AzureAD · tnorling · Nov 14, 2023 · Nov 9, 2023 · Nov 9, 2023 · Nov 9, 2023
diff --git a/change/@azure-msal-browser-fc538376-3a85-4f38-97a3-62beb4f8b12e.json b/change/@azure-msal-browser-fc538376-3a85-4f38-97a3-62beb4f8b12e.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Fix bug causing temporary cache not to be cleared #6676",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-common-1115da03-5165-4bc2-aad2-aef6dea82100.json b/change/@azure-msal-common-1115da03-5165-4bc2-aad2-aef6dea82100.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Turn on return-await lint rule #6678",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-7d7ba6ef-1ff9-4d1d-9b53-945fafd5eadd.json b/change/@azure-msal-node-7d7ba6ef-1ff9-4d1d-9b53-945fafd5eadd.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Turn on return-await lint rule #6678",
+  "packageName": "@azure/msal-node",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
@@ -85,7 +85,7 @@ export class DatabaseStorage<T> implements IAsyncStorage<T> {
      */
     private async validateDbIsOpen(): Promise<void> {
         if (!this.dbOpen) {
-            return await this.open();
+            return this.open();
         }
     }
 

@@ -16,7 +16,7 @@ export async function createV3Controller(
     await standard.initialize();
 
     const controller = await import("./StandardController");
-    return await controller.StandardController.createController(standard);
+    return controller.StandardController.createController(standard);
 }
 
 export async function createController(
@@ -34,12 +34,10 @@ export async function createController(
         teamsApp.getConfig().auth.supportsNestedAppAuth
     ) {
         const controller = await import("./NestedAppAuthController");
-        return await controller.NestedAppAuthController.createController(
-            teamsApp
-        );
+        return controller.NestedAppAuthController.createController(teamsApp);
     } else if (standard.isAvailable()) {
         const controller = await import("./StandardController");
-        return await controller.StandardController.createController(standard);
+        return controller.StandardController.createController(standard);
     } else {
         // Since neither of the actual operating contexts are available keep the UnknownOperatingContextController
         return null;

@@ -923,10 +923,10 @@ export class StandardController implements IController {
                     );
                     atbcMeasurement.discard();
                 }
-                return response;
+                return await response;
             } else if (request.nativeAccountId) {
                 if (this.canUseNative(request, request.nativeAccountId)) {
-                    return this.acquireTokenNative(
+                    return await this.acquireTokenNative(
                         {
                             ...request,
                             correlationId,

@@ -151,7 +151,7 @@ export class CryptoOps implements ICrypto {
      * Removes all cryptographic keys from IndexedDB storage
      */
     async clearKeystore(): Promise<boolean> {
-        return await this.cache.clear();
+        return this.cache.clear();
     }
 
     /**

@@ -71,6 +71,6 @@ export class SignedHttpRequest {
      * @returns If keys are properly deleted
      */
     async removeKeys(publicKeyThumbprint: string): Promise<boolean> {
-        return await this.cryptoOps.removeTokenBindingKey(publicKeyThumbprint);
+        return this.cryptoOps.removeTokenBindingKey(publicKeyThumbprint);
     }
 }
@@ -283,7 +283,7 @@ export abstract class BaseInteractionClient {
             this.logger.verbose(
                 "Creating discovered authority with request authority"
             );
-            return await AuthorityFactory.createDiscoveredInstance(
+            return AuthorityFactory.createDiscoveredInstance(
                 requestAuthority,
                 this.config.system.networkClient,
                 this.browserStorage,
@@ -295,7 +295,7 @@ export abstract class BaseInteractionClient {
         this.logger.verbose(
             "Creating discovered authority with configured authority"
         );
-        return await AuthorityFactory.createDiscoveredInstance(
+        return AuthorityFactory.createDiscoveredInstance(
             this.config.auth.authority,
             this.config.system.networkClient,
             this.browserStorage,

@@ -372,7 +372,7 @@ export class NativeInteractionClient extends BaseInteractionClient {
                 reqTimestamp
             );
             this.browserStorage.setInteractionInProgress(false);
-            return result;
+            return await result;
         } catch (e) {
             this.browserStorage.setInteractionInProgress(false);
             throw e;
@@ -533,7 +533,7 @@ export class NativeInteractionClient extends BaseInteractionClient {
             if (!request.keyId) {
                 throw createClientAuthError(ClientAuthErrorCodes.keyIdMissing);
             }
-            return await popTokenGenerator.signPopToken(
+            return popTokenGenerator.signPopToken(
                 response.access_token,
                 request.keyId,
                 shrParameters

@@ -339,7 +339,7 @@ export class PopupClient extends StandardInteractionClient {
                     this.browserCrypto,
                     validRequest.state
                 );
-                return nativeInteractionClient.acquireToken({
+                return await nativeInteractionClient.acquireToken({
                     ...validRequest,
                     state: userRequestState,
                     prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently

@@ -254,7 +254,7 @@ export class RedirectClient extends StandardInteractionClient {
                 this.logger.verbose(
                     "NavigateToLoginRequestUrl set to false, handling response"
                 );
-                return this.handleResponse(
+                return await this.handleResponse(
                     serverParams,
                     serverTelemetryManager
                 );
@@ -313,7 +313,7 @@ export class RedirectClient extends StandardInteractionClient {
 
                 // If navigateInternal implementation returns false, handle the hash now
                 if (!processHashOnRedirect) {
-                    return this.handleResponse(
+                    return await this.handleResponse(
                         serverParams,
                         serverTelemetryManager
                     );
@@ -483,7 +483,7 @@ export class RedirectClient extends StandardInteractionClient {
             this.logger,
             this.performanceClient
         );
-        return await interactionHandler.handleCodeResponse(serverParams, state);
+        return interactionHandler.handleCodeResponse(serverParams, state);
     }
 
     /**

@@ -114,7 +114,7 @@ export class SilentAuthCodeClient extends StandardInteractionClient {
             );
 
             // Handle auth code parameters from request
-            return invokeAsync(
+            return await invokeAsync(
                 interactionHandler.handleCodeResponseFromServer.bind(
                     interactionHandler
                 ),

@@ -319,7 +319,7 @@ export abstract class StandardInteractionClient extends BaseInteractionClient {
             userAuthority,
             requestAzureCloudOptions || this.config.auth.azureCloudOptions
         );
-        return await invokeAsync(
+        return invokeAsync(
             AuthorityFactory.createDiscoveredInstance.bind(AuthorityFactory),
             PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance,
             this.logger,

@@ -40,7 +40,7 @@ export async function initiateAuthRequest(
         throw createBrowserAuthError(BrowserAuthErrorCodes.emptyNavigateUri);
     }
     if (navigateFrameWait) {
-        return await invokeAsync(
+        return invokeAsync(
             loadFrame,
             PerformanceEvents.SilentHandlerLoadFrame,
             logger,

@@ -101,7 +101,7 @@ export class BridgeProxy implements IBridgeProxy {
                 }
             );
 
-            return promise;
+            return await promise;
         } catch (error) {
             window.console.log(error);
             throw error;

@@ -135,6 +135,10 @@ describe("RedirectClient", () => {
             NavigationClient.prototype,
             "navigateExternal"
         ).mockResolvedValue(true);
+        jest.spyOn(
+            NavigationClient.prototype,
+            "navigateInternal"
+        ).mockResolvedValue(true);
 
         // @ts-ignore
         browserStorage = pca.browserStorage;
@@ -288,6 +292,132 @@ describe("RedirectClient", () => {
                 });
         });
 
+        it("cleans temporary cache and re-throws error thrown by handleResponse when loginRequestUrl == current url", (done) => {
+            browserStorage.setInteractionInProgress(true);
+            browserStorage.setTemporaryCache(
+                TemporaryCacheKeys.ORIGIN_URI,
+                window.location.href,
+                true
+            );
+            const statekey = browserStorage.generateStateKey(
+                TEST_STATE_VALUES.TEST_STATE_REDIRECT
+            );
+            browserStorage.setTemporaryCache(
+                statekey,
+                TEST_STATE_VALUES.TEST_STATE_REDIRECT,
+                true
+            );
+
+            jest.spyOn(
+                RedirectClient.prototype,
+                <any>"handleResponse"
+            ).mockRejectedValue("Error in handleResponse");
+            redirectClient
+                .handleRedirectPromise(
+                    TEST_HASHES.TEST_SUCCESS_CODE_HASH_REDIRECT
+                )
+                .catch((e) => {
+                    expect(e).toEqual("Error in handleResponse");
+                    expect(window.localStorage.length).toEqual(0);
+                    expect(window.sessionStorage.length).toEqual(0);
+                    done();
+                });
+        });
+
+        it("cleans temporary cache and re-throws error thrown by handleResponse after clientside navigation to loginRequestUrl", (done) => {
+            jest.spyOn(
+                NavigationClient.prototype,
+                "navigateInternal"
+            ).mockResolvedValue(false); // Client-side navigation
+
+            browserStorage.setInteractionInProgress(true);
+            browserStorage.setTemporaryCache(
+                TemporaryCacheKeys.ORIGIN_URI,
+                window.location.href + "/differentPath",
+                true
+            );
+            const statekey = browserStorage.generateStateKey(
+                TEST_STATE_VALUES.TEST_STATE_REDIRECT
+            );
+            browserStorage.setTemporaryCache(
+                statekey,
+                TEST_STATE_VALUES.TEST_STATE_REDIRECT,
+                true
+            );
+
+            jest.spyOn(
+                RedirectClient.prototype,
+                <any>"handleResponse"
+            ).mockRejectedValue("Error in handleResponse");
+            redirectClient
+                .handleRedirectPromise(
+                    TEST_HASHES.TEST_SUCCESS_CODE_HASH_REDIRECT
+                )
+                .catch((e) => {
+                    expect(e).toEqual("Error in handleResponse");
+                    expect(window.localStorage.length).toEqual(0);
+                    expect(window.sessionStorage.length).toEqual(0);
+                    done();
+                });
+        });
+
+        it("cleans temporary cache and re-throws error thrown by handleResponse when navigateToLoginRequestUrl is false", (done) => {
+            browserStorage.setInteractionInProgress(true);
+            browserStorage.setTemporaryCache(
+                TemporaryCacheKeys.ORIGIN_URI,
+                window.location.href + "/differentPath",
+                true
+            );
+            const statekey = browserStorage.generateStateKey(
+                TEST_STATE_VALUES.TEST_STATE_REDIRECT
+            );
+            browserStorage.setTemporaryCache(
+                statekey,
+                TEST_STATE_VALUES.TEST_STATE_REDIRECT,
+                true
+            );
+
+            jest.spyOn(
+                RedirectClient.prototype,
+                <any>"handleResponse"
+            ).mockRejectedValue("Error in handleResponse");
+            redirectClient = // @ts-ignore
+                redirectClient = new RedirectClient(
+                    {
+                        // @ts-ignore
+                        ...pca.config,
+                        auth: {
+                            // @ts-ignore
+                            ...pca.config.auth,
+                            navigateToLoginRequestUrl: false,
+                        },
+                    },
+                    browserStorage,
+                    //@ts-ignore
+                    pca.browserCrypto,
+                    //@ts-ignore
+                    pca.logger,
+                    //@ts-ignore
+                    pca.eventHandler,
+                    //@ts-ignore
+                    pca.navigationClient,
+                    //@ts-ignore
+                    pca.performanceClient,
+                    //@ts-ignore
+                    pca.nativeInternalStorage
+                );
+            redirectClient
+                .handleRedirectPromise(
+                    TEST_HASHES.TEST_SUCCESS_CODE_HASH_REDIRECT
+                )
+                .catch((e) => {
+                    expect(e).toEqual("Error in handleResponse");
+                    expect(window.localStorage.length).toEqual(0);
+                    expect(window.sessionStorage.length).toEqual(0);
+                    done();
+                });
+        });
+
         it("gets hash from cache and processes response", async () => {
             const stateString = TEST_STATE_VALUES.TEST_STATE_REDIRECT;
             const browserCrypto = new CryptoOps(new Logger({}));

@@ -140,7 +140,7 @@ export class RefreshTokenClient extends BaseClient {
         // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
         if (isFOCI) {
             try {
-                return invokeAsync(
+                return await invokeAsync(
                     this.acquireTokenWithCachedRefreshToken.bind(this),
                     PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken,
                     this.logger,

@@ -231,7 +231,7 @@ export class SilentFlowClient extends BaseClient {
             checkMaxAge(authTime, request.maxAge);
         }
 
-        return await ResponseHandler.generateAuthenticationResult(
+        return ResponseHandler.generateAuthenticationResult(
             this.cryptoUtils,
             this.authority,
             cacheRecord,

@@ -140,7 +140,7 @@ export class PopTokenGenerator {
             ? new UrlString(resourceRequestUri)
             : undefined;
         const resourceUrlComponents = resourceUrlString?.getUrlComponents();
-        return await this.cryptoUtils.signJwt(
+        return this.cryptoUtils.signJwt(
             {
                 at: payload,
                 ts: TimeUtils.nowSeconds(),

@@ -342,7 +342,7 @@ export class ResponseHandler {
                     this.logger.warning(
                         "Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"
                     );
-                    return ResponseHandler.generateAuthenticationResult(
+                    return await ResponseHandler.generateAuthenticationResult(
                         this.cryptoObj,
                         authority,
                         cacheRecord,