Merge pull request #1534 from AzureAD/josephpab/dunaBitMask

Added ephemeral browser session to duna

Author: josephpab

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -5098,7 +5098,6 @@
 		B2AF1D29218BCDEF0080C1A0 /* requests */ = {
 			isa = PBXGroup;
 			children = (
-
 				720B5B542DD57D6600318FE5 /* MSIDEcdhApv.m */,
 				720B5B522DD57C3700318FE5 /* MSIDEcdhApv.h */,
 				720B5B4F2DD577C100318FE5 /* MSIDJWECrypto.m */,

IdentityCore/src/webview/MSIDCertAuthManager.h

@@ -44,6 +44,7 @@ NS_ASSUME_NONNULL_BEGIN
 - (void)startWithURL:(NSURL *)startURL
     parentController:(MSIDViewController *)parentViewController
              context:(id<MSIDRequestContext>)context
+ephemeralWebBrowserSession:(BOOL)ephemeralWebBrowserSession
      completionBlock:(MSIDWebUICompletionHandler)completionBlock;
 
 - (BOOL)completeWithCallbackURL:(NSURL *)url;

IdentityCore/src/webview/MSIDCertAuthManager.m

@@ -79,6 +79,7 @@ - (BOOL)completeWithCallbackURL:(NSURL *)url
 - (void)startWithURL:(NSURL *)startURL
     parentController:(MSIDViewController *)parentViewController
              context:(id<MSIDRequestContext>)context
+   ephemeralWebBrowserSession:(BOOL)ephemeralWebBrowserSession
      completionBlock:(MSIDWebUICompletionHandler)completionBlock
 {
     [MSIDMainThreadUtil executeOnMainThreadIfNeeded:^{
@@ -113,7 +114,7 @@ - (void)startWithURL:(NSURL *)startURL
                                                                             parentController:parentViewController
                                                                     useAuthenticationSession:self.useAuthSession
                                                                    allowSafariViewController:YES
-                                                                  ephemeralWebBrowserSession:YES
+                                                                  ephemeralWebBrowserSession:ephemeralWebBrowserSession
                                                                                      context:context];
 
         self.systemWebViewController.appActivities = self.activities;

IdentityCore/src/webview/embeddedWebview/challangeHandlers/ios/MSIDCertAuthHandler.m

@@ -96,6 +96,7 @@ + (BOOL)handleChallenge:(NSURLAuthenticationChallenge *)challenge
     [MSIDCertAuthManager.sharedInstance startWithURL:requestURL
                                     parentController:parentViewController
                                              context:context
+                          ephemeralWebBrowserSession:YES
                                      completionBlock:^(NSURL *callbackURL, NSError *error)
      {
         MSIDWebviewSession *session = [MSIDWebviewAuthorization currentSession];

IdentityCore/src/webview/operations/ios/MSIDSwitchBrowserOperation.m

@@ -22,7 +22,6 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.  
 
-
 #import "MSIDSwitchBrowserOperation.h"
 #import "MSIDSystemWebviewController.h"
 #import "MSIDWebviewResponse.h"
@@ -90,6 +89,7 @@ - (void)invokeWithRequestParameters:(nonnull MSIDInteractiveTokenRequestParamete
     [self.certAuthManager startWithURL:startURL
                       parentController:requestParameters.parentViewController
                                context:requestParameters
+            ephemeralWebBrowserSession:self.switchBrowserResponse.useEphemeralWebBrowserSession
                        completionBlock:^(NSURL *callbackURL, NSError *error)
      {
         [self.certAuthManager resetState];

IdentityCore/src/webview/response/MSIDSwitchBrowserResponse.h

@@ -27,8 +27,14 @@
 
 @interface MSIDSwitchBrowserResponse : MSIDWebviewResponse
 
+typedef NS_OPTIONS(NSInteger, MSIDSwitchBrowserModes) {
+    BrowserModePrivateSession = 1 << 0,
+    // Add future flags here
+};
+
 @property (nonatomic, readonly) NSString *actionUri;
 @property (nonatomic, readonly) NSString *switchBrowserSessionToken;
+@property (nonatomic, readonly) BOOL useEphemeralWebBrowserSession;
 
 - (instancetype )init NS_UNAVAILABLE;
 + (instancetype)new NS_UNAVAILABLE;

IdentityCore/src/webview/response/MSIDSwitchBrowserResponse.m

@@ -27,6 +27,7 @@
 #import "MSIDWebResponseOperationFactory.h"
 #import "MSIDConstants.h"
 #import "MSIDFlightManager.h"
+#import "NSData+MSIDExtensions.h"
 
 @implementation MSIDSwitchBrowserResponse
 
@@ -47,8 +48,20 @@ - (instancetype)initWithURL:(NSURL *)url
     if (self)
     {
         if (![self isMyUrl:url redirectUri:redirectUri]) return nil;
-        
         _actionUri = self.parameters[@"action_uri"];
+        _useEphemeralWebBrowserSession = YES;
+        
+        NSString* browserOptionsString = self.parameters[@"browser_modes"];
+        if (browserOptionsString)
+        {
+            NSData *data = [NSData msidDataFromBase64UrlEncodedString:browserOptionsString];
+            uint32_t flagsValue = 0;
+            [data getBytes:&flagsValue length:sizeof(flagsValue)];
+            
+            MSIDSwitchBrowserModes modes = (MSIDSwitchBrowserModes)flagsValue;
+            _useEphemeralWebBrowserSession = modes & BrowserModePrivateSession;
+        }
+        
         if ([NSString msidIsStringNilOrBlank:_actionUri])
         {
             if (error) *error = MSIDCreateError(MSIDOAuthErrorDomain, MSIDErrorServerInvalidResponse, @"action_uri is nil.", nil, nil, nil, context.correlationId, nil, YES);
@@ -123,5 +136,4 @@ - (BOOL)isMyUrl:(NSURL *)url
     return [self.class isDUNAActionUrl:url operation:[self.class operation]];
 }
 
-
 @end

IdentityCore/tests/MSIDSwitchBrowserOperationTest.swift

@@ -34,6 +34,7 @@ class MSIDCertAuthManagerMock: MSIDCertAuthManager
     override func start(with startURL: URL,
                         parentController parentViewController: UIViewController,
                         context: any MSIDRequestContext,
+                        ephemeralWebBrowserSession: Bool,
                         completionBlock: @escaping MSIDWebUICompletionHandler)
     {
         startWithUrlInvokedCount += 1

IdentityCore/tests/MSIDSwitchBrowserResponseTest.swift

@@ -82,6 +82,30 @@ final class MSIDSwitchBrowserResponseTest: XCTestCase
         XCTAssertEqual(response?.switchBrowserSessionToken, "some_code")
     }
 
+    func testInit_whenValidBrowserMode_hasBitmaskPrivateSessionShouldBeTrue() throws
+    {
+        let url = URL(string: "msauth://broker_bundle_id//switch_browser?action_uri=some_uri&code=some_code&browser_modes=AQAAAA")!
+        
+        let response = try? MSIDSwitchBrowserResponse(url: url, redirectUri: "msauth://broker_bundle_id", context: nil)
+        
+        XCTAssertNotNil(response)
+        XCTAssertEqual(response?.actionUri, "some_uri")
+        XCTAssertEqual(response?.switchBrowserSessionToken, "some_code")
+        XCTAssertEqual(response?.useEphemeralWebBrowserSession, true)
+    }
+    
+    func testInit_whenInvalidBrowserMode_hasBitmaskPrivateSessionShouldBeFalse() throws
+    {
+        let url = URL(string: "msauth://broker_bundle_id//switch_browser?action_uri=some_uri&code=some_code&browser_modes=AAAAAA")!
+        
+        let response = try? MSIDSwitchBrowserResponse(url: url, redirectUri: "msauth://broker_bundle_id", context: nil)
+        
+        XCTAssertNotNil(response)
+        XCTAssertEqual(response?.actionUri, "some_uri")
+        XCTAssertEqual(response?.switchBrowserSessionToken, "some_code")
+        XCTAssertEqual(response?.useEphemeralWebBrowserSession, false)
+    }
+    
     func testInit_whenInvalidUrl_shouldReturnNil() throws
     {
         let url = URL(string: "msauth.com.microsoft.msaltestapp://auth/abc?action_uri=some_uri&code=some_code")!