Merge pull request #745 from AzureAD/release/1.5.1

1.5.1 release

Author: oldalton

CODEOWNERS

@@ -1,7 +1,7 @@
 # These owners will be the default owners for everything in the repo.
 # Unless a later match takes precedence, these users will be requested
 # for review whenever someone opens a pull request.
-*       @AzureAD/AppleIdentity
+*       @AzureAD/AppleIdentityTeam
 # IdentityCore/src/util   @AzureAD/AppleCppIdentity
 # IdentityCore/src/cache  @AzureAD/AppleCppIdentity
 # For more details about inheritance patterns, or to assign different

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -215,9 +215,31 @@ - (void)seedExternalCacheWithIdToken:(MSIDIdToken *)idToken
                                                                      configuration:configuration];
     refreshToken.idToken = idToken.rawIdToken;
 
-    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"Saving refresh token in external cache.");
+    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"Checking refresh token existence in external cache.");
 
     NSError *error;
+    MSIDRefreshToken *existingRefreshToken = [self.externalLegacyAccessor getRefreshTokenWithAccount:refreshToken.accountIdentifier
+                                                                                            familyId:refreshToken.familyId
+                                                                                       configuration:configuration
+                                                                                             context:context
+                                                                                               error:&error];
+    
+    if (error)
+    {
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelError, context, @"Failed to read refresh token from external cache, error: %@", MSID_PII_LOG_MASKABLE(error));
+        completionBlock(NO);
+        return;
+    }
+    
+    if (existingRefreshToken)
+    {
+        MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"Found existing refresh token in external cache. Returning early.");
+        completionBlock(YES);
+        return;
+    }
+    
+    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"Saving refresh token in external cache.");
+    
     BOOL result = [self.externalLegacyAccessor saveRefreshToken:refreshToken
                                                   configuration:configuration
                                                         context:context

IdentityCore/src/MSIDExternalAADCacheSeeder.m

@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@protocol MSIDTelemetryStringSerializable <NSObject>
+
+- (NSString *)telemetryString;
+
+@end
+
+NS_ASSUME_NONNULL_END

IdentityCore/src/MSIDTelemetryStringSerializable.h

@@ -38,6 +38,7 @@ NS_ASSUME_NONNULL_BEGIN
 @property (readwrite) NSString *redirectUri;
 @property (nonatomic) MSIDProviderType providerType;
 @property (nonatomic) BOOL signoutFromBrowser;
+@property (nonatomic) BOOL clearSSOExtensionCookies;
 
 @end
 

IdentityCore/src/broker_operation/request/account_request/MSIDBrokerOperationSignoutFromDeviceRequest.h

@@ -32,6 +32,7 @@
 #import "MSIDJsonSerializableTypes.h"
 
 NSString *const MSID_SIGNOUT_FROM_BROWSER_KEY = @"signout_from_browser";
+NSString *const MSID_CLEAR_SSO_EXT_COOKIES_KEY = @"clear_sso_extension_cookies";
 
 @implementation MSIDBrokerOperationSignoutFromDeviceRequest
 
@@ -65,6 +66,7 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError **)er
         _redirectUri = [json msidStringObjectForKey:MSID_REDIRECT_URI_JSON_KEY];
         _providerType = MSIDProviderTypeFromString([json msidStringObjectForKey:MSID_PROVIDER_TYPE_JSON_KEY]);
         _signoutFromBrowser = [json msidBoolObjectForKey:MSID_SIGNOUT_FROM_BROWSER_KEY];
+        _clearSSOExtensionCookies = [json msidBoolObjectForKey:MSID_CLEAR_SSO_EXT_COOKIES_KEY];
     }
 
     return self;
@@ -93,6 +95,7 @@ - (NSDictionary *)jsonDictionary
 
     json[MSID_PROVIDER_TYPE_JSON_KEY] = MSIDProviderTypeToString(self.providerType);
     json[MSID_SIGNOUT_FROM_BROWSER_KEY] = @(_signoutFromBrowser);
+    json[MSID_CLEAR_SSO_EXT_COOKIES_KEY] = @(_clearSSOExtensionCookies);
 
     return json;
 }

IdentityCore/src/broker_operation/request/account_request/MSIDBrokerOperationSignoutFromDeviceRequest.m

@@ -23,6 +23,7 @@
 
 #import <Foundation/Foundation.h>
 #import "MSIDBaseBrokerOperationRequest.h"
+#import "MSIDBrowserRequestValidating.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -35,10 +36,13 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic, readonly) MSIDAADAuthority *authority;
 @property (nonatomic, readonly) NSDictionary *headers;
 @property (nonatomic, readonly) NSUUID *correlationId;
+@property (nonatomic, readonly) NSData *httpBody;
 
 - (instancetype)initWithRequest:(NSURL *)requestURL
                         headers:(NSDictionary *)headers
+                           body:(nullable NSData *)httpBody
                bundleIdentifier:(NSString *)bundleIdentifier
+               requestValidator:(id<MSIDBrowserRequestValidating>)requestValidator
                           error:(NSError **)error;
 
 @end

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationBrowserTokenRequest.h

@@ -33,7 +33,9 @@ @implementation MSIDBrokerOperationBrowserTokenRequest
 
 - (instancetype)initWithRequest:(NSURL *)requestURL
                         headers:(NSDictionary *)headers
+                           body:(NSData *)httpBody
                bundleIdentifier:(NSString *)bundleIdentifier
+               requestValidator:(id<MSIDBrowserRequestValidating>)requestValidator
                           error:(NSError **)error
 {
     self = [super init];
@@ -52,7 +54,7 @@ - (instancetype)initWithRequest:(NSURL *)requestURL
 
         _requestURL = requestURL;
 
-        if (![self shouldHandleURL:_requestURL])
+        if (![requestValidator shouldHandleURL:_requestURL])
         {
             if (error)
             {
@@ -64,6 +66,7 @@ - (instancetype)initWithRequest:(NSURL *)requestURL
         }
 
         _headers = headers;
+        _httpBody = httpBody;
         _bundleIdentifier = bundleIdentifier;
 
         MSIDAADAuthority *authority = [[MSIDAADAuthority alloc] initWithURL:_requestURL rawTenant:nil context:nil error:error];
@@ -85,27 +88,6 @@ - (instancetype)initWithRequest:(NSURL *)requestURL
     return self;
 }
 
-- (BOOL)shouldHandleURL:(NSURL *)url
-{
-    if (![url msidContainsCaseInsensitivePath:@"oauth2"])
-    {
-        return NO;
-    }
-    
-    if ([url msidContainsCaseInsensitivePath:@"/oauth2/authorize"])
-    {
-        return YES;
-    }
-    
-    if ([url msidContainsCaseInsensitivePath:@"/oauth2/v2.0/authorize"])
-    {
-        return YES;
-    }
-        
-    BOOL isLogoutRequest = [url msidContainsCaseInsensitivePath:@"logout"] && [url msidContainsPathComponent:@"logout"];
-    return isLogoutRequest;
-}
-
 #pragma mark - MSIDBaseBrokerOperationRequest
 
 + (NSString *)operation

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationBrowserTokenRequest.m

@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@protocol MSIDBrowserRequestValidating <NSObject>
+
+- (BOOL)shouldHandleURL:(NSURL *)url;
+
+@end
+
+NS_ASSUME_NONNULL_END

IdentityCore/src/broker_operation/request/token_request/MSIDBrowserRequestValidating.h

@@ -147,7 +147,7 @@ - (MSIDAccountMetadataState)signInStateForHomeAccountId:(NSString *)homeAccountI
     }
 
     NSError *localError;
-    MSIDAccountMetadataCacheItem *cacheItem = [self retrieveAccountMetadataCacheItemForClientId:clientId skipCache:self.skipMemoryCacheForAccountMetadata context:context error:&localError];
+    MSIDAccountMetadataCacheItem *cacheItem = [self retrieveAccountMetadataCacheItemForClientId:clientId skipCache:YES context:context error:&localError];
     if (localError)
     {
         if (error) *error = localError;
@@ -173,7 +173,7 @@ - (BOOL)updateSignInStateForHomeAccountId:(NSString *)homeAccountId
     }
 
     NSError *localError;
-    MSIDAccountMetadataCacheItem *cacheItem = [self retrieveAccountMetadataCacheItemForClientId:clientId skipCache:self.skipMemoryCacheForAccountMetadata context:context error:&localError];
+    MSIDAccountMetadataCacheItem *cacheItem = [self retrieveAccountMetadataCacheItemForClientId:clientId skipCache:YES context:context error:&localError];
     if (localError)
     {
         if (error) *error = localError;