test: cover Identity Verification turned-off transition

nan-li · nan-li · commit b000fdca5d3d · 2026-06-10T18:10:43.000-07:00
Add per-executor tests asserting parked requests are released and sent without auth once Identity Verification is turned off, plus OSUserJwtConfig tests verifying a missing jwt_required remote param resolves to off (including the previously-on case) and that an unchanged value does not re-fire listeners.
diff --git a/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/IdentityExecutorTests.swift b/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/IdentityExecutorTests.swift
@@ -278,4 +278,41 @@ final class IdentityExecutorTests: XCTestCase {
 
         XCTAssertEqual(removeAliasRequests.count, 3)
     }
+
+    /// When Identity Verification is turned off, alias requests parked awaiting a JWT must be
+    /// released and sent without a token (no JWT will ever arrive once auth is off).
+    func testReleasePendingRequests_OnIdentityVerificationTurnedOff() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        // No JWT token, so the request is parked awaiting a JWT while Identity Verification is on.
+        // Use the user manager's executor because the JWT-config callback fires only on subscribed
+        // executors; start() initializes and subscribes them.
+        OneSignalUserManagerImpl.sharedInstance.start()
+        let executor = OneSignalUserManagerImpl.sharedInstance.identityExecutor!
+
+        let aliases = userA_Aliases
+        MockUserRequests.setAddAliasesResponse(with: mocks.client, aliases: aliases)
+
+        let userJwtInvalidatedListener = MockUserJwtInvalidatedListener()
+        OneSignalUserManagerImpl.sharedInstance.addUserJwtInvalidatedListener(userJwtInvalidatedListener)
+
+        executor.enqueueDelta(OSDelta(name: OS_ADD_ALIAS_DELTA, identityModelId: user.identityModel.modelId, model: user.identityModel, property: "aliases", value: aliases))
+
+        /* When: the request is parked because no token is present */
+        executor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        XCTAssertFalse(mocks.client.hasExecutedRequestOfType(OSRequestAddAliases.self))
+
+        /* When: Identity Verification is turned off */
+        mocks.setAuthRequired(false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+
+        /* Then: the parked request is released and sent, with no JWT invalidation */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestAddAliases.self))
+        XCTAssertFalse(userJwtInvalidatedListener.invalidatedCallbackWasCalled)
+    }
 }
diff --git a/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/OSCustomEventsExecutorTests.swift b/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/OSCustomEventsExecutorTests.swift
@@ -428,4 +428,36 @@ final class OSCustomEventsExecutorTests: XCTestCase {
         // Verify user properties are still present
         XCTAssertEqual(payload["user_key"] as? String, "user_value")
     }
+
+    // MARK: - Identity Verification turned off
+
+    /// When Identity Verification is turned off, custom-event requests parked awaiting a JWT must
+    /// be released and sent without a token (no JWT will ever arrive once auth is off).
+    func testReleasePendingRequests_OnIdentityVerificationTurnedOff() {
+        /* Setup */
+        let mocks = CustomEventsMocks()
+        // Turn Identity Verification on via the shared config, which the user manager's executor reads.
+        OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired = true
+
+        let user = OneSignalUserMocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        // start() initializes sharedInstance.customEventsExecutor and subscribes it as a JWT listener.
+        OneSignalUserManagerImpl.sharedInstance.start()
+        let executor = OneSignalUserManagerImpl.sharedInstance.customEventsExecutor!
+
+        mocks.client.fireSuccessForAllRequests = true
+        let delta = createCustomEventDelta(name: "iv_off_event", properties: ["key": "value"], identityModel: user.identityModel)
+        executor.enqueueDelta(delta)
+
+        /* When: the request is parked because no token is present */
+        executor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        XCTAssertFalse(mocks.client.hasExecutedRequestOfType(OSRequestCustomEvents.self))
+
+        /* When: Identity Verification is turned off */
+        OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired = false
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+
+        /* Then: the parked request is released and sent */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestCustomEvents.self))
+    }
 }
diff --git a/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/PropertyExecutorTests.swift b/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/PropertyExecutorTests.swift
@@ -213,4 +213,41 @@ final class PropertyExecutorTests: XCTestCase {
         }
         XCTAssertEqual(updateRequests.count, 3)
     }
+
+    /// When Identity Verification is turned off, requests parked awaiting a JWT must be
+    /// released and sent without a token (no JWT will ever arrive once auth is off).
+    func testReleasePendingRequests_OnIdentityVerificationTurnedOff() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        // No JWT token, so the request is parked awaiting a JWT while Identity Verification is on.
+        // Use the user manager's executor because the JWT-config callback fires only on subscribed
+        // executors; start() initializes and subscribes them.
+        OneSignalUserManagerImpl.sharedInstance.start()
+        let executor = OneSignalUserManagerImpl.sharedInstance.propertyExecutor!
+
+        let tags = ["testUserA": "true"]
+        MockUserRequests.setAddTagsResponse(with: mocks.client, tags: tags)
+
+        let userJwtInvalidatedListener = MockUserJwtInvalidatedListener()
+        OneSignalUserManagerImpl.sharedInstance.addUserJwtInvalidatedListener(userJwtInvalidatedListener)
+
+        executor.enqueueDelta(OSDelta(name: OS_UPDATE_PROPERTIES_DELTA, identityModelId: user.identityModel.modelId, model: OSPropertiesModel(changeNotifier: OSEventProducer()), property: "tags", value: tags))
+
+        /* When: the request is parked because no token is present */
+        executor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        XCTAssertFalse(mocks.client.hasExecutedRequestOfType(OSRequestUpdateProperties.self))
+
+        /* When: Identity Verification is turned off */
+        mocks.setAuthRequired(false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+
+        /* Then: the parked request is released and sent, with no JWT invalidation */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestUpdateProperties.self))
+        XCTAssertFalse(userJwtInvalidatedListener.invalidatedCallbackWasCalled)
+    }
 }
diff --git a/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/SubscriptionsExecutorTests.swift b/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/SubscriptionsExecutorTests.swift
@@ -277,4 +277,41 @@ final class SubscriptionExecutorTests: XCTestCase {
 
         XCTAssertEqual(deleteRequests.count, 3)
     }
+
+    /// When Identity Verification is turned off, subscription requests parked awaiting a JWT must
+    /// be released and sent without a token (no JWT will ever arrive once auth is off).
+    func testReleasePendingRequests_OnIdentityVerificationTurnedOff() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+        OneSignalUserManagerImpl.sharedInstance.operationRepo.paused = true
+
+        let user = mocks.setUserManagerInternalUser(externalId: userA_EUID, onesignalId: userA_OSID)
+        // No JWT token, so the request is parked awaiting a JWT while Identity Verification is on.
+        // Use the user manager's executor because the JWT-config callback fires only on subscribed
+        // executors; start() initializes and subscribes them.
+        OneSignalUserManagerImpl.sharedInstance.start()
+        let executor = OneSignalUserManagerImpl.sharedInstance.subscriptionExecutor!
+
+        let email = userA_email
+        MockUserRequests.setAddEmailResponse(with: mocks.client, email: email)
+
+        let userJwtInvalidatedListener = MockUserJwtInvalidatedListener()
+        OneSignalUserManagerImpl.sharedInstance.addUserJwtInvalidatedListener(userJwtInvalidatedListener)
+
+        executor.enqueueDelta(OSDelta(name: OS_ADD_SUBSCRIPTION_DELTA, identityModelId: user.identityModel.modelId, model: OSSubscriptionModel(type: .email, address: email, subscriptionId: nil, reachable: true, isDisabled: false, changeNotifier: OSEventProducer()), property: OSSubscriptionType.email.rawValue, value: email))
+
+        /* When: the request is parked because no token is present */
+        executor.processDeltaQueue(inBackground: false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        XCTAssertFalse(mocks.client.hasExecutedRequestOfType(OSRequestCreateSubscription.self))
+
+        /* When: Identity Verification is turned off */
+        mocks.setAuthRequired(false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+
+        /* Then: the parked request is released and sent, with no JWT invalidation */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestCreateSubscription.self))
+        XCTAssertFalse(userJwtInvalidatedListener.invalidatedCallbackWasCalled)
+    }
 }
diff --git a/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/UserExecutorTests.swift b/iOS_SDK/OneSignalSDK/OneSignalUserTests/Executors/UserExecutorTests.swift
@@ -433,4 +433,107 @@ final class UserExecutorTests: XCTestCase {
         // >= because start() may fire incidental requests (e.g. language update from _user?.update())
         XCTAssertGreaterThanOrEqual(mocks.client.networkRequestCount, 3)
     }
+
+    /// When Identity Verification is turned off, requests parked awaiting a JWT must be released
+    /// and sent without a token (no JWT will ever arrive once auth is off).
+    func testReleasePendingRequests_OnIdentityVerificationTurnedOff() {
+        /* Setup */
+        let mocks = Mocks()
+        mocks.setAuthRequired(true)
+
+        _ = mocks.setUserManagerInternalUser(externalId: userA_EUID)
+        // start() initializes sharedInstance.userExecutor and subscribes it as a JWT listener.
+        OneSignalUserManagerImpl.sharedInstance.start()
+        let executor = OneSignalUserManagerImpl.sharedInstance.userExecutor!
+
+        // No JWT token, so the Fetch User request is parked awaiting a JWT while IV is on.
+        let newIdentityModel = OSIdentityModel(aliases: [OS_ONESIGNAL_ID: userA_OSID, OS_EXTERNAL_ID: userA_EUID], changeNotifier: OSEventProducer())
+        MockUserRequests.setDefaultFetchUserResponseForHydration(with: mocks.client, externalId: userA_EUID)
+
+        let userJwtInvalidatedListener = MockUserJwtInvalidatedListener()
+        OneSignalUserManagerImpl.sharedInstance.addUserJwtInvalidatedListener(userJwtInvalidatedListener)
+
+        /* When: the request is parked because no token is present */
+        executor.fetchUser(onesignalId: userA_OSID, identityModel: newIdentityModel)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+        XCTAssertFalse(mocks.client.hasExecutedRequestOfType(OSRequestFetchUser.self))
+
+        /* When: Identity Verification is turned off */
+        mocks.setAuthRequired(false)
+        OneSignalCoreMocks.waitForBackgroundThreads(seconds: 0.5)
+
+        /* Then: the parked request is released and sent, with no JWT invalidation */
+        XCTAssertTrue(mocks.client.hasExecutedRequestOfType(OSRequestFetchUser.self))
+        XCTAssertFalse(userJwtInvalidatedListener.invalidatedCallbackWasCalled)
+    }
+
+    // MARK: - Identity Verification config: a missing remote-params field always means off
+
+    /// The regression: a previously-ON app must turn OFF when remote params omit jwt_required.
+    func testRemoteParamsMissingJwtRequired_TurnsOff_WhenPreviouslyOn() {
+        /* Setup */
+        OneSignalUserManagerImpl.sharedInstance.setRequiresUserAuth(true)
+        XCTAssertEqual(OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired, true)
+
+        let listener = MockJwtConfigListener()
+        OneSignalUserManagerImpl.sharedInstance.subscribeToJwtConfig(listener, key: "test_iv_off_previously_on")
+
+        /* When: remote params come back without the jwt_required field */
+        OneSignalUserManagerImpl.sharedInstance.remoteParamsReturnedUnknownRequiresUserAuth()
+
+        /* Then: it flips to off and fires the transition exactly once */
+        XCTAssertEqual(OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired, false)
+        XCTAssertEqual(listener.changes.count, 1)
+        XCTAssertEqual(listener.changes.first?.from, OSRequiresUserAuth.on)
+        XCTAssertEqual(listener.changes.first?.to, OSRequiresUserAuth.off)
+    }
+
+    /// An unknown (never-set) status resolves to off when remote params omit jwt_required.
+    func testRemoteParamsMissingJwtRequired_TurnsOff_WhenPreviouslyUnknown() {
+        /* Setup */
+        OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired = nil // force unknown
+        XCTAssertNil(OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired)
+
+        let listener = MockJwtConfigListener()
+        OneSignalUserManagerImpl.sharedInstance.subscribeToJwtConfig(listener, key: "test_iv_off_previously_unknown")
+
+        /* When */
+        OneSignalUserManagerImpl.sharedInstance.remoteParamsReturnedUnknownRequiresUserAuth()
+
+        /* Then */
+        XCTAssertEqual(OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired, false)
+        XCTAssertEqual(listener.changes.count, 1)
+        XCTAssertEqual(listener.changes.first?.from, OSRequiresUserAuth.unknown)
+        XCTAssertEqual(listener.changes.first?.to, OSRequiresUserAuth.off)
+    }
+
+    /// Re-confirming an already-off status must not re-fire listeners (didSet equality guard).
+    func testRemoteParamsMissingJwtRequired_DoesNotRefire_WhenAlreadyOff() {
+        /* Setup */
+        OneSignalUserManagerImpl.sharedInstance.setRequiresUserAuth(false)
+        XCTAssertEqual(OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired, false)
+
+        let listener = MockJwtConfigListener()
+        OneSignalUserManagerImpl.sharedInstance.subscribeToJwtConfig(listener, key: "test_iv_off_already_off")
+
+        /* When */
+        OneSignalUserManagerImpl.sharedInstance.remoteParamsReturnedUnknownRequiresUserAuth()
+
+        /* Then: value unchanged, no transition fired */
+        XCTAssertEqual(OneSignalUserManagerImpl.sharedInstance.jwtConfig.isRequired, false)
+        XCTAssertEqual(listener.changes.count, 0)
+    }
+}
+
+private class MockJwtConfigListener: NSObject, OSUserJwtConfigListener {
+    var changes: [(from: OSRequiresUserAuth, to: OSRequiresUserAuth)] = []
+    var jwtUpdateCount = 0
+
+    func onRequiresUserAuthChanged(from: OSRequiresUserAuth, to: OSRequiresUserAuth) {
+        changes.append((from: from, to: to))
+    }
+
+    func onJwtUpdated(externalId: String, token: String?) {
+        jwtUpdateCount += 1
+    }
 }
