Merge pull request #1506 from AzureAD/release/2.7.17

Release ADAL 2.7.17

Author: oldalton

ADAL.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "2.7.16"
+  s.version      = "2.7.17"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADAL/ADAL.xcodeproj/project.pbxproj

@@ -363,6 +363,8 @@
 		B2BA4960208BFDA800CE92FC /* ADALAuthorityMigrationTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2BA495F208BFDA800CE92FC /* ADALAuthorityMigrationTests.m */; };
 		B2BA4962208C009F00CE92FC /* ADALClaimsChallengeTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2BA4961208C009F00CE92FC /* ADALClaimsChallengeTests.m */; };
 		B2BA4964208C1F6700CE92FC /* ADALOnPremLoginTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2BA4963208C1F6700CE92FC /* ADALOnPremLoginTests.m */; };
+		B2C0E7E623AED0AA006C9CAD /* ADTestBundle.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */; };
+		B2C0E7E723AED0AA006C9CAD /* ADTestBundle.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */; };
 		B2CD211620632C09009869D5 /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = B2CD211520632C09009869D5 /* GSS.framework */; };
 		B2D184192082F2940001D445 /* libIdentityCore.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D626FFC81FBD1B1300EE4487 /* libIdentityCore.a */; };
 		B2D1841B208335300001D445 /* ADALUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = B2D1841A208335300001D445 /* ADALUITests.swift */; };
@@ -1193,6 +1195,8 @@
 		B2BA495F208BFDA800CE92FC /* ADALAuthorityMigrationTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ADALAuthorityMigrationTests.m; sourceTree = "<group>"; };
 		B2BA4961208C009F00CE92FC /* ADALClaimsChallengeTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ADALClaimsChallengeTests.m; sourceTree = "<group>"; };
 		B2BA4963208C1F6700CE92FC /* ADALOnPremLoginTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ADALOnPremLoginTests.m; sourceTree = "<group>"; };
+		B2C0E7E023AED0AA006C9CAD /* ADTestBundle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ADTestBundle.h; sourceTree = "<group>"; };
+		B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ADTestBundle.m; sourceTree = "<group>"; };
 		B2CD211520632C09009869D5 /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/GSS.framework; sourceTree = DEVELOPER_DIR; };
 		B2D1841A208335300001D445 /* ADALUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ADALUITests.swift; sourceTree = "<group>"; };
 		B2D32CF820E9C317002C39AD /* StressIOSTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = StressIOSTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -2380,6 +2384,8 @@
 		D6771E051F74A4D200D0DCDC /* ios */ = {
 			isa = PBXGroup;
 			children = (
+				B2C0E7E023AED0AA006C9CAD /* ADTestBundle.h */,
+				B2C0E7E523AED0AA006C9CAD /* ADTestBundle.m */,
 				A521AB7220EED8AC0005735B /* ADEnrollmentGateway+TestUtil.m */,
 				A521AB6F20EEC34C0005735B /* ADEnrollmentGateway+TestUtil.h */,
 				D6771E011F749FD800D0DCDC /* ADApplicationTestUtil.h */,
@@ -3508,6 +3514,7 @@
 				B20DC5F91F0D998A00957806 /* ADHelpersTests.m in Sources */,
 				B20DC6071F0D998A00957806 /* ADWebAuthResponseTests.m in Sources */,
 				B20DC5F51F0D998A00957806 /* ADAuthenticationResultTests.m in Sources */,
+				B2C0E7E623AED0AA006C9CAD /* ADTestBundle.m in Sources */,
 				232ED2BA20083F7800C5D74A /* ADBrokerHelperTests.m in Sources */,
 				B20DC61D1F0DA39C00957806 /* ADBrokerKeyHelperTests.m in Sources */,
 				B20DC61F1F0DA3C500957806 /* ADKeychainTokenCacheTests.m in Sources */,
@@ -3683,6 +3690,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				236BF3FF205B38EB006E3897 /* ADAcquireTokenPkeyAuthTests.m in Sources */,
+				B2C0E7E723AED0AA006C9CAD /* ADTestBundle.m in Sources */,
 				D67D3D3C1F38502900660F32 /* ADTestCase.m in Sources */,
 				B29A36CF20B1333200427B63 /* ADBrokerIntegrationTests.m in Sources */,
 				B24D25F9205EFBC200025B8B /* ADAuthenticationErrorConverterIntegrationTests.m in Sources */,

ADAL/IdentityCore

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.16</string>
+	<string>2.7.17</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/resources/ios/Framework/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.15</string>
+	<string>2.7.17</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/resources/mac/Info.plist

@@ -50,4 +50,4 @@ extern NSString* const ADAL_BROKER_SCHEME;
 extern NSString* const ADAL_BROKER_NONCE_SCHEME;
 extern NSString* const ADAL_BROKER_APP_REDIRECT_URI;
 extern NSString* const ADAL_BROKER_APP_BUNDLE_ID;
-
+extern NSString* const ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD;

ADAL/src/ADALConstants.h

@@ -52,4 +52,5 @@
 NSString* const ADAL_BROKER_NONCE_SCHEME = @"msauthv3";
 NSString* const ADAL_BROKER_APP_REDIRECT_URI = @"urn:ietf:wg:oauth:2.0:oob";
 NSString* const ADAL_BROKER_APP_BUNDLE_ID = @"com.microsoft.azureauthenticator";
+NSString* const ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD = @"com.microsoft.azureauthenticator-df";
 

ADAL/src/ADALConstants.m

@@ -27,7 +27,7 @@
 // through build script. Don't change its format unless changing build script as well.)
 #define ADAL_VER_HIGH       2
 #define ADAL_VER_LOW        7
-#define ADAL_VER_PATCH      16
+#define ADAL_VER_PATCH      17
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

ADAL/src/ADAL_Internal.h

@@ -215,11 +215,8 @@ + (BOOL)canHandleResponse:(NSURL *)response
 + (BOOL)isResponseFromBroker:(NSString *)sourceApplication
                     response:(NSURL *)response
 {
-    BOOL isBroker = [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID];
-    
-#ifdef DOGFOOD_BROKER
-    isBroker = isBroker || [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD];
-#endif
+    BOOL isBroker = [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID]
+                    || [sourceApplication isEqualToString:ADAL_BROKER_APP_BUNDLE_ID_DOGFOOD];
 
     return response && isBroker;
 }

ADAL/src/ADAuthenticationContext+Internal.m

@@ -47,6 +47,7 @@
 #import "MSIDADFSAuthority.h"
 #import "MSIDAuthorityFactory.h"
 #import "MSIDClientCapabilitiesUtil.h"
+#import "ADAuthenticationErrorConverter.h"
 
 @implementation ADAuthenticationRequest (AcquireToken)
 
@@ -149,15 +150,26 @@ - (void)acquireToken:(NSString *)apiId
         return;
     }
 
-    if (!_silent && _context.credentialsType == AD_CREDENTIALS_AUTO && ![ADAuthenticationRequest validBrokerRedirectUri:_requestParams.redirectUri])
+    if (!_silent && _context.credentialsType == AD_CREDENTIALS_AUTO)
     {
-        ADAuthenticationError* error =
-        [ADAuthenticationError errorFromAuthenticationError:AD_ERROR_TOKENBROKER_INVALID_REDIRECT_URI
-                                               protocolCode:nil
-                                               errorDetails:ADRedirectUriInvalidError
-                                              correlationId:_requestParams.correlationId];
-        wrappedCallback([ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]);
-        return;
+        if (![ADAuthenticationRequest validBrokerRedirectUri:_requestParams.redirectUri])
+        {
+            ADAuthenticationError* error =
+            [ADAuthenticationError errorFromAuthenticationError:AD_ERROR_TOKENBROKER_INVALID_REDIRECT_URI
+                                                   protocolCode:nil
+                                                   errorDetails:ADRedirectUriInvalidError
+                                                  correlationId:_requestParams.correlationId];
+            wrappedCallback([ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]);
+            return;
+        }
+        
+        NSError *msidError;
+        if (![ADAuthenticationRequest verifyAdditionalRequiredSchemesAreRegistered:&msidError correlationID:_requestParams.correlationId])
+        {
+            ADAuthenticationError *error = [ADAuthenticationErrorConverter ADAuthenticationErrorFromMSIDError:msidError];
+            wrappedCallback([ADAuthenticationResult resultFromError:error correlationId:_requestParams.correlationId]);
+            return;
+        }
     }
 
     [[MSIDTelemetry sharedInstance] startEvent:telemetryRequestId eventName:MSID_TELEMETRY_EVENT_AUTHORITY_VALIDATION];

ADAL/src/request/ADAuthenticationRequest+AcquireToken.m

@@ -35,6 +35,9 @@ extern NSString *kAdalSDKObjc;
 
 + (BOOL)validBrokerRedirectUri:(NSString *)url;
 
++ (BOOL)verifyAdditionalRequiredSchemesAreRegistered:(NSError **)error
+                                       correlationID:(NSUUID *)correlationID;
+
 - (BOOL)canUseBroker;
 
 - (NSURL *)composeBrokerRequest:(ADAuthenticationError * __autoreleasing *)error;

ADAL/src/request/ADAuthenticationRequest+Broker.h

@@ -109,6 +109,33 @@ + (BOOL)validBrokerRedirectUri:(NSString*)url
     return NO;
 }
 
++ (BOOL)verifyAdditionalRequiredSchemesAreRegistered:(NSError **)error
+                                       correlationID:(NSUUID *)correlationID
+{
+    NSArray *querySchemes = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"LSApplicationQueriesSchemes"];
+    
+    BOOL containsRequiredSchemes = [querySchemes containsObject:ADAL_BROKER_SCHEME];
+    
+#ifdef __IPHONE_OS_VERSION_MAX_ALLOWED
+#if __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
+    containsRequiredSchemes &= [querySchemes containsObject:ADAL_BROKER_NONCE_SCHEME];
+#endif
+#endif
+
+     if (!containsRequiredSchemes)
+    {
+        if (error)
+        {
+            NSString *message = @"The required query schemes \"msauth\" and \"msauthv3\" are not registered in the app's info.plist file. Please add \"msauth\" and \"msauthv3\" into Info.plist under LSApplicationQueriesSchemes without any whitespaces.";
+            *error = MSIDCreateError(MSIDErrorDomain, MSIDErrorInvalidDeveloperParameter, message, nil, nil, nil, correlationID, nil);
+        }
+
+         return NO;
+    }
+
+     return YES;
+}
+
 /*!
     Process the broker response and call the completion block, if it is available.
  

ADAL/src/request/ADAuthenticationRequest+Broker.m

@@ -39,6 +39,8 @@ @interface ADAuthenticationViewController ( ) <UIWebViewDelegate>
     id _foregroundObserver;
 }
 
+@property (nonatomic) BOOL presentInParentController;
+
 @end
 
 @implementation ADAuthenticationViewController
@@ -62,6 +64,7 @@ - (BOOL)loadView:(ADAuthenticationError * __autoreleasing *)error
     // hijack the delegate on the webview.
     if (_webView)
     {
+        self.presentInParentController = NO;
         _webView.delegate = self;
         return YES;
     }
@@ -107,6 +110,8 @@ - (BOOL)loadView:(ADAuthenticationError * __autoreleasing *)error
                                                                                   target:self
                                                                                   action:@selector(onCancel:)];
     self.navigationItem.leftBarButtonItem = cancelButton;
+    
+    self.presentInParentController = YES;
 
     return YES;
 }
@@ -137,7 +142,7 @@ - (void)stop:(void (^)(void))completion
 
     //if webview is created by us, dismiss and then complete and return;
     //otherwise just complete and return.
-    if (_parentController)
+    if (_parentController && self.presentInParentController)
     {
         if (_parentController.parentViewController && _parentController.presentedViewController)
         {
@@ -161,6 +166,8 @@ - (void)stop:(void (^)(void))completion
 - (void)startRequest:(NSURLRequest *)request
 {
     [self loadRequest:request];
+    
+    if (!self.presentInParentController) return;
 
     UINavigationController *navController = [[UINavigationController alloc] initWithRootViewController:self];
 

ADAL/src/ui/ios/ADAuthenticationViewController.m

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.16</string>
+	<string>2.7.17</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleURLTypes</key>

ADAL/tests/app/resources/ios/Info.plist

@@ -644,6 +644,7 @@ - (void)acquireTokenInteractive:(id)sender
                                                                         validateAuthority:validateAuthority
                                                                                     error:&error];
     context.clientCapabilities = capabilities;
+    context.parentController = self;
 
     if (!context)
     {

ADAL/tests/app/src/ios/ADTestAppAcquireTokenViewController.m

@@ -50,6 +50,7 @@
 #import "ADTokenCacheItem+Internal.h"
 #import "NSDictionary+MSIDTestUtil.h"
 #import "ADBrokerApplicationTokenHelper.h"
+#import "ADTestBundle.h"
 
 @interface ADEnrollmentGateway ()
 
@@ -69,6 +70,8 @@ - (void)setUp
     [super setUp];
 
     [MSIDKeychainTokenCache reset];
+    NSArray *urlSchemes = @[@"msauth", @"msauthv3"];
+    [ADTestBundle overrideObject:urlSchemes forKey:@"LSApplicationQueriesSchemes"];
 }
 
 - (void)tearDown
@@ -78,6 +81,40 @@ - (void)tearDown
 
 #pragma mark - Tests
 
+- (void)testBroker_whenMSAuthV3SchemeIsNotRegistered_shouldReturnError_andNotInvokeBroker
+{
+    XCTestExpectation *openURLExpectation = [self expectationWithDescription:@"Open URL"];
+    openURLExpectation.inverted = YES;
+    
+    [ADApplicationTestUtil onOpenURL:^BOOL(__unused NSURL *url, __unused NSDictionary<NSString *,id> *options) {
+        [openURLExpectation fulfill];
+        return YES;
+    }];
+    
+    NSArray *urlSchemes = @[@"msauth-wrong", @"msauthv3"];
+    [ADTestBundle overrideObject:urlSchemes forKey:@"LSApplicationQueriesSchemes"];
+    
+    NSString *authority = @"https://login.windows.net/common";
+    NSString *redirectUri = @"x-msauth-unittest://com.microsoft.unittesthost";
+    ADAuthenticationContext *context = [self getBrokerTestContext:authority];
+    
+    XCTestExpectation *expectation = [self expectationWithDescription:@"acquire token callback"];
+    [context acquireTokenWithResource:TEST_RESOURCE
+                             clientId:TEST_CLIENT_ID
+                          redirectUri:[NSURL URLWithString:redirectUri]
+                      completionBlock:^(ADAuthenticationResult *result)
+    {
+        XCTAssertNotNil(result);
+        XCTAssertEqual(result.status, AD_FAILED);
+        
+        XCTAssertEqualObjects(result.error.domain, ADAuthenticationErrorDomain);
+        XCTAssertEqual(result.error.code, AD_ERROR_DEVELOPER_INVALID_ARGUMENT);
+        [expectation fulfill];
+    }];
+    
+    [self waitForExpectations:@[expectation, openURLExpectation] timeout:1.0];
+}
+
 - (void)testBroker_whenSimpleAcquireToken_andSourceApplicationNonNil_andNonceMissingInBrokerResponse_shouldSucceed
 {
     NSString *authority = @"https://login.windows.net/common";

ADAL/tests/integration/ios/ADBrokerIntegrationTests.m

@@ -0,0 +1,52 @@
+//------------------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+//
+//------------------------------------------------------------------------------
+
+#import <Foundation/Foundation.h>
+
+/*!
+    This class allows tests to override values returned by various NSBundle
+    methods. It is automatically reset at the beginning of each test case in
+    subclasses of MSALTestCase.
+ */
+ 
+@interface ADTestBundle : NSObject
+
++ (void)reset;
+
+/*!
+    Objects set with this method will override values returned by -[NSBundle
+    objectForInfoDictionaryKey:]
+ */
++ (void)overrideObject:(id)object
+                forKey:(NSString *)key;
+
+/*!
+    Overrides the string returned by -[NSBundle bundleIdentifier]
+ */
++ (void)overrideBundleId:(NSString *)bundleId;
+
+@end