Skip to content

fix(recaptcha, integrity): Implement robust error handling and explicit status propagation#3622

Open
camaleon03 wants to merge 1 commit into
microg:masterfrom
camaleon03:fix/firebase-appcheck-17499
Open

fix(recaptcha, integrity): Implement robust error handling and explicit status propagation#3622
camaleon03 wants to merge 1 commit into
microg:masterfrom
camaleon03:fix/firebase-appcheck-17499

Conversation

@camaleon03

Copy link
Copy Markdown

Overview

This PR addresses edge-case failures within both the play-services-recaptcha and play-services-integrity (vending-app) modules where system exceptions or communication timeouts were flattened into generic internal errors or left unresolved. By capturing these exceptions dynamically and converting them into explicit GMS status codes, client SDKs (such as Firebase App Check) can execute their native fallback pathways rather than hanging or resorting to unauthenticated placeholder tokens.


Detailed Changes

1. reCAPTCHA Enterprise Module Enhancement

  • RecaptchaWebImpl.kt: Enclosed the javascript execution coroutine and its 10-second delay within a structured try-catch block. On execution failure or a timeout state:
    • Gracefully stops the webView instance loading.
    • Flushes the state by directing it to about:blank and nullifying the instance reference to eliminate stale contexts.
    • Explicitly throws an ApiException embedding RecaptchaStatusCodes.RECAPTCHA_FEATURE_OFF.
  • RecaptchaService.kt: Updated the invocation catch blocks in RecaptchaServiceImpl. Instead of blindly invoking callbacks with a static Status.INTERNAL_ERROR, it attempts to safely resolve the exact status from the ApiException. It passes the true status context directly down to onHandle, onData, and onResults.

2. Play Integrity API Module Enhancement

  • IntegrityService.kt: Enhanced requestIntegrityToken against silent failures across the DroidGuard and token retrieval pipeline:
    • DroidGuard Isolation: Wrapped DroidGuard binder execution in a local try-catch. Failures or internal error prefixes (INTEGRITY_PREFIX_ERROR) now explicitly trigger a StandardIntegrityException bound to IntegrityErrorCode.CANNOT_BIND_TO_SERVICE.
    • Empty Token Payloads: If the server infrastructure returns a validation wrapper missing an explicit token, the service throws IntegrityErrorCode.API_NOT_AVAILABLE instead of masking it as a generic internal issue.
    • Callback Reliability: Upgraded .onFailure resolution. It dynamically resolves the exception code via (it as? StandardIntegrityException)?.code and incorporates a fallback to the bound request packageName if integrityData remains uninitialized, guaranteeing reliable IPC/Binder execution under heavy failure states.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Closes #2851

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BOUNTY] Support Play Integrity over remote DroidGuard + Server/Guide [$35]

1 participant