Merge branch '1.x' into feat/1.x-integration-tests

.changes/check-permission-on-macos.md

@@ -0,0 +1,5 @@
+---
+"tauri": "patch:bug"
+---
+
+Fix check temporary path permission on macos.

.changes/fix-test-invoke-key.md

@@ -0,0 +1,5 @@
+---
+"tauri": patch:bug
+---
+
+Added `test::INVOKE_KEY` to be used in `tauri::InvokePayload` when testing using `test::assert_ipc_response` and `test::get_ipc_response`.

core/tauri/src/api/path.rs

@@ -293,7 +293,7 @@ pub fn resolve_path<P: AsRef<Path>>(
       BaseDirectory::App => app_config_dir(config),
       #[allow(deprecated)]
       BaseDirectory::Log => app_log_dir(config),
-      BaseDirectory::Temp => Some(temp_dir()),
+      BaseDirectory::Temp => temp_dir().canonicalize().ok(),
       BaseDirectory::AppConfig => app_config_dir(config),
       BaseDirectory::AppData => app_data_dir(config),
       BaseDirectory::AppLocalData => app_local_data_dir(config),

core/tauri/src/app.rs

@@ -989,6 +989,9 @@ pub struct Builder<R: Runtime> {
   /// The script that initializes the `window.__TAURI_POST_MESSAGE__` function.
   invoke_initialization_script: String,
 
+  /// Invoke key. Used to secure IPC calls.
+  pub(crate) invoke_key: String,
+
   /// The setup hook.
   setup: SetupHook<R>,
 
@@ -1047,6 +1050,7 @@ impl<R: Runtime> Builder<R> {
       invoke_responder: Arc::new(window_invoke_responder),
       invoke_initialization_script:
         format!("Object.defineProperty(window, '__TAURI_POST_MESSAGE__', {{ value: (message) => window.ipc.postMessage({}(message)) }})", crate::manager::STRINGIFY_IPC_MESSAGE_FN),
+      invoke_key: crate::generate_invoke_key().expect("failed to generate invoke key"),
       on_page_load: Box::new(|_, _| ()),
       pending_windows: Default::default(),
       plugins: PluginStore::default(),
@@ -1569,7 +1573,7 @@ impl<R: Runtime> Builder<R> {
       self.window_event_listeners,
       (self.menu, self.menu_event_listeners),
       (self.invoke_responder, self.invoke_initialization_script),
-      crate::generate_invoke_key()?,
+      self.invoke_key,
     );
 
     let http_scheme = manager.config().tauri.security.dangerous_use_http_scheme;

core/tauri/src/endpoints/operating_system.rs

@@ -42,7 +42,7 @@ impl Cmd {
   }
 
   fn tempdir<R: Runtime>(_context: InvokeContext<R>) -> super::Result<PathBuf> {
-    Ok(std::env::temp_dir())
+    Ok(std::env::temp_dir().canonicalize()?)
   }
 
   fn locale<R: Runtime>(_context: InvokeContext<R>) -> super::Result<Option<String>> {

core/tauri/src/scope/fs.rs

@@ -391,4 +391,29 @@ mod tests {
       assert!(scope.is_allowed("C:\\home\\tauri\\anyfile"));
     }
   }
+
+  #[cfg(unix)]
+  #[test]
+  fn check_temp_dir() {
+    use std::{
+      env::temp_dir,
+      fs::{remove_file, write},
+    };
+
+    let scope = new_scope();
+    scope
+      .allow_directory(temp_dir().canonicalize().unwrap(), true)
+      .unwrap();
+
+    let test_temp_file = temp_dir().canonicalize().unwrap().join("tauri_test_file");
+    if test_temp_file.exists() {
+      remove_file(test_temp_file.clone()).unwrap();
+    }
+
+    assert!(scope.is_allowed(test_temp_file.clone()));
+
+    write(test_temp_file.clone(), ".").unwrap();
+
+    assert!(scope.is_allowed(test_temp_file.clone()));
+  }
 }

core/tauri/src/test/mod.rs

@@ -50,6 +50,7 @@
 //!         callback: tauri::api::ipc::CallbackFn(0),
 //!         error: tauri::api::ipc::CallbackFn(1),
 //!         inner: serde_json::Value::Null,
+//!         invoke_key: Some(tauri::test::INVOKE_KEY.into()),
 //!       },
 //!       Ok(())
 //!     );
@@ -85,6 +86,9 @@ use tauri_utils::{
   config::{CliConfig, Config, PatternKind, TauriConfig},
 };
 
+/// The invoke key used for tests.
+pub const INVOKE_KEY: &str = "__invoke-key__";
+
 /// A key for an [`Ipc`] call.
 #[derive(Eq, PartialEq)]
 struct IpcKey {
@@ -197,6 +201,8 @@ pub fn mock_context<A: Assets>(assets: A) -> crate::Context<A> {
 pub fn mock_builder() -> Builder<MockRuntime> {
   let mut builder = Builder::<MockRuntime>::new().manage(Ipc(Default::default()));
 
+  builder.invoke_key = INVOKE_KEY.to_string();
+
   builder.invoke_responder = Arc::new(|window, response, callback, error| {
     let window_ = window.clone();
     let ipc = window_.state::<Ipc>();
@@ -250,6 +256,7 @@ pub fn mock_app() -> App<MockRuntime> {
 ///       callback: tauri::api::ipc::CallbackFn(0),
 ///       error: tauri::api::ipc::CallbackFn(1),
 ///       inner: serde_json::Value::Null,
+///       invoke_key: Some(tauri::test::INVOKE_KEY.into()),
 ///     },
 ///     // the expected response is a success with the "pong" payload
 ///     // we could also use Err("error message") here to ensure the command failed
@@ -303,6 +310,7 @@ pub fn assert_ipc_response<T: Serialize + Debug>(
 ///     callback: tauri::api::ipc::CallbackFn(0),
 ///     error: tauri::api::ipc::CallbackFn(1),
 ///     inner: serde_json::Value::Null,
+///     invoke_key: Some(tauri::test::INVOKE_KEY.into()),
 ///   });
 /// assert_eq!(res, Ok("pong".into()))
 /// ```

tooling/bundler/src/bundle/windows/nsis.rs

@@ -68,10 +68,13 @@ pub fn bundle_project(settings: &Settings, updater: bool) -> crate::Result<Vec<P
     .map(|d| d.join(".tauri"))
     .unwrap_or_else(|| dirs_next::cache_dir().unwrap().join("tauri"));
 
+  if !tauri_tools_path.exists() {
+    create_dir_all(&tauri_tools_path)?;
+  }
+
   let nsis_toolset_path = tauri_tools_path.join("NSIS");
 
   if !nsis_toolset_path.exists() {
-    create_dir_all(&nsis_toolset_path)?;
     get_and_extract_nsis(&nsis_toolset_path, &tauri_tools_path)?;
   } else if NSIS_REQUIRED_FILES
     .iter()