Add init with option: and different config preserving state tests and also sdk failures after empty bootstrap

ivol · ivol · commit f5cfb7320046 · 2026-05-04T10:30:55.000+01:00
diff --git a/android/src/test/java/io/approov/reactnative/ApproovServiceMiniSdkTest.java b/android/src/test/java/io/approov/reactnative/ApproovServiceMiniSdkTest.java
@@ -221,6 +221,70 @@ public void initializeAcceptsReinitializeComment() throws Exception {
         assertTrue(service.isApproovEnabled());
     }
 
+    @Test
+    public void initializeAcceptsOptionsComment() throws Exception {
+        awaitResolvedPromise(promise -> service.initialize(validInitialConfig, "options:prefetch", promise));
+
+        assertTrue(service.isInitialized());
+        assertTrue(service.isApproovEnabled());
+    }
+
+    @Test
+    public void initializeIgnoresSameConfigWithOptionsComment() throws Exception {
+        awaitResolvedPromise(promise -> service.initialize(validInitialConfig, "options:prefetch", promise));
+
+        awaitResolvedPromise(promise -> service.initialize(validInitialConfig, "options:prefetch", promise));
+
+        assertTrue(service.isInitialized());
+        assertTrue(service.isApproovEnabled());
+    }
+
+    @Test
+    public void initializeWithEmptyConfigThenSdkFailureRejectsAndKeepsLayerInitializedButDisabled() throws Exception {
+        awaitResolvedPromise(promise -> service.initialize("", null, promise));
+        assertTrue(service.isInitialized());
+        assertFalse(service.isApproovEnabled());
+
+        try (org.mockito.MockedStatic<Approov> approov = mockStatic(Approov.class)) {
+            approov.when(() -> Approov.initialize(any(Context.class), any(String.class), any(String.class), any(String.class)))
+                .thenThrow(new IllegalArgumentException("server unreachable"));
+
+            PromiseResult rejected = awaitPromise(promise -> service.initialize(validInitialConfig, null, promise));
+
+            assertEquals("initialize", rejected.code);
+            assertTrue(rejected.message.contains("IllegalArgument"));
+            // The layer stays initialized (from the empty bootstrap) but Approov
+            // remains disabled because the SDK init failed.
+            assertTrue(service.isInitialized());
+            assertFalse(service.isApproovEnabled());
+        }
+    }
+
+    @Test
+    public void initializeWithDifferentConfigPreservesExistingState() throws Exception {
+        awaitResolvedPromise(promise -> service.initialize(validInitialConfig, null, promise));
+        assertTrue(service.isInitialized());
+        assertTrue(service.isApproovEnabled());
+
+        PromiseResult rejected = awaitPromise(promise -> service.initialize(
+            "#stg1006#aprv2stg-attest.api.approov.io#https://dev.approoval.com/token#dpcv6jv45r6LGC4E6ZXSMLhBVLrrhAoDcjizU/t9/Eg=",
+            null,
+            promise
+        ));
+
+        assertEquals("initialize", rejected.code);
+        assertTrue(rejected.message.contains("different config"));
+        // Crucially: the original config's state is fully preserved
+        assertTrue(service.isInitialized());
+        assertTrue(service.isApproovEnabled());
+
+        // Verify the original configuration still works — a protected request
+        // should still produce tokens
+        AttesterProxyController.loadScenarioJson(scenarioJson(uniqueCaseName("rn"), "\"protectedDomains\": [\"" + getTargetHost() + "\"]"));
+        JSONObject reply = fetchNetworkReply(new Request.Builder().url(getTargetURL()).build());
+        assertNotNull(getHeader(reply, "Approov-Token"));
+    }
+
     @Test
     public void initializeWithEmptyConfigKeepsLayerInitializedButDisablesApproov() throws Exception {
         AttesterProxyController.loadScenarioJson(scenarioJson(uniqueCaseName("rn"), "\"protectedDomains\": [\"" + getTargetHost() + "\"]"));
diff --git a/android/src/test/java/io/approov/reactnative/ApproovServicePublicApiTest.java b/android/src/test/java/io/approov/reactnative/ApproovServicePublicApiTest.java
@@ -201,6 +201,57 @@ public void exclusionRegexDoesNotDisableCertificatePinning() throws Exception {
         }
     }
 
+    @Test
+    public void logMessageDoesNotCrashAtAnyLevel() {
+        ApproovService service = newService();
+
+        // All defined levels: EXTREME(0), DEBUG(1), INFO(2), WARN(3), ERROR(4)
+        service.logMessage("test extreme", 0);
+        service.logMessage("test debug", 1);
+        service.logMessage("test info", 2);
+        service.logMessage("test warn", 3);
+        service.logMessage("test error", 4);
+
+        // Edge cases: null message, null level, unknown level
+        service.logMessage(null, 2);
+        service.logMessage("test null-level", null);
+        service.logMessage("test unknown-level", 99);
+    }
+
+    @Test
+    public void isInterceptorActiveReturnsTrueWhenApproovInterceptorIsPresent() {
+        try (MockedStatic<OkHttpClientProvider> okProvider = mockStatic(OkHttpClientProvider.class)) {
+            ApproovService service = newService();
+            Promise promise = mock(Promise.class);
+
+            OkHttpClient client = new OkHttpClient.Builder()
+                .addInterceptor(new ApproovInterceptor(service))
+                .build();
+            okProvider.when(OkHttpClientProvider::getOkHttpClient).thenReturn(client);
+
+            service.isInterceptorActive(promise);
+
+            org.mockito.Mockito.verify(promise).resolve(true);
+        }
+    }
+
+    @Test
+    public void isInterceptorActiveReturnsFalseWhenNoApproovInterceptorIsPresent() {
+        try (MockedStatic<OkHttpClientProvider> okProvider = mockStatic(OkHttpClientProvider.class)) {
+            ApproovService service = newService();
+            Promise promise = mock(Promise.class);
+
+            OkHttpClient client = new OkHttpClient.Builder()
+                .addInterceptor(chain -> chain.proceed(chain.request()))
+                .build();
+            okProvider.when(OkHttpClientProvider::getOkHttpClient).thenReturn(client);
+
+            service.isInterceptorActive(promise);
+
+            org.mockito.Mockito.verify(promise).resolve(false);
+        }
+    }
+
     private boolean hasPinHash(CertificatePinner pinner, String expectedHashBase64) throws Exception {
         for (Object pin : pinner.getPins()) {
             Object hash = pin.getClass().getMethod("getHash").invoke(pin);
diff --git a/ios/ApproovService.m b/ios/ApproovService.m
@@ -1152,6 +1152,13 @@ + (id)networkRequestLock {
     return;
   }
 
+  // Defensive JSON pre-validation for a cleaner, immediate error path.
+  // Unlike Android (which throws IllegalArgumentException synchronously),
+  // the iOS SDK handles malformed payloads safely by returning
+  // ApproovTokenFetchStatusBadPayload via the async callback. This
+  // pre-check is therefore optional but provides a more descriptive
+  // rejection message without waiting for the SDK round-trip. No size
+  // restriction is imposed here — the SDK docs specify none.
   NSData *data = [payload dataUsingEncoding:NSUTF8StringEncoding];
   NSError *jsonError = nil;
   id jsonObject = [NSJSONSerialization JSONObjectWithData:data options:0 error:&jsonError];
diff --git a/tests/ios/native-mini-sdk/ApproovNativeMiniSDKTests.m b/tests/ios/native-mini-sdk/ApproovNativeMiniSDKTests.m
@@ -67,6 +67,7 @@ - (void)removeExclusionURLRegex:(NSString *)urlRegex;
 - (void)addSubstitutionHeader:(NSString *)header requiredPrefix:(NSString *)requiredPrefix;
 - (void)addSubstitutionQueryParam:(NSString *)key;
 - (void)addExclusionURLRegex:(NSString *)urlRegex;
+- (void)logMessage:(NSString *)message level:(NSInteger)level;
 @end
 
 static NSUInteger gFailureCount = 0;
@@ -1404,6 +1405,101 @@ static void TestInterceptRequestHonorsCustomNoApproovServiceBlocks(void) {
   ApproovMutatorBridgeReset();
 }
 
+static void TestInitializeAcceptsOptionsComment(void) {
+  ApproovService *service = FreshService();
+  LoadProtectedDomainScenario(nil);
+
+  AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service initialize:kValidInitialConfig
+                comment:@"options:prefetch"
+               resolver:resolve
+               rejecter:reject];
+  });
+
+  AssertTrue(isInitialized, @"options: comment should allow initialization");
+  NSDictionary *enabled = AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service isApproovEnabled:resolve rejecter:reject];
+  });
+  AssertEqualObjects(@(YES), enabled[@"value"], @"options: comment should enable Approov");
+}
+
+static void TestInitializeIgnoresSameConfigWithOptionsComment(void) {
+  ApproovService *service = FreshService();
+  LoadProtectedDomainScenario(nil);
+
+  AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service initialize:kValidInitialConfig
+                comment:@"options:prefetch"
+               resolver:resolve
+               rejecter:reject];
+  });
+  NSDictionary *second = AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service initialize:kValidInitialConfig
+                comment:@"options:prefetch"
+               resolver:resolve
+               rejecter:reject];
+  });
+
+  AssertTrue(isInitialized, @"Same-config with options: should keep the layer initialized");
+  AssertEqualObjects([NSNull null], second[@"value"],
+                     @"Same-config with options: should resolve without error");
+}
+
+static void TestInitializeWithDifferentConfigPreservesExistingState(void) {
+  ApproovService *service = FreshService();
+  LoadProtectedDomainScenario(nil);
+
+  AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service initialize:kValidInitialConfig comment:nil resolver:resolve rejecter:reject];
+  });
+
+  AssertTrue(isInitialized, @"Initial config should mark the layer initialized");
+  NSDictionary *enabledBefore = AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service isApproovEnabled:resolve rejecter:reject];
+  });
+  AssertEqualObjects(@(YES), enabledBefore[@"value"], @"Approov should be enabled after valid init");
+
+  NSDictionary *rejected = AwaitRejected(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service initialize:@"#different-config" comment:nil resolver:resolve rejecter:reject];
+  });
+
+  AssertEqualObjects(@"initialize", rejected[@"code"],
+                     @"Different-config reinitialization should reject");
+  // Crucially: the original config's state is fully preserved
+  AssertTrue(isInitialized,
+             @"Different-config rejection should preserve the initialized state");
+  NSDictionary *enabledAfter = AwaitResolved(^(RCTPromiseResolveBlock resolve, RCTPromiseRejectBlock reject) {
+    [service isApproovEnabled:resolve rejecter:reject];
+  });
+  AssertEqualObjects(@(YES), enabledAfter[@"value"],
+                     @"Different-config rejection should preserve the enabled state");
+
+  // Verify the original configuration still works
+  NSDictionary *reply = FetchNetworkReply(service, TargetURL(), @{});
+  AssertNotNil(HeaderValue(reply, @"Approov-Token"),
+               @"Original config should remain functional after a different-config rejection");
+}
+
+static void TestLogMessageDoesNotCrashAtAnyLevel(void) {
+  ApproovService *service = FreshService();
+  LoadProtectedDomainScenario(nil);
+  InitializeService(service, nil);
+
+  // All defined levels: EXTREME(0), DEBUG(1), INFO(2), WARN(3), ERROR(4)
+  [service logMessage:@"test extreme" level:0];
+  [service logMessage:@"test debug" level:1];
+  [service logMessage:@"test info" level:2];
+  [service logMessage:@"test warn" level:3];
+  [service logMessage:@"test error" level:4];
+
+  // Edge cases: nil message, unknown level
+  [service logMessage:nil level:2];
+  [service logMessage:@"test unknown-level" level:99];
+
+  // If we get here without crashing, the test passes
+  AssertTrue(YES, @"logMessage should handle all levels without crashing");
+}
+
 
 int main(void) {
   @autoreleasepool {
@@ -1413,6 +1509,9 @@ int main(void) {
       ^{ TestInitializeIgnoresSameConfig(); },
       ^{ TestInitializeRejectsDifferentConfig(); },
       ^{ TestInitializeAcceptsReinitComment(); },
+      ^{ TestInitializeAcceptsOptionsComment(); },
+      ^{ TestInitializeIgnoresSameConfigWithOptionsComment(); },
+      ^{ TestInitializeWithDifferentConfigPreservesExistingState(); },
       ^{ TestStatusMethodsDifferentiateInitializedAndEnabled(); },
       ^{ TestUninitializedServiceCallsRejectProperly(); },
       ^{ TestGetDeviceIDReturnsMiniSDKDeviceID(); },
@@ -1472,6 +1571,7 @@ int main(void) {
       ^{ TestInterceptRequestRetriesOnNetworkFailure(); },
       ^{ TestInterceptRequestDefaultsNoApproovServiceToProceed(); },
       ^{ TestInterceptRequestHonorsCustomNoApproovServiceBlocks(); },
+      ^{ TestLogMessageDoesNotCrashAtAnyLevel(); },
 
     ];
 
diff --git a/tests/ios/native/ApproovNativeTests.m b/tests/ios/native/ApproovNativeTests.m
@@ -247,6 +247,52 @@ static void TestInitializeRejectsNativeDifferentConfigurationError(void) {
              @"Different-configuration native SDK error should leave the layer uninitialized");
 }
 
+// Verifies the transition: empty-config bootstrap → SDK failure.
+// After bootstrapping with an empty config the layer is initialized but Approov
+// is disabled. A subsequent attempt with a real config that fails at the SDK
+// level should reject the promise while preserving the initialized (but disabled)
+// bootstrap state.
+static void TestInitializeWithEmptyConfigThenSdkFailurePreservesBootstrap(void) {
+  ApproovService *service = FreshService();
+
+  // Bootstrap with empty config
+  [service initialize:@""
+              comment:nil
+             resolver:^(__unused id value) {}
+             rejecter:^(__unused NSString *code, __unused NSString *message,
+                        __unused NSError *error) {
+               Fail(@"Empty-config bootstrap should not reject");
+             }];
+  AssertTrue(isInitialized, @"Empty-config bootstrap should mark the layer initialized");
+
+  // Simulate SDK failure on the real config attempt
+  NSError *sdkError = [NSError errorWithDomain:@"io.approov.tests"
+                                          code:1
+                                      userInfo:@{NSLocalizedDescriptionKey : @"server unreachable"}];
+  ApproovTestSetInitializationError(sdkError);
+
+  __block BOOL didResolve = NO;
+  __block NSString *rejectionCode = nil;
+  [service initialize:@"real-config"
+              comment:nil
+             resolver:^(__unused id value) {
+               didResolve = YES;
+             }
+             rejecter:^(NSString *code, __unused NSString *message,
+                        __unused NSError *error) {
+               rejectionCode = code;
+             }];
+  ApproovTestClearInitializationError();
+
+  AssertTrue(!didResolve,
+             @"SDK failure after empty bootstrap should reject");
+  AssertEqualObjects(@"initialize", rejectionCode,
+                     @"SDK failure after empty bootstrap should reject with initialize");
+  // The layer stays initialized from the empty bootstrap
+  AssertTrue(isInitialized,
+             @"SDK failure after empty bootstrap should preserve the initialized state");
+}
+
 
 static NSURLSession *MockSession(void) {
   NSURLSessionConfiguration *configuration =
@@ -568,6 +614,7 @@ int main(void) {
       ^{ TestInitializeFailureRejectsAndKeepsLayerUninitialized(); },
       ^{ TestInitializeTreatsFalseNilErrorAsAlreadyInitialized(); },
       ^{ TestInitializeRejectsNativeDifferentConfigurationError(); },
+      ^{ TestInitializeWithEmptyConfigThenSdkFailurePreservesBootstrap(); },
       ^{ TestMockStatusCompletionHandlersFire(); },
       ^{ TestMockErrorCompletionHandlersFire(); },
       ^{ TestMockUploadCompletionHandlersFire(); },
