[auth-swift] Merge AppCheck integration (#11056)

Author: paulb777

FirebaseAuth/Sources/Auth/FIRAuth.m

@@ -27,8 +27,8 @@
 #import <GoogleUtilities/GULSceneDelegateSwizzler.h>
 #import "FirebaseAuth/Sources/Public/FirebaseAuth/FirebaseAuth.h"
 
-#import "FirebaseAuth-Swift.h"
 #import "FirebaseAppCheck/Interop/FIRAppCheckInterop.h"
+#import "FirebaseAuth-Swift.h"
 #import "FirebaseAuth/Sources/Auth/FIRAuthGlobalWorkQueue.h"
 #import "FirebaseAuth/Sources/SystemService/FIRAuthStoredUserManager.h"
 #import "FirebaseAuth/Sources/Utilities/FIRAuthExceptionUtils.h"
@@ -419,12 +419,12 @@ - (instancetype)initWithApp:(FIRApp *)app
     _app = app;
     _mainBundleUrlTypes = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"CFBundleURLTypes"];
     _listenerHandles = [NSMutableArray array];
-    _requestConfiguration =
-        [[FIRAuthRequestConfiguration alloc] initWithAPIKey:app.options.APIKey
-                                                      appID:app.options.googleAppID
-                                                       auth:self
-                                            heartbeatLogger:app.heartbeatLogger
-                                        appCheck:FIR_COMPONENT(FIRAppCheckInterop, app.container)];
+    _requestConfiguration = [[FIRAuthRequestConfiguration alloc]
+         initWithAPIKey:app.options.APIKey
+                  appID:app.options.googleAppID
+                   auth:self
+        heartbeatLogger:app.heartbeatLogger
+               appCheck:FIR_COMPONENT(FIRAppCheckInterop, app.container)];
     _firebaseAppName = [app.name copy];
 
     if (![(Class)keychainStorageProvider conformsToProtocol:@protocol(FIRAuthStorage)] ||

FirebaseAuth/Sources/Swift/AuthProvider/OAuthProvider.swift

@@ -375,7 +375,8 @@ import CommonCrypto
             urlString = "https://\(authDomain ?? "")/__/auth/handler?\(argumentsString)"
           }
           guard let percentEncoded = urlString.addingPercentEncoding(
-            withAllowedCharacters: CharacterSet.urlFragmentAllowed) else {
+            withAllowedCharacters: CharacterSet.urlFragmentAllowed
+          ) else {
             fatalError("Internal Auth Error: failed to percent encode a string")
           }
           var components = URLComponents(string: percentEncoded)
@@ -384,7 +385,7 @@ import CommonCrypto
               if let error = tokenResult.error {
                 AuthLog.logWarning(code: "I-AUT000018",
                                    message: "Error getting App Check token; using placeholder " +
-                                   "token instead. Error: \(error)")
+                                     "token instead. Error: \(error)")
               }
               let appCheckTokenFragment = "fac=\(tokenResult.token)"
               components?.fragment = appCheckTokenFragment

FirebaseAuth/Sources/Swift/AuthProvider/PhoneAuthProvider.swift

@@ -589,7 +589,7 @@ import Foundation
                 if let error = tokenResult.error {
                   AuthLog.logWarning(code: "I-AUT000018",
                                      message: "Error getting App Check token; using placeholder " +
-                                     "token instead. Error: \(error)")
+                                       "token instead. Error: \(error)")
                 }
                 let appCheckTokenFragment = "fac=\(tokenResult.token)"
                 components?.fragment = appCheckTokenFragment

FirebaseAuth/Sources/Swift/Backend/AuthBackend.swift

@@ -112,7 +112,7 @@ public class AuthBackendRPCIssuerImplementation: NSObject, AuthBackendRPCIssuer
   public class func request(withURL url: URL,
                             contentType: String,
                             requestConfiguration: AuthRequestConfiguration,
-                            completion: @escaping (URLRequest) -> Void) -> Void {
+                            completion: @escaping (URLRequest) -> Void) {
     var request = URLRequest(url: url)
     request.setValue(contentType, forHTTPHeaderField: "Content-Type")
     let additionalFrameworkMarker = requestConfiguration
@@ -140,7 +140,7 @@ public class AuthBackendRPCIssuerImplementation: NSObject, AuthBackendRPCIssuer
         if let error = tokenResult.error {
           AuthLog.logWarning(code: "I-AUT000018",
                              message: "Error getting App Check token; using placeholder " +
-                             "token instead. Error: \(error)")
+                               "token instead. Error: \(error)")
         }
         request.setValue(tokenResult.token, forHTTPHeaderField: "X-Firebase-AppCheck")
         completion(request)
@@ -151,7 +151,6 @@ public class AuthBackendRPCIssuerImplementation: NSObject, AuthBackendRPCIssuer
   }
 }
 
-
 protocol AuthBackendImplementation {
   func post(withRequest request: AuthRPCRequest,
             callback: @escaping ((AuthRPCResponse?, Error?) -> Void))

FirebaseAuth/Tests/Unit/AuthBackendRPCImplentationTests.swift

@@ -639,6 +639,7 @@ class AuthBackendRPCImplementationTests: RPCBaseTests {
     }
     rpcImplementation?.post(withRequest: request) { response, error in
       // The callback never happens and it's fine since we only need to verify the request.
+      XCTFail("Should not be a callback")
     }
 
     // Then
@@ -650,6 +651,29 @@ class AuthBackendRPCImplementationTests: RPCBaseTests {
     XCTAssertEqual(headerValue, expectedHeader)
   }
 
+  /** @fn testRequest_IncludesAppCheckHeader
+      @brief This test checks the behavior of @c postWithRequest:response:callback:
+          to verify that a appCheck token is attached as a header to an
+          outgoing request.
+   */
+  func testRequest_IncludesAppCheckHeader() throws {
+    // Given
+    let fakeAppCheck = FakeAppCheck()
+    let requestConfiguration = AuthRequestConfiguration(apiKey: kFakeAPIKey,
+                                                        appID: kFakeAppID,
+                                                        appCheck: fakeAppCheck)
+
+    let request = FakeRequest(withRequestBody: [:], requestConfiguration: requestConfiguration)
+
+    rpcImplementation?.post(withRequest: request) { response, error in
+      // The callback never happens and it's fine since we only need to verify the request.
+      XCTFail("Should not be a callback")
+    }
+    let completeRequest = try XCTUnwrap(rpcIssuer?.completeRequest)
+    let headerValue = completeRequest.value(forHTTPHeaderField: "X-Firebase-AppCheck")
+    XCTAssertEqual(headerValue, fakeAppCheck.fakeAppCheckToken)
+  }
+
   /** @fn testRequest_DoesNotIncludeAHeartbeatPayload_WhenNoHeartbeatsNeedSending
       @brief This test checks the behavior of @c postWithRequest:response:callback:
           to verify that a request header does not contain heartbeat data in the

FirebaseAuth/Tests/Unit/FIRFakeAppCheck.h

@@ -46,8 +46,11 @@ @implementation FIRGitHubAuthProviderTests
  */
 - (void)testCredentialWithToken {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   FIRAuthCredential *credential = [FIRGitHubAuthProvider credentialWithToken:kGitHubToken];
   FIRVerifyAssertionRequest *request =
       [[FIRVerifyAssertionRequest alloc] initWithProviderID:FIRGitHubAuthProvider.id

FirebaseAuth/Tests/Unit/FIRFakeAppCheck.m

@@ -53,8 +53,11 @@ @implementation FIRIdentityToolkitRequestTests
  */
 - (void)testInitWithEndpointExpectedRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint
                                      requestConfiguration:requestConfiguration
@@ -73,8 +76,11 @@ - (void)testInitWithEndpointExpectedRequestURL {
  */
 - (void)testInitWithEndpointUseStagingExpectedRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint
                                      requestConfiguration:requestConfiguration
@@ -94,8 +100,11 @@ - (void)testInitWithEndpointUseStagingExpectedRequestURL {
  */
 - (void)testInitWithEndpointUseIdentityPlatformExpectedRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint
                                      requestConfiguration:requestConfiguration
@@ -113,8 +122,11 @@ - (void)testInitWithEndpointUseIdentityPlatformExpectedRequestURL {
  */
 - (void)testInitWithEndpointUseIdentityPlatformUseStagingExpectedRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint
                                      requestConfiguration:requestConfiguration
@@ -133,8 +145,11 @@ - (void)testInitWithEndpointUseIdentityPlatformUseStagingExpectedRequestURL {
  */
 - (void)testInitWithEndpointUseEmulatorExpectedRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   requestConfiguration.emulatorHostAndPort = kEmulatorHostAndPort;
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint
@@ -154,8 +169,11 @@ - (void)testInitWithEndpointUseEmulatorExpectedRequestURL {
  */
 - (void)testInitWithEndpointUseIdentityPlatformUseEmulatorExpectedRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   requestConfiguration.emulatorHostAndPort = kEmulatorHostAndPort;
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint
@@ -180,7 +198,8 @@ - (void)testExpectedTenantIDWithNonDefaultFIRApp {
       [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
                                                     appID:kFirebaseAppID
                                                      auth:nonDefaultAuth
-                                          heartbeatLogger:nil appCheck:nil];
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   requestConfiguration.emulatorHostAndPort = kEmulatorHostAndPort;
   FIRIdentityToolkitRequest *request =
       [[FIRIdentityToolkitRequest alloc] initWithEndpoint:kEndpoint

FirebaseAuth/Tests/Unit/FIRGitHubAuthProviderTests.m

@@ -52,8 +52,11 @@ @implementation FIRSecureTokenRequestTests
  */
 - (void)testRequestURL {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   FIRSecureTokenRequest *request =
       [FIRSecureTokenRequest refreshRequestWithRefreshToken:kRefreshToken
                                        requestConfiguration:requestConfiguration];
@@ -70,8 +73,11 @@ - (void)testRequestURL {
  */
 - (void)testRequestURLUseEmulator {
   FIRAuthRequestConfiguration *requestConfiguration =
-      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey appID:kFirebaseAppID auth:nil
-                                          heartbeatLogger:nil appCheck:nil];
+      [[FIRAuthRequestConfiguration alloc] initWithAPIKey:kAPIKey
+                                                    appID:kFirebaseAppID
+                                                     auth:nil
+                                          heartbeatLogger:nil
+                                                 appCheck:nil];
   requestConfiguration.emulatorHostAndPort = kEmulatorHostAndPort;
   FIRSecureTokenRequest *request =
       [FIRSecureTokenRequest refreshRequestWithRefreshToken:kRefreshToken