diff --git a/FirebaseAuth/Tests/SampleSwift/AuthenticationExampleUITests/AuthenticationExampleUITests.swift b/FirebaseAuth/Tests/SampleSwift/AuthenticationExampleUITests/AuthenticationExampleUITests.swift index d8d6b6eecf8..c22286cf996 100644 --- a/FirebaseAuth/Tests/SampleSwift/AuthenticationExampleUITests/AuthenticationExampleUITests.swift +++ b/FirebaseAuth/Tests/SampleSwift/AuthenticationExampleUITests/AuthenticationExampleUITests.swift @@ -309,36 +309,39 @@ class AuthenticationExampleUITests: XCTestCase { ) } - func testPasskeyList() { - signOut() - let testEmail = "sample.ios.auth@gmail.com" - let testPassword = "sample.ios.auth" - let testPasskeyName = "sampleiosauth" - app.staticTexts["Email & Password Login"].tap() - app.textFields["Email"].tap() - app.textFields["Email"].typeText(testEmail) - app.textFields["Password"].tap() - app.textFields["Password"].typeText(testPassword) - app.buttons["Login"].tap() - wait(forElement: app.navigationBars["User"], timeout: 5.0) - XCTAssertTrue(app.navigationBars["User"].exists) - XCTAssertTrue( - app.staticTexts[testEmail].exists, - "The user should be signed in and the email field should display their email." - ) - let userTable = app.tables.firstMatch - XCTAssertTrue(userTable.waitForExistence(timeout: 5.0), "User detail list should exist") - let passkeyLabel = userTable.staticTexts[testPasskeyName] - if !passkeyLabel.exists { - for _ in 0 ..< 5 where !passkeyLabel.exists { - userTable.swipeUp() + #if os(iOS) || os(tvOS) || os(macOS) + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testPasskeyList() { + signOut() + let testEmail = "sample.ios.auth@gmail.com" + let testPassword = "sample.ios.auth" + let testPasskeyName = "sampleiosauth" + app.staticTexts["Email & Password Login"].tap() + app.textFields["Email"].tap() + app.textFields["Email"].typeText(testEmail) + app.textFields["Password"].tap() + app.textFields["Password"].typeText(testPassword) + app.buttons["Login"].tap() + wait(forElement: app.navigationBars["User"], timeout: 5.0) + XCTAssertTrue(app.navigationBars["User"].exists) + XCTAssertTrue( + app.staticTexts[testEmail].exists, + "The user should be signed in and the email field should display their email." + ) + let userTable = app.tables.firstMatch + XCTAssertTrue(userTable.waitForExistence(timeout: 5.0), "User detail list should exist") + let passkeyLabel = userTable.staticTexts[testPasskeyName] + if !passkeyLabel.exists { + for _ in 0 ..< 5 where !passkeyLabel.exists { + userTable.swipeUp() + } } + XCTAssertTrue( + passkeyLabel.waitForExistence(timeout: 5.0), + "Passkey named '\(testPasskeyName)' should be visible in the Passkeys section." + ) } - XCTAssertTrue( - passkeyLabel.waitForExistence(timeout: 5.0), - "Passkey named '\(testPasskeyName)' should be visible in the Passkeys section." - ) - } + #endif // MARK: - Private Helpers diff --git a/FirebaseAuth/Tests/SampleSwift/SwiftApiTests/PasskeyTests.swift b/FirebaseAuth/Tests/SampleSwift/SwiftApiTests/PasskeyTests.swift new file mode 100644 index 00000000000..d5a1de75b91 --- /dev/null +++ b/FirebaseAuth/Tests/SampleSwift/SwiftApiTests/PasskeyTests.swift @@ -0,0 +1,270 @@ +/* + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if os(iOS) || os(tvOS) || os(macOS) + + import AuthenticationServices + @testable import FirebaseAuth + import Foundation + import XCTest + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + class PasskeyTests: TestsBase { + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testStartPasskeyEnrollmentResponseSuccess() async throws { + try await signInAnonymouslyAsync() + guard let user = Auth.auth().currentUser else { + XCTFail("Expected a signed-in user") + return + } + try? await user.reload() + let request = try await user.startPasskeyEnrollment(withName: "Test1Passkey") + XCTAssertFalse(request.relyingPartyIdentifier.isEmpty, "rpID should be non-empty") + XCTAssertFalse(request.challenge.isEmpty, "challenge should be non-empty") + XCTAssertNotNil(request.userID, "userID should be present") + XCTAssertNotNil(request as ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest) + try? await deleteCurrentUserAsync() + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testStartPasskeyEnrollmentFailureWithInvalidToken() async throws { + try await signInAnonymouslyAsync() + guard let user = Auth.auth().currentUser else { + XCTFail("Expected a signed-in user") + return + } + let config = user.requestConfiguration + let token = "invalidToken" + let badRequest = StartPasskeyEnrollmentRequest(idToken: token, requestConfiguration: config) + do { + _ = try await user.backend.call(with: badRequest) + XCTFail("Expected .invalidUserToken") + } catch { + let ns = error as NSError + if let code = AuthErrorCode(rawValue: ns.code) { + XCTAssertEqual(code, .invalidUserToken, "Expected .invalidUserToken, got \(code)") + } else { + XCTFail("Unexpected error: \(error)") + } + let message = (ns.userInfo[NSLocalizedDescriptionKey] as? String ?? "").uppercased() + XCTAssertTrue( + message + .contains( + "THIS USER'S CREDENTIAL ISN'T VALID FOR THIS PROJECT. THIS CAN HAPPEN IF THE USER'S TOKEN HAS BEEN TAMPERED WITH, OR IF THE USER DOESN’T BELONG TO THE PROJECT ASSOCIATED WITH THE API KEY USED IN YOUR REQUEST." + ), + "Expected invalidUserToken, got: \(message)" + ) + } + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testFinalizePasskeyEnrollmentFailureWithInvalidToken() async throws { + try await signInAnonymouslyAsync() + guard let user = Auth.auth().currentUser else { + XCTFail("Expected a signed-in user") + return + } + let badRequest = FinalizePasskeyEnrollmentRequest( + idToken: "invalidToken", + name: "fakeName", + credentialID: "fakeCredentialId".data(using: .utf8)!.base64EncodedString(), + clientDataJSON: "fakeClientData".data(using: .utf8)!.base64EncodedString(), + attestationObject: "fakeAttestion".data(using: .utf8)!.base64EncodedString(), + requestConfiguration: user.requestConfiguration + ) + do { + _ = try await user.backend.call(with: badRequest) + XCTFail("Expected invalid_user_token") + } catch { + let ns = error as NSError + if let code = AuthErrorCode(rawValue: ns.code) { + XCTAssertEqual(code, .invalidUserToken, "Expected .invalidUserToken, got \(code)") + } + let message = (ns.userInfo[NSLocalizedDescriptionKey] as? String ?? "").uppercased() + XCTAssertTrue( + message + .contains( + "THIS USER'S CREDENTIAL ISN'T VALID FOR THIS PROJECT. THIS CAN HAPPEN IF THE USER'S TOKEN HAS BEEN TAMPERED WITH, OR IF THE USER DOESN’T BELONG TO THE PROJECT ASSOCIATED WITH THE API KEY USED IN YOUR REQUEST." + ), + "Expected invalidUserToken, got: \(message)" + ) + } + try? await deleteCurrentUserAsync() + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testFinalizePasskeyEnrollmentFailureWithoutAttestation() async throws { + try await signInAnonymouslyAsync() + guard let user = Auth.auth().currentUser else { + XCTFail("Expected a signed-in user") + return + } + try? await user.reload() + let token = user.rawAccessToken() + let badRequest = FinalizePasskeyEnrollmentRequest( + idToken: token, + name: "fakeName", + credentialID: "fakeCredentialId".data(using: .utf8)!.base64EncodedString(), + clientDataJSON: "fakeClientData".data(using: .utf8)!.base64EncodedString(), + attestationObject: "fakeAttestion".data(using: .utf8)!.base64EncodedString(), + requestConfiguration: user.requestConfiguration + ) + do { + _ = try await user.backend.call(with: badRequest) + XCTFail("Expected invalid_authenticator_response") + } catch { + let ns = error as NSError + if let code = AuthErrorCode(rawValue: ns.code) { + XCTAssertEqual(code, .invalidAuthenticatorResponse, + "Expected .invalidAuthenticatorResponse, got \(code)") + } + let message = (ns.userInfo[NSLocalizedDescriptionKey] as? String ?? "").uppercased() + XCTAssertTrue( + message + .contains( + "DURING PASSKEY ENROLLMENT AND SIGN IN, THE AUTHENTICATOR RESPONSE IS NOT PARSEABLE, MISSING REQUIRED FIELDS, OR CERTAIN FIELDS ARE INVALID VALUES THAT COMPROMISE THE SECURITY OF THE SIGN-IN OR ENROLLMENT." + ), + "Expected INVALID_AUTHENTICATOR_RESPONSE, got: \(message)" + ) + } + try? await deleteCurrentUserAsync() + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testStartPasskeySignInSuccess() async throws { + let assertionRequest = try await Auth.auth().startPasskeySignIn() + XCTAssertFalse(assertionRequest.relyingPartyIdentifier.isEmpty, + "rpID should be non-empty") + XCTAssertFalse(assertionRequest.challenge.isEmpty, + "challenge should be non-empty") + XCTAssertNotNil( + assertionRequest as ASAuthorizationPlatformPublicKeyCredentialAssertionRequest + ) + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testFinalizePasskeySignInFailureInvalidAttestation() async throws { + let auth = Auth.auth() + let config = auth.requestConfiguration + let badRequest = FinalizePasskeySignInRequest( + credentialID: "fakeCredentialId".data(using: .utf8)!.base64EncodedString(), + clientDataJSON: "fakeClientData".data(using: .utf8)!.base64EncodedString(), + authenticatorData: "fakeAuthenticatorData".data(using: .utf8)!.base64EncodedString(), + signature: "fakeSignature".data(using: .utf8)!.base64EncodedString(), + userId: "fakeUID".data(using: .utf8)!.base64EncodedString(), + requestConfiguration: config + ) + do { + _ = try await auth.backend.call(with: badRequest) + } catch { + let ns = error as NSError + if let code = AuthErrorCode(rawValue: ns.code) { + XCTAssertEqual(code, .userNotFound) + } + } + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testFinalizePasskeySignInFailureIncorrectAttestation() async throws { + let auth = Auth.auth() + let config = auth.requestConfiguration + let badRequest = FinalizePasskeySignInRequest( + credentialID: "", + clientDataJSON: "", + authenticatorData: "", + signature: "", + userId: "", + requestConfiguration: config + ) + do { + _ = try await auth.backend.call(with: badRequest) + } catch { + let ns = error as NSError + if let code = AuthErrorCode(rawValue: ns.code) { + XCTAssertEqual(code, .userNotFound) + } + } + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func DRAFTtestUnenrollPasskeySuccess() async throws { + let testEmail = "sample.ios.auth@gmail.com" + let testPassword = "sample.ios.auth" + let testCredentialId = "cred_id" + let auth = Auth.auth() + try await auth.signIn(withEmail: testEmail, password: testPassword) + guard let user = Auth.auth().currentUser else { + XCTFail("Expected a signed-in user") + return + } + try? await user.reload() + let prevPasskeys = user.enrolledPasskeys ?? [] + XCTAssertTrue( + prevPasskeys.contains { $0.credentialID == testCredentialId }, + "Precondition failed: passkey \(testCredentialId) is not enrolled on this account." + ) + let prevCount = prevPasskeys.count + let _ = try await user.unenrollPasskey(withCredentialID: testCredentialId) + try? await user.reload() + let updatedPasskeys = user.enrolledPasskeys ?? [] + XCTAssertFalse( + updatedPasskeys.contains { $0.credentialID == testCredentialId }, + "Passkey \(testCredentialId) should be removed after unenroll." + ) + XCTAssertEqual( + updatedPasskeys.count, prevCount - 1, + "Exactly one passkey should have been removed." + ) + XCTAssertNil( + updatedPasskeys.first { $0.credentialID == testCredentialId }, + "Passkey \(testCredentialId) should not exist after unenroll." + ) + } + + @available(iOS 15.0, macOS 12.0, tvOS 16.0, *) + func testUnenrollPasskeyFailure() async throws { + let testEmail = "sample.ios.auth@gmail.com" + let testPassword = "sample.ios.auth" + let testCredentialId = "FCBopZ3mzjfPNXqWXXjAM/ZnnlQ=" + let auth = Auth.auth() + try await auth.signIn(withEmail: testEmail, password: testPassword) + guard let user = Auth.auth().currentUser else { + XCTFail("Expected a signed-in user") + return + } + try? await user.reload() + do { + let _ = try await user.unenrollPasskey(withCredentialID: testCredentialId) + XCTFail("Expected invalid passkey error") + } catch { + let ns = error as NSError + if let code = AuthErrorCode(rawValue: ns.code) { + XCTAssertEqual(code, .missingPasskeyEnrollment, + "Expected .missingPasskeyEnrollment, got \(code)") + } + let message = (ns.userInfo[NSLocalizedDescriptionKey] as? String ?? "").uppercased() + XCTAssertTrue( + message + .contains( + "CANNOT FIND THE PASSKEY LINKED TO THE CURRENT ACCOUNT" + ), + "Expected Missing Passkey Enrollment error, got: \(message)" + ) + } + } + } + +#endif diff --git a/FirebaseAuth/Tests/Unit/GetAccountInfoTests.swift b/FirebaseAuth/Tests/Unit/GetAccountInfoTests.swift index 46390ab8b89..d7f77c7c1f8 100644 --- a/FirebaseAuth/Tests/Unit/GetAccountInfoTests.swift +++ b/FirebaseAuth/Tests/Unit/GetAccountInfoTests.swift @@ -60,113 +60,116 @@ class GetAccountInfoTests: RPCBaseTests { ) } - /** @fn testSuccessfulGetAccountInfoResponse - @brief This test simulates a successful @c GetAccountInfo flow. - */ - func testSuccessfulGetAccountInfoResponse() async throws { - let kProviderUserInfoKey = "providerUserInfo" - let kPhotoUrlKey = "photoUrl" - let kTestPhotoURL = "testPhotoURL" - let kProviderIDkey = "providerId" - let kDisplayNameKey = "displayName" - let kTestDisplayName = "DisplayName" - let kFederatedIDKey = "federatedId" - let kTestFederatedID = "testFederatedId" - let kEmailKey = "email" - let kTestEmail = "testEmail" - let kPasswordHashKey = "passwordHash" - let kTestPasswordHash = "testPasswordHash" - let kTestProviderID = "testProviderID" - let kEmailVerifiedKey = "emailVerified" - let kLocalIDKey = "localId" - let kTestLocalID = "testLocalId" - let kPasskeysKey = "passkeyInfo" + #if os(iOS) || os(tvOS) || os(macOS) + + /** @fn testSuccessfulGetAccountInfoResponse + @brief This test simulates a successful @c GetAccountInfo flow. + */ + func testSuccessfulGetAccountInfoResponse() async throws { + let kProviderUserInfoKey = "providerUserInfo" + let kPhotoUrlKey = "photoUrl" + let kTestPhotoURL = "testPhotoURL" + let kProviderIDkey = "providerId" + let kDisplayNameKey = "displayName" + let kTestDisplayName = "DisplayName" + let kFederatedIDKey = "federatedId" + let kTestFederatedID = "testFederatedId" + let kEmailKey = "email" + let kTestEmail = "testEmail" + let kPasswordHashKey = "passwordHash" + let kTestPasswordHash = "testPasswordHash" + let kTestProviderID = "testProviderID" + let kEmailVerifiedKey = "emailVerified" + let kLocalIDKey = "localId" + let kTestLocalID = "testLocalId" + let kPasskeysKey = "passkeyInfo" - // Fake PasskeyInfo - let testCredentialId = "credential_id" - let testPasskeyName = "testPasskey" - let passkeys = [[ - "credentialId": testCredentialId, - "name": testPasskeyName, - ]] + // Fake PasskeyInfo + let testCredentialId = "credential_id" + let testPasskeyName = "testPasskey" + let passkeys = [[ + "credentialId": testCredentialId, + "name": testPasskeyName, + ]] - let usersIn = [[ - kProviderUserInfoKey: [[ - kProviderIDkey: kTestProviderID, + let usersIn = [[ + kProviderUserInfoKey: [[ + kProviderIDkey: kTestProviderID, + kDisplayNameKey: kTestDisplayName, + kPhotoUrlKey: kTestPhotoURL, + kFederatedIDKey: kTestFederatedID, + kEmailKey: kTestEmail, + ]], + kLocalIDKey: kTestLocalID, kDisplayNameKey: kTestDisplayName, - kPhotoUrlKey: kTestPhotoURL, - kFederatedIDKey: kTestFederatedID, kEmailKey: kTestEmail, - ]], - kLocalIDKey: kTestLocalID, - kDisplayNameKey: kTestDisplayName, - kEmailKey: kTestEmail, - kPhotoUrlKey: kTestPhotoURL, - kEmailVerifiedKey: true, - kPasswordHashKey: kTestPasswordHash, - kPasskeysKey: passkeys, - ] as [String: Any]] - let rpcIssuer = try XCTUnwrap(self.rpcIssuer) + kPhotoUrlKey: kTestPhotoURL, + kEmailVerifiedKey: true, + kPasswordHashKey: kTestPasswordHash, + kPasskeysKey: passkeys, + ] as [String: Any]] + let rpcIssuer = try XCTUnwrap(self.rpcIssuer) - rpcIssuer.respondBlock = { - try self.rpcIssuer.respond(withJSON: ["users": usersIn]) - } - let rpcResponse = try await authBackend.call(with: makeGetAccountInfoRequest()) + rpcIssuer.respondBlock = { + try self.rpcIssuer.respond(withJSON: ["users": usersIn]) + } + let rpcResponse = try await authBackend.call(with: makeGetAccountInfoRequest()) - let users = try XCTUnwrap(rpcResponse.users) - XCTAssertGreaterThan(users.count, 0) - let firstUser = try XCTUnwrap(users.first) - XCTAssertEqual(firstUser.photoURL?.absoluteString, kTestPhotoURL) - XCTAssertEqual(firstUser.displayName, kTestDisplayName) - XCTAssertEqual(firstUser.email, kTestEmail) - XCTAssertEqual(firstUser.localID, kTestLocalID) - XCTAssertTrue(firstUser.emailVerified) - let providerUserInfo = try XCTUnwrap(firstUser.providerUserInfo) - XCTAssertGreaterThan(providerUserInfo.count, 0) - let firstProviderUser = try XCTUnwrap(providerUserInfo.first) - XCTAssertEqual(firstProviderUser.photoURL?.absoluteString, kTestPhotoURL) - XCTAssertEqual(firstProviderUser.displayName, kTestDisplayName) - XCTAssertEqual(firstProviderUser.email, kTestEmail) - XCTAssertEqual(firstProviderUser.providerID, kTestProviderID) - XCTAssertEqual(firstProviderUser.federatedID, kTestFederatedID) - let enrolledPasskeys = try XCTUnwrap(firstUser.enrolledPasskeys) - XCTAssertEqual(enrolledPasskeys.count, 1) - XCTAssertEqual(enrolledPasskeys[0].credentialID, testCredentialId) - XCTAssertEqual(enrolledPasskeys[0].name, testPasskeyName) - } + let users = try XCTUnwrap(rpcResponse.users) + XCTAssertGreaterThan(users.count, 0) + let firstUser = try XCTUnwrap(users.first) + XCTAssertEqual(firstUser.photoURL?.absoluteString, kTestPhotoURL) + XCTAssertEqual(firstUser.displayName, kTestDisplayName) + XCTAssertEqual(firstUser.email, kTestEmail) + XCTAssertEqual(firstUser.localID, kTestLocalID) + XCTAssertTrue(firstUser.emailVerified) + let providerUserInfo = try XCTUnwrap(firstUser.providerUserInfo) + XCTAssertGreaterThan(providerUserInfo.count, 0) + let firstProviderUser = try XCTUnwrap(providerUserInfo.first) + XCTAssertEqual(firstProviderUser.photoURL?.absoluteString, kTestPhotoURL) + XCTAssertEqual(firstProviderUser.displayName, kTestDisplayName) + XCTAssertEqual(firstProviderUser.email, kTestEmail) + XCTAssertEqual(firstProviderUser.providerID, kTestProviderID) + XCTAssertEqual(firstProviderUser.federatedID, kTestFederatedID) + let enrolledPasskeys = try XCTUnwrap(firstUser.enrolledPasskeys) + XCTAssertEqual(enrolledPasskeys.count, 1) + XCTAssertEqual(enrolledPasskeys[0].credentialID, testCredentialId) + XCTAssertEqual(enrolledPasskeys[0].name, testPasskeyName) + } - func testInitWithMultipleEnrolledPasskeys() throws { - let passkey1: [String: AnyHashable] = ["name": "passkey1", "credentialId": "cred1"] - let passkey2: [String: AnyHashable] = ["name": "passkey2", "credentialId": "cred2"] - let userDict: [String: AnyHashable] = [ - "localId": "user123", - "email": "user@example.com", - "passkeyInfo": [passkey1, passkey2], - ] - let dict: [String: AnyHashable] = ["users": [userDict]] - let response = try GetAccountInfoResponse(dictionary: dict) - let users = try XCTUnwrap(response.users) - let firstUser = try XCTUnwrap(users.first) - let enrolledPasskeys = try XCTUnwrap(firstUser.enrolledPasskeys) - XCTAssertEqual(enrolledPasskeys.count, 2) - XCTAssertEqual(enrolledPasskeys[0].name, "passkey1") - XCTAssertEqual(enrolledPasskeys[0].credentialID, "cred1") - XCTAssertEqual(enrolledPasskeys[1].name, "passkey2") - XCTAssertEqual(enrolledPasskeys[1].credentialID, "cred2") - } + func testInitWithMultipleEnrolledPasskeys() throws { + let passkey1: [String: AnyHashable] = ["name": "passkey1", "credentialId": "cred1"] + let passkey2: [String: AnyHashable] = ["name": "passkey2", "credentialId": "cred2"] + let userDict: [String: AnyHashable] = [ + "localId": "user123", + "email": "user@example.com", + "passkeyInfo": [passkey1, passkey2], + ] + let dict: [String: AnyHashable] = ["users": [userDict]] + let response = try GetAccountInfoResponse(dictionary: dict) + let users = try XCTUnwrap(response.users) + let firstUser = try XCTUnwrap(users.first) + let enrolledPasskeys = try XCTUnwrap(firstUser.enrolledPasskeys) + XCTAssertEqual(enrolledPasskeys.count, 2) + XCTAssertEqual(enrolledPasskeys[0].name, "passkey1") + XCTAssertEqual(enrolledPasskeys[0].credentialID, "cred1") + XCTAssertEqual(enrolledPasskeys[1].name, "passkey2") + XCTAssertEqual(enrolledPasskeys[1].credentialID, "cred2") + } - func testInitWithNoEnrolledPasskeys() throws { - let userDict: [String: AnyHashable] = [ - "localId": "user123", - "email": "user@example.com", - // No "passkeys" present - ] - let dict: [String: AnyHashable] = ["users": [userDict]] - let response = try GetAccountInfoResponse(dictionary: dict) - let users = try XCTUnwrap(response.users) - let firstUser = try XCTUnwrap(users.first) - XCTAssertNil(firstUser.enrolledPasskeys) - } + func testInitWithNoEnrolledPasskeys() throws { + let userDict: [String: AnyHashable] = [ + "localId": "user123", + "email": "user@example.com", + // No "passkeys" present + ] + let dict: [String: AnyHashable] = ["users": [userDict]] + let response = try GetAccountInfoResponse(dictionary: dict) + let users = try XCTUnwrap(response.users) + let firstUser = try XCTUnwrap(users.first) + XCTAssertNil(firstUser.enrolledPasskeys) + } + #endif private func makeGetAccountInfoRequest() -> GetAccountInfoRequest { return GetAccountInfoRequest(accessToken: kTestAccessToken, diff --git a/FirebaseAuth/Tests/Unit/SetAccountInfoTests.swift b/FirebaseAuth/Tests/Unit/SetAccountInfoTests.swift index 7283c2e2c71..65107e0382c 100644 --- a/FirebaseAuth/Tests/Unit/SetAccountInfoTests.swift +++ b/FirebaseAuth/Tests/Unit/SetAccountInfoTests.swift @@ -36,170 +36,173 @@ class SetAccountInfoTests: RPCBaseTests { XCTAssertEqual(decodedRequest.count, 0) } - func testSetAccountInfoRequestOptionalFields() async throws { - let kIDTokenKey = "idToken" - let kDisplayNameKey = "displayName" - let kTestDisplayName = "testDisplayName" - let kLocalIDKey = "localId" - let kTestLocalID = "testLocalId" - let kEmailKey = "email" - let ktestEmail = "testEmail" - let kPasswordKey = "password" - let kTestPassword = "testPassword" - let kPhotoURLKey = "photoUrl" - let kTestPhotoURL = "testPhotoUrl" - let kProvidersKey = "provider" - let kTestProviders = "testProvider" - let kOOBCodeKey = "oobCode" - let kTestOOBCode = "testOobCode" - let kEmailVerifiedKey = "emailVerified" - let kUpgradeToFederatedLoginKey = "upgradeToFederatedLogin" - let kCaptchaChallengeKey = "captchaChallenge" - let kTestCaptchaChallenge = "TestCaptchaChallenge" - let kCaptchaResponseKey = "captchaResponse" - let kTestCaptchaResponse = "TestCaptchaResponse" - let kDeleteAttributesKey = "deleteAttribute" - let kTestDeleteAttributes = "TestDeleteAttributes" - let kDeleteProvidersKey = "deleteProvider" - let kTestDeleteProviders = "TestDeleteProviders" - let kReturnSecureTokenKey = "returnSecureToken" - let kTestAccessToken = "accessToken" - let kDeletePasskeysKey = "deletePasskey" - let kDeletePasskey = "credential_id" - let kExpectedAPIURL = - "https://www.googleapis.com/identitytoolkit/v3/relyingparty/setAccountInfo?key=APIKey" + #if os(iOS) || os(tvOS) || os(macOS) - let request = setAccountInfoRequest() - request.accessToken = kTestAccessToken - request.displayName = kTestDisplayName - request.localID = kTestLocalID - request.email = ktestEmail - request.password = kTestPassword - request.providers = [kTestProviders] - request.oobCode = kTestOOBCode - request.emailVerified = true - request.photoURL = URL(string: kTestPhotoURL) - request.upgradeToFederatedLogin = true - request.captchaChallenge = kTestCaptchaChallenge - request.captchaResponse = kTestCaptchaResponse - request.deleteAttributes = [kTestDeleteAttributes] - request.deleteProviders = [kTestDeleteProviders] - request.deletePasskeys = [kDeletePasskey] + func testSetAccountInfoRequestOptionalFields() async throws { + let kIDTokenKey = "idToken" + let kDisplayNameKey = "displayName" + let kTestDisplayName = "testDisplayName" + let kLocalIDKey = "localId" + let kTestLocalID = "testLocalId" + let kEmailKey = "email" + let ktestEmail = "testEmail" + let kPasswordKey = "password" + let kTestPassword = "testPassword" + let kPhotoURLKey = "photoUrl" + let kTestPhotoURL = "testPhotoUrl" + let kProvidersKey = "provider" + let kTestProviders = "testProvider" + let kOOBCodeKey = "oobCode" + let kTestOOBCode = "testOobCode" + let kEmailVerifiedKey = "emailVerified" + let kUpgradeToFederatedLoginKey = "upgradeToFederatedLogin" + let kCaptchaChallengeKey = "captchaChallenge" + let kTestCaptchaChallenge = "TestCaptchaChallenge" + let kCaptchaResponseKey = "captchaResponse" + let kTestCaptchaResponse = "TestCaptchaResponse" + let kDeleteAttributesKey = "deleteAttribute" + let kTestDeleteAttributes = "TestDeleteAttributes" + let kDeleteProvidersKey = "deleteProvider" + let kTestDeleteProviders = "TestDeleteProviders" + let kReturnSecureTokenKey = "returnSecureToken" + let kTestAccessToken = "accessToken" + let kDeletePasskeysKey = "deletePasskey" + let kDeletePasskey = "credential_id" + let kExpectedAPIURL = + "https://www.googleapis.com/identitytoolkit/v3/relyingparty/setAccountInfo?key=APIKey" - try await checkRequest( - request: request, - expected: kExpectedAPIURL, - key: kIDTokenKey, - value: kTestAccessToken - ) - let decodedRequest = try XCTUnwrap(rpcIssuer.decodedRequest) - XCTAssertEqual(decodedRequest[kIDTokenKey] as? String, kTestAccessToken) - XCTAssertEqual(decodedRequest[kDisplayNameKey] as? String, kTestDisplayName) - XCTAssertEqual(decodedRequest[kLocalIDKey] as? String, kTestLocalID) - XCTAssertEqual(decodedRequest[kEmailKey] as? String, ktestEmail) - XCTAssertEqual(decodedRequest[kPasswordKey] as? String, kTestPassword) - XCTAssertEqual(decodedRequest[kPhotoURLKey] as? String, kTestPhotoURL) - XCTAssertEqual(decodedRequest[kProvidersKey] as? [String], [kTestProviders]) - XCTAssertEqual(decodedRequest[kOOBCodeKey] as? String, kTestOOBCode) - XCTAssertEqual(decodedRequest[kEmailVerifiedKey] as? Bool, true) - XCTAssertEqual(decodedRequest[kUpgradeToFederatedLoginKey] as? Bool, true) - XCTAssertEqual(decodedRequest[kCaptchaChallengeKey] as? String, kTestCaptchaChallenge) - XCTAssertEqual(decodedRequest[kCaptchaResponseKey] as? String, kTestCaptchaResponse) - XCTAssertEqual(decodedRequest[kDeleteAttributesKey] as? [String], [kTestDeleteAttributes]) - XCTAssertEqual(decodedRequest[kDeleteProvidersKey] as? [String], [kTestDeleteProviders]) - XCTAssertEqual(decodedRequest[kReturnSecureTokenKey] as? Bool, true) - XCTAssertEqual(decodedRequest[kDeletePasskeysKey] as? [String], [kDeletePasskey]) - } + let request = setAccountInfoRequest() + request.accessToken = kTestAccessToken + request.displayName = kTestDisplayName + request.localID = kTestLocalID + request.email = ktestEmail + request.password = kTestPassword + request.providers = [kTestProviders] + request.oobCode = kTestOOBCode + request.emailVerified = true + request.photoURL = URL(string: kTestPhotoURL) + request.upgradeToFederatedLogin = true + request.captchaChallenge = kTestCaptchaChallenge + request.captchaResponse = kTestCaptchaResponse + request.deleteAttributes = [kTestDeleteAttributes] + request.deleteProviders = [kTestDeleteProviders] + request.deletePasskeys = [kDeletePasskey] - func testSetAccountInfoErrors() async throws { - let kEmailExistsErrorMessage = "EMAIL_EXISTS" - let kEmailSignUpNotAllowedErrorMessage = "OPERATION_NOT_ALLOWED" - let kPasswordLoginDisabledErrorMessage = "PASSWORD_LOGIN_DISABLED" - let kCredentialTooOldErrorMessage = "CREDENTIAL_TOO_OLD_LOGIN_AGAIN" - let kInvalidUserTokenErrorMessage = "INVALID_ID_TOKEN" - let kUserDisabledErrorMessage = "USER_DISABLED" - let kInvalidEmailErrorMessage = "INVALID_EMAIL" - let kExpiredActionCodeErrorMessage = "EXPIRED_OOB_CODE:" - let kInvalidActionCodeErrorMessage = "INVALID_OOB_CODE" - let kInvalidMessagePayloadErrorMessage = "INVALID_MESSAGE_PAYLOAD" - let kInvalidSenderErrorMessage = "INVALID_SENDER" - let kInvalidRecipientEmailErrorMessage = "INVALID_RECIPIENT_EMAIL" - let kWeakPasswordErrorMessage = "WEAK_PASSWORD : Password should be at least 6 characters" - let kWeakPasswordClientErrorMessage = "Password should be at least 6 characters" - let kInvalidCredentialIdForPasskeyUnenroll = "PASSKEY_ENROLLMENT_NOT_FOUND" + try await checkRequest( + request: request, + expected: kExpectedAPIURL, + key: kIDTokenKey, + value: kTestAccessToken + ) + let decodedRequest = try XCTUnwrap(rpcIssuer.decodedRequest) + XCTAssertEqual(decodedRequest[kIDTokenKey] as? String, kTestAccessToken) + XCTAssertEqual(decodedRequest[kDisplayNameKey] as? String, kTestDisplayName) + XCTAssertEqual(decodedRequest[kLocalIDKey] as? String, kTestLocalID) + XCTAssertEqual(decodedRequest[kEmailKey] as? String, ktestEmail) + XCTAssertEqual(decodedRequest[kPasswordKey] as? String, kTestPassword) + XCTAssertEqual(decodedRequest[kPhotoURLKey] as? String, kTestPhotoURL) + XCTAssertEqual(decodedRequest[kProvidersKey] as? [String], [kTestProviders]) + XCTAssertEqual(decodedRequest[kOOBCodeKey] as? String, kTestOOBCode) + XCTAssertEqual(decodedRequest[kEmailVerifiedKey] as? Bool, true) + XCTAssertEqual(decodedRequest[kUpgradeToFederatedLoginKey] as? Bool, true) + XCTAssertEqual(decodedRequest[kCaptchaChallengeKey] as? String, kTestCaptchaChallenge) + XCTAssertEqual(decodedRequest[kCaptchaResponseKey] as? String, kTestCaptchaResponse) + XCTAssertEqual(decodedRequest[kDeleteAttributesKey] as? [String], [kTestDeleteAttributes]) + XCTAssertEqual(decodedRequest[kDeleteProvidersKey] as? [String], [kTestDeleteProviders]) + XCTAssertEqual(decodedRequest[kReturnSecureTokenKey] as? Bool, true) + XCTAssertEqual(decodedRequest[kDeletePasskeysKey] as? [String], [kDeletePasskey]) + } - try await checkBackendError( - request: setAccountInfoRequest(), - message: kEmailExistsErrorMessage, - errorCode: AuthErrorCode.emailAlreadyInUse - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kEmailSignUpNotAllowedErrorMessage, - errorCode: AuthErrorCode.operationNotAllowed - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kPasswordLoginDisabledErrorMessage, - errorCode: AuthErrorCode.operationNotAllowed - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kUserDisabledErrorMessage, - errorCode: AuthErrorCode.userDisabled - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidUserTokenErrorMessage, - errorCode: AuthErrorCode.invalidUserToken - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kCredentialTooOldErrorMessage, - errorCode: AuthErrorCode.requiresRecentLogin - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kWeakPasswordErrorMessage, - errorCode: AuthErrorCode.weakPassword, - errorReason: kWeakPasswordClientErrorMessage - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidEmailErrorMessage, - errorCode: AuthErrorCode.invalidEmail - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidActionCodeErrorMessage, - errorCode: AuthErrorCode.invalidActionCode - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kExpiredActionCodeErrorMessage, - errorCode: AuthErrorCode.expiredActionCode - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidMessagePayloadErrorMessage, - errorCode: AuthErrorCode.invalidMessagePayload - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidSenderErrorMessage, - errorCode: AuthErrorCode.invalidSender - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidRecipientEmailErrorMessage, - errorCode: AuthErrorCode.invalidRecipientEmail - ) - try await checkBackendError( - request: setAccountInfoRequest(), - message: kInvalidCredentialIdForPasskeyUnenroll, - errorCode: AuthErrorCode.missingPasskeyEnrollment - ) - } + func testSetAccountInfoErrors() async throws { + let kEmailExistsErrorMessage = "EMAIL_EXISTS" + let kEmailSignUpNotAllowedErrorMessage = "OPERATION_NOT_ALLOWED" + let kPasswordLoginDisabledErrorMessage = "PASSWORD_LOGIN_DISABLED" + let kCredentialTooOldErrorMessage = "CREDENTIAL_TOO_OLD_LOGIN_AGAIN" + let kInvalidUserTokenErrorMessage = "INVALID_ID_TOKEN" + let kUserDisabledErrorMessage = "USER_DISABLED" + let kInvalidEmailErrorMessage = "INVALID_EMAIL" + let kExpiredActionCodeErrorMessage = "EXPIRED_OOB_CODE:" + let kInvalidActionCodeErrorMessage = "INVALID_OOB_CODE" + let kInvalidMessagePayloadErrorMessage = "INVALID_MESSAGE_PAYLOAD" + let kInvalidSenderErrorMessage = "INVALID_SENDER" + let kInvalidRecipientEmailErrorMessage = "INVALID_RECIPIENT_EMAIL" + let kWeakPasswordErrorMessage = "WEAK_PASSWORD : Password should be at least 6 characters" + let kWeakPasswordClientErrorMessage = "Password should be at least 6 characters" + let kInvalidCredentialIdForPasskeyUnenroll = "PASSKEY_ENROLLMENT_NOT_FOUND" + + try await checkBackendError( + request: setAccountInfoRequest(), + message: kEmailExistsErrorMessage, + errorCode: AuthErrorCode.emailAlreadyInUse + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kEmailSignUpNotAllowedErrorMessage, + errorCode: AuthErrorCode.operationNotAllowed + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kPasswordLoginDisabledErrorMessage, + errorCode: AuthErrorCode.operationNotAllowed + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kUserDisabledErrorMessage, + errorCode: AuthErrorCode.userDisabled + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidUserTokenErrorMessage, + errorCode: AuthErrorCode.invalidUserToken + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kCredentialTooOldErrorMessage, + errorCode: AuthErrorCode.requiresRecentLogin + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kWeakPasswordErrorMessage, + errorCode: AuthErrorCode.weakPassword, + errorReason: kWeakPasswordClientErrorMessage + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidEmailErrorMessage, + errorCode: AuthErrorCode.invalidEmail + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidActionCodeErrorMessage, + errorCode: AuthErrorCode.invalidActionCode + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kExpiredActionCodeErrorMessage, + errorCode: AuthErrorCode.expiredActionCode + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidMessagePayloadErrorMessage, + errorCode: AuthErrorCode.invalidMessagePayload + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidSenderErrorMessage, + errorCode: AuthErrorCode.invalidSender + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidRecipientEmailErrorMessage, + errorCode: AuthErrorCode.invalidRecipientEmail + ) + try await checkBackendError( + request: setAccountInfoRequest(), + message: kInvalidCredentialIdForPasskeyUnenroll, + errorCode: AuthErrorCode.missingPasskeyEnrollment + ) + } + #endif /** @fn testSuccessfulSetAccountInfoResponse @brief This test simulates a successful @c SetAccountInfo flow.