|
40 | 40 | #import "MSIDTokenResponseHandler.h" |
41 | 41 | #import "MSIDLastRequestTelemetry.h" |
42 | 42 | #import "MSIDCurrentRequestTelemetry.h" |
| 43 | +#import "MSIDAccountMetadataCacheItem.h" |
| 44 | +#import "MSIDFlightManager.h" |
43 | 45 |
|
44 | 46 | #if TARGET_OS_OSX && !EXCLUDE_FROM_MSALCPP |
45 | 47 | #import "MSIDExternalAADCacheSeeder.h" |
@@ -617,10 +619,43 @@ - (void)sendTokenRequestImpl:(MSIDRequestCompletionBlock)completionBlock |
617 | 619 | } |
618 | 620 | } |
619 | 621 |
|
| 622 | + BOOL disableRemoveAccountArtifacts = [MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_DISABLE_REMOVE_ACCOUNT_ARTIFACTS]; |
| 623 | + |
| 624 | + // remove account artifacts only if we test flight feature is not disabled |
| 625 | + if (!result && !disableRemoveAccountArtifacts && [self shouldRemoveAccountArtifacts:localError]) |
| 626 | + { |
| 627 | + MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"Account deleted, Removing any user account artifacts from device..."); |
| 628 | + [self removeAccountArtifacts:self.requestParameters]; |
| 629 | + } |
| 630 | + |
620 | 631 | completionBlock(result, localError); |
621 | 632 | }]; |
622 | 633 | }]; |
623 | 634 | } |
| 635 | + |
| 636 | +- (void)removeAccountArtifacts:(MSIDRequestParameters *)requestParameters |
| 637 | +{ |
| 638 | + NSError *removalError = nil; |
| 639 | + BOOL removalResult = [self.tokenCache clearCacheForAccount:requestParameters.accountIdentifier |
| 640 | + authority:requestParameters.authority |
| 641 | + clientId:requestParameters.clientId |
| 642 | + familyId:nil |
| 643 | + context:requestParameters |
| 644 | + error:&removalError]; |
| 645 | + if (!removalResult) |
| 646 | + { |
| 647 | + MSID_LOG_WITH_CTX_PII(MSIDLogLevelWarning, requestParameters, @"Failed to clear cache with error %@", MSID_PII_LOG_MASKABLE(removalError)); |
| 648 | + } |
| 649 | + |
| 650 | + NSError *metadataRemovalError = nil; |
| 651 | + [[self metadataCache] removeAccountMetadataForHomeAccountId:requestParameters.accountIdentifier.homeAccountId |
| 652 | + context:requestParameters |
| 653 | + error:&metadataRemovalError]; |
| 654 | + if (metadataRemovalError) |
| 655 | + { |
| 656 | + MSID_LOG_WITH_CTX_PII(MSIDLogLevelWarning, requestParameters, @"Failed to remove account artifacts with error %@", MSID_PII_LOG_MASKABLE(metadataRemovalError)); |
| 657 | + } |
| 658 | +} |
624 | 659 | #endif |
625 | 660 |
|
626 | 661 | #pragma mark - Abstract |
@@ -664,6 +699,14 @@ - (BOOL)shouldRemoveRefreshToken:(__unused NSError *)serverError |
664 | 699 | return NO; |
665 | 700 | } |
666 | 701 |
|
| 702 | +- (BOOL)shouldRemoveAccountArtifacts:(nonnull NSError *)serverError |
| 703 | +{ |
| 704 | + // Removing account artifacts on invalid_grant + user_deleted_account suberror combination |
| 705 | + MSIDErrorCode oauthError = MSIDErrorCodeForOAuthError(serverError.msidOauthError, MSIDErrorInternal); |
| 706 | + NSString *subError = serverError.msidSubError; |
| 707 | + return oauthError == MSIDErrorServerInvalidGrant && [subError isEqualToString:MSIDServerErrorUserAccountDeleted]; |
| 708 | +} |
| 709 | + |
667 | 710 | - (id<MSIDCacheAccessor>)tokenCache |
668 | 711 | { |
669 | 712 | NSAssert(NO, @"Abstract method. Should be implemented in a subclass"); |
|
0 commit comments