
             android:label="@string/app_name">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
diff --git a/build.gradle b/build.gradle
index 16288556..5e77b8d2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,7 +1,7 @@
 // Top-level build file where you can add configuration options common to all sub-projects/modules.
 
 buildscript {
-    ext.kotlin_version = '1.6.20'
+    ext.kotlin_version = '1.9.0'
     repositories {
         mavenCentral()
         maven {
@@ -10,9 +10,7 @@ buildscript {
         google()
     }
     dependencies {
-        // AGP 4.2.2 breaks 'unitTestVariants' usage
-        // See: https://github.com/openid/AppAuth-Android/issues/707
-        classpath 'com.android.tools.build:gradle:4.1.3'
+        classpath 'com.android.tools.build:gradle:4.2.2'
         classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
     }
 }
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 4e864489..d355f4c4 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,5 @@
-#Tue Jul 16 12:08:59 ART 2019
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.7.1-all.zip
diff --git a/lib/build.gradle b/lib/build.gradle
index 95712d36..e2174fd7 100644
--- a/lib/build.gradle
+++ b/lib/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.auth0.gradle.oss-library.android" version "0.15.1"
+    id "com.auth0.gradle.oss-library.android" version "0.18.0"
 }
 
 logger.lifecycle("Using version ${version} for ${name}")
@@ -23,11 +23,11 @@ oss {
 }
 
 android {
-    compileSdkVersion 30
+    compileSdkVersion 31
 
     defaultConfig {
         minSdkVersion 21
-        targetSdkVersion 30
+        targetSdkVersion 31
         versionCode 1
         versionName project.version
         consumerProguardFiles '../proguard/proguard-gson.pro', '../proguard/proguard-otto.pro', '../proguard/proguard-lock-2.pro'
@@ -51,13 +51,6 @@ android {
         }
     }
 
-    unitTestVariants.all {
-        it.mergedFlavor.manifestPlaceholders += [
-            auth0Domain: "johndoe.auth0.com",
-            auth0Scheme: "test"
-        ]
-    }
-
     compileOptions {
         sourceCompatibility 1.8
         targetCompatibility 1.8
@@ -71,14 +64,14 @@ dependencies {
     implementation 'com.google.android.material:material:1.4.0'
     implementation 'com.google.code.gson:gson:2.8.9'
     implementation 'com.squareup:otto:1.3.8'
-    api 'com.auth0.android:auth0:2.8.1'
+    api 'com.auth0.android:auth0:2.10.2'
     testImplementation 'junit:junit:4.13.2'
     testImplementation 'org.hamcrest:hamcrest-library:2.2'
     testImplementation 'org.robolectric:robolectric:4.4'
     testImplementation 'org.mockito:mockito-core:3.7.7'
-    testImplementation 'com.squareup.okhttp3:okhttp:4.10.0'
-    testImplementation 'com.squareup.okhttp3:mockwebserver:4.10.0'
-    testImplementation 'com.squareup.okhttp3:okhttp-tls:4.10.0'
+    testImplementation 'com.squareup.okhttp3:okhttp:4.12.0'
+    testImplementation 'com.squareup.okhttp3:mockwebserver:4.12.0'
+    testImplementation 'com.squareup.okhttp3:okhttp-tls:4.12.0'
     testImplementation 'com.jayway.awaitility:awaitility:1.7.0'
     testImplementation 'androidx.test.espresso:espresso-intents:3.4.0'
 }
diff --git a/lib/src/test/AndroidManifest.xml b/lib/src/test/AndroidManifest.xml
new file mode 100644
index 00000000..0be47f11
--- /dev/null
+++ b/lib/src/test/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.auth0.android.lock">
+
+    <uses-permission android:name="android.permission.INTERNET" />
+
+    <application>
+        <!--Auth0 WebAuthProvider-->
+        <activity
+            android:name="com.auth0.android.provider.RedirectActivity"
+            tools:node="remove">
+        </activity>
+        <!--Auth0 WebAuthProvider End-->
+
+        <!--Auth0 Lock-->
+        <activity
+            android:name="com.auth0.android.lock.LockActivity"
+            tools:node="remove"/>
+        <!--Auth0 Lock End-->
+
+        <!--Auth0 PasswordlessLock-->
+        <activity
+            android:name="com.auth0.android.lock.PasswordlessLockActivity"
+            tools:node="remove">
+        </activity>
+        <!--Auth0 PasswordlessLock End-->
+
+        <!--Auth0 Lock Passwordless SMS Country Code Selection-->
+        <activity
+            android:name="com.auth0.android.lock.CountryCodeActivity"
+            tools:node="remove"/>
+        <!--Auth0 Lock Passwordless SMS Country Code Selection-->
+    </application>
+
+</manifest>