Automate authenticator oauth tests

[hud10837]

Adds tests for OAuth sign in. This covers the manual test cases 1 and 2. Like the ServerTrustTests, the test logic is generally implemented in a single util function that is called by each test along with the corresponding test action (eg. enter credentials and sign in)

I found that because we are calling handleArcGISAuthenticationChallenge directly, the tests were catching any OperationCancelledExceptions that were thrown by that method. It seems like this was an oversight so I have changed the implementation and it seems to be working (at least, the tests are passing)

Currently the signIn tests will fail because they don't have working credentials until we come up with a solution for test credentials in the toolkit.

This also uses the microapp's oauth configuration as well as the sample repo's oauth configuration in order to avoid a launcher disambiguation dialog in the tests. This is something we should confirm with @shubham7109 is okay or we should create new redirect urls and clientIds.

The tests use two new OAuth clientId/redirectUrls.

[hud10837]

I couldn't compile after adding uiautomator and mockk without this, but I'm not sure if that's just a local issue

[gunt0001]

I think that change is correct.

[hud10837]

Test Case 1

[hud10837]

Test Case 2

[hud10837]

We should discuss this. Because the tests use handleArcGISAuthenticationChallenge() directly, any exceptions that get thrown are thrown into the test. Normally the caller of handleArcGISAuthenticationChallenge will handle the exceptions but it seems to me that we should be handling it here anyway.

[gunt0001]

I don't think this change is needed. Any exception thrown, would be handled in the SDK's AuthenticationChallengeQueue. In the test code, since we bypass that code, we should just catch the exception there.

[gunt0001]

@hud10837 looks good, a few comments.

[gunt0001]

👍

[gunt0001]

Call sign out also in @After?

[gunt0001]

Is this required? As long as the test uses a CCT, it should close automatically at the end of each test?

[gunt0001]

I think this state object should be created locally within the scope of testOAuthChallengeWithStateRestoration(), so that a new Authenticator() call is passed a new instance of AuthenticatorState.

[gunt0001]

If we don't do this, does this cause any issues?

[gunt0001]

The toolkit should not set any permissions in its manifest. This is the responsibility of the user.

[gunt0001]

I don't think this change is needed. Any exception thrown, would be handled in the SDK's AuthenticationChallengeQueue. In the test code, since we bypass that code, we should just catch the exception there.

[hud10837]

Thanks @gunt0001 I believe I have addressed all of your comments

[gunt0001]

I think that change is correct.

[gunt0001]

Could you add a comment here, something along the lines of...

Suggested change

	InstrumentationRegistry.getInstrumentation().context.startActivity(getSuccessfulRedirectIntent("kotlin-authentication-test-1://auth"))
	// When the OAuth sign in dialog shows up, we simulate successful sign in by launching an intent with the redirect URl, which otherwise would be sent from the Portal server, but would require valid credentials
	InstrumentationRegistry.getInstrumentation().context.startActivity(getSuccessfulRedirectIntent("kotlin-authentication-test-1://auth"))

[gunt0001]

I suggest to move this part of setting up an interceptor out of this function and call this individually as part of each test function. I don't think it belongs into this function here.

[gunt0001]

Comment needs formating

Suggested change

	// // create your own client ID. For more info see: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/register-your-application/
	// create your own client ID. For more info see: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/register-your-application/

[gunt0001]

Suggested change

	// isse the OAuth challenge
	// issue the OAuth challenge

[gunt0001]

nitpick naming suggestion:

Suggested change

	fun ArcGISHttpClient.Builder.interceptTokenRequests() {
	fun ArcGISHttpClient.Builder.setupTokenRequestInterceptor() {

[gunt0001]

nitpick naming suggestion:

Suggested change

	fun Request.getFakeTokenResponse(): Response =
	fun Request.createFakeTokenResponse(): Response =

[gunt0001]

missing newline

[gunt0001]

missing copyright info

[gunt0001]

Needs updating also in other places in this file...

Suggested change

	* @since 200.4.0
	* @since 200.5.0

[gunt0001]

Approving so this can move to second review once comments have been addressed.

[alan-edi]

@hud10837 Looks good, just a few minor comments to consider

[alan-edi]

Newline before the URL, to avoid line being unnecessarily long?

[alan-edi]

Newline before the URL?

[alan-edi]

package -> [packageId] and delete the @param below?

[alan-edi]

Seems this function, and the functions below that it calls, isn't used, but I guess you expect to use it later when we come up with a solution for test credentials in the toolkit?

[hud10837]

I will remove them for now, can always return to this PR to copy them.

[alan-edi]

Oh, one other thing - there are no tests for the following sub-cases, but I guess you have good reasons:

• 1.2 Incorrect Credentials - maybe do it later when we come up with a solution for test credentials in the toolkit?
• 1.5 Pressing the Close Button - is it practicable to automate that?
• 1.6 Press the Home Button - again, is it practicable?

[hud10837]

@alan-edi thanks for the review. Regarding those test cases:

• 1.2 Incorrect Credentials - I'm not sure there's any value in testing this (also true for the manual tests) because there is no interaction with the Authenticator when you enter invalid credentials -- everything continues to happen in the browser, and if you enter the wrong credentials too many times, it keeps the browser open and locks you out for 15 minutes, so there is no "invalid credentials" redirect back to the app.
• 1.5 Pressing the Close Button - It's possible to automate this, but a bit difficult, and the behavior should be identical to the back button. But I am happy to add this test case if you think it's a good idea
• 1.6 Press the Home Button - The goal of this in the manual tests was to test the activity being destroyed and put in the background, then recreated, which also happens during configuration changes. I think this is very difficult to automate though, so I think that testing only device rotation is sufficient (as it should be the same behavior anyway) What do you think?

[alan-edi]

@hud10837 I'm happy with what you say re test cases 1.2, 1.5 and 1.6, thanks

[hud10837]

Thanks @alan-edi @gunt0001 !