Add MFA view controller and support MFA on google sign-in

Author: Xiaoshouzi-gh

FirebaseAuth/Tests/SampleSwift/AuthenticationExample/Models/OtherAuthMethods.swift

@@ -19,6 +19,7 @@ enum OtherAuthMethod: String {
   case Passwordless = "Email Link/Passwordless"
   case PhoneNumber = "Phone Auth"
   case Custom = "a Custom Auth System"
+  case MfaLogin = "Multifactor Authentication"
 
   var navigationTitle: String { "Sign in using \(rawValue)" }
 
@@ -30,6 +31,8 @@ enum OtherAuthMethod: String {
       return "Enter Phone Number"
     case .Custom:
       return "Enter Custom Auth Token"
+    case .MfaLogin:
+      return "Choose a Second Factor to Continue"
     }
   }
 
@@ -41,13 +44,17 @@ enum OtherAuthMethod: String {
       return "phone.circle"
     case .Custom:
       return "lock.shield"
+    case .MfaLogin:
+      return "phone.circle"
     }
   }
 
   var textFieldInputText: String? {
     switch self {
     case .PhoneNumber:
       return "Example input for +1 (123)456-7890 would be 11234567890"
+    case .MfaLogin:
+      return "Enter the index of the selected factor to continue"
     default:
       return nil
     }
@@ -61,6 +68,8 @@ enum OtherAuthMethod: String {
       return "Send Verification Code"
     case .Custom:
       return "Login"
+    case .MfaLogin:
+      return "Send Verification Code"
     }
   }
 
@@ -72,9 +81,17 @@ enum OtherAuthMethod: String {
       return phoneNumberInfoText
     case .Custom:
       return customAuthInfoText
+    case .MfaLogin:
+      return mfaLoginInfoText
     }
   }
 
+  private var mfaLoginInfoText: String {
+    """
+    MFA placeholder
+    """
+  }
+
   private var passwordlessInfoText: String {
     """
     Authenticate users with only their email, \

FirebaseAuth/Tests/SampleSwift/AuthenticationExample/ViewControllers/AuthViewController.swift

@@ -202,35 +202,31 @@ class AuthViewController: UIViewController, DataSourceProviderDelegate {
     // [END_EXCLUDE]
     let config = GIDConfiguration(clientID: clientID)
     GIDSignIn.sharedInstance.configuration = config
+    Task {
+      do {
+        let result = try await GIDSignIn.sharedInstance.signIn(withPresenting: self)
+        let user = result.user
+        guard let idToken = user.idToken?.tokenString
+        else {
+          // [START_EXCLUDE]
+          let error = NSError(
+            domain: "GIDSignInError",
+            code: -1,
+            userInfo: [
+              NSLocalizedDescriptionKey: "Unexpected sign in result: required authentication data is missing.",
+            ]
+          )
+          return displayError(error)
+          // [END_EXCLUDE]
+        }
+        let credential = GoogleAuthProvider.credential(withIDToken: idToken,
+                                                       accessToken: user.accessToken.tokenString)
+        try await newSignIn(with: credential)
 
-    // Start the sign in flow!
-    GIDSignIn.sharedInstance.signIn(withPresenting: self) { [unowned self] result, error in
-      guard error == nil else {
-        // [START_EXCLUDE]
-        return displayError(error)
-        // [END_EXCLUDE]
-      }
-
-      guard let user = result?.user,
-            let idToken = user.idToken?.tokenString
-      else {
-        // [START_EXCLUDE]
-        let error = NSError(
-          domain: "GIDSignInError",
-          code: -1,
-          userInfo: [
-            NSLocalizedDescriptionKey: "Unexpected sign in result: required authentication data is missing.",
-          ]
-        )
+      } catch {
         return displayError(error)
-        // [END_EXCLUDE]
       }
 
-      let credential = GoogleAuthProvider.credential(withIDToken: idToken,
-                                                     accessToken: user.accessToken.tokenString)
-
-      // [START_EXCLUDE]
-      signIn(with: credential)
       // [END_EXCLUDE]
     }
     // [END headless_google_auth]
@@ -252,6 +248,22 @@ class AuthViewController: UIViewController, DataSourceProviderDelegate {
     // [END signin_google_credential]
   }
 
+  func newSignIn(with credential: AuthCredential) async throws {
+    do {
+      _ = try await AppManager.shared.auth().signIn(with: credential)
+      transitionToUserViewController()
+    } catch {
+      let authError = error as NSError
+      if authError.code == AuthErrorCode.secondFactorRequired.rawValue {
+        let resolver = authError
+          .userInfo[AuthErrorUserInfoMultiFactorResolverKey] as! MultiFactorResolver
+        performMfaLoginFlow(resolver: resolver)
+      } else {
+        return displayError(error)
+      }
+    }
+  }
+
   // For Sign in with Apple
   var currentNonce: String?
 
@@ -358,6 +370,13 @@ class AuthViewController: UIViewController, DataSourceProviderDelegate {
     navigationController?.present(navPhoneAuthController, animated: true)
   }
 
+  private func performMfaLoginFlow(resolver: MultiFactorResolver) {
+    let mfaLoginController = MFALoginViewController(resolver: resolver)
+    mfaLoginController.delegate = self
+    let navMfaLoginController = UINavigationController(rootViewController: mfaLoginController)
+    navigationController?.present(navMfaLoginController, animated: true)
+  }
+
   private func performAnonymousLoginFlow() {
     AppManager.shared.auth().signInAnonymously { result, error in
       guard error == nil else { return self.displayError(error) }

FirebaseAuth/Tests/SampleSwift/AuthenticationExample/ViewControllers/MFALoginViewController.swift

@@ -0,0 +1,134 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import FirebaseAuth
+import UIKit
+
+class MFALoginViewController: OtherAuthViewController {
+  var resolver: MultiFactorResolver
+
+  init(resolver: MultiFactorResolver) {
+    self.resolver = resolver
+    super.init(nibName: nil, bundle: nil)
+  }
+
+  @available(*, unavailable)
+  required init?(coder: NSCoder) {
+    fatalError("init(coder:) has not been implemented")
+  }
+
+  override func viewDidLoad() {
+    super.viewDidLoad()
+    configureUI(for: .MfaLogin)
+    configureMfaSelections()
+  }
+
+  override func buttonTapped() {
+    guard let selectedFactorIndex = textField.text, !selectedFactorIndex.isEmpty else { return }
+    phoneMfaAuthLogin(selectedFactorIndex: selectedFactorIndex)
+  }
+
+  // MARK: - Firebase 🔥
+
+  // Display available factors
+  // TODO: optimize and beautify this.
+  private func configureMfaSelections() {
+    var msg = "available factors: \n"
+    for (index, mfaInfo) in resolver.hints.enumerated() {
+      msg += "[" + String(index) + "] " + mfaInfo.displayName!
+      msg += "\n"
+    }
+    textFieldInputLabel?.text = msg
+  }
+
+  private func phoneMfaAuthLogin(selectedFactorIndex: String) {
+    let multifactorInfo = resolver.hints[Int(selectedFactorIndex)!]
+    // TODO: support TOTP in sample app
+    if multifactorInfo.factorID == TOTPMultiFactorID {
+      let error = NSError(
+        domain: "SignInError",
+        code: -1,
+        userInfo: [
+          NSLocalizedDescriptionKey: "TOTP MFA factor is not supported",
+        ]
+      )
+      displayError(error)
+      return
+    }
+
+    signIn(hint: multifactorInfo as! PhoneMultiFactorInfo)
+  }
+
+  /// Start the 2nd factor signIn
+  private func signIn(hint: PhoneMultiFactorInfo) {
+    Task {
+      do {
+        let verificationId = try await PhoneAuthProvider.provider().verifyPhoneNumber(
+          with: hint,
+          uiDelegate: nil,
+          multiFactorSession: resolver.session
+        )
+        let verificationCodeFromUser = try await getVerificationCode()
+        let credential = PhoneAuthProvider.provider().credential(
+          withVerificationID: verificationId,
+          verificationCode: verificationCodeFromUser
+        )
+        let assertion = PhoneMultiFactorGenerator.assertion(with: credential)
+        resolver.resolveSignIn(with: assertion) { authResult, error in
+          guard error == nil else { return self.displayError(error) }
+          self.navigationController?.dismiss(animated: true, completion: {
+            self.delegate?.loginDidOccur()
+          })
+        }
+      }
+    }
+  }
+
+  /// Display the pop up window for end user to enter the one-time code
+  private func presentVerificationCodeController(saveHandler: @escaping (String) -> Void) {
+    let verificationCodeController = UIAlertController(
+      title: "Verification Code",
+      message: nil,
+      preferredStyle: .alert
+    )
+    verificationCodeController.addTextField { textfield in
+      textfield.placeholder = "Enter the code you received"
+      textfield.textContentType = .oneTimeCode
+    }
+
+    let onContinue: (UIAlertAction) -> Void = { _ in
+      let text = verificationCodeController.textFields!.first!.text!
+      saveHandler(text)
+    }
+
+    verificationCodeController
+      .addAction(UIAlertAction(title: "Continue", style: .default, handler: onContinue))
+    verificationCodeController.addAction(UIAlertAction(title: "Cancel", style: .cancel))
+
+    present(verificationCodeController, animated: true, completion: nil)
+  }
+
+  private func getVerificationCode() async throws -> String {
+    return try await withCheckedThrowingContinuation { continuation in
+      self.presentVerificationCodeController { code in
+        if code != "" {
+          continuation.resume(returning: code)
+        } else {
+          // Cancelled
+          continuation.resume(throwing: NSError())
+        }
+      }
+    }
+  }
+}

FirebaseAuth/Tests/SampleSwift/AuthenticationExample/ViewControllers/OtherAuthMethodControllers/OtherAuthViewController.swift

@@ -27,7 +27,7 @@ class OtherAuthViewController: UIViewController {
     return textField
   }()
 
-  private var textFieldInputLabel: UILabel?
+  var textFieldInputLabel: UILabel?
 
   private lazy var button: UIButton = {
     let button = UIButton()
@@ -113,6 +113,8 @@ class OtherAuthViewController: UIViewController {
     let label = UILabel()
     label.font = .systemFont(ofSize: 12)
     label.textColor = .secondaryLabel
+    // unlimited line breaks
+    label.numberOfLines = 0
     label.text = text
     label.alpha = UIDevice.current.orientation.isLandscape ? 0 : 1
     label.translatesAutoresizingMaskIntoConstraints = false