chenwenyi
/
firebase-ios-sdk


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
							// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

import Foundation
@testable import FirebaseStorage
import GTMSessionFetcherCore
import SharedTestUtilities
import XCTest

class StorageAuthorizerTests: StorageTestHelpers {
  var appCheckTokenSuccess: FIRAppCheckTokenResultFake!
  var appCheckTokenError: FIRAppCheckTokenResultFake!
  var fetcher: GTMSessionFetcher!
  var fetcherService: GTMSessionFetcherService!
  var auth: FIRAuthInteropFake!
  var appCheck: FIRAppCheckFake!

  let StorageTestAuthToken = "1234-5678-9012-3456-7890"

  override func setUp() {
    super.setUp()

    appCheckTokenSuccess = FIRAppCheckTokenResultFake(token: "token", error: nil)
    appCheckTokenError = FIRAppCheckTokenResultFake(token: "dummy token",
                                                    error: NSError(
                                                      domain: "testAppCheckError",
                                                      code: -1,
                                                      userInfo: nil
                                                    ))

    let fetchRequest = URLRequest(url: StorageTestHelpers().objectURL())
    fetcher = GTMSessionFetcher(request: fetchRequest)

    fetcherService = GTMSessionFetcherService()
    auth = FIRAuthInteropFake(token: StorageTestAuthToken, userID: nil, error: nil)
    appCheck = FIRAppCheckFake()
    fetcher?.authorizer = StorageTokenAuthorizer(googleAppID: "dummyAppID",
                                                 fetcherService: fetcherService!,
                                                 authProvider: auth, appCheck: appCheck)
  }

  override func tearDown() {
    fetcher = nil
    fetcherService = nil
    auth = nil
    appCheck = nil
    appCheckTokenSuccess = nil
    super.tearDown()
  }

  func testSuccessfulAuth() {
    let expectation = self.expectation(description: #function)
    setFetcherTestBlock(with: 200) { fetcher in
      self.checkAuthorizer(fetcher: fetcher, trueFalse: true)
    }
    fetcher?.beginFetch { data, error in
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertEqual(headers!["Authorization"], "Firebase \(self.StorageTestAuthToken)")
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testUnsuccessfulAuth() {
    let expectation = self.expectation(description: #function)
    let authError = NSError(domain: "FIRStorageErrorDomain",
                            code: StorageErrorCode.unauthenticated.rawValue, userInfo: nil)
    let failedAuth = FIRAuthInteropFake(token: nil, userID: nil, error: authError)
    fetcher?.authorizer = StorageTokenAuthorizer(
      googleAppID: "dummyAppID",
      fetcherService: fetcherService!,
      authProvider: failedAuth,
      appCheck: nil
    )
    setFetcherTestBlock(with: 401) { fetcher in
      self.checkAuthorizer(fetcher: fetcher, trueFalse: false)
    }
    fetcher?.beginFetch { data, error in
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertNil(headers)
      let nsError = error as? NSError
      XCTAssertEqual(nsError?.domain, "FIRStorageErrorDomain")
      XCTAssertEqual(nsError?.code, StorageErrorCode.unauthenticated.rawValue)
      XCTAssertEqual(nsError?.localizedDescription, "User is not authenticated, please " +
        "authenticate using Firebase Authentication and try again.")
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testSuccessfulUnauthenticatedAuth() {
    let expectation = self.expectation(description: #function)

    // Simulate Auth not being included at all
    fetcher?.authorizer = StorageTokenAuthorizer(
      googleAppID: "dummyAppID",
      fetcherService: fetcherService!,
      authProvider: nil,
      appCheck: nil
    )

    setFetcherTestBlock(with: 200) { fetcher in
      self.checkAuthorizer(fetcher: fetcher, trueFalse: false)
    }
    fetcher?.beginFetch { data, error in
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertNil(headers!["Authorization"])
      XCTAssertNil(error)
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testSuccessfulAppCheckNoAuth() {
    let expectation = self.expectation(description: #function)
    appCheck?.tokenResult = appCheckTokenSuccess!

    // Simulate Auth not being included at all
    fetcher?.authorizer = StorageTokenAuthorizer(
      googleAppID: "dummyAppID",
      fetcherService: fetcherService!,
      authProvider: nil,
      appCheck: appCheck
    )

    setFetcherTestBlock(with: 200) { fetcher in
      self.checkAuthorizer(fetcher: fetcher, trueFalse: false)
    }
    fetcher?.beginFetch { data, error in
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertEqual(headers!["X-Firebase-AppCheck"], self.appCheckTokenSuccess?.token)
      XCTAssertNil(error)
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testSuccessfulAppCheckAndAuth() {
    let expectation = self.expectation(description: #function)
    appCheck?.tokenResult = appCheckTokenSuccess!

    setFetcherTestBlock(with: 200) { fetcher in
      self.checkAuthorizer(fetcher: fetcher, trueFalse: true)
    }
    fetcher?.beginFetch { data, error in
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertEqual(headers!["Authorization"], "Firebase \(self.StorageTestAuthToken)")
      XCTAssertEqual(headers!["X-Firebase-AppCheck"], self.appCheckTokenSuccess?.token)
      XCTAssertNil(error)
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testAppCheckError() {
    let expectation = self.expectation(description: #function)
    appCheck?.tokenResult = appCheckTokenError!

    setFetcherTestBlock(with: 200) { fetcher in
      self.checkAuthorizer(fetcher: fetcher, trueFalse: true)
    }
    fetcher?.beginFetch { data, error in
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertEqual(headers!["Authorization"], "Firebase \(self.StorageTestAuthToken)")
      XCTAssertEqual(headers!["X-Firebase-AppCheck"], self.appCheckTokenError?.token)
      XCTAssertNil(error)
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testIsAuthorizing() {
    let expectation = self.expectation(description: #function)

    setFetcherTestBlock(with: 200) { fetcher in
      do {
        let authorizer = try XCTUnwrap(fetcher.authorizer)
        XCTAssertFalse(authorizer.isAuthorizingRequest(fetcher.request!))
      } catch {
        XCTFail("Failed to get authorizer: \(error)")
      }
    }
    fetcher?.beginFetch { data, error in
      XCTAssertNil(error)
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testStopAuthorizingNoop() {
    let expectation = self.expectation(description: #function)

    setFetcherTestBlock(with: 200) { fetcher in
      do {
        let authorizer = try XCTUnwrap(fetcher.authorizer)

        // Since both of these are noops, we expect that invoking them
        // will still result in successful authenticatio
        authorizer.stopAuthorization()
        authorizer.stopAuthorization(for: fetcher.request!)
      } catch {
        XCTFail("Failed to get authorizer: \(error)")
      }
    }
    fetcher?.beginFetch { data, error in
      XCTAssertNil(error)
      let headers = self.fetcher!.request?.allHTTPHeaderFields
      XCTAssertEqual(headers!["Authorization"], "Firebase \(self.StorageTestAuthToken)")
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  func testEmail() {
    let expectation = self.expectation(description: #function)

    setFetcherTestBlock(with: 200) { fetcher in
      do {
        let authorizer = try XCTUnwrap(fetcher.authorizer)
        XCTAssertNil(authorizer.userEmail)
      } catch {
        XCTFail("Failed to get authorizer: \(error)")
      }
    }
    fetcher?.beginFetch { data, error in
      XCTAssertNil(error)
      expectation.fulfill()
    }
    waitForExpectation(test: self)
  }

  // MARK: Helpers

  private func setFetcherTestBlock(with statusCode: Int,
                                   _ validationBlock: @escaping (GTMSessionFetcher) -> Void) {
    fetcher?.testBlock = { (fetcher: GTMSessionFetcher,
                            response: GTMSessionFetcherTestResponse) in
        validationBlock(fetcher)
        let httpResponse = HTTPURLResponse(url: (fetcher.request?.url)!,
                                           statusCode: statusCode,
                                           httpVersion: "HTTP/1.1",
                                           headerFields: nil)
        response(httpResponse, nil, nil)
    }
  }

  private func checkAuthorizer(fetcher: GTMSessionFetcher, trueFalse: Bool) {
    do {
      let authorizer = try XCTUnwrap(fetcher.authorizer)
      XCTAssertEqual(authorizer.isAuthorizedRequest(fetcher.request!), trueFalse)
    } catch {
      XCTFail("Failed to get authorizer: \(error)")
    }
  }
}