#68

Author: salvoravida

.eslintignore

@@ -1,2 +1,3 @@
 /lib/
-/src/adal.js
+/src/adal.js
+/src/adal.mod.js

CHANGELOG.md

@@ -1,13 +1,18 @@
-#86 (thanks to @balanza)
-Adal SDK update to latest (1.0.18). Furthermore, I included a simple script to automatically fetch latest from github and clone it in our code.
+v. 0.5.0
+-
++ update adal.js to 1.0.18
 
-Allow extra parameters while fetching token. This is to comply with SDK's acquireTokenRedirect and acquireTokenPopup signatures (with the latter being broken before the fix).
-
-Using loginResource to check login token instead of clientId. This because SDK's AuthenticationContext constructor already handles missing loginResource by value it as clientId. Thus it can now cover both scenario: with both loginResource and clientId and only clientId provided.
 
+#86 (thanks to @balanza) https://github.com/salvoravida/react-adal/pull/86
+* Adal SDK update to latest (1.0.18). Furthermore, I included a simple script to automatically fetch latest from github and clone it in our code.
+* Allow extra parameters while fetching token. This is to comply with SDK's acquireTokenRedirect and acquireTokenPopup signatures (with the latter being broken before the fix).
+* Using loginResource to check login token instead of clientId. This because SDK's AuthenticationContext constructor already handles missing loginResource by value it as clientId. Thus it can now cover both scenario: with both loginResource and clientId and only clientId provided.
 
 #33 https://github.com/salvoravida/react-adal/issues/33
+* login ok - permission failed fix infinite loop
 
-login ok - permission failed fix infinite loop
+#67 https://github.com/salvoravida/react-adal/issues/67
+fix SSR support withAdalLogin Hoc
 
-# fix SSR support withAdalLogin Hoc
+#68 https://github.com/salvoravida/react-adal/issues/68
+Clear the resource cache on new login  

src/adal.mod.js

@@ -0,0 +1,31 @@
+import AuthenticationContext from './adal';
+
+/**
+ * Validates each resource token in cache againt current user
+ */
+AuthenticationContext.prototype.invalidateResourceTokens = function () {
+  const idToken = this._getItem(this.CONSTANTS.STORAGE.IDTOKEN);
+  if (!idToken) { return; }
+  const { upn } = this._extractIdToken(idToken);
+  const resources = Object.values(this.config.endpoints);
+
+  resources.forEach(r => this._clearStaleResourceToken(r, upn));
+}
+
+/**
+ * Clears cache for the given resource if it doesn't belong to current user's UPN
+ * @param {string} currentUserUpn Unique user identifier
+ * @param {string} resource a URI that identifies the resource
+ */
+AuthenticationContext.prototype._clearStaleResourceToken = function (resource, currentUserUpn) {
+  const resourceToken = this.getCachedToken(resource);
+  if (resourceToken) {
+    const { upn } = this._extractIdToken(resourceToken);
+    if (upn !== currentUserUpn) {
+      this.info(`Clearing invalid cache of resource ${resource}`);
+      this.clearCacheForResource(resource);
+    }
+  }
+}
+
+export default AuthenticationContext

src/react-adal.js

@@ -1,6 +1,6 @@
 // eslint-disable-next-line
 import React from 'react';
-import AuthenticationContext_ from './adal';
+import AuthenticationContext_ from './adal.mod';
 
 const isSSR = typeof window === 'undefined';
 
@@ -63,6 +63,10 @@ export function runWithAdal(authContext, app, doNotLogin) {
   //it must run in iframe too for refreshToken (parsing hash and get token)
   authContext.handleWindowCallback();
 
+  // Clear the resource cache on new login
+  // https://github.com/salvoravida/react-adal/issues/68
+  authContext.invalidateResourceTokens();
+
   //prevent iframe double app !!!
   if (window === window.parent) {
     if (!authContext.isCallback(window.location.hash)) {