[MF-ID] Preview build 2025.4.0

feature/client-api/src/main/java/com/simprints/feature/clientapi/ClientApiViewModel.kt

@@ -5,6 +5,8 @@ import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.ViewModel
 import androidx.lifecycle.viewModelScope
+import com.simprints.core.domain.externalcredential.ExternalCredential
+import com.simprints.core.domain.tokenization.TokenizableString
 import com.simprints.core.livedata.LiveDataEvent
 import com.simprints.core.livedata.LiveDataEventWithContent
 import com.simprints.core.livedata.send
@@ -21,6 +23,9 @@ import com.simprints.feature.clientapi.usecases.GetEnrolmentCreationEventForSubj
 import com.simprints.feature.clientapi.usecases.IsFlowCompletedWithErrorUseCase
 import com.simprints.feature.clientapi.usecases.SimpleEventReporter
 import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
 import com.simprints.infra.config.sync.ConfigManager
 import com.simprints.infra.logging.LoggingConstants.CrashReportTag.ORCHESTRATION
 import com.simprints.infra.logging.Simber
@@ -30,6 +35,7 @@ import com.simprints.infra.orchestration.data.ActionResponse
 import com.simprints.infra.orchestration.data.responses.AppConfirmationResponse
 import com.simprints.infra.orchestration.data.responses.AppEnrolResponse
 import com.simprints.infra.orchestration.data.responses.AppErrorResponse
+import com.simprints.infra.orchestration.data.responses.AppExternalCredential
 import com.simprints.infra.orchestration.data.responses.AppIdentifyResponse
 import com.simprints.infra.orchestration.data.responses.AppRefusalResponse
 import com.simprints.infra.orchestration.data.responses.AppVerifyResponse
@@ -53,6 +59,7 @@ class ClientApiViewModel @Inject internal constructor(
     private val configManager: ConfigManager,
     private val timeHelper: TimeHelper,
     private val persistentLogger: PersistentLogger,
+    private val tokenizationProcessor: TokenizationProcessor,
 ) : ViewModel() {
     val returnResponse: LiveData<LiveDataEventWithContent<Bundle>>
         get() = _returnResponse
@@ -115,7 +122,7 @@ class ClientApiViewModel @Inject internal constructor(
                     sessionId = currentSessionId,
                     enrolledGuid = enrolResponse.guid,
                     subjectActions = coSyncEnrolmentRecords,
-                    externalCredential = enrolResponse.externalCredential,
+                    externalCredential = enrolResponse.externalCredential?.toAppExternalCredential(tokenizationProcessor, getProject()),
                 ),
             ),
         )
@@ -140,6 +147,7 @@ class ClientApiViewModel @Inject internal constructor(
                     actionIdentifier = action.actionIdentifier,
                     sessionId = currentSessionId,
                     identifications = identifyResponse.identifications,
+                    isMultiFactorIdEnabled = identifyResponse.isMultiFactorIdEnabled,
                 ),
             ),
         )
@@ -162,7 +170,7 @@ class ClientApiViewModel @Inject internal constructor(
                     actionIdentifier = action.actionIdentifier,
                     sessionId = currentSessionId,
                     confirmed = confirmResponse.identificationOutcome,
-                    externalCredential = confirmResponse.externalCredential,
+                    externalCredential = confirmResponse.externalCredential?.toAppExternalCredential(tokenizationProcessor, getProject()),
                 ),
             ),
         )
@@ -264,4 +272,21 @@ class ClientApiViewModel @Inject internal constructor(
             body = "${action.actionIdentifier}\n$response",
         )
     }
+
+    private fun ExternalCredential.toAppExternalCredential(
+        tokenizationProcessor: TokenizationProcessor,
+        project: Project?,
+    ): AppExternalCredential? {
+        if (project == null) return null
+        val decryptedValue = tokenizationProcessor.decrypt(
+            encrypted = value,
+            tokenKeyType = TokenKeyType.ExternalCredential,
+            project = project,
+        ) as? TokenizableString.Raw ?: return null
+        return AppExternalCredential(
+            id = id,
+            value = decryptedValue,
+            type = type,
+        )
+    }
 }

feature/client-api/src/main/java/com/simprints/feature/clientapi/mappers/response/LibSimprintsResponseMapper.kt

@@ -4,9 +4,9 @@ import android.os.Bundle
 import androidx.core.os.bundleOf
 import com.simprints.core.DeviceID
 import com.simprints.core.PackageVersionName
-import com.simprints.core.domain.externalcredential.ExternalCredential
 import com.simprints.core.domain.response.AppErrorReason
 import com.simprints.infra.orchestration.data.ActionResponse
+import com.simprints.infra.orchestration.data.responses.AppExternalCredential
 import com.simprints.libsimprints.Constants
 import com.simprints.libsimprints.contracts.VersionsList
 import com.simprints.libsimprints.contracts.data.ConfidenceBand
@@ -15,6 +15,7 @@ import com.simprints.libsimprints.contracts.data.Identification
 import com.simprints.libsimprints.contracts.data.Identification.Companion.toJson
 import com.simprints.libsimprints.contracts.data.RefusalForm
 import com.simprints.libsimprints.contracts.data.Verification
+import org.json.JSONArray
 import org.json.JSONObject
 import javax.inject.Inject
 import com.simprints.libsimprints.Identification as LegacyIdentification
@@ -53,6 +54,11 @@ internal class LibSimprintsResponseMapper @Inject constructor(
             Constants.SIMPRINTS_BIOMETRICS_COMPLETE_CHECK to true,
         ).appendDataPerContractVersion(response) { version ->
             when {
+                response.isMultiFactorIdEnabled -> putString(
+                    Constants.SIMPRINTS_IDENTIFICATIONS,
+                    response.mapIdentificationsWithCredentials(),
+                )
+
                 version < VersionsList.INITIAL_REWORK -> putParcelableArrayList(
                     Constants.SIMPRINTS_IDENTIFICATIONS,
                     response.identifications
@@ -152,7 +158,7 @@ internal class LibSimprintsResponseMapper @Inject constructor(
         actions?.let { putString(Constants.SIMPRINTS_COSYNC_SUBJECT_ACTIONS, it) }
     }
 
-    private fun Bundle.appendExternalCredential(credential: ExternalCredential?) = apply {
+    private fun Bundle.appendExternalCredential(credential: AppExternalCredential?) = apply {
         if (credential != null) {
             val credentialJson =
                 JSONObject()
@@ -164,6 +170,21 @@ internal class LibSimprintsResponseMapper @Inject constructor(
         }
     }
 
+    private fun ActionResponse.IdentifyActionResponse.mapIdentificationsWithCredentials(): String = identifications
+        .map { identification ->
+            JSONObject()
+                .also { json ->
+                    json.put(KEY_GUID, identification.guid)
+                    json.put(KEY_CONFIDENCE_BAND, identification.matchConfidence.name)
+                    json.put(KEY_CONFIDENCE, identification.confidenceScore.toFloat())
+                    json.put(KEY_IS_LINKED_TO_CREDENTIAL, identification.isLinkedToScannedCredential ?: false)
+                    identification.isCredentialVerified?.let {
+                        json.put(KEY_IS_CREDENTIAL_VERIFIED, it)
+                    }
+                }
+        }.run(::JSONArray)
+        .toString()
+
     private fun AppErrorReason.libSimprintsResultCode() = when (this) {
         AppErrorReason.UNEXPECTED_ERROR -> Constants.SIMPRINTS_UNEXPECTED_ERROR
         AppErrorReason.ROOTED_DEVICE -> Constants.SIMPRINTS_ROOTED_DEVICE
@@ -204,5 +225,12 @@ internal class LibSimprintsResponseMapper @Inject constructor(
         internal const val SCANNED_CREDENTIAL = "scannedCredential"
         internal const val SCANNED_CREDENTIAL_VALUE = "value"
         internal const val SCANNED_CREDENTIAL_TYPE = "type"
+
+        // TODO [MS-1190] Move implementation to LibSimprints. These constats are copies of com.simprints.libsimprints.contracts.data.Identification
+        private const val KEY_GUID = "guid"
+        private const val KEY_CONFIDENCE = "confidence"
+        private const val KEY_CONFIDENCE_BAND = "confidenceBand"
+        private const val KEY_IS_LINKED_TO_CREDENTIAL = "isLinkedToCredential"
+        private const val KEY_IS_CREDENTIAL_VERIFIED = "isVerified"
     }
 }

feature/client-api/src/main/java/com/simprints/feature/clientapi/usecases/GetEnrolmentCreationEventForSubjectUseCase.kt

@@ -39,7 +39,10 @@ internal class GetEnrolmentCreationEventForSubjectUseCase @Inject constructor(
             ?.fromSubjectToEnrolmentCreationEvent()
 
         if (recordCreationEvent == null) {
-            Simber.e("Couldn't find enrolment for subjectActions", IllegalStateException("No enrolment record found for subjectId: $subjectId"))
+            Simber.e(
+                "Couldn't find enrolment for subjectActions",
+                IllegalStateException("No enrolment record found for subjectId: $subjectId"),
+            )
             return null
         }
 
@@ -52,8 +55,7 @@ internal class GetEnrolmentCreationEventForSubjectUseCase @Inject constructor(
         moduleId = moduleId,
         attendantId = attendantId,
         biometricReferences = EnrolmentRecordCreationEvent.buildBiometricReferences(fingerprintSamples, faceSamples, encoder),
-        // TODO [CORE-3421] Review if EnrolmentRecordCreationEvent should contain List of external credentials, as it currently doesn't make sense
-        externalCredentials = externalCredentials
+        externalCredentials = externalCredentials,
     )
 
     companion object {

feature/client-api/src/test/java/com/simprints/feature/clientapi/ClientApiViewModelTest.kt

@@ -4,6 +4,10 @@ import android.os.Bundle
 import androidx.arch.core.executor.testing.InstantTaskExecutorRule
 import androidx.test.ext.junit.runners.*
 import com.jraska.livedata.test
+import com.simprints.core.domain.externalcredential.ExternalCredential
+import com.simprints.core.domain.externalcredential.ExternalCredentialType
+import com.simprints.core.domain.tokenization.TokenizableString
+import com.simprints.core.domain.tokenization.asTokenizableRaw
 import com.simprints.core.tools.time.TimeHelper
 import com.simprints.core.tools.time.Timestamp
 import com.simprints.feature.clientapi.exceptions.InvalidRequestException
@@ -16,10 +20,14 @@ import com.simprints.feature.clientapi.usecases.GetEnrolmentCreationEventForSubj
 import com.simprints.feature.clientapi.usecases.IsFlowCompletedWithErrorUseCase
 import com.simprints.feature.clientapi.usecases.SimpleEventReporter
 import com.simprints.infra.authstore.AuthStore
+import com.simprints.infra.config.store.models.Project
+import com.simprints.infra.config.store.models.TokenKeyType
+import com.simprints.infra.config.store.tokenization.TokenizationProcessor
 import com.simprints.infra.config.sync.ConfigManager
 import com.simprints.infra.orchestration.data.ActionRequest
 import com.simprints.infra.orchestration.data.ActionRequestIdentifier
 import com.simprints.infra.orchestration.data.ActionResponse
+import com.simprints.infra.orchestration.data.responses.AppEnrolResponse
 import com.simprints.logging.persistent.PersistentLogger
 import com.simprints.testtools.common.coroutines.TestCoroutineRule
 import io.mockk.*
@@ -74,6 +82,9 @@ internal class ClientApiViewModelTest {
     @MockK
     lateinit var persistentLogger: PersistentLogger
 
+    @MockK
+    lateinit var tokenizationProcessor: TokenizationProcessor
+
     private lateinit var viewModel: ClientApiViewModel
 
     @Before
@@ -101,6 +112,7 @@ internal class ClientApiViewModelTest {
             configManager = configManager,
             timeHelper = timeHelper,
             persistentLogger = persistentLogger,
+            tokenizationProcessor = tokenizationProcessor,
         )
     }
 
@@ -162,7 +174,10 @@ internal class ClientApiViewModelTest {
     fun `handleIdentifyResponse saves correct events`() = runTest {
         viewModel.handleIdentifyResponse(
             mockRequest(),
-            mockk { every { identifications } returns emptyList() },
+            mockk {
+                every { identifications } returns emptyList()
+                every { isMultiFactorIdEnabled } returns false
+            },
         )
 
         coVerify {
@@ -246,6 +261,80 @@ internal class ClientApiViewModelTest {
         viewModel.returnResponse.test().assertHasValue()
     }
 
+    @Test
+    fun `handleEnrolResponse with externalCredential decrypts and includes it in response`() = runTest {
+        val mockGuid = "mockGuid"
+        val expectedCredentialId = "credentialId"
+        val expectedType = ExternalCredentialType.NHISCard
+        val credential = mockExternalCredential(expectedCredentialId, expectedType)
+        val project = mockk<Project>(relaxed = true)
+        setupDecryption(project, "decrypted-value".asTokenizableRaw())
+
+        viewModel.handleEnrolResponse(mockRequest(), mockEnrolResponseWithCredential(mockGuid, credential))
+
+        verify {
+            resultMapper.invoke(
+                match<ActionResponse.EnrolActionResponse> {
+                    it.externalCredential?.id == expectedCredentialId &&
+                        it.externalCredential?.type == expectedType
+                },
+            )
+        }
+    }
+
+    @Test
+    fun `handleEnrolResponse with externalCredential but encrypted decryption returns null credential`() = runTest {
+        val mockGuid = "mockGuid"
+        val expectedCredentialId = "credentialId"
+        val expectedType = ExternalCredentialType.NHISCard
+        val credential = mockExternalCredential(expectedCredentialId, expectedType)
+        val project = mockk<Project>(relaxed = true)
+        setupDecryption(project, mockk<TokenizableString.Tokenized>())
+
+        viewModel.handleEnrolResponse(mockRequest(), mockEnrolResponseWithCredential(mockGuid, credential))
+
+        verify {
+            resultMapper.invoke(
+                match<ActionResponse.EnrolActionResponse> {
+                    it.externalCredential == null
+                },
+            )
+        }
+    }
+
+    private fun mockEnrolResponseWithCredential(
+        mockGuid: String,
+        credential: ExternalCredential?,
+    ): AppEnrolResponse = mockk {
+        every { guid } returns mockGuid
+        every { externalCredential } returns credential
+    }
+
+    private fun mockExternalCredential(
+        mockId: String,
+        mockType: ExternalCredentialType,
+    ): ExternalCredential = mockk {
+        every { id } returns mockId
+        every { value } returns mockk()
+        every { type } returns mockType
+    }
+
+    private fun setupDecryption(
+        project: Project,
+        returnValue: TokenizableString,
+    ) {
+        val projectId = "projectId"
+        every { authStore.signedInProjectId } returns projectId
+        coEvery { configManager.getProject(projectId) } returns project
+        every {
+            tokenizationProcessor.decrypt(
+                encrypted = any(),
+                tokenKeyType = TokenKeyType.ExternalCredential,
+                project = project,
+            )
+        } returns returnValue
+    }
+
     private fun mockRequest(): ActionRequest = mockk {
         every { projectId } returns "projectId"
         every { actionIdentifier } returns ActionRequestIdentifier("action", "package", "", 1, 0L)

feature/client-api/src/test/java/com/simprints/feature/clientapi/mappers/response/CommCareResponseMapperTest.kt

@@ -60,6 +60,7 @@ class CommCareResponseMapperTest {
                         matchConfidence = AppMatchConfidence.LOW,
                     ),
                 ),
+                isMultiFactorIdEnabled = false,
             ),
         )