Support bot protection #589
Conversation
lbalmaceda
force-pushed
the
feat-botprot
branch
from
bb1d8f8 to
9b5f7b8
Compare
| @@ -36,6 +36,10 @@ android { | |||
| testOptions { | |||
| unitTests { | |||
| includeAndroidResources = true | |||
| // https://github.com/robolectric/robolectric/issues/5115 | |||
| all { | |||
| systemProperty("javax.net.ssl.trustStoreType", "JKS") | |||
There was a problem hiding this comment.
Required to be set before MockServer can be instantiated. See the referenced issue for details.
| @@ -120,6 +122,9 @@ public LockActivity() { | |||
| this.options = options; | |||
| this.lockView = lockView; | |||
| this.webProvider = webProvider; | |||
| this.handler = new Handler(); | |||
There was a problem hiding this comment.
These are only used in tests. In absolutely NO scenario Android will instantiate the LockActivity through this constructor, so it's safe to use.
| @@ -372,6 +377,27 @@ public void onOAuthAuthenticationRequest(OAuthLoginEvent event) { | |||
| webProvider.start(this, connection, extraAuthParameters, authProviderCallback, WEB_AUTH_REQUEST_CODE); | |||
| } | |||
|
|
|||
| private void completeDatabaseAuthenticationOnBrowser() { | |||
| //DBConnection checked for nullability before the API call | |||
There was a problem hiding this comment.
This is called from a callback#onFailure. The action that registered the callback already checked for nullability, see https://github.com/auth0/Lock.Android/pull/589/files#diff-01fe7e862df1aaab8f18b1b31542c58fR404-R406.
| String screenHint = null; | ||
| if (lastDatabaseSignUp != null) { | ||
| loginHint = lastDatabaseSignUp.getEmail(); | ||
| screenHint = "signup"; |
There was a problem hiding this comment.
thought of using constants for these, but they are only being used here, once.
| when(options.getAudience()).thenReturn("aud"); | ||
| when(options.getAuthenticationParameters()).thenReturn(basicParameters); | ||
| //set sign in behavior | ||
| when(options.loginAfterSignUp()).thenReturn(true); |
There was a problem hiding this comment.
this is the important line
| when(options.getAudience()).thenReturn("aud"); | ||
| when(options.getAuthenticationParameters()).thenReturn(basicParameters); | ||
| //set create user behavior | ||
| when(options.loginAfterSignUp()).thenReturn(false); |
There was a problem hiding this comment.
this is the important line
| @@ -416,7 +540,7 @@ public void shouldCallOAuthAuthenticationWithCustomProvider() { | |||
| verify(lockView, never()).showProgress(true); | |||
| verify(customProvider).setParameters(mapCaptor.capture()); | |||
| verify(customProvider).start(eq(activity), any(AuthCallback.class), eq(REQ_CODE_PERMISSIONS), eq(REQ_CODE_CUSTOM_PROVIDER)); | |||
| AuthResolver.setAuthHandlers(Collections.emptyList()); | |||
| AuthResolver.setAuthHandlers(Collections.<AuthHandler>emptyList()); | |||
There was a problem hiding this comment.
these were required after fixing the wrong class import
| import java.util.HashMap; | ||
| import java.util.Map; | ||
|
|
||
| import edu.emory.mathcs.backport.java.util.Collections; |
There was a problem hiding this comment.
incorrect class, omg.
lbalmaceda
force-pushed
the
feat-botprot
branch
from
9b5f7b8 to
b0d7fde
Compare
lbalmaceda
force-pushed
the
feat-botprot
branch
from
b0d7fde to
e71a21e
Compare
| - run: ./gradlew clean test --continue --console=plain --max-workers=4 |
There was a problem hiding this comment.
limited the number of workers to avoid OOM issues
| // https://github.com/robolectric/robolectric/issues/5115 | ||
| all { | ||
| systemProperty("javax.net.ssl.trustStoreType", "JKS") | ||
| maxHeapSize = "1024m" |
There was a problem hiding this comment.
these are independent of the JVM options passed in the command line (see CI script)
Changes
When a request is flagged as suspicious by the Bot Protection feature, it will require the user to complete the authentication on a web-based flow. When this error code happens on Lock, the browser will be automatically launched on the right page (login/signup).
References
https://auth0.com/docs/anomaly-detection/bot-protection
Testing
Added unit tests for the event handling. I've also manually tested sign in, sign up and log in.
This change adds unit test coverage
This change adds integration/UI test coverage
This change has been tested on the latest version of the platform/language or why not
Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors
The correct base branch is being used