merge dev

Veena11 · Veena11 · commit 10a22722098c · 2025-02-07T13:33:12.000-08:00
diff --git a/MSAL.podspec b/MSAL.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.6.3"
+  s.version      = "1.7.0"
   s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
                    The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.
diff --git a/MSAL/resources/ios/Info.plist b/MSAL/resources/ios/Info.plist
@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.3</string>
+	<string>1.7.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>
diff --git a/MSAL/resources/mac/Info.plist b/MSAL/resources/mac/Info.plist
@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.3</string>
+	<string>1.7.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>
diff --git a/MSAL/src/MSAL_Internal.h b/MSAL/src/MSAL_Internal.h
@@ -26,8 +26,8 @@
 //------------------------------------------------------------------------------
 
 #define MSAL_VER_HIGH       1
-#define MSAL_VER_LOW        6
-#define MSAL_VER_PATCH      3
+#define MSAL_VER_LOW        7
+#define MSAL_VER_PATCH      0
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)
diff --git a/MSAL/test/integration/native_auth/end_to_end/mfa/MSALNativeAuthSignInWithMFAEndToEndTests.swift b/MSAL/test/integration/native_auth/end_to_end/mfa/MSALNativeAuthSignInWithMFAEndToEndTests.swift
@@ -191,7 +191,128 @@ final class MSALNativeAuthSignInWithMFAEndToEndTests: MSALNativeAuthEndToEndPass
         // Now retrieve and submit the email OTP code
         await completeSignInWithMFAFlow(state: mfaRequiredState, username: username)
     }
-    
+
+    func test_signInAuthenticationContextClaim_mfaFlowIsTriggeredAndAccessTokenContainsClaims() async throws {
+        throw XCTSkip("Retrieving OTP failure")
+#if os(macOS)
+        throw XCTSkip("For some reason this test now requires Keychain access, reason needs to be investigated")
+#endif
+        guard let username = retrieveUsernameForSignInUsernamePasswordAndMFA(),
+              let password = await retrievePasswordForSignInUsername(),
+              let application = initialisePublicClientApplication()
+        else {
+            XCTFail("Something went wrong")
+            return
+        }
+
+        let authenticationContextId = "c4"
+        let authenticationContextRequestClaimJson = "{\"access_token\":{\"acrs\":{\"essential\":true,\"value\":\"\(authenticationContextId)\"}}}"
+        let authenticationContextATClaimJson = "\"acrs\":[\"\(authenticationContextId)\"]"
+
+        let parameters = MSALNativeAuthSignInParameters(username: username)
+        parameters.password = password
+        var error: NSError? = nil
+
+        parameters.claimsRequest = MSALClaimsRequest(jsonString: authenticationContextRequestClaimJson,
+                                                     error: &error)
+
+        let signInExpectation = expectation(description: "signing in")
+        let signInDelegateSpy = SignInPasswordStartDelegateSpy(expectation: signInExpectation)
+
+        application.signIn(parameters: parameters, delegate: signInDelegateSpy)
+
+        await fulfillment(of: [signInExpectation])
+
+        guard signInDelegateSpy.onSignInAwaitingMFACalled, let awaitingMFAState = signInDelegateSpy.newStateAwaitingMFA else {
+            XCTFail("Awaiting MFA not called")
+            return
+        }
+
+        // Request to send challenge to the default strong auth method
+        let mfaExpectation = expectation(description: "mfa")
+        let mfaDelegateSpy = MFARequestChallengeDelegateSpy(expectation: mfaExpectation)
+
+        awaitingMFAState.requestChallenge(delegate: mfaDelegateSpy)
+
+        await fulfillment(of: [mfaExpectation])
+
+        guard mfaDelegateSpy.onSelectionRequiredCalled, let mfaRequiredState = mfaDelegateSpy.newStateMFARequired, let authMethod = mfaDelegateSpy.authMethods?.first else {
+            XCTFail("Selection required not triggered")
+            return
+        }
+
+        XCTAssertTrue(authMethod.channelTargetType.isEmailType)
+
+        // Request to send challenge to a specific strong auth method
+
+        let mfaSendChallengeExpectation = expectation(description: "mfa")
+        let mfaSendChallengeDelegateSpy = MFARequestChallengeDelegateSpy(expectation: mfaSendChallengeExpectation)
+        mfaRequiredState.requestChallenge(authMethod: authMethod, delegate: mfaSendChallengeDelegateSpy)
+
+        await fulfillment(of: [mfaSendChallengeExpectation])
+
+        guard mfaSendChallengeDelegateSpy.onVerificationRequiredCalled, let newMfaRequiredState = mfaSendChallengeDelegateSpy.newStateMFARequired else {
+            XCTFail("Challenge not sent to MFA method")
+            return
+        }
+
+        XCTAssertNotNil(mfaSendChallengeDelegateSpy.sentTo)
+        XCTAssertNotNil(mfaSendChallengeDelegateSpy.codeLength)
+        XCTAssertTrue(mfaSendChallengeDelegateSpy.channelTargetType!.isEmailType)
+
+        guard let code = await retrieveCodeFor(email: username) else {
+            XCTFail("OTP code could not be retrieved")
+            return
+        }
+
+        let submitChallengeExpectation = expectation(description: "submitChallenge")
+        let mfaSubmitChallengeDelegateSpy = MFASubmitChallengeDelegateSpy(expectation: submitChallengeExpectation)
+
+        newMfaRequiredState.submitChallenge(challenge: code, delegate: mfaSubmitChallengeDelegateSpy)
+
+        await fulfillment(of: [submitChallengeExpectation])
+
+        XCTAssertTrue(mfaSubmitChallengeDelegateSpy.onSignInCompletedCalled)
+        XCTAssertNotNil(mfaSubmitChallengeDelegateSpy.result)
+        XCTAssertNotNil(mfaSubmitChallengeDelegateSpy.result?.idToken)
+        XCTAssertEqual(mfaSubmitChallengeDelegateSpy.result?.account.username, username)
+
+        let geAccessTokenExpectation = expectation(description: "get access token")
+        let credentialsDelegateSpy = CredentialsDelegateSpy(expectation: geAccessTokenExpectation)
+
+        signInDelegateSpy.result?.getAccessToken(parameters: MSALNativeAuthGetAccessTokenParameters(), delegate: credentialsDelegateSpy)
+
+        await fulfillment(of: [geAccessTokenExpectation])
+
+        XCTAssertTrue(credentialsDelegateSpy.onAccessTokenRetrieveCompletedCalled)
+        XCTAssertNotNil(credentialsDelegateSpy.result?.accessToken)
+
+        let atParts = credentialsDelegateSpy.result?.accessToken.components(separatedBy: ".")
+
+        // It should have 3 parts
+        guard let atParts, atParts.count == 3 else {
+            XCTFail("Invalid Access token received")
+            return
+        }
+
+        // We need to use the middle part
+        var atBody: String! = atParts[1]
+
+        //There could be the case that the length of the access token is not a multiple of 4 so we pad it with "="
+        let length = Double(atBody.lengthOfBytes(using: String.Encoding.utf8))
+        let requiredLength = 4 * ceil(length / 4.0)
+        let paddingLength = requiredLength - length
+        if paddingLength > 0 {
+            let padding = "".padding(toLength: Int(paddingLength), withPad: "=", startingAt: 0)
+            atBody = atBody + padding
+        }
+        
+        let atEncodedData = Data(base64Encoded: atBody!, options: .ignoreUnknownCharacters)
+        let atString = String(data: atEncodedData!, encoding: .utf8)!
+
+        XCTAssertTrue(atString.contains(authenticationContextATClaimJson))
+    }
+
     // MARK: private methods
     
     private func signInUsernameAndPassword(username: String, password: String) async -> AwaitingMFAState? {
diff --git a/Package.swift b/Package.swift
@@ -13,6 +13,6 @@ let package = Package(
           targets: ["MSAL"]),
   ],
   targets: [
-      .binaryTarget(name: "MSAL", url: "https://github.com/AzureAD/microsoft-authentication-library-for-objc/releases/download/1.6.2/MSAL.zip", checksum: "dbc4346f983e6402a37a747b371cadb44b39523a837d901e0ccc1c52b5d142d1")
+      .binaryTarget(name: "MSAL", url: "https://github.com/AzureAD/microsoft-authentication-library-for-objc/releases/download/1.6.3/MSAL.zip", checksum: "ce2684b1d4ab1038d7ad892d4cae8a2ae38d0f13192064473a601fffe4ae755e")
   ]
 )

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,6 @@ let package = Package(`
`13`	`13`	`targets: ["MSAL"]),`
`14`	`14`	`],`
`15`	`15`	`targets: [`
`16`		`- .binaryTarget(name: "MSAL", url: "https://github.com/AzureAD/microsoft-authentication-library-for-objc/releases/download/1.6.2/MSAL.zip", checksum: "dbc4346f983e6402a37a747b371cadb44b39523a837d901e0ccc1c52b5d142d1")`
	`16`	`+ .binaryTarget(name: "MSAL", url: "https://github.com/AzureAD/microsoft-authentication-library-for-objc/releases/download/1.6.3/MSAL.zip", checksum: "ce2684b1d4ab1038d7ad892d4cae8a2ae38d0f13192064473a601fffe4ae755e")`
`17`	`17`	`]`
`18`	`18`	`)`