@W-21933885: [MSDK Android] App Attestation Implementation (First Attempt At Testing App Attestation In NativeLoginManager.login())

JohnsonEricAtSalesforce · JohnsonEricAtSalesforce · commit 652e8fc7cf9b · 2026-04-16T21:08:45.000-06:00
diff --git a/libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/NativeLoginManager.kt b/libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/NativeLoginManager.kt
@@ -68,6 +68,7 @@ import com.salesforce.androidsdk.auth.interfaces.NativeLoginResult.Success
 import com.salesforce.androidsdk.auth.interfaces.NativeLoginResult.UnknownError
 import com.salesforce.androidsdk.auth.interfaces.OtpRequestResult
 import com.salesforce.androidsdk.auth.interfaces.OtpVerificationMethod
+import com.salesforce.androidsdk.rest.RestClient
 import com.salesforce.androidsdk.rest.RestClient.AsyncRequestCallback
 import com.salesforce.androidsdk.rest.RestRequest
 import com.salesforce.androidsdk.rest.RestRequest.RestEndpoint.LOGIN
@@ -102,14 +103,18 @@ import kotlin.coroutines.suspendCoroutine
  * Google Cloud Console.  Defaults to null to disable reCAPTCHA use
  * @param isReCaptchaEnterprise Specifies if reCAPTCHA uses the enterprise
  * license. Defaults to false to disable reCAPTCHA use
+ * @param restClient The REST client to use for making network requests. This
+ * parameter is intended for testing purposes only. Defaults to the
+ * unauthenticated REST client
  */
 internal class NativeLoginManager(
     private val clientId: String,
     private val redirectUri: String,
     private val loginUrl: String,
     private val reCaptchaSiteKeyId: String? = null,
     private val googleCloudProjectId: String? = null,
-    private val isReCaptchaEnterprise: Boolean = false
+    private val isReCaptchaEnterprise: Boolean = false,
+    private val restClient: RestClient = getInstance().clientManager.peekUnauthenticatedRestClient()
 ) : NativeLoginManager {
 
     private val accountManager = SalesforceSDKManager.getInstance().userAccountManager
@@ -226,8 +231,7 @@ internal class NativeLoginManager(
 
     private suspend fun suspendedRestCall(request: RestRequest): RestResponse? {
         return suspendCoroutine { continuation ->
-            SalesforceSDKManager.getInstance().clientManager
-                .peekUnauthenticatedRestClient().sendAsync(request, object : AsyncRequestCallback {
+            restClient.sendAsync(request, object : AsyncRequestCallback {
 
                     override fun onSuccess(request: RestRequest?, response: RestResponse?) {
                         continuation.resume(response)
diff --git a/libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/auth/NativeLoginManagerTest.kt b/libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/auth/NativeLoginManagerTest.kt
@@ -5,7 +5,17 @@ import androidx.test.filters.SmallTest
 import com.salesforce.androidsdk.accounts.UserAccountManager
 import com.salesforce.androidsdk.accounts.UserAccountTest
 import com.salesforce.androidsdk.app.SalesforceSDKManager
+import com.salesforce.androidsdk.rest.RestClient
+import com.salesforce.androidsdk.rest.RestResponse
 import com.salesforce.androidsdk.security.BiometricAuthenticationManager
+import io.mockk.coEvery
+import io.mockk.every
+import io.mockk.mockk
+import io.mockk.verify
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.test.advanceUntilIdle
+import kotlinx.coroutines.test.runTest
+import okhttp3.Call
 import org.junit.After
 import org.junit.Assert
 import org.junit.Assert.assertEquals
@@ -99,6 +109,50 @@ class NativeLoginManagerTest {
         assertEquals("key1=value1", buffer.readUtf8())
     }
 
+    // TODO: This test will need additional review. ECJ20260416
+    @OptIn(ExperimentalCoroutinesApi::class)
+    @Test
+    fun nativeLoginManager_login_collectsAppAttestation() = runTest {
+
+        val appAttestationClient = mockk<AppAttestationClient>(relaxed = true)
+        coEvery { appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation() } returns "__TEST_APP_ATTESTATION__"
+
+        val salesforceSdkManager = SalesforceSDKManager.getInstance()
+        salesforceSdkManager.appAttestationClient = appAttestationClient
+
+        val restClient = mockk<RestClient>(relaxed = true)
+        val mockResponse = mockk<RestResponse>(relaxed = true)
+        every { mockResponse.isSuccess } returns false
+        every {
+            restClient.sendAsync(any(), any())
+        } answers {
+            val callback = secondArg<RestClient.AsyncRequestCallback>()
+            callback.onSuccess(firstArg(), mockResponse)
+            mockk<Call>(relaxed = true)
+        }
+
+        mgr = NativeLoginManager(
+            clientId = "clientId",
+            redirectUri = "redirect",
+            loginUrl = "loginUrl",
+            restClient = restClient,
+        )
+
+        mgr.login("TestUser@Example.com", "test123456")
+
+        advanceUntilIdle()
+
+        verify (exactly = 1) {
+            restClient.sendAsync(match {
+                runCatching {
+                    val buffer = okio.Buffer()
+                    it.requestBody?.writeTo(buffer)
+                    buffer.readUtf8().contains("attestation=__TEST_APP_ATTESTATION__")
+                }.getOrDefault(false)
+            }, any())
+        }
+    }
+
     private fun addUserAccount() {
         UserAccountManager.getInstance().createAccount(UserAccountTest.createTestAccount())
     }
