Merge pull request #1417 from AzureAD/sedemche/merge_2.6.10_in_2.7.x

Merge 2.6.10 into 2.7.x

ADAL.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "2.7.10"
+  s.version      = "2.7.11"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADAL/resources/ios/Framework/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.10</string>
+	<string>2.7.11</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.10</string>
+	<string>2.7.11</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/src/ADAL_Internal.h

@@ -27,7 +27,7 @@
 // through build script. Don't change its format unless changing build script as well.)
 #define ADAL_VER_HIGH       2
 #define ADAL_VER_LOW        7
-#define ADAL_VER_PATCH      10
+#define ADAL_VER_PATCH      11
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

ADAL/src/ADAuthenticationContext+Internal.h

@@ -60,5 +60,8 @@ extern NSString* const ADRedirectUriInvalidError;
                                  toUser:(ADUserIdentifier*)userId
                            verifyUserId:(BOOL)verifyUserId;
 
++ (BOOL)canHandleResponse:(NSURL *)response
+        sourceApplication:(NSString *)sourceApplication;
+
 @end
 

ADAL/src/ADAuthenticationContext+Internal.m

@@ -26,6 +26,9 @@
 #import "ADTokenCacheItem+Internal.h"
 #import "ADHelpers.h"
 #import "NSDictionary+MSIDExtensions.h"
+#if TARGET_OS_IPHONE
+#import "ADBrokerNotificationManager.h"
+#endif
 
 NSString* const ADUnknownError = @"Uknown error.";
 NSString* const ADCredentialsNeeded = @"The user credentials are needed to obtain access token. Please call the non-silent acquireTokenWithResource methods.";
@@ -174,4 +177,32 @@ + (ADAuthenticationResult*)updateResult:(ADAuthenticationResult*)result
     return result;
 }
 
++ (BOOL)canHandleResponse:(NSURL *)response
+        sourceApplication:(NSString *)sourceApplication
+{
+#if TARGET_OS_IPHONE
+    BOOL isResponseFromBroker = [self isResponseFromBroker:sourceApplication response:response];
+    if (!isResponseFromBroker) { return NO; }
+
+    NSURLComponents *components = [NSURLComponents componentsWithURL:response resolvingAgainstBaseURL:NO];
+    NSString *qp = [components percentEncodedQuery];
+    NSDictionary* queryParamsMap = [NSDictionary msidDictionaryFromWWWFormURLEncodedString:qp];
+
+    NSString *protocolVersion = queryParamsMap[ADAL_BROKER_MESSAGE_VERSION];
+    BOOL isValidVersion = [protocolVersion isEqualToString:@"2"];
+
+    NSDictionary *resumeDictionary = [[NSUserDefaults standardUserDefaults] objectForKey:kAdalResumeDictionaryKey];
+
+    if (!resumeDictionary) MSID_LOG_INFO(nil, @"No resume dictionary found.");
+
+    BOOL isADALInitiatedRequest = [resumeDictionary[kAdalSDKNameKey] isEqualToString:kAdalSDKObjc] || [[ADBrokerNotificationManager sharedInstance] hasCallback];
+
+    return isValidVersion && isADALInitiatedRequest;
+#else
+    (void)response;
+    (void)sourceApplication;
+    return NO;
+#endif
+}
+
 @end

ADAL/src/ADAuthenticationContext.m

@@ -36,6 +36,7 @@
 #import "MSIDTelemetryEventStrings.h"
 #import "ADUserIdentifier.h"
 #import "ADTokenCacheItem.h"
+#import "ADAuthenticationRequest+Broker.h"
 #import "MSIDLegacyTokenCacheAccessor.h"
 #import "ADHelpers.h"
 #import "MSIDMacTokenCache.h"

ADAL/src/broker/ios/ADBrokerHelper.m

@@ -27,6 +27,7 @@
 #import "ADBrokerNotificationManager.h"
 #import "ADWebAuthController+Internal.h"
 #import "ADAppExtensionUtil.h"
+#import "ADAuthenticationContext+Internal.h"
 
 typedef BOOL (*applicationHandleOpenURLPtr)(id, SEL, UIApplication*, NSURL*);
 IMP __original_ApplicationHandleOpenURL = NULL;
@@ -36,7 +37,7 @@
 
 BOOL __swizzle_ApplicationOpenURL(id self, SEL _cmd, UIApplication* application, NSURL* url, NSString* sourceApplication, id annotation)
 {
-    if ([ADAuthenticationContext isResponseFromBroker:sourceApplication response:url])
+    if ([ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApplication])
     {
         // Attempt to handle response from broker
         BOOL result = [ADAuthenticationContext handleBrokerResponse:url];
@@ -47,6 +48,8 @@ BOOL __swizzle_ApplicationOpenURL(id self, SEL _cmd, UIApplication* application,
             return YES;
         }
     }
+
+    MSID_LOG_INFO(nil, @"This url cannot be handled by ADAL. Skipping it.");
 
     // Fallback to original delegate if defined
     if (__original_ApplicationOpenURL)
@@ -70,7 +73,7 @@ BOOL __swizzle_ApplicationOpenURLiOS9(id self, SEL _cmd, UIApplication* applicat
 {
     NSString* sourceApplication = [options objectForKey:UIApplicationOpenURLOptionsSourceApplicationKey];
 
-    if ([ADAuthenticationContext isResponseFromBroker:sourceApplication response:url])
+    if ([ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApplication])
     {
         // Attempt to handle response from broker
         BOOL result = [ADAuthenticationContext handleBrokerResponse:url];
@@ -80,8 +83,9 @@ BOOL __swizzle_ApplicationOpenURLiOS9(id self, SEL _cmd, UIApplication* applicat
             // Successfully handled broker response
             return YES;
         }
-
     }
+
+    MSID_LOG_INFO(nil, @"This url cannot be handled by ADAL. Skipping it.");
 
     // Fallback to original delegate if defined
     if (__original_ApplicationOpenURLiOS9)

ADAL/src/broker/ios/ADBrokerNotificationManager.h

@@ -32,4 +32,6 @@
 
 - (ADAuthenticationCallback)copyAndClearCallback;
 
+- (BOOL)hasCallback;
+
 @end

ADAL/src/broker/ios/ADBrokerNotificationManager.m

@@ -138,5 +138,15 @@ - (void)callbackCleanup:(NSNotification*)aNotification
     }
 }
 
+- (BOOL)hasCallback
+{
+    BOOL result = NO;
+    @synchronized(self)
+    {
+        result = _callbackForBroker != nil;
+    }
+
+    return result;
+}
 
 @end

ADAL/src/request/ADAuthenticationRequest+Broker.h

@@ -23,9 +23,11 @@
 
 typedef void(^ADAuthorizationCodeCallback)(NSString*, ADAuthenticationError*);
 
-extern NSString* kAdalResumeDictionaryKey;
-extern NSString* s_brokerAppVersion;
-extern NSString* s_brokerProtocolVersion;
+extern NSString *kAdalResumeDictionaryKey;
+extern NSString *s_brokerAppVersion;
+extern NSString *s_brokerProtocolVersion;
+extern NSString *kAdalSDKNameKey;
+extern NSString *kAdalSDKObjc;
 
 @interface ADAuthenticationRequest (Broker)
 

ADAL/src/request/ADAuthenticationRequest+Broker.m

@@ -57,10 +57,11 @@
 #import "MSIDBrokerResponse+ADAL.h"
 #endif // TARGET_OS_IPHONE
 
-NSString* s_brokerAppVersion = nil;
-NSString* s_brokerProtocolVersion = nil;
-
-NSString* kAdalResumeDictionaryKey = @"adal-broker-resume-dictionary";
+NSString *s_brokerAppVersion = nil;
+NSString *s_brokerProtocolVersion = nil;
+NSString *kAdalResumeDictionaryKey = @"adal-broker-resume-dictionary";
+NSString *kAdalSDKNameKey = @"sdk_name";
+NSString *kAdalSDKObjc = @"adal-objc";
 
 @implementation ADAuthenticationRequest (Broker)
 
@@ -410,29 +411,19 @@ - (NSURL *)composeBrokerRequest:(ADAuthenticationError* __autoreleasing *)error
       @"client_app_version": clientMetadata[MSID_APP_VER_KEY]
       };
 
-    NSDictionary<NSString *, NSString *> *resumeDictionary = nil;
+    NSMutableDictionary *resumeDictionary = [@{
+                                               @"authority"        : _requestParams.authority,
+                                               @"resource"         : _requestParams.resource,
+                                               @"client_id"        : _requestParams.clientId,
+                                               @"redirect_uri"     : _requestParams.redirectUri,
+                                               @"correlation_id"   : _requestParams.correlationId.UUIDString,
+                                               kAdalSDKNameKey     : kAdalSDKObjc
+                                               } mutableCopy];
 #if TARGET_OS_IPHONE
-        NSString *sharedGroup = self.sharedGroup ? self.sharedGroup : MSIDKeychainTokenCache.defaultKeychainGroup;
-
-    resumeDictionary =
-    @{
-      @"authority"        : _requestParams.authority,
-      @"resource"         : _requestParams.resource,
-      @"client_id"        : _requestParams.clientId,
-      @"redirect_uri"     : _requestParams.redirectUri,
-      @"correlation_id"   : _requestParams.correlationId.UUIDString,
-      @"keychain_group"   : sharedGroup
-      };
-#else
-    resumeDictionary =
-    @{
-      @"authority"        : _requestParams.authority,
-      @"resource"         : _requestParams.resource,
-      @"client_id"        : _requestParams.clientId,
-      @"redirect_uri"     : _requestParams.redirectUri,
-      @"correlation_id"   : _requestParams.correlationId.UUIDString,
-      };
+    NSString *keychainGroup = self.sharedGroup ? self.sharedGroup : MSIDKeychainTokenCache.defaultKeychainGroup;
+    resumeDictionary[@"keychain_group"] = keychainGroup;
 #endif
+
     [[NSUserDefaults standardUserDefaults] setObject:resumeDictionary forKey:kAdalResumeDictionaryKey];
     [[NSUserDefaults standardUserDefaults] synchronize];
 

ADAL/tests/unit/ADAuthenticationContextTests.m

@@ -29,6 +29,10 @@
 #import "ADTokenCacheItem+Internal.h"
 #import "ADUserIdentifier.h"
 #import "ADAuthenticationRequest.h"
+#import "ADAuthenticationRequest+Broker.h"
+#if TARGET_OS_IPHONE
+#import "ADBrokerNotificationManager.h"
+#endif
 
 @implementation ADAuthenticationContextTests
 
@@ -40,6 +44,11 @@ - (void)setUp
 - (void)tearDown
 {
     [super tearDown];
+
+#if TARGET_OS_IPHONE
+    [[NSUserDefaults standardUserDefaults] removeObjectForKey:kAdalResumeDictionaryKey];
+    [[ADBrokerNotificationManager sharedInstance] copyAndClearCallback];
+#endif
 }
 
 #pragma mark - Initialization
@@ -132,4 +141,76 @@ - (void)testAuthenticationContextWithAuthority_whenAuthorityIsValidValidateAutho
     XCTAssertNil(error);
 }
 
+#if TARGET_OS_IPHONE
+
+- (void)testCanHandleResponse_whenProtocolVersionIs2AndRequestIntiatedByAdal_shouldReturnYes
+{
+    NSDictionary *resumeDictionary = @{kAdalSDKNameKey: kAdalSDKObjc};
+    [[NSUserDefaults standardUserDefaults] setObject:resumeDictionary forKey:kAdalResumeDictionaryKey];
+    NSURL *url = [[NSURL alloc] initWithString:@"testapp://com.microsoft.testapp/broker?msg_protocol_ver=2&response=someEncryptedResponse"];
+    NSString *sourceApp = @"com.microsoft.azureauthenticator";
+
+    BOOL result = [ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApp];
+
+    XCTAssertTrue(result);
+}
+
+- (void)testCanHandleResponse_whenProtocolVersionIs2AndRequestIsNotIntiatedByAdal_shouldReturnNo
+{
+    NSDictionary *resumeDictionary = @{kAdalSDKNameKey: @"msal-objc"};
+    [[NSUserDefaults standardUserDefaults] setObject:resumeDictionary forKey:kAdalResumeDictionaryKey];
+    NSURL *url = [[NSURL alloc] initWithString:@"testapp://com.microsoft.testapp/broker?msg_protocol_ver=2&response=someEncryptedResponse"];
+    NSString *sourceApp = @"com.microsoft.azureauthenticator";
+
+    BOOL result = [ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApp];
+
+    XCTAssertFalse(result);
+}
+
+- (void)testCanHandleResponse_whenProtocolVersionIs2AndThereIsNoCallbackAndNoResumeDictionary_shouldReturnNo
+{
+    NSURL *url = [[NSURL alloc] initWithString:@"testapp://com.microsoft.testapp/broker?msg_protocol_ver=2&response=someEncryptedResponse"];
+    NSString *sourceApp = @"com.microsoft.azureauthenticator";
+
+    BOOL result = [ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApp];
+
+    XCTAssertFalse(result);
+}
+
+- (void)testCanHandleResponse_whenProtocolVersionIs2AndThereIsCallbackAndNoResumeDictionary_shouldReturnYes
+{
+    [[ADBrokerNotificationManager sharedInstance] enableNotifications:^(__unused ADAuthenticationResult *result) { }];
+    NSURL *url = [[NSURL alloc] initWithString:@"testapp://com.microsoft.testapp/broker?msg_protocol_ver=2&response=someEncryptedResponse"];
+    NSString *sourceApp = @"com.microsoft.azureauthenticator";
+
+    BOOL result = [ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApp];
+
+    XCTAssertTrue(result);
+}
+
+- (void)testCanHandleResponse_whenProtocolVersionIs3AndRequestIntiatedByAdal_shouldReturnNo
+{
+    NSDictionary *resumeDictionary = @{kAdalSDKNameKey: kAdalSDKObjc};
+    [[NSUserDefaults standardUserDefaults] setObject:resumeDictionary forKey:kAdalResumeDictionaryKey];
+    NSURL *url = [[NSURL alloc] initWithString:@"testapp://com.microsoft.testapp/broker?msg_protocol_ver=3&response=someEncryptedResponse"];
+    NSString *sourceApp = @"com.microsoft.azureauthenticator";
+
+    BOOL result = [ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApp];
+
+    XCTAssertFalse(result);
+}
+#else
+
+- (void)testCanHandleResponse_shouldReturnNo
+{
+    NSURL *url = [[NSURL alloc] initWithString:@"testapp://com.microsoft.testapp/broker?msg_protocol_ver=2&response=someEncryptedResponse"];
+    NSString *sourceApp = @"com.microsoft.azureauthenticator";
+
+    BOOL result = [ADAuthenticationContext canHandleResponse:url sourceApplication:sourceApp];
+
+    XCTAssertFalse(result);
+}
+
+#endif
+
 @end

changelog.txt

@@ -1,3 +1,7 @@
+Version 2.7.11 (05.14.2019)
+-----------
+* Fix issues when ADAL was trying to handle MSAL broker responses.
+
 Version 2.7.10 (04.24.2018)
 -----------
 * Hotfix to add compiler flag to disable Kerberos (#1401)