Merge pull request #1536 from AzureAD/hotfix/4.0.8

Release ADAL 4.0.8

Author: oldalton

ADAL.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "4.0.7"
+  s.version      = "4.0.8"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADAL/IdentityCore

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.0.7</string>
+	<string>4.0.8</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/resources/ios/Framework/Info.plist

@@ -28,7 +28,7 @@
 
 #define ADAL_VER_HIGH       4
 #define ADAL_VER_LOW        0
-#define ADAL_VER_PATCH      7
+#define ADAL_VER_PATCH      8
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

ADAL/src/ADAL_Internal.h

@@ -185,6 +185,7 @@ - (void)checkAuthority:(ADRequestParameters*)requestParams
     {
         // Validate AAD authority
         [self validateAADAuthority:authorityURL
+           shouldValidateAuthority:validateAuthority
                      requestParams:requestParams
                    completionBlock:^(BOOL validated, ADAuthenticationError *error)
          {
@@ -203,6 +204,7 @@ - (void)checkAuthority:(ADRequestParameters*)requestParams
 // If the authority is known, the server will set the "tenant_discovery_endpoint" parameter in the response.
 // The method should be executed on a thread that is guarranteed to exist upon completion, e.g. the UI thread.
 - (void)validateAADAuthority:(NSURL *)authority
+     shouldValidateAuthority:(BOOL)shouldValidateAuthority
                requestParams:(ADRequestParameters *)requestParams
              completionBlock:(ADAuthorityValidationCallback)completionBlock
 {
@@ -225,6 +227,7 @@ - (void)validateAADAuthority:(NSURL *)authority
         __block dispatch_semaphore_t dsem = dispatch_semaphore_create(0);
 
         [self requestAADValidation:authority
+           shouldValidateAuthority:shouldValidateAuthority
                      requestParams:requestParams
                    completionBlock:^(BOOL validated, ADAuthenticationError *error)
          {
@@ -255,6 +258,7 @@ - (void)validateAADAuthority:(NSURL *)authority
 }
 
 - (void)requestAADValidation:(NSURL *)authorityUrl
+     shouldValidateAuthority:(BOOL)shouldValidateAuthority
                requestParams:(ADRequestParameters *)requestParams
              completionBlock:(ADAuthorityValidationCallback)completionBlock
 {
@@ -278,7 +282,7 @@ - (void)requestAADValidation:(NSURL *)authorityUrl
 
     NSString *trustedHost = ADTrustedAuthorityWorldWide;
 
-    if ([ADAuthorityUtils isKnownHost:authority.url])
+    if ([ADAuthorityUtils isKnownHost:authority.url] || !shouldValidateAuthority)
     {
         trustedHost = authority.environment;
     }

ADAL/src/validation/ADAuthorityValidation.m

@@ -30,11 +30,12 @@
 + (ADTestURLResponse*)validAuthority:(NSString *)authority;
 + (ADTestURLResponse *)validAuthority:(NSString *)authority
                          withMetadata:(NSArray *)metadata;
+
 + (ADTestURLResponse *)validAuthority:(NSString *)authority
                           trustedHost:(NSString *)trustedHost
                          withMetadata:(NSArray *)metadata;
 
-+ (ADTestURLResponse*)invalidAuthority:(NSString *)authority;
++ (ADTestURLResponse *)invalidAuthority:(NSString *)authority validationEnabled:(BOOL)validationEnabled;
 + (ADTestURLResponse*)invalidAuthority:(NSString *)authority
                            trustedHost:(NSString *)trustedHost;
 

ADAL/tests/ADTestAuthorityValidationResponse.h

@@ -63,9 +63,10 @@ + (ADTestURLResponse *)validAuthority:(NSString *)authority
     return response;
 }
 
-+ (ADTestURLResponse *)invalidAuthority:(NSString *)authority
++ (ADTestURLResponse *)invalidAuthority:(NSString *)authority validationEnabled:(BOOL)validationEnabled
 {
-    return [self invalidAuthority:authority trustedHost:DEFAULT_TRUSTED_HOST];
+    NSString *trustedHost = validationEnabled ? DEFAULT_TRUSTED_HOST : [NSURL URLWithString:authority].host;
+    return [self invalidAuthority:authority trustedHost:trustedHost];
 }
 
 + (ADTestURLResponse*)invalidAuthority:(NSString *)authority

ADAL/tests/ADTestAuthorityValidationResponse.m

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>4.0.7</string>
+	<string>4.0.8</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleURLTypes</key>

ADAL/tests/app/resources/ios/Info.plist

@@ -162,7 +162,7 @@ - (void)testCheckAuthority_whenAuthorityInvalid_shouldReturnError
     requestParams.authority = authority;
     requestParams.correlationId = [NSUUID UUID];
 
-    [ADTestURLSession addResponse:[ADTestAuthorityValidationResponse invalidAuthority:authority]];
+    [ADTestURLSession addResponse:[ADTestAuthorityValidationResponse invalidAuthority:authority validationEnabled:YES]];
 
     XCTestExpectation* expectation = [self expectationWithDescription:@"Validate invalid authority."];
     [authorityValidation checkAuthority:requestParams
@@ -194,7 +194,7 @@ - (void)testCheckAuthority_whenAuthorityInvalidAndNoValidation_shouldReturnNoErr
     requestParams.authority = authority;
     requestParams.correlationId = [NSUUID UUID];
 
-    [ADTestURLSession addResponse:[ADTestAuthorityValidationResponse invalidAuthority:authority]];
+    [ADTestURLSession addResponse:[ADTestAuthorityValidationResponse invalidAuthority:authority validationEnabled:NO]];
 
     XCTestExpectation* expectation = [self expectationWithDescription:@"Validate invalid authority."];
     [authorityValidation checkAuthority:requestParams
@@ -228,7 +228,7 @@ - (void)testAcquireToken_whenAuthorityInvalid_shouldReturnError
     XCTAssertNotNil(context);
     XCTAssertNil(error);
 
-    [ADTestURLSession addResponse:[ADTestAuthorityValidationResponse invalidAuthority:authority]];
+    [ADTestURLSession addResponse:[ADTestAuthorityValidationResponse invalidAuthority:authority validationEnabled:YES]];
 
     XCTestExpectation* expectation = [self expectationWithDescription:@"acquireTokenWithResource: with invalid authority."];
     [context acquireTokenWithResource:TEST_RESOURCE
@@ -284,7 +284,7 @@ - (void)testAcquireToken_whenAuthorityInvalidWithAuthorityValidationOff_shouldGe
                   newAccessToken:updatedAT
                       newIDToken:[self adDefaultIDToken]
                 additionalFields:@{ @"foci" : @"1" }];
-    [ADTestURLSession addResponses:@[[ADTestAuthorityValidationResponse invalidAuthority:authority],
+    [ADTestURLSession addResponses:@[[ADTestAuthorityValidationResponse invalidAuthority:authority validationEnabled:NO],
                                      tokenResponse]];
 
     __block XCTestExpectation *expectation = [self expectationWithDescription:@"acquire token"];
@@ -510,7 +510,7 @@ - (void)testAcquireTokenSilent_whenDifferentPreferredNetworkValidateOff_shouldUs
     NSArray *metadata = @[ @{ @"preferred_network" : @"login.contoso.net",
                               @"preferred_cache" : @"login.contoso.com",
                               @"aliases" : @[ @"login.contoso.net", @"login.contoso.com"] } ];
-    ADTestURLResponse *validationResponse = [ADTestAuthorityValidationResponse validAuthority:authority withMetadata:metadata];
+    ADTestURLResponse *validationResponse = [ADTestAuthorityValidationResponse validAuthority:authority trustedHost:@"login.contoso.com" withMetadata:metadata];
     ADTestURLResponse *tokenResponse = [self adResponseRefreshToken:TEST_REFRESH_TOKEN
                                                           authority:preferredAuthority
                                                            resource:TEST_RESOURCE