Merge pull request #265 from FusionAuth/miker/issue-264-sample-application-view

Update the Sample Application View to match the UI in iOS SDK.

Author: mrudatsprint

.github/workflows/mobsf.yml

@@ -49,7 +49,7 @@ jobs:
       - name: Run mobsfscan
         uses: MobSF/mobsfscan@3d87bc570c4614d705547bddb521395663dba353 # 0.4.5
         with:
-          args: . --sarif --output mobsf.sarif.json || true
+          args: . --config .mobsf.yml --sarif --output mobsf.sarif.json || true
 
       # Uploads Sarif Report to GitHub
       - name: Upload mobsfscan report

.mobsf.yml

@@ -0,0 +1,5 @@
+ignore-paths:
+  - app/src
+
+ignore-rules:
+  - android_logging

SECURITY.md

@@ -7,6 +7,7 @@ For Responsible Disclosure Program, Discovering Security Vulnerabilities
 
 | SDK Version   | Tested FusionAuth Version | Tested Android API Level | Supported          |
 |---------------|---------------------------|--------------------------|--------------------|
+| \>= 1.0.0     | 1.57 - 1.60               | 31 - 36                  | :white_check_mark: |
 | \>= 0.2.0     | 1.51 - 1.56               | 29 - 35                  | :white_check_mark: |
 | 0.1.6         | 1.47 - 1.51               | 29 - 34                  | :x:                |
 | 0.1.4 - 0.1.5 | 1.47 - 1.50               | 29 - 34                  | :x:                |

app/src/androidTest/java/io/fusionauth/sdk/FullEnd2EndTest.kt

@@ -38,201 +38,142 @@ internal class FullEnd2EndTest {
     @get:Rule
     val repeatRule = RepeatRule()
 
+    private lateinit var device: UiDevice
+
     @Before
     fun setUp() {
         logger.info("Setting up test")
-
         Intents.init()
+        device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation())
 
         val automation = InstrumentationRegistry.getInstrumentation().uiAutomation
         val info = automation.serviceInfo
         info.flags = info.flags or AccessibilityServiceInfo.FLAG_RETRIEVE_INTERACTIVE_WINDOWS
         automation.serviceInfo = info
     }
 
-    /**
-     * Executes an end-to-end test for the login functionality.
-     *
-     * It performs the following steps:
-     *
-     * 1. Clicks the login button.
-     * 2. Wait for the login form to appear.
-     * 3. Sets the username and password on the login form.
-     * 4. Submits the form by pressing the enter key.
-     * 5. Wait for the token activity to be displayed.
-     * 6. Checks the refresh token functionality.
-     * 7. Checks if the token was refreshed.
-     * 8. Clicks the sign-out button.
-     * 9. Wait for the login activity to be displayed.
-     *
-     * This test is repeated twice to ensure logout was successful and the login form is displayed again.
-     */
     @Test
     @Repeat(2)
     fun e2eTest() {
-        logger.info("Click login button")
-        onView(withId(R.id.start_auth)).perform(click())
-        logger.info("Login button clicked")
-
-        logger.info("Waiting for login form to appear")
-        val device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation())
-
-        handleFALoginForm(device, USERNAME, PASSWORD)
-
-        // Check that the token activity is displayed
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/sign_out")), TIMEOUT_MILLIS)
-        onView(withId(R.id.sign_out)).check(matches(isDisplayed()))
-
-        logger.info("Token activity displayed")
-
-        // Check refresh token functionality
-        val expirationTime = runBlocking { AuthorizationManager.getAccessTokenExpirationTime()!! }
-        logger.info("Check refresh token")
-        onView(withId(R.id.refresh_token))
-            .check(matches(isDisplayed()))
-            .perform(click())
-
-        val newExpirationTime = runBlocking { AuthorizationManager.getAccessTokenExpirationTime()!! }
-
-        logger.info("Token was refreshed (${expirationTime} to ${newExpirationTime})")
-        check(newExpirationTime > expirationTime) { "Token was not refreshed" }
-
-        Thread.sleep(1000)
-
-        // Click the sign-out button
-        logger.info("Click sign out button")
-        onView(withId(R.id.sign_out)).perform(click())
-
-        // Check that the login activity is displayed
-        logger.info("Check that the login activity is displayed")
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/start_auth")), TIMEOUT_MILLIS)
-        onView(withId(R.id.start_auth)).check(matches(isDisplayed()))
-
-        logger.info("Click login button for second user login")
-        onView(withId(R.id.start_auth)).perform(click())
-        logger.info("Login button clicked")
-
-        logger.info("Waiting for login form to appear")
-
-        handleFALoginForm(device, USERNAME2, PASSWORD2)
-
-        // Check that the token activity is displayed
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/sign_out")), TIMEOUT_MILLIS)
-        onView(withId(R.id.sign_out)).check(matches(isDisplayed()))
-
-        logger.info("Token activity displayed for second user")
+        login(USERNAME, PASSWORD)
+        performAndVerifyTokenRefresh()
+        logout()
+        login(USERNAME2, PASSWORD2)
+        logout()
+    }
 
-        // Click the sign-out button
-        logger.info("Click sign out button for second user")
-        onView(withId(R.id.sign_out)).perform(click())
+    @Test
+    fun e2eTestSwitchFromPrimaryToAlternative() {
+        login(USERNAME, PASSWORD)
+        switchToAlternative()
+        login(USERNAME_RESET_CONFIGURATION, PASSWORD_RESET_CONFIGURATION)
+        logout()
+        loginSessionExists(USERNAME)
+        logout()
+    }
 
-        // Check that the login activity is displayed
-        logger.info("Check that the login activity is displayed")
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/start_auth")), TIMEOUT_MILLIS)
-        onView(withId(R.id.start_auth)).check(matches(isDisplayed()))
+    @Test
+    fun e2eTestSwitchFromAlternativeToPrimary() {
+        login(USERNAME, PASSWORD)
+        switchToAlternative()
+        login(USERNAME_RESET_CONFIGURATION, PASSWORD_RESET_CONFIGURATION)
+        switchToPrimary()
+        loginSessionExists(USERNAME)
+        switchToAlternative()
+        loginSessionExists(USERNAME_RESET_CONFIGURATION)
+        logout()
+        loginSessionExists(USERNAME)
+        logout()
     }
 
-    /**
-     * Executes an end-to-end test for the login functionality where the configuration is reset to login
-     * to a different tenant.  It performs the following steps:
-     * 1. Clicks the login button.
-     * 2. Waits for the login form to appear.
-     * 3. Sets the username and password on the login form.
-     * 4. Submits the form by pressing the enter key.
-     * 5. Waits for the token activity to be displayed.
-     * 6. Checks the reset configuration functionality.
-     * 7. Waits for the login activity to be displayed.
-     * 8. Clicks the login button.
-     * 9. Waits for the login form to appear.
-     * 10. Sets the username and password on the login form.
-     * 11. Submits the form by pressing the enter key.
-     * 12. Checks the refresh token functionality.
-     * 13. Checks if the token was refreshed.
-     * 14. Clicks the sign-out button.
-     * 15. Waits for the login activity to be displayed.
-     */
     @Test
-    fun e2eTestResetConfiguration() {
-        logger.info("Click login button")
-        onView(withId(R.id.start_auth)).perform(click())
-        logger.info("Login button clicked")
+    fun e2eTestCancelConfigurationSwitch() {
+        login(USERNAME, PASSWORD)
 
-        logger.info("Waiting for login form to appear")
-        val device = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation())
+        val expirationTimeBefore = runBlocking { AuthorizationManager.getAccessTokenExpirationTime()!! }
 
-        handleFALoginForm(device, USERNAME, PASSWORD)
+        logger.info("Click reset configuration")
+        onView(withId(R.id.reset_configuration)).perform(click())
+        logger.info("Click cancel button on dialog")
+        onView(withId(R.id.cancel_button)).perform(click())
 
-        // Check that the token activity is displayed
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/sign_out")), TIMEOUT_MILLIS)
-        onView(withId(R.id.sign_out)).check(matches(isDisplayed()))
+        verifyOnTokenActivity()
 
-        logger.info("Token activity displayed")
+        logger.info("Click refresh token to confirm session is active")
+        onView(withId(R.id.refresh_token)).perform(click())
+        val expirationTimeAfter = runBlocking { AuthorizationManager.getAccessTokenExpirationTime()!! }
+        check(expirationTimeAfter > expirationTimeBefore) { "Token was not refreshed after canceling config switch" }
 
-        // Check reset configuration functionality
-        logger.info("Check reset configuration")
-        onView(withId(R.id.reset_configuration))
-            .check(matches(isDisplayed()))
-            .perform(click())
+        logout()
+    }
 
-        // Check that the login activity is displayed
-        logger.info("Check that the login activity is displayed")
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/start_auth")), TIMEOUT_MILLIS)
-        onView(withId(R.id.start_auth)).check(matches(isDisplayed()))
+    // Helper Functions
 
-        logger.info("Click login button for user login")
+    private fun login(username: String, password: String) {
+        logger.info("--> login(username: $username)")
         onView(withId(R.id.start_auth)).perform(click())
-        logger.info("Login button clicked")
-
-        logger.info("Waiting for login form to appear")
-
-        handleFALoginForm(device, USERNAME_RESET_CONFIGURATION, PASSWORD_RESET_CONFIGURATION)
-
-        // Check that the token activity is displayed
-        device.wait(Until.findObject(By.res("io.fusionauth.app:id/sign_out")), TIMEOUT_MILLIS)
-        onView(withId(R.id.sign_out)).check(matches(isDisplayed()))
+        handleFALoginForm(username, password)
+        verifyOnTokenActivity()
+        logger.info("<-- login")
+    }
 
-        logger.info("Token activity displayed for user in reset configuration tenant")
+    private fun loginSessionExists(username: String) {
+        logger.info("--> login(username: $username)")
+        onView(withId(R.id.start_auth)).perform(click())
+        verifyOnTokenActivity()
+        logger.info("<-- login")
+    }
+    private fun logout() {
+        logger.info("--> logout()")
+        onView(withId(R.id.sign_out)).perform(click())
+        verifyOnLoginActivity()
+        logger.info("<-- logout()")
+    }
 
-        // Check refresh token functionality
+    private fun performAndVerifyTokenRefresh() {
+        logger.info("--> performAndVerifyTokenRefresh()")
         val expirationTime = runBlocking { AuthorizationManager.getAccessTokenExpirationTime()!! }
-        logger.info("Check refresh token")
         onView(withId(R.id.refresh_token))
             .check(matches(isDisplayed()))
             .perform(click())
-
         val newExpirationTime = runBlocking { AuthorizationManager.getAccessTokenExpirationTime()!! }
-
         logger.info("Token was refreshed (${expirationTime} to ${newExpirationTime})")
         check(newExpirationTime > expirationTime) { "Token was not refreshed" }
+        Thread.sleep(1000) // Wait a bit for UI to settle
+        logger.info("<-- performAndVerifyTokenRefresh()")
+    }
 
-        Thread.sleep(1000)
+    private fun switchToAlternative() {
+        logger.info("--> switchToAlternative()")
+        onView(withId(R.id.reset_configuration)).perform(click())
+        onView(withId(R.id.switch_to_alternative_button)).perform(click())
+        verifyOnLoginActivity()
+        logger.info("<-- switchToAlternative()")
+    }
 
-        // Click the sign-out button
-        logger.info("Click sign out button for user")
-        onView(withId(R.id.sign_out)).perform(click())
+    private fun switchToPrimary() {
+        logger.info("--> switchToPrimary()")
+        onView(withId(R.id.reset_configuration)).perform(click())
+        onView(withId(R.id.switch_to_primary_button)).perform(click())
+        verifyOnLoginActivity()
+        logger.info("<-- switchToPrimary()")
+    }
+
+    private fun verifyOnTokenActivity() {
+        device.wait(Until.findObject(By.res("io.fusionauth.app:id/sign_out")), TIMEOUT_MILLIS)
+        onView(withId(R.id.sign_out)).check(matches(isDisplayed()))
+        logger.info("Verified on TokenActivity")
+    }
 
-        // Check that the login activity is displayed
-        logger.info("Check that the login activity is displayed")
+    private fun verifyOnLoginActivity() {
         device.wait(Until.findObject(By.res("io.fusionauth.app:id/start_auth")), TIMEOUT_MILLIS)
         onView(withId(R.id.start_auth)).check(matches(isDisplayed()))
+        logger.info("Verified on LoginActivity")
     }
 
-    /**
-     * Sets the username and password on the login form.
-     *
-     * @param device The UiDevice used to interact with the UI.
-     * @param username The username to set on the login form.
-     * @param password The password to set on the login form.
-     */
-    private fun handleFALoginForm(
-        device: UiDevice,
-        username: String,
-        password: String
-    ) {
-        device.wait(
-            Until.findObject(By.clazz("android.webkit.WebView")),
-            TIMEOUT_MILLIS
-        )
+    private fun handleFALoginForm(username: String, password: String) {
+        device.wait(Until.findObject(By.clazz("android.webkit.WebView")),
+            TIMEOUT_MILLIS)
 
         val textFields = device.findObjects(By.clazz("android.widget.EditText"))
 
@@ -246,25 +187,16 @@ internal class FullEnd2EndTest {
         val passwordInputObject = textFields[1]
         passwordInputObject.setText(password)
 
-        // Submit the form by pressing the enter key
         logger.info("Submit form by pressing enter key")
         passwordInputObject.click()
         device.pressEnter()
     }
 
-    /**
-     * Closes the keyboard if it is open on the screen.
-     *
-     * When the (automated test) device has a small vertical resolution, the keyboard may be open and cover the login
-     * form, thus preventing the UISelector from targeting the form fields.
-     *
-     * @throws IllegalStateException if the keyboard cannot be closed.
-     */
     private fun closeKeyboardIfOpen() {
         val automation = InstrumentationRegistry.getInstrumentation().uiAutomation
         for (window in automation.windows) {
             if (window.type == AccessibilityWindowInfo.TYPE_INPUT_METHOD) {
-                UiDevice.getInstance(InstrumentationRegistry.getInstrumentation()).pressBack()
+                device.pressBack()
                 return
             }
         }
@@ -273,7 +205,7 @@ internal class FullEnd2EndTest {
     @After
     fun tearDown() {
         logger.info("Tearing down test")
-
+        runBlocking { AuthorizationManager.clearState() }
         Intents.release()
     }
 

app/src/main/java/io/fusionauth/sdk/AppConfigurations.kt

@@ -0,0 +1,21 @@
+package io.fusionauth.sdk
+
+import io.fusionauth.mobilesdk.AuthorizationConfiguration
+
+object AppConfigurations {
+    val PRIMARY_CONFIG = AuthorizationConfiguration(
+        fusionAuthUrl = "http://10.0.2.2:9011",
+        tenant = "d7d09513-a3f5-401c-9685-34ab6c552453",
+        clientId = "e9fdb985-9173-4e01-9d73-ac2d60d1dc8e",
+        allowUnsecureConnection = true,
+        additionalScopes = setOf("email", "profile")
+    )
+
+    val ALTERNATIVE_CONFIG = AuthorizationConfiguration(
+        fusionAuthUrl = "http://10.0.2.2:9011",
+        clientId = "2d491002-1b1b-4a59-be2a-1d570c834c7a",
+        allowUnsecureConnection = true,
+        additionalScopes = setOf("email", "profile"),
+        tenant = "a3138f90-16b5-444f-b5f6-0ca64bc30ca7"
+    )
+}

app/src/main/java/io/fusionauth/sdk/ConfigurationManager.kt

@@ -0,0 +1,18 @@
+package io.fusionauth.sdk
+
+import io.fusionauth.mobilesdk.AuthorizationConfiguration
+
+class ConfigurationManager {
+
+    fun getPrimaryConfig(): AuthorizationConfiguration {
+        return AppConfigurations.PRIMARY_CONFIG
+    }
+
+    fun getAlternativeConfig(): AuthorizationConfiguration {
+        return AppConfigurations.ALTERNATIVE_CONFIG
+    }
+
+    fun isPrimaryConfig(config: AuthorizationConfiguration): Boolean {
+        return config.clientId == AppConfigurations.PRIMARY_CONFIG.clientId
+    }
+}