Skip to content

Commit

Permalink
Modified NAA tests with MSA account (#1995)
Browse files Browse the repository at this point in the history 
1. Nested app auth tests were previously working only with AAD accounts
because there was a bug on ESTS side and was being fixed. I had
commented it out. Now that it is fixed, modified the tests to run with
MSA account as well.
2. The tests also needed PRTV3 to be enabled explicitly using flights in
brokerHost app. Now that it is at 100%, I have removed that code as
well.
3. TestCase2690048 does not need to be run with MSA account.
  • Loading branch information
@somalaya
somalaya authored Jan 26, 2024
1 parent 89614e8 commit 7ebbe76
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 101 deletions.
62 changes: 36 additions & 26 deletions ...oft/identity/client/msal/automationapp/testpass/broker/nestedAppAuth/NestedAppHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,11 @@ public class NestedAppHelper {

private final String mAuthorityUrl;

private static final String HUB_APP_CLIENT_ID = "1fec8e78-bce4-4aaf-ab1b-5451cc387264";
private static final String HUB_APP_CLIENT_ID_MSA = "8ec6bc83-69c8-4392-8f08-b3c986009232";

private static final String NESTED_APP_CLIENT_ID = "4b0db8c2-9f26-4417-8bde-3f0e3656f8e0";
private static final String HUB_APP_CLIENT_ID_AAD = "1fec8e78-bce4-4aaf-ab1b-5451cc387264";

private static final String NESTED_APP_CLIENT_ID = "9668f2bd-6103-4292-9024-84fa2d1b6fb2";

private static final String NESTED_APP_US_GOV_CLIENT_ID = "cb7faed4-b8c0-49ee-b421-f5ed16894c83";

Expand Down Expand Up @@ -106,7 +108,14 @@ public NestedAppHelper(Activity activity, ILabAccount labAccount) {
BrokerData.getDebugBrokerHost().getPackageName()
);

mAuthorityUrl = "https://login.microsoftonline.com/common";
final String hubAppClientId;
if (labAccount.getUserType() == UserType.MSA) {
mAuthorityUrl = "https://login.microsoftonline.com/consumers";
hubAppClientId = HUB_APP_CLIENT_ID_MSA;
} else {
mAuthorityUrl = "https://login.microsoftonline.com/common";
hubAppClientId = HUB_APP_CLIENT_ID_AAD;
}
mInteractiveParameters = AndroidActivityInteractiveTokenCommandParameters
.builder()
.platformComponents(mPlatformComponents)
Expand All @@ -119,7 +128,7 @@ public NestedAppHelper(Activity activity, ILabAccount labAccount) {
.authority(Authority.getAuthorityFromAuthorityUrl(mAuthorityUrl))
.scopes(Collections.singleton(GRAPH_SCOPE))
.redirectUri(HUB_APP_REDIRECT_URI)
.clientId(HUB_APP_CLIENT_ID)
.clientId(hubAppClientId)
.requiredBrokerProtocolVersion(REQUIRED_PROTOCOL_VERSION_FIFTEEN)
.loginHint(labAccount.getUsername())
.authenticationScheme(new BearerAuthenticationSchemeInternal())
Expand All @@ -142,17 +151,14 @@ protected void performATForHubApp() {
final AcquireTokenResult tokenResult = acquireTokenFuture.get();
Assert.assertNotNull(tokenResult);
Assert.assertTrue(tokenResult.getSucceeded());
final String appId =
(String) IDToken.parseJWT(tokenResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
Assert.assertEquals(HUB_APP_CLIENT_ID, appId);
validateAppIdIfRequired(tokenResult, HUB_APP_CLIENT_ID_AAD);

} catch (InterruptedException | ExecutionException | TimeoutException |
ServiceException e) {
} catch (InterruptedException | ExecutionException | TimeoutException | ServiceException e) {
throw new AssertionError(e);
}
}

protected void performATForHubAppInUSGovCloud() {
protected void performATForHubAppInUSGovCloud() {
mInteractiveParameters = AndroidActivityInteractiveTokenCommandParameters
.builder()
.platformComponents(mPlatformComponents)
Expand All @@ -165,7 +171,7 @@ protected void performATForHubAppInUSGovCloud() {
.authority(Authority.getAuthorityFromAuthorityUrl(US_GOV_AUTHORITY))
.scopes(Collections.singleton(GRAPH_SCOPE))
.redirectUri(HUB_APP_US_GOV_REDIRECT_URI)
.clientId(HUB_APP_CLIENT_ID)
.clientId(HUB_APP_CLIENT_ID_AAD)
.requiredBrokerProtocolVersion(REQUIRED_PROTOCOL_VERSION_FIFTEEN)
.loginHint(mLabAccount.getUsername())
.authenticationScheme(new BearerAuthenticationSchemeInternal())
Expand All @@ -181,6 +187,8 @@ protected void performATSilentForNestedApp(AccountRecord accountRecord, boolean
if (shouldAddDeviceIdClaim) {
claimsJsonString = DEVICE_ID_CLAIM;
}

final String hubAppClientId = mLabAccount.getUserType() == UserType.MSA ? HUB_APP_CLIENT_ID_MSA : HUB_APP_CLIENT_ID_AAD;
final SilentTokenCommandParameters mSilentTokenCommandParameters =
SilentTokenCommandParameters
.builder()
Expand All @@ -195,7 +203,7 @@ protected void performATSilentForNestedApp(AccountRecord accountRecord, boolean
.forceRefresh(true)
.scopes(Collections.singleton(GRAPH_SCOPE))
.redirectUri(HUB_APP_REDIRECT_URI)
.clientId(HUB_APP_CLIENT_ID)
.clientId(hubAppClientId)
.childRedirectUri(NESTED_APP_REDIRECT_URI)
.childClientId(NESTED_APP_CLIENT_ID)
.authenticationScheme(new BearerAuthenticationSchemeInternal())
Expand All @@ -210,14 +218,20 @@ protected void performATSilentForNestedApp(AccountRecord accountRecord, boolean
Assert.assertTrue(acquireTokenSilentResult.getSucceeded());
// NAA requests must not be serviced from cache
Assert.assertFalse(acquireTokenSilentResult.getLocalAuthenticationResult().isServicedFromCache());
// cannot parse jwt for MSA

validateAppIdIfRequired(acquireTokenSilentResult, NESTED_APP_CLIENT_ID);
}

private void validateAppIdIfRequired(@NonNull final AcquireTokenResult acquireTokenResult, @NonNull final String expectedClientId) throws ServiceException {
// Cannot parse jwt for MSA, so no validation for MSA
if (mLabAccount.getUserType() != UserType.MSA) {
final String appId = (String) IDToken.parseJWT(acquireTokenSilentResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
Assert.assertEquals(NESTED_APP_CLIENT_ID, appId);
final String appId = (String) IDToken.parseJWT(acquireTokenResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
Assert.assertEquals(expectedClientId, appId);
}
}

protected void performATSilentForNestedAppInUSGovCloud(AccountRecord accountRecord) throws BaseException {
final String hubAppClientId = mLabAccount.getUserType() == UserType.MSA ? HUB_APP_CLIENT_ID_MSA : HUB_APP_CLIENT_ID_AAD;
final SilentTokenCommandParameters mSilentTokenCommandParameters =
SilentTokenCommandParameters
.builder()
Expand All @@ -232,7 +246,7 @@ protected void performATSilentForNestedAppInUSGovCloud(AccountRecord accountReco
.forceRefresh(true)
.scopes(Collections.singleton(GRAPH_SCOPE))
.redirectUri(HUB_APP_US_GOV_REDIRECT_URI)
.clientId(HUB_APP_CLIENT_ID)
.clientId(hubAppClientId)
.childRedirectUri(NESTED_APP_REDIRECT_URI)
.childClientId(NESTED_APP_US_GOV_CLIENT_ID)
.authenticationScheme(new BearerAuthenticationSchemeInternal())
Expand All @@ -246,18 +260,16 @@ protected void performATSilentForNestedAppInUSGovCloud(AccountRecord accountReco
Assert.assertTrue(acquireTokenSilentResult.getSucceeded());
// NAA requests must not be serviced from cache
Assert.assertFalse(acquireTokenSilentResult.getLocalAuthenticationResult().isServicedFromCache());
// cannot parse jwt for MSA
if (mLabAccount.getUserType() != UserType.MSA) {
final String appId = (String) IDToken.parseJWT(acquireTokenSilentResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
Assert.assertEquals(NESTED_APP_US_GOV_CLIENT_ID, appId);
}
validateAppIdIfRequired(acquireTokenSilentResult, NESTED_APP_US_GOV_CLIENT_ID);
}

protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim) {
String claimsJsonString = "";
if (shouldAddDeviceIdClaim) {
claimsJsonString = DEVICE_ID_CLAIM;
}
final String hubAppClientId = mLabAccount.getUserType() == UserType.MSA ? HUB_APP_CLIENT_ID_MSA : HUB_APP_CLIENT_ID_AAD;

mInteractiveParameters = AndroidActivityInteractiveTokenCommandParameters
.builder()
.platformComponents(mPlatformComponents)
Expand All @@ -270,7 +282,7 @@ protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim)
.authority(Authority.getAuthorityFromAuthorityUrl(mAuthorityUrl))
.scopes(Collections.singleton(GRAPH_SCOPE))
.redirectUri(HUB_APP_REDIRECT_URI)
.clientId(HUB_APP_CLIENT_ID)
.clientId(hubAppClientId)
.requiredBrokerProtocolVersion(REQUIRED_PROTOCOL_VERSION_FIFTEEN)
.loginHint(mLabAccount.getUsername())
.authenticationScheme(new BearerAuthenticationSchemeInternal())
Expand All @@ -291,7 +303,7 @@ protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim)

try {
if (shouldAddDeviceIdClaim) {
CompletableFuture<Void> handleRegisterPromptFuture = CompletableFuture.runAsync(() -> {
CompletableFuture<Void> handleRegisterPromptFuture = CompletableFuture.runAsync(() -> {
handlePromptAsync(this::handleRegistration);
});
CompletableFuture.allOf(handlePromptFuture, handleRegisterPromptFuture, acquireTokenFuture).get(TIME_OUT_IN_SECONDS, TimeUnit.SECONDS);
Expand All @@ -301,9 +313,7 @@ protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim)
final AcquireTokenResult tokenResult = acquireTokenFuture.get();
Assert.assertNotNull(tokenResult);
Assert.assertTrue(tokenResult.getSucceeded());
final String appId =
(String) IDToken.parseJWT(tokenResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
Assert.assertEquals(NESTED_APP_CLIENT_ID, appId);
validateAppIdIfRequired(tokenResult, NESTED_APP_CLIENT_ID);

} catch (InterruptedException | ExecutionException | TimeoutException |
ServiceException e) {
Expand Down
18 changes: 2 additions & 16 deletions ...oft/identity/client/msal/automationapp/testpass/broker/nestedAppAuth/TestCase2688459.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,11 @@

import com.microsoft.identity.client.msal.automationapp.R;
import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
import com.microsoft.identity.common.java.dto.AccountRecord;
import com.microsoft.identity.labapi.utilities.client.LabQuery;
import com.microsoft.identity.labapi.utilities.constants.TempUserType;
import com.microsoft.identity.labapi.utilities.constants.UserType;

import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
Expand All @@ -44,8 +40,6 @@

// Nested App auth silent request
// https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2688459
@SupportedBrokers(brokers = {BrokerHost.class})
@LocalBrokerHostDebugUiTest
@RunWith(Parameterized.class)
public class TestCase2688459 extends AbstractMsalBrokerTest {

Expand All @@ -58,33 +52,25 @@ public TestCase2688459(@NonNull UserType userType) {
@Parameterized.Parameters(name = "{0}")
public static List<UserType> userType() {
return Arrays.asList(
// UserType.MSA, MSA will not be tested until ESTS bug in NAA flow is fixed
UserType.MSA,
UserType.CLOUD
);
}

@Before
public void before() {
((BrokerHost) mBroker).enablePrtV3();
}

@Test
public void test_2688459() throws Throwable {
NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
// perform AT interactive request for hub app
nestedAppHelper.performATForHubApp();

mBroker.forceStop();
mBroker.launch();

// get account record after AT interactive of hub app.
AccountRecord accountRecord = nestedAppHelper.getAccountRecordAfterHubAppAT();

// perform ATS for nested app
try {
nestedAppHelper.performATSilentForNestedApp(accountRecord, false);
} catch (Throwable e) {
throw new AssertionError(e);
throw new AssertionError(e);
}
}

Expand Down
16 changes: 1 addition & 15 deletions ...oft/identity/client/msal/automationapp/testpass/broker/nestedAppAuth/TestCase2688460.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,10 @@

import com.microsoft.identity.client.msal.automationapp.R;
import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
import com.microsoft.identity.labapi.utilities.client.LabQuery;
import com.microsoft.identity.labapi.utilities.constants.TempUserType;
import com.microsoft.identity.labapi.utilities.constants.UserType;

import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
Expand All @@ -44,8 +40,6 @@
// Nested app interactive request after hub does an interactive request
// https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2688460
@RunWith(Parameterized.class)
@LocalBrokerHostDebugUiTest
@SupportedBrokers(brokers = {BrokerHost.class})
public class TestCase2688460 extends AbstractMsalBrokerTest {
private final UserType mUserType;

Expand All @@ -56,25 +50,17 @@ public TestCase2688460(@NonNull UserType userType) {
@Parameterized.Parameters(name = "{0}")
public static List<UserType> userType() {
return Arrays.asList(
//UserType.MSA,
UserType.MSA,
UserType.CLOUD
);
}

@Before
public void before() {
((BrokerHost) mBroker).enablePrtV3();
}

@Test
public void test_2688460() {
NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
// perform AT interactive request for hub app
nestedAppHelper.performATForHubApp();

mBroker.forceStop();
mBroker.launch();

// just verify that getAccounts does not fail
nestedAppHelper.getAccountRecordAfterHubAppAT();
nestedAppHelper.performInteractiveATForNestedApp(false);
Expand Down
11 changes: 1 addition & 10 deletions ...oft/identity/client/msal/automationapp/testpass/broker/nestedAppAuth/TestCase2688462.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@
// Nested app's fresh AT interactive succeeds but silent request fails
// https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2688462
@RunWith(Parameterized.class)
@LocalBrokerHostDebugUiTest
@SupportedBrokers(brokers = {BrokerHost.class})
public class TestCase2688462 extends AbstractMsalBrokerTest {
private final UserType mUserType;

Expand All @@ -56,25 +54,18 @@ public TestCase2688462(@NonNull UserType userType) {
@Parameterized.Parameters(name = "{0}")
public static List<UserType> userType() {
return Arrays.asList(
//UserType.MSA,
UserType.MSA,
UserType.CLOUD
);
}

@Before
public void before() {
((BrokerHost) mBroker).enablePrtV3();
}
@Test
public void test_2688462() {
NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
// perform AT interactive request for nested app
nestedAppHelper.performInteractiveATForNestedApp(false);
// verify getAccounts gives 0 records
nestedAppHelper.getAccountRecordAfterNestedAppAT();

mBroker.forceStop();
mBroker.launch();
}

@Override
Expand Down
32 changes: 1 addition & 31 deletions ...oft/identity/client/msal/automationapp/testpass/broker/nestedAppAuth/TestCase2690048.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,9 @@
// THE SOFTWARE.
package com.microsoft.identity.client.msal.automationapp.testpass.broker.nestedAppAuth;

import androidx.annotation.NonNull;

import com.microsoft.identity.client.msal.automationapp.R;
import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
import com.microsoft.identity.common.java.dto.AccountRecord;
Expand All @@ -36,46 +34,18 @@
import com.microsoft.identity.labapi.utilities.constants.UserType;

import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

import java.util.Arrays;
import java.util.List;

// Nested app passes deviceId claim - silent call fails
// https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2690048
@RunWith(Parameterized.class)
@LocalBrokerHostDebugUiTest
@SupportedBrokers(brokers = {BrokerHost.class})
public class TestCase2690048 extends AbstractMsalBrokerTest {
private final UserType mUserType;

public TestCase2690048(@NonNull UserType userType) {
mUserType = userType;
}

@Parameterized.Parameters(name = "{0}")
public static List<UserType> userType() {
return Arrays.asList(
// UserType.MSA,
UserType.CLOUD
);
}

@Before
public void before() {
((BrokerHost) mBroker).enablePrtV3();
}

@Test
public void test_2690048() {
NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
// perform AT interactive request for hub app
nestedAppHelper.performATForHubApp();
mBroker.forceStop();
mBroker.launch();

// get account record after AT interactive of hub app.
AccountRecord accountRecord = nestedAppHelper.getAccountRecordAfterHubAppAT();
Expand All @@ -96,7 +66,7 @@ public void test_2690048() {
@Override
public LabQuery getLabQuery() {
return LabQuery.builder()
.userType(mUserType)
.userType(UserType.CLOUD)
.build();
}

Expand Down
3 changes: 0 additions & 3 deletions ...oft/identity/client/msal/automationapp/testpass/broker/nestedAppAuth/TestCase2703171.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,6 @@ public void test_2703171() throws Throwable {
// perform AT interactive request for hub app
nestedAppHelper.performATForHubAppInUSGovCloud();

mBroker.forceStop();
mBroker.launch();

AccountRecord accountRecord = nestedAppHelper.getAccountRecordAfterHubAppAT();

try {
Expand Down

0 comments on commit 7ebbe76

Please sign in to comment.