Enhance LoginManager ID token testing with dependency injection #241
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Key Improvements ### 1. Time Dependency Injection Support - Refactored `verifyIDToken` method to accept optional `currentDate` parameter - Maintains backward compatibility with default `Date()` value - Enables precise time control in unit tests - Improves testability and reduces flakiness ### 2. Comprehensive Test Coverage Added 9 new test methods covering: **Provider Metadata Tests:** - `testGetProviderMetadataSuccess`: Valid metadata retrieval - `testGetProviderMetadataFailureWithoutIDToken`: Missing ID token error - `testGetProviderMetadataFailureWithUnsupportedAlgorithm`: HS256 algorithm rejection - `testGetProviderMetadataFailureWithMissingKeyID`: Missing key ID handling - `testGetProviderMetadataFailureWithNetworkError`: Network failure scenarios **ID Token Verification Tests:** - `testVerifyIDTokenSuccess`: Complete successful verification flow - `testVerifyIDTokenFailureWithExpiredToken`: Token expiration validation - `testVerifyIDTokenFailureWithTokenUsedTooEarly`: Token not-yet-valid validation - `testVerifyIDTokenFailureWithInvalidIssuer`: Issuer claim validation - `testVerifyIDTokenFailureWithWrongUserID`: Subject claim validation - `testVerifyIDTokenFailureWithWrongAudience`: Audience claim validation ### 3. Test Implementation Details - Uses existing test RSA key pairs from `JWTRSATests.swift` - Properly handles JWT token time validation with historical timestamps - Comprehensive error path testing with specific error type validation - Mock network responses for realistic testing scenarios ### 4. Security Considerations - All test data uses dedicated test keys and mock JWT tokens - No production keys or sensitive data exposed - Follows cryptographic testing best practices ## Test Results All 9 new tests pass successfully, providing comprehensive coverage of LoginManager's ID token functionality including both success and failure scenarios.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Enhance LoginManager ID token testing by adding time dependency injection and comprehensive test coverage.
Changes
Time Dependency Injection
currentDateparameter toverifyIDTokenmethodDate()valueNew Test Coverage
Added 9 new test methods covering:
Test Results
All 9 new tests pass successfully, providing comprehensive coverage of ID token functionality.
Benefits