Merge pull request #1511 from AzureAD/release/4.0.5

Release ADAL 4.0.5

.travis.yml

@@ -1,6 +1,6 @@
 #dist: trusty
 language: objective-c
-osx_image: xcode10.2
+osx_image: xcode11
 
 # set up SonarCube
 #addons:

ADAL.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "4.0.4"
+  s.version      = "4.0.5"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADAL/ADAL.xcodeproj/project.pbxproj

@@ -341,6 +341,8 @@
 		B2BA4960208BFDA800CE92FC /* ADALAuthorityMigrationTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2BA495F208BFDA800CE92FC /* ADALAuthorityMigrationTests.m */; };
 		B2BA4962208C009F00CE92FC /* ADALClaimsChallengeTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2BA4961208C009F00CE92FC /* ADALClaimsChallengeTests.m */; };
 		B2BA4964208C1F6700CE92FC /* ADALOnPremLoginTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2BA4963208C1F6700CE92FC /* ADALOnPremLoginTests.m */; };
+		B2C0E7E623AED0AA006C9CAD /* ADTestBundle.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */; };
+		B2C0E7E723AED0AA006C9CAD /* ADTestBundle.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */; };
 		B2CD211620632C09009869D5 /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = B2CD211520632C09009869D5 /* GSS.framework */; };
 		B2D184192082F2940001D445 /* libIdentityCore.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D626FFC81FBD1B1300EE4487 /* libIdentityCore.a */; };
 		B2D1841B208335300001D445 /* ADALUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = B2D1841A208335300001D445 /* ADALUITests.swift */; };
@@ -1127,6 +1129,8 @@
 		B2BA495F208BFDA800CE92FC /* ADALAuthorityMigrationTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ADALAuthorityMigrationTests.m; sourceTree = "<group>"; };
 		B2BA4961208C009F00CE92FC /* ADALClaimsChallengeTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ADALClaimsChallengeTests.m; sourceTree = "<group>"; };
 		B2BA4963208C1F6700CE92FC /* ADALOnPremLoginTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ADALOnPremLoginTests.m; sourceTree = "<group>"; };
+		B2C0E7E023AED0AA006C9CAD /* ADTestBundle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ADTestBundle.h; sourceTree = "<group>"; };
+		B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ADTestBundle.m; sourceTree = "<group>"; };
 		B2CD211520632C09009869D5 /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/GSS.framework; sourceTree = DEVELOPER_DIR; };
 		B2D1841A208335300001D445 /* ADALUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ADALUITests.swift; sourceTree = "<group>"; };
 		B2D32CF820E9C317002C39AD /* StressIOSTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = StressIOSTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -2214,6 +2218,8 @@
 		D6771E051F74A4D200D0DCDC /* ios */ = {
 			isa = PBXGroup;
 			children = (
+				B2C0E7E023AED0AA006C9CAD /* ADTestBundle.h */,
+				B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */,
 				A521AB7220EED8AC0005735B /* ADEnrollmentGateway+TestUtil.m */,
 				A521AB6F20EEC34C0005735B /* ADEnrollmentGateway+TestUtil.h */,
 				D6771E011F749FD800D0DCDC /* ADApplicationTestUtil.h */,
@@ -3329,6 +3335,7 @@
 				B20DC5F91F0D998A00957806 /* ADHelpersTests.m in Sources */,
 				B20DC6071F0D998A00957806 /* ADWebAuthResponseTests.m in Sources */,
 				B20DC5F51F0D998A00957806 /* ADAuthenticationResultTests.m in Sources */,
+				B2C0E7E623AED0AA006C9CAD /* ADTestBundle.m in Sources */,
 				232ED2BA20083F7800C5D74A /* ADBrokerHelperTests.m in Sources */,
 				B20DC61D1F0DA39C00957806 /* ADBrokerKeyHelperTests.m in Sources */,
 				B20DC61F1F0DA3C500957806 /* ADKeychainTokenCacheTests.m in Sources */,
@@ -3488,6 +3495,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				236BF3FF205B38EB006E3897 /* ADAcquireTokenPkeyAuthTests.m in Sources */,
+				B2C0E7E723AED0AA006C9CAD /* ADTestBundle.m in Sources */,
 				D67D3D3C1F38502900660F32 /* ADTestCase.m in Sources */,
 				B29A36CF20B1333200427B63 /* ADBrokerIntegrationTests.m in Sources */,
 				B24D25F9205EFBC200025B8B /* ADAuthenticationErrorConverterIntegrationTests.m in Sources */,

ADAL/resources/ios/Framework/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.0.4</string>
+	<string>4.0.5</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.0.4</string>
+	<string>4.0.5</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/src/ADALConstants.h

@@ -50,4 +50,4 @@ extern NSString* const ADAL_BROKER_SCHEME;
 extern NSString* const ADAL_BROKER_NONCE_SCHEME;
 extern NSString* const ADAL_BROKER_APP_REDIRECT_URI;
 extern NSString* const ADAL_BROKER_APP_BUNDLE_ID;
-
+extern NSString* const ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD;

ADAL/src/ADALConstants.m

@@ -52,4 +52,5 @@
 NSString* const ADAL_BROKER_NONCE_SCHEME = @"msauthv3";
 NSString* const ADAL_BROKER_APP_REDIRECT_URI = @"urn:ietf:wg:oauth:2.0:oob";
 NSString* const ADAL_BROKER_APP_BUNDLE_ID = @"com.microsoft.azureauthenticator";
+NSString* const ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD = @"com.microsoft.azureauthenticator-df";
 

ADAL/src/ADAL_Internal.h

@@ -28,7 +28,7 @@
 
 #define ADAL_VER_HIGH       4
 #define ADAL_VER_LOW        0
-#define ADAL_VER_PATCH      4
+#define ADAL_VER_PATCH      5
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

ADAL/src/ADAuthenticationContext+Internal.m

@@ -229,11 +229,8 @@ + (BOOL)canHandleResponse:(NSURL *)response
 + (BOOL)isResponseFromBroker:(NSString *)sourceApplication
                     response:(NSURL *)response
 {
-    BOOL isBroker = [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID];
-
-#ifdef DOGFOOD_BROKER
-    isBroker = isBroker || [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD];
-#endif
+    BOOL isBroker = [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID]
+                    || [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD];
 
     return response && isBroker;
 }

ADAL/src/public/ADAuthenticationContext.h

@@ -277,7 +277,17 @@ typedef enum
 #endif
 
 /*! Gets or sets the webview, which will be used for the credentials. If nil, the library will create a webview object
- when needed, leveraging the parentController property. */
+    when needed, leveraging the parentController property.
+ 
+ Note that on iOS and iPadOS devices it is recommended to configure WKWebView to use mobile content mode to guarantee consistent experience across all mobile apps.
+ 
+ When creating your WKWebView, please configure it in the following way:
+ 
+ WKWebViewConfiguration *config = [WKWebViewConfiguration new];
+ config.defaultWebpagePreferences.preferredContentMode = WKContentModeMobile; // This sets up WKWebView to display UI as mobile
+     
+ WKWebView *webView = [[WKWebView alloc] initWithFrame:your_frame configuration:config];
+ */
 @property (weak, nullable) WKWebView* webView;
 
 /*! Enable to return access token with extended lifetime during server outage. */

ADAL/src/request/ADAuthenticationRequest+AcquireToken.m

@@ -47,6 +47,7 @@
 #import "MSIDADFSAuthority.h"
 #import "MSIDAuthorityFactory.h"
 #import "MSIDClientCapabilitiesUtil.h"
+#import "ADAuthenticationErrorConverter.h"
 
 #import "MSIDWebAADAuthResponse.h"
 #import "MSIDWebMSAuthResponse.h"
@@ -162,15 +163,26 @@ - (void)acquireToken:(NSString *)apiId
         return;
     }
 
-    if (!_silent && _context.credentialsType == AD_CREDENTIALS_AUTO && ![ADAuthenticationRequest validBrokerRedirectUri:_requestParams.redirectUri])
+    if (!_silent && _context.credentialsType == AD_CREDENTIALS_AUTO)
     {
-        ADAuthenticationError* error =
-        [ADAuthenticationError errorFromAuthenticationError:AD_ERROR_TOKENBROKER_INVALID_REDIRECT_URI
-                                               protocolCode:nil
-                                               errorDetails:ADRedirectUriInvalidError
-                                              correlationId:_requestParams.correlationId];
-        wrappedCallback([ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]);
-        return;
+        if (![ADAuthenticationRequest validBrokerRedirectUri:_requestParams.redirectUri])
+        {
+            ADAuthenticationError* error =
+            [ADAuthenticationError errorFromAuthenticationError:AD_ERROR_TOKENBROKER_INVALID_REDIRECT_URI
+                                                   protocolCode:nil
+                                                   errorDetails:ADRedirectUriInvalidError
+                                                  correlationId:_requestParams.correlationId];
+            wrappedCallback([ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]);
+            return;
+        }
+
+        NSError *msidError;
+        if (![ADAuthenticationRequest verifyAdditionalRequiredSchemesAreRegistered:&msidError correlationID:_requestParams.correlationId])
+        {
+            ADAuthenticationError *error = [ADAuthenticationErrorConverter ADAuthenticationErrorFromMSIDError:msidError];
+            wrappedCallback([ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]);
+            return;
+        }
     }
 
     [[MSIDTelemetry sharedInstance] startEvent:telemetryRequestId eventName:MSID_TELEMETRY_EVENT_AUTHORITY_VALIDATION];

ADAL/src/request/ADAuthenticationRequest+Broker.h

@@ -35,6 +35,9 @@ extern NSString *kAdalSDKObjc;
 
 + (BOOL)validBrokerRedirectUri:(NSString *)url;
 
++ (BOOL)verifyAdditionalRequiredSchemesAreRegistered:(NSError **)error
+                                       correlationID:(NSUUID *)correlationID;
+
 - (BOOL)canUseBroker;
 
 - (NSURL *)composeBrokerRequest:(ADAuthenticationError * __autoreleasing *)error;

ADAL/src/request/ADAuthenticationRequest+Broker.m

@@ -108,6 +108,33 @@ + (BOOL)validBrokerRedirectUri:(NSString*)url
     return NO;
 }
 
++ (BOOL)verifyAdditionalRequiredSchemesAreRegistered:(NSError **)error
+                                       correlationID:(NSUUID *)correlationID
+{
+    NSArray *querySchemes = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"LSApplicationQueriesSchemes"];
+
+    BOOL containsRequiredSchemes = [querySchemes containsObject:ADAL_BROKER_SCHEME];
+
+#ifdef __IPHONE_OS_VERSION_MAX_ALLOWED
+#if __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
+    containsRequiredSchemes &= [querySchemes containsObject:ADAL_BROKER_NONCE_SCHEME];
+#endif
+#endif
+
+     if (!containsRequiredSchemes)
+    {
+        if (error)
+        {
+            NSString *message = @"The required query schemes \"msauth\" and \"msauthv3\" are not registered in the app's info.plist file. Please add \"msauth\" and \"msauthv3\" into Info.plist under LSApplicationQueriesSchemes without any whitespaces.";
+            *error = MSIDCreateError(MSIDErrorDomain, MSIDErrorInvalidDeveloperParameter, message, nil, nil, nil, correlationID, nil);
+        }
+
+         return NO;
+    }
+
+     return YES;
+}
+
 /*!
     Process the broker response and call the completion block, if it is available.
  

ADAL/src/ui/ADWebAuthController.m

@@ -125,7 +125,7 @@ + (void)startWithRequest:(ADRequestParameters *)requestParams
     webviewConfig.loginHint = requestParams.identifier.userId;
     webviewConfig.promptBehavior = [ADAuthenticationContext getPromptParameter:promptBehavior];
 
-    webviewConfig.extraQueryParameters = [self.class dictionaryFromQueryString:requestParams.extraQueryParameters];
+    webviewConfig.extraQueryParameters = [self.class dictionaryFromQueryString:requestParams.extraQueryParameters.msidWWWFormURLDecode];
 
     NSString *claims = [MSIDClientCapabilitiesUtil msidClaimsParameterFromCapabilities:requestParams.clientCapabilities developerClaims:requestParams.decodedClaims];
 

ADAL/tests/app/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.0.4</string>
+	<string>4.0.5</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleURLTypes</key>

ADAL/tests/app/src/ios/ADTestAppAcquireTokenViewController.m

@@ -651,6 +651,7 @@ - (void)acquireTokenInteractive:(id)sender
                                                                         validateAuthority:validateAuthority
                                                                                     error:&error];
     context.clientCapabilities = capabilities;
+    context.parentController = self;
 
     if (!context)
     {

ADAL/tests/integration/ios/ADBrokerIntegrationTests.m

@@ -51,6 +51,7 @@
 #import "ADTokenCacheItem+Internal.h"
 #import "NSDictionary+MSIDTestUtil.h"
 #import "ADBrokerApplicationTokenHelper.h"
+#import "ADTestBundle.h"
 
 @interface ADEnrollmentGateway ()
 
@@ -70,6 +71,8 @@ - (void)setUp
     [super setUp];
 
     [MSIDKeychainTokenCache reset];
+    NSArray *urlSchemes = @[@"msauth", @"msauthv3"];
+    [ADTestBundle overrideObject:urlSchemes forKey:@"LSApplicationQueriesSchemes"];
 }
 
 - (void)tearDown
@@ -79,6 +82,40 @@ - (void)tearDown
 
 #pragma mark - Tests
 
+- (void)testBroker_whenMSAuthV3SchemeIsNotRegistered_shouldReturnError_andNotInvokeBroker
+{
+    XCTestExpectation *openURLExpectation = [self expectationWithDescription:@"Open URL"];
+    openURLExpectation.inverted = YES;
+
+    [ADApplicationTestUtil onOpenURL:^BOOL(__unused NSURL *url, __unused NSDictionary<NSString *,id> *options) {
+        [openURLExpectation fulfill];
+        return YES;
+    }];
+
+    NSArray *urlSchemes = @[@"msauth-wrong", @"msauthv3"];
+    [ADTestBundle overrideObject:urlSchemes forKey:@"LSApplicationQueriesSchemes"];
+
+    NSString *authority = @"https://login.windows.net/common";
+    NSString *redirectUri = @"x-msauth-unittest://com.microsoft.unittesthost";
+    ADAuthenticationContext *context = [self getBrokerTestContext:authority];
+
+    XCTestExpectation *expectation = [self expectationWithDescription:@"acquire token callback"];
+    [context acquireTokenWithResource:TEST_RESOURCE
+                             clientId:TEST_CLIENT_ID
+                          redirectUri:[NSURL URLWithString:redirectUri]
+                      completionBlock:^(ADAuthenticationResult *result)
+    {
+        XCTAssertNotNil(result);
+        XCTAssertEqual(result.status, AD_FAILED);
+
+        XCTAssertEqualObjects(result.error.domain, ADAuthenticationErrorDomain);
+        XCTAssertEqual(result.error.code, AD_ERROR_DEVELOPER_INVALID_ARGUMENT);
+        [expectation fulfill];
+    }];
+
+    [self waitForExpectations:@[expectation, openURLExpectation] timeout:1.0];
+}
+
 - (void)testBroker_whenSimpleAcquireToken_andSourceApplicationNonNil_andNonceMissingInBrokerResponse_shouldSucceed
 {
     NSString *authority = @"https://login.windows.net/common";

ADAL/tests/util/ios/ADTestBundle.h

@@ -0,0 +1,52 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+#import <Foundation/Foundation.h>
+
+/*!
+    This class allows tests to override values returned by various NSBundle
+    methods. It is automatically reset at the beginning of each test case in
+    subclasses of MSALTestCase.
+ */
+
+@interface ADTestBundle : NSObject
+
++ (void)reset;
+
+/*!
+    Objects set with this method will override values returned by -[NSBundle
+    objectForInfoDictionaryKey:]
+ */
++ (void)overrideObject:(id)object
+                forKey:(NSString *)key;
+
+/*!
+    Overrides the string returned by -[NSBundle bundleIdentifier]
+ */
++ (void)overrideBundleId:(NSString *)bundleId;
+
+@end