Fulfill the mfa and scopes

Author: Yuki-YuXin

MSAL/test/integration/native_auth/end_to_end/credentials/MSALNativeAuthUserAccountEndToEndTests.swift

@@ -93,4 +93,38 @@ final class MSALNativeAuthUserAccountEndToEndTests: MSALNativeAuthEndToEndPasswo
         XCTAssertTrue(credentialsDelegateSpy.onAccessTokenRetrieveErrorCalled)
         XCTAssertTrue(credentialsDelegateSpy.error!.errorDescription!.contains("Send an interactive authorization request for this user and resource."))
     }
+    
+    // Sign in with username and password with extra scopes to get access token and validate the scopes
+    func test_signInWithExtraScopes() async throws {
+#if os(macOS)
+        throw XCTSkip("Bundle id for macOS is not added to the client id, test is not needed on both iOS and macOS")
+#endif
+        guard let sut = initialisePublicClientApplication(), let username = retrieveUsernameForSignInUsernameAndPassword(), let password = await retrievePasswordForSignInUsername() else {
+            XCTFail("Missing information")
+            return
+        }
+
+        let signInExpectation = expectation(description: "signing in")
+        let signInDelegateSpy = SignInPasswordStartDelegateSpy(expectation: signInExpectation)
+
+        sut.signIn(username: username, password: password, scopes: ["User.Read"], correlationId: correlationId, delegate: signInDelegateSpy)
+
+        await fulfillment(of: [signInExpectation])
+
+        XCTAssertTrue(signInDelegateSpy.onSignInCompletedCalled)
+        XCTAssertNotNil(signInDelegateSpy.result?.idToken)
+        XCTAssertEqual(signInDelegateSpy.result?.account.username, username)
+
+        let getAccessTokenExpectation = expectation(description: "getting access token")
+        let credentialsDelegateSpy = CredentialsDelegateSpy(expectation: getAccessTokenExpectation)
+
+        signInDelegateSpy.result?.getAccessToken(scopes: ["User.Read"], delegate: credentialsDelegateSpy)
+
+        await fulfillment(of: [getAccessTokenExpectation])
+
+        XCTAssertTrue(credentialsDelegateSpy.onAccessTokenRetrieveCompletedCalled)
+        XCTAssertNotNil(credentialsDelegateSpy.result?.accessToken)
+        XCTAssertNotNil(credentialsDelegateSpy.result?.scopes)
+        XCTAssertTrue(credentialsDelegateSpy.result!.scopes.contains("User.Read"))
+    }
 }

MSAL/test/integration/native_auth/end_to_end/reset_password/MSALNativeAuthResetPasswordEndToEndTests.swift

@@ -236,7 +236,7 @@ final class MSALNativeAuthResetPasswordEndToEndTests: MSALNativeAuthEndToEndBase
             return
         }
 
-        let username = "invalid"
+        let username = "invalid"  // TODO: use social account instead
 
         let resetPasswordFailureExp = expectation(description: "reset password user not found")
         let resetPasswordStartDelegate = ResetPasswordStartDelegateSpy(expectation: resetPasswordFailureExp)

MSAL/test/integration/native_auth/end_to_end/sign_in/MSALNativeAuthSignInUserNameAndPasswordEndToEndTests.swift

@@ -113,9 +113,41 @@ final class MSALNativeAuthSignInUsernameAndPasswordEndToEndTests: MSALNativeAuth
     }
 
     // User Case 1.2.5. Sign In - User signs in with account B, while data for account A already exists in SDK persistence
-    // The same as 1.2.4
+    func test_signInWithAccountSigned() async throws {
+        guard let sut = initialisePublicClientApplication(), let username = retrieveUsernameForSignInUsernameAndPassword(), let password = await retrievePasswordForSignInUsername() else {
+            XCTFail("Missing information")
+            return
+        }
+
+        let signInExpectation = expectation(description: "signing in")
+        let signInDelegateSpy = SignInPasswordStartDelegateSpy(expectation: signInExpectation)
+
+        sut.signIn(username: username, password: password, correlationId: correlationId, delegate: signInDelegateSpy)
+
+        await fulfillment(of: [signInExpectation])
+
+        XCTAssertTrue(signInDelegateSpy.onSignInCompletedCalled)
+        XCTAssertNotNil(signInDelegateSpy.result?.idToken)
+        XCTAssertEqual(signInDelegateSpy.result?.account.username, username)
+        
+        // Now signed in the account again
+        let signInExpectation2 = expectation(description: "signing in")
+        let signInDelegateSpy2 = SignInPasswordStartDelegateSpy(expectation: signInExpectation2)
+        
+        let uesrname2 = retrieveUsernameForSignInCode()
+
+        sut.signIn(username: uesrname2, password: password, correlationId: correlationId, delegate: signInDelegateSpy2)
+        
+        XCTAssertTrue(signInDelegateSpy2.error!.description, "An account is already signed in.")
+    }
 
-    // User Case 1.2.6. Sign In - Ability to provide scope to control auth strength of the token
+    /* User Case 1.2.6. Sign In - Ability to provide scope to control auth strength of the token
+        Please refer to Crendentials test (test_signInWithExtraScopes())
+     
+        sut.signIn(username: username, password: password, scopes: ["User.Read"], correlationId: correlationId, delegate: signInDelegateSpy)
+        ...
+        XCTAssertTrue(credentialsDelegateSpy.result!.scopes.contains("User.Read"))
+    */
 
     // User Case 1.2.7. Sign In - User email is registered with email OTP auth method, which is supported by the developer
     func test_signInWithOTPSufficientChallengeResultsInSuccess() async throws {
@@ -149,8 +181,14 @@ final class MSALNativeAuthSignInUsernameAndPasswordEndToEndTests: MSALNativeAuth
         XCTAssertTrue(signInPasswordRequiredDelegateSpy.onSignInCompletedCalled)
     }
 
-    // User Case 1.2.8. Sign In - User attempts to sign in with email and password, but server requires second factor authentication (MFA OTP)
-    // Please refer to MFA End to End Test
+    /* User Case 1.2.8. Sign In - User attempts to sign in with email and password, but server requires second factor authentication (MFA OTP)
+       Please refer to MFA Test (test_signInAuthenticationContextClaim_mfaFlowIsTriggeredAndAccessTokenContainsClaims)
+     
+        awaitingMFAState.requestChallenge(delegate: mfaDelegateSpy)
+        ...
+        newMfaRequiredState.submitChallenge(challenge: code, delegate: mfaSubmitChallengeDelegateSpy)
+        ...
+    */
 
     // User Case 1.2.9. Sign In - User email is registered with email OTP auth method, which is not supported by the developer (aka redirect flow)
     func test_signInWithOTPInsufficientChallengeResultsInError() async throws {
@@ -170,7 +208,6 @@ final class MSALNativeAuthSignInUsernameAndPasswordEndToEndTests: MSALNativeAuth
         XCTAssertTrue(signInDelegateSpy.error!.isBrowserRequired)
     }
 
-    
     // Sign in - Password is incorrect (sent over delegate.newStatePasswordRequired)
     func test_signInAndSendingIncorrectPasswordResultsInError() async throws {
         guard let sut = initialisePublicClientApplication(), let username = retrieveUsernameForSignInUsernameAndPassword() else {

MSAL/test/integration/native_auth/end_to_end/sign_in/MSALNativeAuthSignInUsernameEndToEndTests.swift

@@ -162,7 +162,12 @@ final class MSALNativeAuthSignInUsernameEndToEndTests: MSALNativeAuthEndToEndBas
     }
 
     /* User Case 2.2.6 Sign In - Ability to provide scope to control auth strength of the token
-    Please refer to SignInUsernameAndPasswordEndToEndTests 1.2.6 for the test*/
+        Please refer to Crendentials test (test_signInWithExtraScopes())
+     
+        sut.signIn(username: username, password: password, scopes: ["User.Read"], correlationId: correlationId, delegate: signInDelegateSpy)
+        ...
+        XCTAssertTrue(credentialsDelegateSpy.result!.scopes.contains("User.Read"))
+     */
 
     // Hero Scenario 2.2.7. Sign in - Invalid OTP code
     func test_signInAndSendingIncorrectOTPResultsInError() async throws {