[FC] Sends supports_app_verification to sync call when Integrity avai…

…lable (#9819) # Summary When making the first `/sync` request, warm up the integrity request calling manager `prepare` to check if Integrity API is available. If no errors occur, Pass `supports_app_verification: true` on the first sync call. Note: This gets recorded on the session so even if future sync calls pass this field it'd get ignored, as the session verified state is immutable on backend. We also pass `verified_app_id`, matching the package name. # Motivation https://docs.google.com/document/d/1joKz5UZHLVazmecfMHbq6gB6n4wj5u8To6AtqYgq_tc/edit?tab=t.0#heading=h.cz1xkpga7giy # Testing - [x] Modified tests - [x] Manually verified
stripe · Jan 13, 2025 · 0087322 · 0087322
1 parent 1a9b1e7
commit 0087322
Show file tree

Hide file tree

Showing 13 changed files with 136 additions and 65 deletions.
diff --git a/...c/main/java/com/stripe/android/financialconnections/FinancialConnectionsSheetViewModel.kt b/...c/main/java/com/stripe/android/financialconnections/FinancialConnectionsSheetViewModel.kt
@@ -116,8 +116,11 @@ internal class FinancialConnectionsSheetViewModel @Inject constructor(
     private fun initAuthFlow() {
         viewModelScope.launch {
             kotlin.runCatching {
-                prepareStandardRequestManager()
-                getOrFetchSync(refetchCondition = Always)
+                val attestationInitialized = prepareStandardRequestManager()
+                getOrFetchSync(
+                    refetchCondition = Always,
+                    attestationInitialized = attestationInitialized
+                )
             }.onFailure {
                 finishWithResult(stateFlow.value, Failed(it))
             }.onSuccess {

diff --git a/...onnections/src/main/java/com/stripe/android/financialconnections/domain/GetOrFetchSync.kt b/...onnections/src/main/java/com/stripe/android/financialconnections/domain/GetOrFetchSync.kt
@@ -18,12 +18,14 @@ internal class GetOrFetchSync @Inject constructor(
 ) {
 
     suspend operator fun invoke(
-        refetchCondition: RefetchCondition = RefetchCondition.None
+        refetchCondition: RefetchCondition = RefetchCondition.None,
+        attestationInitialized: Boolean = false
     ): SynchronizeSessionResponse {
         return repository.getOrSynchronizeFinancialConnectionsSession(
             clientSecret = configuration.financialConnectionsSessionClientSecret,
             applicationId = applicationId,
             reFetchCondition = refetchCondition::shouldReFetch,
+            attestationInitialized = attestationInitialized
         )
     }
 

diff --git a/.../stripe/android/financialconnections/repository/FinancialConnectionsManifestRepository.kt b/.../stripe/android/financialconnections/repository/FinancialConnectionsManifestRepository.kt
@@ -40,6 +40,7 @@ internal interface FinancialConnectionsManifestRepository {
     suspend fun getOrSynchronizeFinancialConnectionsSession(
         clientSecret: String,
         applicationId: String,
+        attestationInitialized: Boolean,
         reFetchCondition: (SynchronizeSessionResponse) -> Boolean
     ): SynchronizeSessionResponse
 
@@ -206,15 +207,17 @@ private class FinancialConnectionsManifestRepositoryImpl(
     override suspend fun getOrSynchronizeFinancialConnectionsSession(
         clientSecret: String,
         applicationId: String,
+        attestationInitialized: Boolean,
         reFetchCondition: (SynchronizeSessionResponse) -> Boolean
     ): SynchronizeSessionResponse = mutex.withLock {
         val cachedSync = cachedSynchronizeSessionResponse?.takeUnless(reFetchCondition)
-        return cachedSync ?: synchronize(applicationId, clientSecret)
+        return cachedSync ?: synchronize(applicationId, clientSecret, attestationInitialized)
     }
 
     private suspend fun synchronize(
         applicationId: String,
         clientSecret: String,
+        attestationInitialized: Boolean,
     ): SynchronizeSessionResponse = requestExecutor.execute(
         apiRequestFactory.createPost(
             url = synchronizeSessionUrl,
@@ -228,6 +231,8 @@ private class FinancialConnectionsManifestRepositoryImpl(
                     "forced_authflow_version" to "v3",
                     PARAMS_FULLSCREEN to true,
                     PARAMS_HIDE_CLOSE_BUTTON to true,
+                    PARAMS_SUPPORT_APP_VERIFICATION to attestationInitialized,
+                    PARAMS_VERIFY_APP_ID to applicationId.takeIf { attestationInitialized },
                     NetworkConstants.PARAMS_APPLICATION_ID to applicationId
                 ),
                 NetworkConstants.PARAMS_CLIENT_SECRET to clientSecret
@@ -523,6 +528,8 @@ private class FinancialConnectionsManifestRepositoryImpl(
     companion object {
         internal const val PARAMS_FULLSCREEN = "fullscreen"
         internal const val PARAMS_HIDE_CLOSE_BUTTON = "hide_close_button"
+        internal const val PARAMS_SUPPORT_APP_VERIFICATION = "supports_app_verification"
+        internal const val PARAMS_VERIFY_APP_ID = "verified_app_id"
 
         internal const val synchronizeSessionUrl: String =
             "${ApiRequest.API_HOST}/v1/financial_connections/sessions/synchronize"

diff --git a/...st/java/com/stripe/android/financialconnections/FinancialConnectionsSheetViewModelTest.kt b/...st/java/com/stripe/android/financialconnections/FinancialConnectionsSheetViewModelTest.kt
@@ -34,8 +34,10 @@ import com.stripe.android.financialconnections.model.FinancialConnectionsAccount
 import com.stripe.android.financialconnections.model.FinancialConnectionsSession
 import com.stripe.android.financialconnections.model.FinancialConnectionsSession.StatusDetails
 import com.stripe.android.financialconnections.presentation.withState
+import com.stripe.android.financialconnections.utils.TestIntegrityRequestManager
 import com.stripe.android.model.IncentiveEligibilitySession
 import com.stripe.android.model.LinkMode
+import com.stripe.attestation.IntegrityRequestManager
 import kotlinx.coroutines.ExperimentalCoroutinesApi
 import kotlinx.coroutines.test.UnconfinedTestDispatcher
 import kotlinx.coroutines.test.runTest
@@ -44,6 +46,7 @@ import org.junit.Test
 import org.junit.rules.TestRule
 import org.junit.runner.RunWith
 import org.mockito.kotlin.any
+import org.mockito.kotlin.anyOrNull
 import org.mockito.kotlin.eq
 import org.mockito.kotlin.mock
 import org.mockito.kotlin.verify
@@ -88,12 +91,31 @@ class FinancialConnectionsSheetViewModelTest {
     }
 
     @Test
-    fun `init - if manifest not present in initial state, fetchManifest triggered`() =
+    fun `init - if manifest not present in initial state and attestation ready, fetchManifest triggered`() =
         runTest {
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
-            createViewModel(defaultInitialState)
+            whenever(getOrFetchSync(any(), anyOrNull())).thenReturn(syncResponse)
+            createViewModel(
+                defaultInitialState,
+                integrityRequestManager = TestIntegrityRequestManager(
+                    prepareResult = Result.success(Unit)
+                )
+            )
+
+            verify(getOrFetchSync).invoke(refetchCondition = Always, attestationInitialized = true)
+        }
+
+    @Test
+    fun `init - if manifest not present in initial state and attestation fails, fetchManifest triggered`() =
+        runTest {
+            whenever(getOrFetchSync(any(), anyOrNull())).thenReturn(syncResponse)
+            createViewModel(
+                defaultInitialState,
+                integrityRequestManager = TestIntegrityRequestManager(
+                    prepareResult = Result.failure(Exception())
+                )
+            )
 
-            verify(getOrFetchSync).invoke(refetchCondition = Always)
+            verify(getOrFetchSync).invoke(refetchCondition = Always, attestationInitialized = false)
         }
 
     @Test
@@ -109,7 +131,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - When no browser available, AuthFlow closes and logs error`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(false)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
 
         // When
         val viewModel = createViewModel(defaultInitialState)
@@ -139,7 +161,7 @@ class FinancialConnectionsSheetViewModelTest {
         runTest {
             // Given
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
             // When
@@ -175,7 +197,7 @@ class FinancialConnectionsSheetViewModelTest {
         runTest {
             // Given
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
             // When
@@ -210,7 +232,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - when instant debits flow, hosted auth url doesn't contain link_mode if unknown`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
         // When
@@ -245,7 +267,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - when instant debits flow, hosted auth url contains incentive info if eligible`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
         // When
@@ -281,7 +303,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - when instant debits flow, hosted auth url does not contain incentive info if not eligible`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
         // When
@@ -317,7 +339,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - hosted auth url contains prefill details`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
         // When
@@ -354,7 +376,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - hosted auth url contains billing details`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
         // When
@@ -408,7 +430,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `init - when data flow and non-native, hosted auth url without query params is launched`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         whenever(nativeRouter.nativeAuthFlowEnabled(any())).thenReturn(false)
 
         // When
@@ -429,7 +451,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `handleOnNewIntent - wrong intent should fire analytics event and set fail result`() = runTest {
         // Given
         whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
         val viewModel = createViewModel(defaultInitialState)
 
         // When
@@ -444,7 +466,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `handleOnNewIntent - on Link flows with invalid account, error is thrown`() {
         runTest {
             // Given
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
             val viewModel = createViewModel(
                 defaultInitialState.copy(initialArgs = ForInstantDebits(configuration))
@@ -474,7 +496,7 @@ class FinancialConnectionsSheetViewModelTest {
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
             whenever(fetchFinancialConnectionsSession(any()))
                 .thenReturn(financialConnectionsSessionWithNoMoreAccounts)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             val viewModel = createViewModel(defaultInitialState)
             val cancelIntent = cancelIntent()
 
@@ -495,7 +517,7 @@ class FinancialConnectionsSheetViewModelTest {
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
             whenever(fetchFinancialConnectionsSession(any()))
                 .thenReturn(financialConnectionsSessionWithNoMoreAccounts)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             val viewModel = createViewModel(defaultInitialState)
 
             // When
@@ -520,7 +542,7 @@ class FinancialConnectionsSheetViewModelTest {
                 )
             )
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(fetchFinancialConnectionsSession(any())).thenReturn(expectedSession)
             val viewModel = createViewModel(defaultInitialState)
 
@@ -541,7 +563,7 @@ class FinancialConnectionsSheetViewModelTest {
     fun `handleOnNewIntent - when intent with unknown received, then finish with Result#Failed`() =
         runTest {
             // Given
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             val viewModel = createViewModel(defaultInitialState)
             val errorIntent = Intent()
 
@@ -563,7 +585,7 @@ class FinancialConnectionsSheetViewModelTest {
             // Given
             val expectedSession = financialConnectionsSession()
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(fetchFinancialConnectionsSession(any())).thenReturn(expectedSession)
 
             val viewModel = createViewModel(defaultInitialState)
@@ -590,7 +612,7 @@ class FinancialConnectionsSheetViewModelTest {
                 "skip_aggregation=true&referral_source=APP&client_redirect_url=123"
             val nativeRedirectUrl = "stripe-auth://native-redirect/com.example.app/$aggregatorUrl"
             val expectedSession = financialConnectionsSession()
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(fetchFinancialConnectionsSession(any())).thenReturn(expectedSession)
 
             val viewModel = createViewModel(defaultInitialState)
@@ -616,7 +638,7 @@ class FinancialConnectionsSheetViewModelTest {
                 "stripe-auth://link-accounts/com.example.app/authentication_return#$returnUrlQueryParams"
             val expectedSession = financialConnectionsSession()
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(fetchFinancialConnectionsSession(any())).thenReturn(expectedSession)
 
             val viewModel = createViewModel(defaultInitialState)
@@ -641,7 +663,7 @@ class FinancialConnectionsSheetViewModelTest {
             // Given
             val apiException = APIException()
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(fetchFinancialConnectionsSession.invoke(any())).thenAnswer { throw apiException }
             val viewModel = createViewModel(defaultInitialState)
 
@@ -662,7 +684,7 @@ class FinancialConnectionsSheetViewModelTest {
         runTest {
             // Given
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
             whenever(fetchFinancialConnectionsSession(any())).thenAnswer { throw APIException() }
             val viewModel = createViewModel(defaultInitialState)
             // When
@@ -682,7 +704,7 @@ class FinancialConnectionsSheetViewModelTest {
         runTest {
             // Given
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any()))
+            whenever(getOrFetchSync(any(), any()))
                 .thenReturn(
                     syncResponse.copy(
                         manifest = sessionManifest().copy(
@@ -772,7 +794,7 @@ class FinancialConnectionsSheetViewModelTest {
         runTest {
             // Given
             whenever(browserManager.canOpenHttpsUrl()).thenReturn(true)
-            whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+            whenever(getOrFetchSync(any(), any())).thenReturn(syncResponse)
 
             // When
             val viewModel = createViewModel(defaultInitialState)
@@ -807,7 +829,8 @@ class FinancialConnectionsSheetViewModelTest {
     )
 
     private fun createViewModel(
-        initialState: FinancialConnectionsSheetState
+        initialState: FinancialConnectionsSheetState,
+        integrityRequestManager: IntegrityRequestManager = TestIntegrityRequestManager()
     ): FinancialConnectionsSheetViewModel {
         return FinancialConnectionsSheetViewModel(
             applicationId = "com.example.app",
@@ -821,7 +844,7 @@ class FinancialConnectionsSheetViewModelTest {
             browserManager = browserManager,
             savedStateHandle = SavedStateHandle(),
             nativeAuthFlowCoordinator = mock(),
-            integrityRequestManager = mock(),
+            integrityRequestManager = integrityRequestManager,
             logger = Logger.noop()
         )
     }

diff --git a/...nancialconnections/features/linkstepupverification/LinkStepUpVerificationViewModelTest.kt b/...nancialconnections/features/linkstepupverification/LinkStepUpVerificationViewModelTest.kt
@@ -25,6 +25,7 @@ import kotlinx.coroutines.test.runTest
 import org.junit.Rule
 import org.junit.Test
 import org.mockito.kotlin.any
+import org.mockito.kotlin.anyOrNull
 import org.mockito.kotlin.eq
 import org.mockito.kotlin.mock
 import org.mockito.kotlin.verify
@@ -137,7 +138,7 @@ class LinkStepUpVerificationViewModelTest {
     private suspend fun givenGetSyncReturns(
         syncResponse: SynchronizeSessionResponse = syncResponse()
     ) {
-        whenever(getOrFetchSync(any())).thenReturn(syncResponse)
+        whenever(getOrFetchSync(any(), anyOrNull())).thenReturn(syncResponse)
     }
 
     private suspend fun markLinkVerifiedReturns(

diff --git a/...lconnections/features/networkinglinkloginwarmup/NetworkingLinkLoginWarmupViewModelTest.kt b/...lconnections/features/networkinglinkloginwarmup/NetworkingLinkLoginWarmupViewModelTest.kt
@@ -17,6 +17,7 @@ import kotlinx.coroutines.test.runTest
 import org.junit.Rule
 import org.junit.Test
 import org.mockito.kotlin.any
+import org.mockito.kotlin.anyOrNull
 import org.mockito.kotlin.mock
 import org.mockito.kotlin.verify
 import org.mockito.kotlin.whenever
@@ -49,7 +50,7 @@ class NetworkingLinkLoginWarmupViewModelTest {
     @Test
     fun `init - payload error navigates to error screen`() = runTest {
         val error = RuntimeException("Failed to fetch manifest")
-        whenever(getOrFetchSync(any())).thenAnswer { throw error }
+        whenever(getOrFetchSync(any(), anyOrNull())).thenAnswer { throw error }
 
         buildViewModel(NetworkingLinkLoginWarmupState())