Skip to content

RCE Unit Tests (audit) #13646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

RCE Unit Tests (audit) #13646

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
48635bf
adding test for failed recaptcha in audit mode
srushtisv Sep 16, 2024
2f3f9dc
tried another flow
srushtisv Sep 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 126 additions & 0 deletions FirebaseAuth/Tests/Unit/PhoneAuthProviderTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,132 @@
)
}

/// @fn testVerifyPhoneNumberWithRceAuditInvalidRecaptchaFallbackToAPN
/// @brief Tests a successful invocation of @c verifyPhoneNumber with recaptcha enterprise audit
func testVerifyPhoneNumberWithRceAuditInvalidRecaptchaFallbackToAPN() async throws {
let function = #function
initApp(function, useClientID: true, fakeToken: true)
let auth = try XCTUnwrap(PhoneAuthProviderTests.auth)
let provider = PhoneAuthProvider.provider(auth: auth)
let mockVerifier = FakeAuthRecaptchaVerifier()
AuthRecaptchaVerifier.setShared(mockVerifier, auth: auth)
rpcIssuer.rceMode = "AUDIT"
let requestExpectation = expectation(description: "verifyRequester")
rpcIssuer?.verifyRequester = { request in
XCTAssertEqual(request.phoneNumber, self.kTestPhoneNumber)
XCTAssertEqual(request.captchaResponse, "NO_RECAPTCHA")
XCTAssertEqual(request.recaptchaVersion, "RECAPTCHA_ENTERPRISE")
XCTAssertEqual(request.codeIdentity, CodeIdentity.empty)
requestExpectation.fulfill()
do {
try self.rpcIssuer?
.respond(
serverErrorMessage: "INVALID_RECAPTCHA_TOKEN",
error: AuthErrorUtils.invalidRecaptchaTokenError() as NSError
)
} catch {
XCTFail("Failure sending response: \(error)")
}
}
do {
_ = try await provider.verifyClAndSendVerificationCode(
toPhoneNumber: kTestPhoneNumber,
retryOnInvalidAppCredential: true,
uiDelegate: nil
)
} catch {
// Traverse the nested error to find the root cause
let underlyingError = (error as NSError).userInfo[NSUnderlyingErrorKey] as? NSError
let rootError = underlyingError?.userInfo[NSUnderlyingErrorKey] as? NSError

// Compare the root error code to the expected error code
XCTAssertEqual(rootError?.code, AuthErrorCode.invalidRecaptchaToken.code.rawValue)
}

// fallback
let expectation = self.expectation(description: function)
let goodRetry = true
// Fake push notification.
auth.appCredentialManager?.fakeCredential = AuthAppCredential(
receipt: kTestReceipt,
secret: kTestSecret
)

// 1. Intercept, handle, and test three RPC calls.

let verifyClientRequestExpectation = self.expectation(description: "verifyClientRequest")
verifyClientRequestExpectation.expectedFulfillmentCount = 2
rpcIssuer?.verifyClientRequester = { request in
XCTAssertEqual(request.appToken, "21402324255E")
XCTAssertFalse(request.isSandbox)
verifyClientRequestExpectation.fulfill()
do {
// Response for the underlying VerifyClientRequest RPC call.
try self.rpcIssuer?.respond(withJSON: [
"receipt": self.kTestReceipt,
"suggestedTimeout": self.kTestTimeout,
])
} catch {
XCTFail("Failure sending response: \(error)")
}
}

let verifyRequesterExpectation = self.expectation(description: "verifyRequester")
verifyRequesterExpectation.expectedFulfillmentCount = 2
var visited = false
rpcIssuer?.verifyRequester = { request in
XCTAssertEqual(request.phoneNumber, self.kTestPhoneNumber)
switch request.codeIdentity {
case let .credential(credential):
XCTAssertEqual(credential.receipt, self.kTestReceipt)
XCTAssertEqual(credential.secret, self.kTestSecret)
default:
XCTFail("Should be credential")
}
verifyRequesterExpectation.fulfill()
do {
if visited == false || goodRetry == false {
// First Response for the underlying SendVerificationCode RPC call.
try self.rpcIssuer?.respond(serverErrorMessage: "INVALID_APP_CREDENTIAL")
visited = true
} else {
// Second Response for the underlying SendVerificationCode RPC call.
try self.rpcIssuer?
.respond(withJSON: [self.kVerificationIDKey: self.kTestVerificationID])
}
} catch {
XCTFail("Failure sending response: \(error)")
}
}

// Use fake authURLPresenter so we can test the parameters that get sent to it.
PhoneAuthProviderTests.auth?.authURLPresenter =
FakePresenter(
urlString: PhoneAuthProviderTests.kFakeRedirectURLStringWithReCAPTCHAToken,
clientID: PhoneAuthProviderTests.kFakeClientID,
firebaseAppID: nil,
errorTest: false,
presenterError: nil
)

// 2. After setting up the fakes and parameters, call `verifyPhoneNumber`.
provider
.verifyPhoneNumber(kTestPhoneNumber, uiDelegate: nil) { verificationID, error in

// 8. After the response triggers the callback in the FakePresenter, verify the callback.
XCTAssertTrue(Thread.isMainThread)
if goodRetry {
XCTAssertNil(error)
XCTAssertEqual(verificationID, self.kTestVerificationID)
} else {
XCTAssertNil(verificationID)
XCTAssertEqual((error as? NSError)?.code, AuthErrorCode.internalError.rawValue)
}
expectation.fulfill()
}
await fulfillment(of: [expectation], timeout: 5.0)
}

/** @fn testVerifyPhoneNumberInTestMode
@brief Tests a successful invocation of @c verifyPhoneNumber:completion: when app verification
is disabled.
Expand Down
Loading