Merge branch 'release/v2.2.7'

ADAL.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "2.2.6"
+  s.version      = "2.2.7"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADAL/ADAL.xcodeproj/project.pbxproj

@@ -56,6 +56,7 @@
 		8BB8346D1807C5F5007F9F0D /* ADAuthenticationParametersTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 8BB8346C1807C5F5007F9F0D /* ADAuthenticationParametersTests.m */; };
 		8BBF678618358544004E0F4D /* ADUserInformationTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 8BBF678518358544004E0F4D /* ADUserInformationTests.m */; };
 		8BBF6788183588EC004E0F4D /* ADTokenCacheItemTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 8BBF6787183588EC004E0F4D /* ADTokenCacheItemTests.m */; };
+		940CC8881D8A34610087E9EA /* ADBrokerMessageTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 940CC8871D8A34610087E9EA /* ADBrokerMessageTests.m */; };
 		9424B6841CDD39E400729698 /* ADTokenCacheAccessor.m in Sources */ = {isa = PBXBuildFile; fileRef = 9424B6811CDD1B2B00729698 /* ADTokenCacheAccessor.m */; };
 		9430C3411C4631C200D6506D /* ADTokenCacheTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 9430C3401C4631C200D6506D /* ADTokenCacheTests.m */; };
 		9430C34E1C54320400D6506D /* ADAuthenticationContextTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 9430C34D1C54320400D6506D /* ADAuthenticationContextTests.m */; };
@@ -393,6 +394,7 @@
 		8BFEF065182DA57800122C0C /* ADALiOSBundle-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "ADALiOSBundle-Info.plist"; sourceTree = "<group>"; };
 		8BFEF067182DA57800122C0C /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = "<group>"; };
 		8BFEF069182DA57800122C0C /* ADALiOSBundle-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "ADALiOSBundle-Prefix.pch"; sourceTree = "<group>"; };
+		940CC8871D8A34610087E9EA /* ADBrokerMessageTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ADBrokerMessageTests.m; sourceTree = "<group>"; };
 		941674431C9CCCAF00D8D52A /* ADAuthenticationError+Internal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "ADAuthenticationError+Internal.h"; sourceTree = "<group>"; };
 		9424B6811CDD1B2B00729698 /* ADTokenCacheAccessor.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ADTokenCacheAccessor.m; sourceTree = "<group>"; };
 		9424B6831CDD1B4600729698 /* ADTokenCacheDataSource.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ADTokenCacheDataSource.h; sourceTree = "<group>"; };
@@ -1012,6 +1014,7 @@
 				94DD19021C5AD39A00F80C62 /* ADBrokerKeyHelperTests.m */,
 				94DD19031C5AD39A00F80C62 /* ADKeychainTokenCacheTests.m */,
 				94DD19041C5AD39A00F80C62 /* InfoPlist.strings */,
+				940CC8871D8A34610087E9EA /* ADBrokerMessageTests.m */,
 			);
 			path = ios;
 			sourceTree = "<group>";
@@ -1387,6 +1390,7 @@
 				D6F999801D235ACF004E682C /* ADAcquireTokenPkeyAuthTests.m in Sources */,
 				D60D8FE81D25C8D400F3E6C9 /* ADHelpersTests.m in Sources */,
 				601BEE341C6DCB0B004AA8C1 /* ADWebAuthControllerTests.m in Sources */,
+				940CC8881D8A34610087E9EA /* ADBrokerMessageTests.m in Sources */,
 				6071B5E41C14C0B0006F6CC2 /* ADTestURLConnection.m in Sources */,
 				8BBF678618358544004E0F4D /* ADUserInformationTests.m in Sources */,
 				94DD19081C5AD3A600F80C62 /* ADKeychainTokenCacheTests.m in Sources */,

ADAL/src/ADAL_Internal.h

@@ -27,7 +27,7 @@
 // through build script. Don't change its format unless changing build script as well.)
 #define ADAL_VER_HIGH       2
 #define ADAL_VER_LOW        2
-#define ADAL_VER_PATCH      6
+#define ADAL_VER_PATCH      7
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)
@@ -56,7 +56,7 @@
 
 /*! The completion block declaration. */
 typedef void(^ADAuthenticationCallback)(ADAuthenticationResult* result);
-
+typedef void(^ADAuthorizationCodeCallback)(NSString*, ADAuthenticationError*);
 
 #if TARGET_OS_IPHONE
 //iOS:
@@ -68,6 +68,7 @@ typedef UIWebView WebViewType;
 typedef WebView   WebViewType;
 #endif
 
+
 #import "ADAuthenticationRequest.h"
 
 //Helper macro to initialize a variable named __where string with place in file details:

ADAL/src/ADAuthenticationContext+Internal.h

@@ -45,8 +45,6 @@
 #import "ADOAuth2Constants.h"
 #import "ADTokenCacheAccessor.h"
 
-typedef void(^ADAuthorizationCodeCallback)(NSString*, ADAuthenticationError*);
-
 extern NSString* const ADUnknownError;
 extern NSString* const ADCredentialsNeeded;
 extern NSString* const ADInteractionNotSupportedInExtension;

ADAL/src/ADAuthenticationContext.m

@@ -259,9 +259,9 @@ + (BOOL)isResponseFromBroker:(NSString*)sourceApplication
     [NSString adSame:sourceApplication toString:@"com.microsoft.azureauthenticator"];
 }
 
-+ (void)handleBrokerResponse:(NSURL*)response
++ (BOOL)handleBrokerResponse:(NSURL*)response
 {
-    [ADAuthenticationRequest internalHandleBrokerResponse:response];
+    return [ADAuthenticationRequest internalHandleBrokerResponse:response];
 }
 
 #define REQUEST_WITH_REDIRECT_STRING(_redirect, _clientId, _resource) \

ADAL/src/ADAuthenticationError+Internal.h

@@ -23,6 +23,23 @@
 
 #import "ADAuthenticationError.h"
 
+#define AUTH_ERROR(_CODE, _DETAILS, _CORRELATION) \
+    ADAuthenticationError* adError = \
+    [ADAuthenticationError errorFromAuthenticationError:_CODE \
+                                           protocolCode:nil \
+                                           errorDetails:_DETAILS \
+                                          correlationId:_CORRELATION]; \
+    if (error) { *error = adError; }
+
+#define AUTH_ERROR_UNDERLYING(_CODE, _DETAILS, _UNDERLYING, _CORRELATION) \
+    ADAuthenticationError* adError = \
+    [ADAuthenticationError errorFromAuthenticationError:_CODE \
+                                           protocolCode:nil \
+                                           errorDetails:_DETAILS \
+                                               userInfo:@{ NSUnderlyingErrorKey : _UNDERLYING } \
+                                          correlationId:_CORRELATION]; \
+    if (error) { *error = adError; }
+
 @interface ADAuthenticationError (Internal)
 
 /*! Generates an error for invalid method argument. */

ADAL/src/broker/ios/ADBrokerHelper.m

@@ -36,20 +36,27 @@
 
 BOOL __swizzle_ApplicationOpenURL(id self, SEL _cmd, UIApplication* application, NSURL* url, NSString* sourceApplication, id annotation)
 {
-    if (![ADAuthenticationContext isResponseFromBroker:sourceApplication response:url])
+    if ([ADAuthenticationContext isResponseFromBroker:sourceApplication response:url])
     {
-        if (__original_ApplicationOpenURL)
-        {
-            return ((applicationOpenURLPtr)__original_ApplicationOpenURL)(self, _cmd, application, url, sourceApplication, annotation);
-        }
-        else
+        // Attempt to handle response from broker
+        BOOL result = [ADAuthenticationContext handleBrokerResponse:url];
+
+        if (result)
         {
-            return NO;
+            // Successfully handled broker response
+            return YES;
         }
     }
-
-    [ADAuthenticationContext handleBrokerResponse:url];
-    return YES;
+
+    // Fallback to original delegate if defined
+    if (__original_ApplicationOpenURL)
+    {
+        return ((applicationOpenURLPtr)__original_ApplicationOpenURL)(self, _cmd, application, url, sourceApplication, annotation);
+    }
+    else
+    {
+        return NO;
+    }
 }
 
 typedef BOOL (*applicationOpenURLiOS9Ptr)(id, SEL, UIApplication*, NSURL*, NSDictionary<NSString*, id>*);
@@ -58,20 +65,29 @@ BOOL __swizzle_ApplicationOpenURL(id self, SEL _cmd, UIApplication* application,
 BOOL __swizzle_ApplicationOpenURLiOS9(id self, SEL _cmd, UIApplication* application, NSURL* url, NSDictionary<NSString*, id>* options)
 {
     NSString* sourceApplication = [options objectForKey:UIApplicationOpenURLOptionsSourceApplicationKey];
-    if (![ADAuthenticationContext isResponseFromBroker:sourceApplication response:url])
+
+    if ([ADAuthenticationContext isResponseFromBroker:sourceApplication response:url])
     {
-        if (__original_ApplicationOpenURLiOS9)
-        {
-            return ((applicationOpenURLiOS9Ptr)__original_ApplicationOpenURLiOS9)(self, _cmd, application, url, options);
-        }
-        else
+        // Attempt to handle response from broker
+        BOOL result = [ADAuthenticationContext handleBrokerResponse:url];
+
+        if (result)
         {
-            return NO;
+            // Successfully handled broker response
+            return YES;
         }
+
+    }
+
+    // Fallback to original delegate if defined
+    if (__original_ApplicationOpenURLiOS9)
+    {
+        return ((applicationOpenURLiOS9Ptr)__original_ApplicationOpenURLiOS9)(self, _cmd, application, url, options);
+    }
+    else
+    {
+        return NO;
     }
-
-    [ADAuthenticationContext handleBrokerResponse:url];
-    return YES;
 }
 
 @implementation ADBrokerHelper
@@ -84,7 +100,7 @@ + (void)load
         return;
     }
 
-    __block id observer = nil;
+    __block __weak id observer = nil;
 
     observer =
     [[NSNotificationCenter defaultCenter] addObserverForName:UIApplicationDidFinishLaunchingNotification

ADAL/src/broker/ios/ADBrokerKeyHelper.h

@@ -47,6 +47,6 @@
                            error:(ADAuthenticationError *__autoreleasing *)error;
 
 // NOTE: Used for testing purposes only. Does not change keychain entries.
-- (void)setSymmetricKey:(NSData *)symmetricKey;
++ (void)setSymmetricKey:(NSString *)base64Key;
 
 @end

ADAL/src/broker/ios/ADBrokerKeyHelper.m

@@ -30,6 +30,8 @@
 #import <Security/Security.h>
 #import "ADLogger+Internal.h"
 
+static NSData* s_symmetricKeyOverride = nil;
+
 @implementation ADBrokerKeyHelper
 
 enum {
@@ -165,6 +167,11 @@ - (NSData*)getBrokerKey:(ADAuthenticationError* __autoreleasing*)error
         return _symmetricKey;
     }
 
+    if (s_symmetricKeyOverride)
+    {
+        return s_symmetricKeyOverride;
+    }
+
     NSDictionary* symmetricKeyQuery =
     @{
       (id)kSecClass : (id)kSecClassKey,
@@ -279,4 +286,17 @@ - (void)setSymmetricKey:(NSData *)symmetricKey
     SAFE_ARC_RETAIN(_symmetricKey);
 }
 
-@end;
++ (void)setSymmetricKey:(NSString *)base64Key
+{
+    SAFE_ARC_RELEASE(s_symmetricKeyOverride);
+    if (base64Key)
+    {
+        s_symmetricKeyOverride = [[NSData alloc] initWithBase64EncodedString:base64Key options:0];
+    }
+    else
+    {
+        s_symmetricKeyOverride = nil;
+    }
+}
+
+@end

ADAL/src/public/ADAuthenticationContext.h

@@ -240,7 +240,7 @@ typedef enum
 
 /*!
  */
-+ (void)handleBrokerResponse:(NSURL*)response;
++ (BOOL)handleBrokerResponse:(NSURL*)response;
 
 /*! Represents the authority used by the context. */
 @property (readonly) NSString* authority;

ADAL/src/public/ADErrorCodes.h

@@ -158,6 +158,21 @@ typedef enum
     /*! Failed to decrypt the message we received from Azure Authenticator */
     AD_ERROR_TOKENBROKER_DECRYPTION_FAILED = 505,
 
+    /*! We were launched with a URL, however that URL did not come from the broker app, or was
+        not a broker response. */
+    AD_ERROR_TOKENBROKER_NOT_A_BROKER_RESPONSE = 506,
+
+    /*! No resume dictionary was found in NSUserDefaults, so either we aren't expecting a broker response, or something else unexpected happened */
+    AD_ERROR_TOKENBROKER_NO_RESUME_STATE = 507,
+
+    /*! Missing data from the broker response resume dictionary */
+    AD_ERROR_TOKENBROKER_BAD_RESUME_STATE = 508,
+
+    /*! Data from the broker response does not match the resume state from our broker request */
+    AD_ERROR_TOKENBROKER_MISMATCHED_RESUME_STATE = 509,
+
+    /*! The key hash was missing from the response */
+    AD_ERROR_TOKENBROKER_HASH_MISSING = 510,
 
 } ADErrorCode;
 

ADAL/src/request/ADAuthenticationRequest+AcquireToken.m

@@ -171,10 +171,24 @@ - (void)requestToken:(ADAuthenticationCallback)completionBlock
             return;
         }
     }
+
+    if (![self takeExclusionLock:completionBlock])
+    {
+        return;
+    }
+
+    [self requestTokenImpl:^(ADAuthenticationResult *result)
+    {
+        [ADAuthenticationRequest releaseExclusionLock];
+        completionBlock(result);
+    }];
+}
 
+- (void)requestTokenImpl:(ADAuthenticationCallback)completionBlock
+{
 #if !AD_BROKER
     //call the broker.
-    if([self canUseBroker])
+    if ([self canUseBroker])
     {
         [self callBroker:completionBlock];
         return;
@@ -203,8 +217,7 @@ - (void)requestToken:(ADAuthenticationCallback)completionBlock
          {
              if([code hasPrefix:@"msauth://"])
              {
-                 [self handleBrokerFromWebiewResponse:code
-                                      completionBlock:completionBlock];
+                 [self callBroker:completionBlock];
              }
              else
              {
@@ -238,7 +251,7 @@ - (void)requestTokenByCode:(NSString *)code
                                          _clientId, OAUTH2_CLIENT_ID,
                                          _redirectUri, OAUTH2_REDIRECT_URI,
                                          nil];
-    if(![NSString adIsStringNilOrBlank:_scope])
+    if (![NSString adIsStringNilOrBlank:_scope])
     {
         [request_data setValue:_scope forKey:OAUTH2_SCOPE];
     }
@@ -247,5 +260,4 @@ - (void)requestTokenByCode:(NSString *)code
               completion:completionBlock];
 }
 
-
 @end

ADAL/src/request/ADAuthenticationRequest+Broker.h

@@ -23,17 +23,16 @@
 
 typedef void(^ADAuthorizationCodeCallback)(NSString*, ADAuthenticationError*);
 
+extern NSString* kAdalResumeDictionaryKey;
+
 @interface ADAuthenticationRequest (Broker)
 
-+ (void)internalHandleBrokerResponse:(NSURL*)response;
++ (BOOL)internalHandleBrokerResponse:(NSURL*)response;
 
 + (BOOL)validBrokerRedirectUri:(NSString*)url;
 
 - (BOOL)canUseBroker;
 
 - (void)callBroker:(ADAuthenticationCallback)completionBlock;
 
-- (void)handleBrokerFromWebiewResponse:(NSString*)urlString
-                       completionBlock:(ADAuthenticationCallback)completionBlock;
-
 @end