Ensuing valid parantViewController is required for MSAL Interactive APIs

Author: Swasti Gupta

MSAL/src/MSIDInteractiveRequestParameters+MSALRequest.m

@@ -37,12 +37,18 @@ - (BOOL)fillWithWebViewParameters:(MSALWebviewParameters *)webParameters
                     customWebView:(WKWebView *)customWebView
                             error:(NSError **)error
 {
+    if (webParameters == nil)
+    {
+        NSError *msidError = MSIDCreateError(MSIDErrorDomain, MSIDErrorInvalidDeveloperParameter, @"webviewParameters is a required parameter.", nil, nil, nil, nil, nil, YES);
+        if (error) *error = msidError;
+        return NO;
+    }
+    
     __typeof__(webParameters.parentViewController) parentViewController = webParameters.parentViewController;
 
-#if TARGET_OS_IPHONE
     if (parentViewController == nil)
     {
-        NSError *msidError = MSIDCreateError(MSIDErrorDomain, MSIDErrorInvalidDeveloperParameter, @"parentViewController is a required parameter on iOS.", nil, nil, nil, nil, nil, YES);
+        NSError *msidError = MSIDCreateError(MSIDErrorDomain, MSIDErrorInvalidDeveloperParameter, @"parentViewController is a required parameter.", nil, nil, nil, nil, nil, YES);
         if (error) *error = msidError;
         return NO;
     }
@@ -54,9 +60,10 @@ - (BOOL)fillWithWebViewParameters:(MSALWebviewParameters *)webParameters
         return NO;
     }
 
+#if TARGET_OS_IPHONE
     self.presentationType = webParameters.presentationStyle;
 #endif
-        
+    
     self.parentViewController = parentViewController;
 
     self.prefersEphemeralWebBrowserSession = webParameters.prefersEphemeralWebBrowserSession;

MSAL/src/public/MSALWebviewParameters.h

@@ -44,10 +44,10 @@ NS_ASSUME_NONNULL_BEGIN
 #pragma mark - Configuration options
 
 /**
- The view controller to present from. If nil, MSAL will attempt to still proceed with the authentication, but the results will be unexpected.
- It is strongly recommended to provide a non-null parentViewController to avoid unexpected results.
+ The view controller to present from. This property must be valid. If nil is provided, or if the view controller is not attached to a window (i.e., parentViewController.view.window is nil), MSAL will return an error and will not proceed with authentication.
+ It is required to provide a valid parentViewController with a window to proceed with authentication.
  */
-@property (nullable, weak, nonatomic) MSALViewController *parentViewController;
+@property (nonatomic, strong, nonnull) MSALViewController *parentViewController;
 
 #if TARGET_OS_IPHONE
 
@@ -83,10 +83,10 @@ NS_ASSUME_NONNULL_BEGIN
 
 /**
    Creates an instance of MSALWebviewParameters with a provided parentViewController.
-   @param parentViewController The view controller to present authorization UI from.
-   @note parentViewController is mandatory on iOS 13+  and macOS 10.15+. Your app will experience unexpected results if parentViewController is not provided.
+   @param parentViewController The view controller to present authorization UI from. This property must be valid
+   @note parentViewController is mandatory on iOS 13+  and macOS 10.15+. If nil is provided, or if the view controller is not attached to a window (i.e., parentViewController.view.window is nil), MSAL will return an error and authentication will not proceed. It is required to provide a valid parentViewController with a window to proceed with authentication.
 */
-- (nonnull instancetype)initWithAuthPresentationViewController:(MSALViewController *)parentViewController;
+- (nonnull instancetype)initWithAuthPresentationViewController:(nonnull MSALViewController *)parentViewController;
 
 
 /**

MSAL/test/unit/MSALPublicClientApplicationTests.m

@@ -508,6 +508,143 @@ - (void)testAcquireTokenScopes
     application = nil;
 }
 
+- (void)testAcquireTokenScopes_WithNilParentViewController_shouldReturnError
+{
+    __auto_type authority = [@"https://login.microsoftonline.com/common" msalAuthority];
+    
+    MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:UNIT_TEST_CLIENT_ID redirectUri:nil authority:authority];
+    config.sliceConfig = [MSALSliceConfig configWithSlice:@"slice" dc:@"dc"];
+    
+    NSError *error = nil;
+    __auto_type application = [[MSALPublicClientApplication alloc] initWithConfiguration:config
+                                                                                   error:&error];
+    XCTAssertNotNil(application);
+    XCTAssertNil(error);
+    
+    __block dispatch_semaphore_t dsem = dispatch_semaphore_create(0);
+    
+    [MSIDTestSwizzle instanceMethod:@selector(acquireToken:)
+                              class:[MSIDLocalInteractiveController class]
+                              block:(id)^(MSIDLocalInteractiveController *obj, MSIDRequestCompletionBlock completionBlock)
+     {
+         XCTAssertTrue([obj isKindOfClass:[MSIDLocalInteractiveController class]]);
+         completionBlock(nil, nil);
+     }];
+
+    MSALGlobalConfig.brokerAvailability = MSALBrokeredAvailabilityNone;
+    
+    MSALViewController *parentViewController = nil;
+    MSALWebviewParameters *webParameters = [[MSALWebviewParameters alloc] initWithAuthPresentationViewController:parentViewController];
+    MSALInteractiveTokenParameters *parameters = [[MSALInteractiveTokenParameters alloc] initWithScopes:@[@"fakescope"]
+                                                                                      webviewParameters:webParameters];
+    
+    [application acquireTokenWithParameters:parameters
+                            completionBlock:^(MSALResult *result, NSError *error)
+     {
+        XCTAssertNil(result);
+        XCTAssertNotNil(error);
+        
+        dispatch_semaphore_signal(dsem);
+    }];
+    
+    dispatch_semaphore_wait(dsem, DISPATCH_TIME_NOW);
+    application = nil;
+}
+
+- (void)testAcquireTokenScopes_WithInvalidParentViewController_shouldReturnError
+{
+    __auto_type authority = [@"https://login.microsoftonline.com/common" msalAuthority];
+    
+    MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:UNIT_TEST_CLIENT_ID redirectUri:nil authority:authority];
+    config.sliceConfig = [MSALSliceConfig configWithSlice:@"slice" dc:@"dc"];
+    
+    NSError *error = nil;
+    __auto_type application = [[MSALPublicClientApplication alloc] initWithConfiguration:config
+                                                                                   error:&error];
+    XCTAssertNotNil(application);
+    XCTAssertNil(error);
+    
+    __block dispatch_semaphore_t dsem = dispatch_semaphore_create(0);
+    
+    [MSIDTestSwizzle instanceMethod:@selector(acquireToken:)
+                              class:[MSIDLocalInteractiveController class]
+                              block:(id)^(MSIDLocalInteractiveController *obj, MSIDRequestCompletionBlock completionBlock)
+     {
+         XCTAssertTrue([obj isKindOfClass:[MSIDLocalInteractiveController class]]);
+         completionBlock(nil, nil);
+     }];
+
+    static dispatch_once_t once;
+    static MSALViewController *controller;
+    
+#if TARGET_OS_IPHONE
+    MSALGlobalConfig.brokerAvailability = MSALBrokeredAvailabilityNone;
+    dispatch_once(&once, ^{
+        controller = [UIViewController new];
+    });
+#else
+    dispatch_once(&once, ^{
+        controller = [NSViewController new];
+    });
+#endif
+
+    MSALWebviewParameters *webParameters = [[MSALWebviewParameters alloc] initWithAuthPresentationViewController:controller];
+    MSALInteractiveTokenParameters *parameters = [[MSALInteractiveTokenParameters alloc] initWithScopes:@[@"fakescope"]
+                                                                                      webviewParameters:webParameters];
+    
+    [application acquireTokenWithParameters:parameters
+                            completionBlock:^(MSALResult *result, NSError *error)
+     {
+        XCTAssertNil(result);
+        XCTAssertNotNil(error);
+        
+        dispatch_semaphore_signal(dsem);
+    }];
+    
+    dispatch_semaphore_wait(dsem, DISPATCH_TIME_NOW);
+    application = nil;
+}
+
+- (void)testAcquireTokenScopes_WithNilWebviewParameters_shouldReturnError
+{
+    __auto_type authority = [@"https://login.microsoftonline.com/common" msalAuthority];
+    
+    MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:UNIT_TEST_CLIENT_ID redirectUri:nil authority:authority];
+    config.sliceConfig = [MSALSliceConfig configWithSlice:@"slice" dc:@"dc"];
+    
+    NSError *error = nil;
+    __auto_type application = [[MSALPublicClientApplication alloc] initWithConfiguration:config
+                                                                                   error:&error];
+    XCTAssertNotNil(application);
+    XCTAssertNil(error);
+    
+    __block dispatch_semaphore_t dsem = dispatch_semaphore_create(0);
+    
+    [MSIDTestSwizzle instanceMethod:@selector(acquireToken:)
+                              class:[MSIDLocalInteractiveController class]
+                              block:(id)^(MSIDLocalInteractiveController *obj, MSIDRequestCompletionBlock completionBlock)
+     {
+         XCTAssertTrue([obj isKindOfClass:[MSIDLocalInteractiveController class]]);
+         completionBlock(nil, nil);
+     }];
+
+    MSALGlobalConfig.brokerAvailability = MSALBrokeredAvailabilityNone;
+    MSALWebviewParameters *webParameters = nil;
+    MSALInteractiveTokenParameters *parameters = [[MSALInteractiveTokenParameters alloc] initWithScopes:@[@"fakescope"]
+                                                                                      webviewParameters:webParameters];
+    
+    [application acquireTokenWithParameters:parameters
+                            completionBlock:^(MSALResult *result, NSError *error)
+     {
+        XCTAssertNil(result);
+        XCTAssertNotNil(error);
+        
+        dispatch_semaphore_signal(dsem);
+    }];
+    
+    dispatch_semaphore_wait(dsem, DISPATCH_TIME_NOW);
+    application = nil;
+}
 #pragma mark - Known authorities
 
 - (void)testAcquireToken_whenKnownAADAuthority_shouldNotForceValidation