Implement initial Web eID mobile authentication flow (#242)

Author: SanderKondratjevNortal

app/build.gradle.kts

@@ -214,6 +214,7 @@ dependencies {
     implementation(project(":utils-lib"))
     implementation(project(":commons-lib"))
     implementation(project(":id-card-lib"))
+    implementation(project(":web-eid-lib"))
 
     androidTestImplementation(project(":commons-lib:test-files"))
 }

app/src/androidTest/kotlin/ee/ria/DigiDoc/viewmodel/WebEidViewModelTest.kt

@@ -2,80 +2,156 @@
 
 package ee.ria.DigiDoc.viewmodel
 
+import android.app.Activity
 import android.net.Uri
-import kotlinx.coroutines.ExperimentalCoroutinesApi
-import kotlinx.coroutines.test.runTest
-import org.junit.Assert.assertEquals
-import org.junit.Assert.assertNull
+import androidx.arch.core.executor.testing.InstantTaskExecutorRule
+import ee.ria.DigiDoc.webEid.WebEidAuthService
+import ee.ria.DigiDoc.webEid.domain.model.WebEidAuthRequest
+import kotlinx.coroutines.flow.MutableStateFlow
+import org.json.JSONObject
 import org.junit.Before
+import org.junit.Rule
 import org.junit.Test
-
-@OptIn(ExperimentalCoroutinesApi::class)
+import org.junit.runner.RunWith
+import org.mockito.Mock
+import org.mockito.Mockito.never
+import org.mockito.Mockito.`when`
+import org.mockito.MockitoAnnotations
+import org.mockito.junit.MockitoJUnitRunner
+import org.mockito.kotlin.any
+import org.mockito.kotlin.verify
+
+@RunWith(MockitoJUnitRunner::class)
 class WebEidViewModelTest {
+    @get:Rule
+    val instantExecutorRule = InstantTaskExecutorRule()
+
+    @Mock
+    private lateinit var authService: WebEidAuthService
+
+    @Mock
+    private lateinit var activity: Activity
 
     private lateinit var viewModel: WebEidViewModel
 
     @Before
-    fun setUp() {
-        viewModel = WebEidViewModel()
-    }
+    fun setup() {
+        MockitoAnnotations.openMocks(this)
 
-    @Test
-    fun handleAuth_validUri_setsAuthPayload() = runTest {
-        val json = """
-            {
-              "challenge": "abc123",
-              "login_uri": "https://example.com/auth/login",
-              "get_signing_certificate": true
-            }
-        """.trimIndent()
-
-        val encoded = java.util.Base64.getEncoder().encodeToString(json.toByteArray())
-        val uri = Uri.parse("web-eid-mobile://auth#$encoded")
+        `when`(authService.authRequest).thenReturn(MutableStateFlow(null))
+        `when`(authService.signRequest).thenReturn(MutableStateFlow(null))
+        `when`(authService.errorState).thenReturn(MutableStateFlow(null))
+        `when`(authService.redirectUri).thenReturn(MutableStateFlow(null))
 
-        viewModel.handleAuth(uri)
-
-        val result = viewModel.authPayload.value
-        assertEquals("abc123", result?.challenge)
-        assertEquals("https://example.com/auth/login", result?.loginUri)
-        assertEquals(true, result?.getSigningCertificate)
+        viewModel = WebEidViewModel(authService)
     }
 
     @Test
-    fun handleAuth_missingFragment_setsNullPayload() = runTest {
-        val uri = Uri.parse("web-eid-mobile://auth")
-
+    fun handleAuth_callsParseAuthUri() {
+        val uri = Uri.parse("web-eid-mobile://auth#dummyData")
         viewModel.handleAuth(uri)
-
-        assertNull(viewModel.authPayload.value)
+        verify(authService).parseAuthUri(uri)
     }
 
     @Test
-    fun handleAuth_invalidBase64_setsNullPayload() = runTest {
-        val uri = Uri.parse("web-eid-mobile://auth#invalid-base64!!")
+    fun handleSign_callsParseSignUri() {
+        val uri = Uri.parse("web-eid-mobile://sign#dummyData")
+        viewModel.handleSign(uri)
+        verify(authService).parseSignUri(uri)
+    }
 
-        viewModel.handleAuth(uri)
+    @Test
+    fun reset_callsResetValues() {
+        viewModel.reset()
+        verify(authService).resetValues()
+    }
 
-        assertNull(viewModel.authPayload.value)
+    @Test
+    fun redirectUri_isExposedFromAuthService() {
+        val redirectFlow = MutableStateFlow("https://example.com#encodedPayload")
+        `when`(authService.redirectUri).thenReturn(redirectFlow)
+        val vm = WebEidViewModel(authService)
+        assert(vm.redirectUri.value == "https://example.com#encodedPayload")
     }
 
     @Test
-    fun handleAuth_missingOptionalField_defaultsToFalse() = runTest {
-        val json = """
-            {
-              "challenge": "xyz456",
-              "login_uri": "https://rp.example.com/login"
-            }
-        """.trimIndent()
+    fun redirectUri_updatesWhenServiceUpdates() {
+        val redirectFlow = MutableStateFlow<String?>(null)
+        `when`(authService.redirectUri).thenReturn(redirectFlow)
+        val vm = WebEidViewModel(authService)
+        redirectFlow.value = "https://example.com#updatedPayload"
+        assert(vm.redirectUri.value == "https://example.com#updatedPayload")
+    }
 
-        val encoded = java.util.Base64.getEncoder().encodeToString(json.toByteArray())
-        val uri = Uri.parse("web-eid-mobile://auth#$encoded")
+    @Test
+    fun handleWebEidAuthResult_callsBuildAuthToken_whenPayloadValid() {
+        val cert = byteArrayOf(1, 2, 3)
+        val signature = byteArrayOf(4, 5, 6)
+        val challenge = "test-challenge"
+        val loginUri = "https://example.com/login"
+        val getSigningCertificate = true
+        val origin = "https://example.com"
+
+        val authRequest =
+            WebEidAuthRequest(
+                challenge = challenge,
+                loginUri = loginUri,
+                getSigningCertificate = getSigningCertificate,
+                origin = origin,
+            )
+        `when`(authService.authRequest).thenReturn(MutableStateFlow(authRequest))
+
+        val token = JSONObject().put("mock", "token")
+        `when`(authService.buildAuthToken(cert, signature, challenge)).thenReturn(token)
+
+        viewModel = WebEidViewModel(authService)
+
+        viewModel.handleWebEidAuthResult(cert, signature, activity)
+
+        verify(authService).buildAuthToken(cert, signature, challenge)
+        verify(activity).startActivity(any())
+        verify(activity).finish()
+    }
 
-        viewModel.handleAuth(uri)
+    @Test
+    fun handleWebEidAuthResult_doesNothing_whenChallengeMissing() {
+        val cert = byteArrayOf(1)
+        val signature = byteArrayOf(2)
+
+        val authRequest =
+            WebEidAuthRequest(
+                challenge = "",
+                loginUri = "https://example.com",
+                getSigningCertificate = true,
+                origin = "https://example.com",
+            )
+        `when`(authService.authRequest).thenReturn(MutableStateFlow(authRequest))
+
+        viewModel = WebEidViewModel(authService)
+        viewModel.handleWebEidAuthResult(cert, signature, activity)
+
+        verify(authService, never()).buildAuthToken(any(), any(), any())
+        verify(activity, never()).startActivity(any())
+    }
 
-        val result = viewModel.authPayload.value
-        assertEquals("xyz456", result?.challenge)
-        assertEquals("https://rp.example.com/login", result?.loginUri)
-        assertEquals(false, result?.getSigningCertificate)
+    @Test
+    fun handleWebEidAuthResult_doesNothing_whenLoginUriMissing() {
+        val cert = byteArrayOf(1)
+        val signature = byteArrayOf(2)
+
+        val authRequest =
+            WebEidAuthRequest(
+                challenge = "abc",
+                loginUri = "",
+                getSigningCertificate = true,
+                origin = "https://example.com",
+            )
+        `when`(authService.authRequest).thenReturn(MutableStateFlow(authRequest))
+
+        viewModel = WebEidViewModel(authService)
+        viewModel.handleWebEidAuthResult(cert, signature, activity)
+
+        verify(authService, never()).buildAuthToken(any(), any(), any())
+        verify(activity, never()).startActivity(any())
     }
 }

app/src/main/kotlin/ee/ria/DigiDoc/RIADigiDocAppNavigation.kt

@@ -76,7 +76,10 @@ import ee.ria.DigiDoc.viewmodel.shared.SharedSettingsViewModel
 import ee.ria.DigiDoc.viewmodel.shared.SharedSignatureViewModel
 
 @Composable
-fun RIADigiDocAppScreen(externalFileUris: List<Uri>, webEidUri: Uri? = null) {
+fun RIADigiDocAppScreen(
+    externalFileUris: List<Uri>,
+    webEidUri: Uri? = null,
+) {
     val navController = rememberNavController()
     val sharedMenuViewModel: SharedMenuViewModel = hiltViewModel()
     val sharedContainerViewModel: SharedContainerViewModel = hiltViewModel()
@@ -88,11 +91,12 @@ fun RIADigiDocAppScreen(externalFileUris: List<Uri>, webEidUri: Uri? = null) {
 
     sharedContainerViewModel.setExternalFileUris(externalFileUris)
 
-    val startDestination = when {
-        webEidUri != null -> Route.WebEidScreen.route
-        sharedSettingsViewModel.dataStore.getLocale() != null -> Route.Home.route
-        else -> Route.Init.route
-    }
+    val startDestination =
+        when {
+            webEidUri != null -> Route.WebEidScreen.route
+            sharedSettingsViewModel.dataStore.getLocale() != null -> Route.Home.route
+            else -> Route.Init.route
+        }
 
     NavHost(
         navController = navController,
@@ -392,7 +396,9 @@ fun RIADigiDocAppScreen(externalFileUris: List<Uri>, webEidUri: Uri? = null) {
 @Composable
 fun RIADigiDocAppScreenPreview() {
     RIADigiDocTheme {
-        RIADigiDocAppScreen(listOf(),
-        webEidUri = null)
+        RIADigiDocAppScreen(
+            listOf(),
+            webEidUri = null,
+        )
     }
 }

app/src/main/kotlin/ee/ria/DigiDoc/fragment/WebEidFragment.kt

@@ -21,7 +21,11 @@ import androidx.navigation.NavHostController
 import androidx.navigation.compose.rememberNavController
 import ee.ria.DigiDoc.fragment.screen.WebEidScreen
 import ee.ria.DigiDoc.ui.theme.RIADigiDocTheme
+import ee.ria.DigiDoc.utilsLib.logging.LoggingUtil.Companion.debugLog
 import ee.ria.DigiDoc.viewmodel.WebEidViewModel
+import ee.ria.DigiDoc.viewmodel.shared.SharedContainerViewModel
+import ee.ria.DigiDoc.viewmodel.shared.SharedMenuViewModel
+import ee.ria.DigiDoc.viewmodel.shared.SharedSettingsViewModel
 
 @OptIn(ExperimentalComposeUiApi::class)
 @Composable
@@ -30,10 +34,18 @@ fun WebEidFragment(
     navController: NavHostController,
     webEidUri: Uri?,
     viewModel: WebEidViewModel = hiltViewModel(),
+    sharedSettingsViewModel: SharedSettingsViewModel = hiltViewModel(),
+    sharedContainerViewModel: SharedContainerViewModel = hiltViewModel(),
+    sharedMenuViewModel: SharedMenuViewModel = hiltViewModel(),
 ) {
     LaunchedEffect(webEidUri) {
-        println("DEBUG: WebEidFragment got URI = $webEidUri")
-        webEidUri?.let { viewModel.handleAuth(it) }
+        webEidUri?.let {
+            when (it.host) {
+                "auth" -> viewModel.handleAuth(it)
+                "sign" -> viewModel.handleSign(it)
+                else -> debugLog("WebEidFragment", "Unknown Web eID URI host: ${it.host}")
+            }
+        }
     }
 
     Surface(
@@ -49,6 +61,9 @@ fun WebEidFragment(
             modifier = modifier,
             navController = navController,
             viewModel = viewModel,
+            sharedSettingsViewModel = sharedSettingsViewModel,
+            sharedContainerViewModel = sharedContainerViewModel,
+            sharedMenuViewModel = sharedMenuViewModel,
         )
     }
 }
@@ -60,7 +75,7 @@ fun WebEidFragmentPreview() {
     RIADigiDocTheme {
         WebEidFragment(
             navController = rememberNavController(),
-            webEidUri = null
+            webEidUri = null,
         )
     }
-}
+}