Merge pull request #389 from ForgeRock/SDKS-2935

SDKS-2935 Added test coverage the failure outcome in the DeviceSigningVerifier node
ForgeRock · Feb 1, 2024 · 37648fb · 37648fb
2 parents e724054 + 45e3ae2
commit 37648fb
Show file tree

Hide file tree

Showing 5 changed files with 291 additions and 17 deletions.
diff --git a/.github/workflows/bitbar-prepare-artifacts.yaml b/.github/workflows/bitbar-prepare-artifacts.yaml
@@ -42,6 +42,10 @@ jobs:
       - name: Prepare device farm artifacts
         run: ./gradlew assembleDebugAndroidTest --stacktrace --no-daemon
 
+      # List the available build tools versions see https://github.com/r0adkll/sign-android-release/issues/84
+      - name: List build tools versions
+        run: ls /Users/runner/Library/Android/sdk/build-tools/
+
       # Sign auth-debug-androidTest.apk
       - name: Sign auth-debug-androidTest.apk
         uses: r0adkll/sign-android-release@v1
@@ -52,7 +56,7 @@ jobs:
           keyStorePassword: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}
           keyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }}
         env:
-          BUILD_TOOLS_VERSION: "30.0.3"
+          BUILD_TOOLS_VERSION: "34.0.0"
 
       # Sign forgerock-auth-debug-androidTest.apk
       - name: Sign forgerock-auth-debug-androidTest.apk
@@ -64,7 +68,7 @@ jobs:
           keyStorePassword: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}
           keyPassword: ${{ secrets.SIGNING_KEY_PASSWORD }}
         env:
-          BUILD_TOOLS_VERSION: "30.0.3"
+          BUILD_TOOLS_VERSION: "34.0.0"
 
       # Publish the signed APKs as build artifacts
       - name: Publish auth-debug-androidTest.apk

diff --git a/...-auth/src/androidTest/java/org/forgerock/android/auth/callback/BaseDeviceBindingTest.java b/...-auth/src/androidTest/java/org/forgerock/android/auth/callback/BaseDeviceBindingTest.java
@@ -31,7 +31,7 @@ public abstract class BaseDeviceBindingTest {
     protected static Context context = ApplicationProvider.getApplicationContext();
 
     // This test uses dynamic configuration with the following settings:
-    protected final static String AM_URL = "https://openam-sdks.forgeblocks.com/am";
+    protected final static String AM_URL = "https://openam-spetrov.forgeblocks.com/am";
     protected final static String REALM = "alpha";
     protected final static String OAUTH_CLIENT = "AndroidTest";
     protected final static String OAUTH_REDIRECT_URI = "org.forgerock.demo:/oauth2redirect";

diff --git a/...droidTest/java/org/forgerock/android/auth/callback/CustomDeviceSigningVerifierCallback.kt b/...droidTest/java/org/forgerock/android/auth/callback/CustomDeviceSigningVerifierCallback.kt
@@ -7,6 +7,8 @@
 
 package org.forgerock.android.auth.callback
 
+import android.content.Context
+import androidx.test.core.app.ApplicationProvider
 import com.nimbusds.jose.JOSEObjectType
 import com.nimbusds.jose.JWSAlgorithm
 import com.nimbusds.jose.JWSHeader
@@ -16,7 +18,8 @@ import com.nimbusds.jwt.SignedJWT
 import org.json.JSONObject
 import java.security.KeyPairGenerator
 import java.security.interfaces.RSAPrivateKey
-import java.util.*
+import java.util.Calendar
+import java.util.Date
 
 class CustomDeviceSigningVerifierCallback : DeviceSigningVerifierCallback {
     constructor() : super()
@@ -41,6 +44,9 @@ class CustomDeviceSigningVerifierCallback : DeviceSigningVerifierCallback {
         val header =
             JWSHeader.Builder(JWSAlgorithm.RS512).type(JOSEObjectType.JWT).keyID(kid).build()
         val payload = JWTClaimsSet.Builder().subject(sub).claim("challenge", challenge)
+            .issuer(ApplicationProvider.getApplicationContext<Context>().packageName)
+            .issueTime(Calendar.getInstance().time)
+            .notBeforeTime(Calendar.getInstance().time)
             .expirationTime(getExpiration(null)).build()
         val signedJWT = SignedJWT(header, payload)
         signedJWT.sign(RSASSASigner(rsaKey.private as RSAPrivateKey))

diff --git a/...h/src/androidTest/java/org/forgerock/android/auth/callback/DeviceBindingCallbackTest.java b/...h/src/androidTest/java/org/forgerock/android/auth/callback/DeviceBindingCallbackTest.java
@@ -346,6 +346,58 @@ public void onException(Exception e) {
         Assert.assertNotNull(FRSession.getCurrentSession());
         Assert.assertNotNull(FRSession.getCurrentSession().getSessionToken());
     }
+
+    /*
+     * Make sure that when user does NOT exist, the Device Binding node triggers the failure outcome (SDKS-2935)
+     */
+    @Test
+    public void testDeviceBindingUnknownUser() throws ExecutionException, InterruptedException {
+        final int[] hit = {0};
+        final int[] failureOutcome = {0};
+        NodeListenerFuture<FRSession> nodeListenerFuture = new DeviceBindingNodeListener(context, "default")
+        {
+            @Override
+            public void onCallbackReceived(Node node)
+            {
+                if (node.getCallback(DeviceSigningVerifierCallback.class) != null) {
+                    DeviceSigningVerifierCallback callback = node.getCallback(DeviceSigningVerifierCallback.class);
+
+                    Assertions.fail("Test failed: Received unexpected DeviceSigningVerifierCallback! (see SDKS-2169)" );
+                    return;
+                }
+                if (node.getCallback(NameCallback.class) != null) {
+                    hit[0]++;
+                    node.getCallback(NameCallback.class).setName("UNKNOWN-USER");
+                    node.next(context, this);
+                    return;
+                }
+                // Make sure that the "Failure" outcome has been triggered
+                if (node.getCallback(TextOutputCallback.class) != null) {
+                    TextOutputCallback textOutputCallback = node.getCallback(TextOutputCallback.class);
+                    assertThat(textOutputCallback.getMessage()).isEqualTo("Device Binding Failed");
+                    failureOutcome[0]++;
+
+                    node.next(context, this);
+                    return;
+                }
+
+                super.onCallbackReceived(node);
+            }
+        };
+
+        FRSession.authenticate(context, TREE, nodeListenerFuture);
+
+        // Ensure that the journey finishes with failure
+        thrown.expect(java.util.concurrent.ExecutionException.class);
+        thrown.expectMessage("ApiException{statusCode=401, error='', description='{\"code\":401,\"reason\":\"Unauthorized\",\"message\":\"Login failure\"}'}");
+
+        Assert.assertNull(nodeListenerFuture.get());
+        Assert.assertNull(FRSession.getCurrentSession());
+        Assert.assertNull(FRSession.getCurrentSession().getSessionToken());
+
+        assertThat(hit[0]).isEqualTo(1);
+        assertThat(failureOutcome[0]).isEqualTo(1);
+    }
 }