Merge pull request #1345 from AzureAD/oldalton/team_id_hint_change

Changed default teamID hint and added more logging for the teamID retrieval
AzureAD · Nov 29, 2018 · a083a02 · a083a02
2 parents 9ad0731 + 4065326
commit a083a02
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 10 deletions.
diff --git a/ADAL.podspec b/ADAL.podspec
@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "2.6.6"
+  s.version      = "2.6.7"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

diff --git a/ADAL/resources/ios/Framework/Info.plist b/ADAL/resources/ios/Framework/Info.plist
@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.6.6</string>
+	<string>2.6.7</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

diff --git a/ADAL/src/ADAL_Internal.h b/ADAL/src/ADAL_Internal.h
@@ -27,7 +27,7 @@
 // through build script. Don't change its format unless changing build script as well.)
 #define ADAL_VER_HIGH       2
 #define ADAL_VER_LOW        6
-#define ADAL_VER_PATCH      6
+#define ADAL_VER_PATCH      7
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

diff --git a/ADAL/src/cache/ios/ADKeychainTokenCache.m b/ADAL/src/cache/ios/ADKeychainTokenCache.m
@@ -128,13 +128,20 @@ - (id)initWithGroup:(NSString *)sharedGroup
     {
         sharedGroup = [[NSBundle mainBundle] bundleIdentifier];
     }
+
+    ADAuthenticationError *teamIdError = nil;
 
-    NSString* teamId = [ADKeychainUtil keychainTeamId:nil];
+    NSString* teamId = [ADKeychainUtil keychainTeamId:&teamIdError];
 #if !TARGET_OS_SIMULATOR
     // If we didn't find a team ID and we're on device then the rest of ADAL not only will not work
     // particularly well, we'll probably induce other issues by continuing.
     if (!teamId)
     {
+        if (teamIdError)
+        {
+            AD_LOG_ERROR(nil, @"Encountered an error when retrieving teamID. Error protocol code %@, error details %@, error %@", teamIdError.protocolCode, teamIdError.errorDetails, teamIdError);
+        }
+
         return nil;
     }
 #endif

diff --git a/ADAL/src/utils/ios/ADKeychainUtil.m b/ADAL/src/utils/ios/ADKeychainUtil.m
@@ -50,17 +50,18 @@ + (NSString*)keychainTeamId:(ADAuthenticationError* __autoreleasing *)error
 + (NSString*)retrieveTeamIDFromKeychain:(ADAuthenticationError * __autoreleasing *)error
 {
     NSDictionary *query = @{ (id)kSecClass : (id)kSecClassGenericPassword,
-                             (id)kSecAttrAccount : @"teamIDHint",
+                             (id)kSecAttrAccount : @"SDK.ObjC.teamIDHint",
                              (id)kSecAttrService : @"",
                              (id)kSecReturnAttributes : @YES };
     CFDictionaryRef result = nil;
 
-    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
+    OSStatus readStatus = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
 
-    if (status == errSecInteractionNotAllowed)
+    if (readStatus == errSecInteractionNotAllowed)
     {
+        AD_LOG_ERROR(nil, @"Encountered an error when reading teamIDHint in keychain. Keychain status %ld", (long)readStatus);
+
         OSStatus deleteStatus = SecItemDelete((__bridge CFDictionaryRef)query);
-        AD_LOG_WARN(nil, @"Deleted existing teamID");
 
         if (deleteStatus != errSecSuccess)
         {
@@ -74,9 +75,11 @@ + (NSString*)retrieveTeamIDFromKeychain:(ADAuthenticationError * __autoreleasing
             return nil;
         }
     }
+
+    OSStatus status = readStatus;
 
-    if (status == errSecItemNotFound
-        || status == errSecInteractionNotAllowed)
+    if (readStatus == errSecItemNotFound
+        || readStatus == errSecInteractionNotAllowed)
     {
         NSMutableDictionary* addQuery = [query mutableCopy];
         [addQuery setObject:(id)kSecAttrAccessibleAlways forKey:(id)kSecAttrAccessible];
@@ -85,6 +88,8 @@ + (NSString*)retrieveTeamIDFromKeychain:(ADAuthenticationError * __autoreleasing
 
     if (status != errSecSuccess)
     {
+        AD_LOG_ERROR(nil, @"Encountered an error when reading teamIDHint in keychain. Keychain status %ld, read status %ld", (long)status, (long)readStatus);
+
         ADAuthenticationError* adError = [ADAuthenticationError keychainErrorFromOperation:@"team ID" status:status correlationId:nil];
         if (error)
         {

diff --git a/changelog.txt b/changelog.txt
@@ -1,3 +1,7 @@
+Version 2.6.7 (11.29.2018)
+------------
+* Changed teamIDHint to avoid conflicts with other SDKs
+
 Version 2.6.6 (09.10.2018)
 ------------
 * Added support to send claims to the token endpoint (#1272)