Merge pull request #1496 from AzureAD/sedemche/duna_resume_cherry_pick

Cherry pick DUNA "resume" action fix

Author: antrix1989

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -484,6 +484,8 @@
 		23D2049421D1C274009B5975 /* MSIDTokenResponseSerializer.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D2049221D1C274009B5975 /* MSIDTokenResponseSerializer.m */; };
 		23D2049521D1C274009B5975 /* MSIDTokenResponseSerializer.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D2049221D1C274009B5975 /* MSIDTokenResponseSerializer.m */; };
 		23D204A521D5A745009B5975 /* MSIDDefaultTokenResponseValidatorTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D204A421D5A745009B5975 /* MSIDDefaultTokenResponseValidatorTests.m */; };
+		23D4DEE72D92537D005A77E4 /* MSIDFlightManagerMockProvider.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D4DEE52D92537D005A77E4 /* MSIDFlightManagerMockProvider.m */; };
+		23D4DEE82D92537D005A77E4 /* MSIDFlightManagerMockProvider.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D4DEE52D92537D005A77E4 /* MSIDFlightManagerMockProvider.m */; };
 		23D744782097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 23D744762097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.h */; };
 		23D744792097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D744772097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.m */; };
 		23D7447A2097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = 23D744772097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.m */; };
@@ -2363,6 +2365,8 @@
 		23D2049121D1C274009B5975 /* MSIDTokenResponseSerializer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDTokenResponseSerializer.h; sourceTree = "<group>"; };
 		23D2049221D1C274009B5975 /* MSIDTokenResponseSerializer.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDTokenResponseSerializer.m; sourceTree = "<group>"; };
 		23D204A421D5A745009B5975 /* MSIDDefaultTokenResponseValidatorTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDDefaultTokenResponseValidatorTests.m; sourceTree = "<group>"; };
+		23D4DEE42D92537D005A77E4 /* MSIDFlightManagerMockProvider.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDFlightManagerMockProvider.h; sourceTree = "<group>"; };
+		23D4DEE52D92537D005A77E4 /* MSIDFlightManagerMockProvider.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDFlightManagerMockProvider.m; sourceTree = "<group>"; };
 		23D744762097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDAADV1AuthorizationCodeRequest.h; sourceTree = "<group>"; };
 		23D744772097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDAADV1AuthorizationCodeRequest.m; sourceTree = "<group>"; };
 		23DADC0E20B8BF4F005D7389 /* MSIDAadAuthorityCacheRecord.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDAadAuthorityCacheRecord.h; sourceTree = "<group>"; };
@@ -3728,6 +3732,8 @@
 				B431B5352AF1C3BD0020CD3D /* MSIDSSOExtensionPasskeyCredentialRequestMock.h */,
 				B431B5362AF1C3C60020CD3D /* MSIDSSOExtensionPasskeyCredentialRequestMock.m */,
 				2A0278A22D6E3787005655B4 /* MSIDLastRequestTelemetry+Tests.h */,
+				23D4DEE42D92537D005A77E4 /* MSIDFlightManagerMockProvider.h */,
+				23D4DEE52D92537D005A77E4 /* MSIDFlightManagerMockProvider.m */,
 			);
 			path = mocks;
 			sourceTree = "<group>";
@@ -7630,6 +7636,7 @@
 				B2E4A07324DDE575007CE642 /* MSIDTestTelemetryEventsObserver.m in Sources */,
 				B217862A23A5839300839CE8 /* MSIDSSOExtensionSignoutRequestMock.m in Sources */,
 				D6D9A4571FBD40BF00EFA430 /* NSURL+MSIDTestUtil.m in Sources */,
+				23D4DEE82D92537D005A77E4 /* MSIDFlightManagerMockProvider.m in Sources */,
 				589842B9252544940075DFED /* MSIDAccountMetadataCacheMockUpdateAuthorityParameters.m in Sources */,
 				D626FFF11FBD200A00EE4487 /* MSIDTestURLResponse.m in Sources */,
 				963E68E721489A9500D7D0CC /* NSString+MSIDTestUtil.m in Sources */,
@@ -7691,6 +7698,7 @@
 				96290E5721489BB800FDD5C8 /* NSString+MSIDTestUtil.m in Sources */,
 				607A788E23294D6F00A1F74D /* MSIDAccountMetadataCacheAccessorMock.m in Sources */,
 				58D1514424A6888D001DD18A /* MSIDHttpRequest+OverrideCacheSave.m in Sources */,
+				23D4DEE72D92537D005A77E4 /* MSIDFlightManagerMockProvider.m in Sources */,
 				D6D9A44E1FBD3EEA00EFA430 /* NSDictionary+MSIDTestUtil.m in Sources */,
 				589842C6252544940075DFED /* MSIDAccountMetadataCacheMockUpdateAuthorityParameters.m in Sources */,
 				23FB5C39225588CF002BF1EB /* MSIDClaimsRequestMock.m in Sources */,

IdentityCore/src/MSIDConstants.m

@@ -77,7 +77,7 @@
 NSString *const MSID_BROWSER_RESPONSE_SWITCH_BROWSER_RESUME = @"switch_browser_resume";
 
 NSString *const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY = @"use_v2_web_response_factory";
-NSString *const MSID_FLIGHT_SUPPORT_DUNA_CBA = @"support_duna_cba";
+NSString *const MSID_FLIGHT_SUPPORT_DUNA_CBA = @"support_duna_cba_v2";
 
 
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]

IdentityCore/src/MSIDFlightManager.h

@@ -35,7 +35,7 @@ NS_ASSUME_NONNULL_BEGIN
 
 @interface MSIDFlightManager : NSObject <MSIDFlightManagerInterface>
 
-@property (nonatomic) id<MSIDFlightManagerInterface> flightProvider;
+@property (nonatomic, nullable) id<MSIDFlightManagerInterface> flightProvider;
 
 + (instancetype)sharedInstance;
 

IdentityCore/src/webview/operations/ios/MSIDSwitchBrowserOperation.m

@@ -102,6 +102,7 @@ - (void)invokeWithRequestParameters:(nonnull MSIDInteractiveTokenRequestParamete
 
         NSError *localError;
         __auto_type response = [webRequestConfiguration responseWithResultURL:callbackURL factory:oauthFactory.webviewFactory context:requestParameters error:&localError];
+        response.parentResponse = self.switchBrowserResponse;
 
         if (localError)
         {

IdentityCore/src/webview/operations/ios/MSIDSwitchBrowserResumeOperation.m

@@ -62,6 +62,19 @@ - (nullable instancetype)initWithResponse:(MSIDWebviewResponse *)response
         }
 
         _switchBrowserResumeResponse = (MSIDSwitchBrowserResumeResponse *)response;
+        
+        __auto_type parentResponse = _switchBrowserResumeResponse.parentResponse;
+        if (![parentResponse isKindOfClass:MSIDSwitchBrowserResponse.class])
+        {
+            NSString *errorMsg = [NSString stringWithFormat:@"Parent response of type %@ is required for creating %@", MSIDSwitchBrowserResponse.class, self.class];
+            MSID_LOG_WITH_CTX(MSIDLogLevelError, nil, @"%@", errorMsg);
+            if (error)
+            {
+                *error = MSIDCreateError(MSIDErrorDomain, MSIDErrorInternal, errorMsg, nil, nil, nil, nil, nil, NO);
+            }
+            
+            return nil;
+        }
     }
 
     return self;

IdentityCore/src/webview/response/MSIDSwitchBrowserResponse.h

@@ -42,4 +42,6 @@
                     context:(id<MSIDRequestContext>)context
                       error:(NSError *__autoreleasing*)error;
 
++ (BOOL)isDUNAActionUrl:(NSURL *)url operation:(NSString *)operation;
+
 @end

IdentityCore/src/webview/response/MSIDSwitchBrowserResponse.m

@@ -74,6 +74,24 @@ - (BOOL)useV2WebResponseHandling
     return useV2WebResponseHandling;
 }
 
++ (BOOL)isDUNAActionUrl:(NSURL *)url operation:(NSString *)operation
+{
+    if (url == nil) return NO;
+    
+    NSArray *pathComponents = url.pathComponents;
+    if ([pathComponents count] < 2)
+    {
+        return NO;
+    }
+    
+    if ([pathComponents[1] isEqualToString:operation])
+    {
+        return YES;
+    }
+    
+    return NO;
+}
+
 #pragma mark - Private
 
 - (BOOL)isMyUrl:(NSURL *)url
@@ -102,18 +120,7 @@ - (BOOL)isMyUrl:(NSURL *)url
         return NO;
     }
 
-    NSArray *pathComponents = url.pathComponents;
-    if ([pathComponents count] < 2)
-    {
-        return NO;
-    }
-    
-    if ([pathComponents[1] isEqualToString:[self.class operation]])
-    {
-        return YES;
-    }
-    
-    return NO;
+    return [self.class isDUNAActionUrl:url operation:[self.class operation]];
 }
 
 

IdentityCore/src/webview/response/MSIDWebviewResponse.h

@@ -35,6 +35,11 @@
 @property (atomic, readonly) NSURL *url;
 @property (nonatomic, class, readonly) NSString *operation;
 
+/// Enables tracking of web response chains.
+/// For example, it is used in DUNA CBA flow to check that "swich_browser_resume" response
+/// was created as a result of "switch_browser" response.
+@property (nonatomic) MSIDWebviewResponse *parentResponse;
+
 - (instancetype)initWithURL:(NSURL *)url
                     context:(id<MSIDRequestContext>)context
                       error:(NSError *__autoreleasing*)error;

IdentityCore/tests/MSIDSwitchBrowserResumeOperationTest.swift

@@ -28,8 +28,15 @@ import XCTest
 final class MSIDSwitchBrowserResumeOperationTest: XCTestCase 
 {
     lazy var validSwitchBrowserResumeResponse: MSIDSwitchBrowserResumeResponse? = {
-        let url = URL(string: "msauth.com.microsoft.msaltestapp://auth/switch_browser_resume?action_uri=some_uri&code=some_code")!
-        return try? MSIDSwitchBrowserResumeResponse(url: url, redirectUri: "msauth.com.microsoft.msaltestapp://auth", context: nil)
+        
+        let switchUrl = URL(string: "msauth.com.microsoft.msaltestapp://auth/switch_browser?action_uri=some_uri&code=some_code")!
+        let switchBrowserResponse = try? MSIDSwitchBrowserResponse(url: switchUrl, redirectUri: "msauth.com.microsoft.msaltestapp://auth",  context: nil)
+        
+        let resumeUrl = URL(string: "msauth.com.microsoft.msaltestapp://auth/switch_browser_resume?action_uri=some_uri&code=some_code")!
+        let resumeResponse = try? MSIDSwitchBrowserResumeResponse(url: resumeUrl, redirectUri: "msauth.com.microsoft.msaltestapp://auth", context: nil)
+        resumeResponse?.parent = switchBrowserResponse
+        
+        return resumeResponse
     }()
 
     override func setUpWithError() throws
@@ -51,6 +58,19 @@ final class MSIDSwitchBrowserResumeOperationTest: XCTestCase
 
         XCTAssertNotNil(operation)
     }
+    
+    func testInit_whenNoParentResponse_shouldReturnNil() throws
+    {
+        XCTAssertNotNil(self.validSwitchBrowserResumeResponse)
+        guard let response = self.validSwitchBrowserResumeResponse else { return }
+        response.parent = nil
+        
+        XCTAssertThrowsError(try MSIDSwitchBrowserResumeOperation(response: response)) { error in
+            XCTAssertEqual((error as NSError).code, MSIDErrorCode.internal.rawValue)
+            XCTAssertEqual((error as NSError).domain, MSIDErrorDomain)
+            XCTAssertEqual((error as NSError).userInfo["MSIDErrorDescriptionKey"] as? String, "Parent response of type MSIDSwitchBrowserResponse is required for creating MSIDSwitchBrowserResumeOperation")
+        }
+    }
 
     func testInit_withInValidResponse_shouldReturnNil() throws
     {

IdentityCore/tests/mocks/MSIDFlightManagerMockProvider.h

@@ -0,0 +1,36 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+
+#import "MSIDFlightManager.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface MSIDFlightManagerMockProvider : NSObject <MSIDFlightManagerInterface>
+
+@property (nonatomic) NSDictionary *boolForKeyContainer;
+
+@end
+
+NS_ASSUME_NONNULL_END