Merge pull request #1443 from AzureAD/release/2.7.13

Merging release 2.7.13 into master-2.7.x branch

.travis.yml

@@ -1,6 +1,6 @@
 #dist: trusty
 language: objective-c
-osx_image: xcode10
+osx_image: xcode10.2
 
 # set up SonarCube
 #addons:

ADAL.podspec

@@ -1,7 +1,7 @@
 Pod::Spec.new do |s|
   s.name         = "ADAL"
   s.module_name  = "ADAL"
-  s.version      = "2.7.12"
+  s.version      = "2.7.13"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADAL.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings

@@ -1,8 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
-<dict>
-	<key>BuildSystemType</key>
-	<string>Original</string>
-</dict>
+<dict/>
 </plist>

ADAL/ADAL.xcodeproj/project.pbxproj

@@ -1160,6 +1160,7 @@
 		B258487B20747998007FAD22 /* KeyVaultClient.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; path = KeyVaultClient.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		B258488020747A54007FAD22 /* KeyVault.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; path = KeyVault.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		B258488220747B01007FAD22 /* KeyVaultClient.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = KeyVaultClient.xcodeproj; path = ../KeyVaultClient/KeyVaultClient.xcodeproj; sourceTree = "<group>"; };
+		B26207E022C872DA00F867D9 /* ADEnrollmentGateway+UnitTests.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ADEnrollmentGateway+UnitTests.h"; sourceTree = "<group>"; };
 		B267CA191EE0E9FF00C0B5A8 /* ADNegotiateHandler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ADNegotiateHandler.h; sourceTree = "<group>"; };
 		B267CA1A1EE0E9FF00C0B5A8 /* ADNegotiateHandler.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ADNegotiateHandler.m; sourceTree = "<group>"; };
 		B2822A2C2055D67200390B6E /* ADLegacyMacTokenCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ADLegacyMacTokenCache.h; sourceTree = "<group>"; };
@@ -2235,6 +2236,7 @@
 		B20DC5D51F0D97C600957806 /* ios */ = {
 			isa = PBXGroup;
 			children = (
+				B26207E022C872DA00F867D9 /* ADEnrollmentGateway+UnitTests.h */,
 				A521AB7020EED85C0005735B /* ADEnrollmentGatewayTests.m */,
 				234F3CE51F35159500DE4AA4 /* ADAuthenticationContextTests.m */,
 				B20DC5D61F0D97C600957806 /* ADAL_iOS_UTs-Info.plist */,
@@ -4258,6 +4260,7 @@
 				CODE_SIGN_IDENTITY = "";
 				DEVELOPMENT_TEAM = "";
 				GCC_OPTIMIZATION_LEVEL = 0;
+				MACOSX_DEPLOYMENT_TARGET = 10.11;
 			};
 			name = Debug;
 		};
@@ -4267,6 +4270,7 @@
 			buildSettings = {
 				CODE_SIGN_IDENTITY = "";
 				DEVELOPMENT_TEAM = "";
+				MACOSX_DEPLOYMENT_TARGET = 10.11;
 			};
 			name = Release;
 		};
@@ -4289,13 +4293,15 @@
 			baseConfigurationReference = D6CF4EB91FC370C100CD70C5 /* adal__unittest__mac.xcconfig */;
 			buildSettings = {
 				GCC_OPTIMIZATION_LEVEL = 0;
+				MACOSX_DEPLOYMENT_TARGET = 10.11;
 			};
 			name = Debug;
 		};
 		94DD18EC1C5ACFBF00F80C62 /* Release */ = {
 			isa = XCBuildConfiguration;
 			baseConfigurationReference = D6CF4EB91FC370C100CD70C5 /* adal__unittest__mac.xcconfig */;
 			buildSettings = {
+				MACOSX_DEPLOYMENT_TARGET = 10.11;
 			};
 			name = Release;
 		};
@@ -4583,13 +4589,15 @@
 			baseConfigurationReference = D6CF4EA91FC370BF00CD70C5 /* adal__integrationtest__mac.xcconfig */;
 			buildSettings = {
 				GCC_OPTIMIZATION_LEVEL = 0;
+				MACOSX_DEPLOYMENT_TARGET = 10.11;
 			};
 			name = Debug;
 		};
 		B20DC5D01F0D96A700957806 /* Release */ = {
 			isa = XCBuildConfiguration;
 			baseConfigurationReference = D6CF4EA91FC370BF00CD70C5 /* adal__integrationtest__mac.xcconfig */;
 			buildSettings = {
+				MACOSX_DEPLOYMENT_TARGET = 10.11;
 			};
 			name = Release;
 		};
@@ -5046,6 +5054,7 @@
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				ENABLE_BITCODE = NO;
 				GCC_OPTIMIZATION_LEVEL = 0;
+				PRODUCT_BUNDLE_IDENTIFIER = com.microsoft.adal.2.1.0.TestApp;
 			};
 			name = Debug;
 		};
@@ -5055,6 +5064,7 @@
 			buildSettings = {
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				ENABLE_BITCODE = NO;
+				PRODUCT_BUNDLE_IDENTIFIER = com.microsoft.adal.2.1.0.TestApp;
 			};
 			name = Release;
 		};

ADAL/resources/ios/Framework/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.12</string>
+	<string>2.7.13</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.7.11</string>
+	<string>2.7.13</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>

ADAL/src/ADAL_Internal.h

@@ -27,7 +27,7 @@
 // through build script. Don't change its format unless changing build script as well.)
 #define ADAL_VER_HIGH       2
 #define ADAL_VER_LOW        7
-#define ADAL_VER_PATCH      12
+#define ADAL_VER_PATCH      13
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

ADAL/src/ADRequestParameters.h

@@ -70,4 +70,10 @@
      telemetryRequestId:(NSString *)telemetryRequestId
            logComponent:(NSString *)logComponent;
 
+- (BOOL)isCapableForMAMCA;
++ (NSString *)applicationIdentifierWithAuthority:(NSString *)authority;
+
+- (NSString *)enrollmentIDForHomeAccountID:(NSString *)homeAccountId
+                              legacyUserID:(NSString *)legacyUserID;
+
 @end

ADAL/src/ADRequestParameters.m

@@ -28,6 +28,8 @@
 #import "NSString+MSIDExtensions.h"
 #import "MSIDAuthorityFactory.h"
 #import "MSIDConstants.h"
+#import "ADEnrollmentGateway.h"
+#import "MSIDADFSAuthority.h"
 
 @implementation ADRequestParameters
 
@@ -176,7 +178,66 @@ - (MSIDConfiguration *)msidConfig
                                                                     clientId:self.clientId
                                                                       target:self.resource];
 
+    if ([self isCapableForMAMCA])
+    {
+        config.applicationIdentifier = [[NSBundle mainBundle] bundleIdentifier];
+        config.enrollmentId = [self enrollmentIDForHomeAccountID:self.account.homeAccountId
+                                                    legacyUserID:self.account.legacyAccountId];
+    }
+
     return config;
 }
 
+#pragma mark - Enrollment ID
+
+- (BOOL)isCapableForMAMCA
+{
+    NSString *authority = self.cloudAuthority ? self.cloudAuthority : self.authority;
+    return [self.class isCapableForMAMCA:authority];
+}
+
++ (BOOL)isCapableForMAMCA:(NSString *)authority
+{
+#if TARGET_OS_IPHONE
+    __auto_type adfsAuthority = [[MSIDADFSAuthority alloc] initWithURL:[NSURL URLWithString:authority] context:nil error:nil];
+
+    BOOL isADFSInstance = adfsAuthority != nil;
+
+    if (!isADFSInstance)
+    {
+        return ![NSString msidIsStringNilOrBlank:[ADEnrollmentGateway allIntuneMAMResourcesJSON]];
+    }
+
+    return NO;
+#else
+    return NO;
+#endif
+}
+
++ (NSString *)applicationIdentifierWithAuthority:(NSString *)authority
+{
+    return [self isCapableForMAMCA:authority] ? [[NSBundle mainBundle] bundleIdentifier] : nil;
+}
+
+- (NSString *)enrollmentIDForHomeAccountID:(NSString *)homeAccountId
+                              legacyUserID:(NSString *)legacyUserID
+{
+    if (![self isCapableForMAMCA])
+    {
+        return nil;
+    }
+
+    ADAuthenticationError *error = nil;
+    NSString *enrollId = [ADEnrollmentGateway enrollmentIDForHomeAccountId:homeAccountId
+                                                                    userID:legacyUserID
+                                                                     error:&error];
+
+    if (error)
+    {
+        MSID_LOG_ERROR_PII(self, @"Error looking up enrollment ID %@", error);
+    }
+
+    return enrollId;
+}
+
 @end

ADAL/src/ADUserInformation.m

@@ -30,7 +30,8 @@
 #define ID_TOKEN_PROPERTY_GETTER(property, claimName) \
 -(NSString*) property \
 { \
-return [self.allClaims objectForKey:claimName]; \
+    id property = [self.allClaims objectForKey:claimName]; \
+    return ([property isKindOfClass:[NSString class]] ? (NSString *)property : nil); \
 }
 
 @implementation ADUserInformation

ADAL/src/cache/ADResponseCacheHandler.h

@@ -35,6 +35,7 @@
                                    fromRefreshToken:(MSIDBaseToken<MSIDRefreshableToken> *)refreshToken
                                               cache:(MSIDLegacyTokenCacheAccessor *)cache
                                              params:(ADRequestParameters *)requestParams
+                                      configuration:(MSIDConfiguration *)configuration
                                        verifyUserId:(BOOL)verifyUserId;
 
 @end

ADAL/src/cache/ADResponseCacheHandler.m

@@ -39,6 +39,7 @@ + (ADAuthenticationResult *)processAndCacheResponse:(MSIDTokenResponse *)respons
                                    fromRefreshToken:(MSIDBaseToken<MSIDRefreshableToken> *)refreshToken
                                               cache:(MSIDLegacyTokenCacheAccessor *)cache
                                              params:(ADRequestParameters *)requestParams
+                                      configuration:(MSIDConfiguration *)configuration
                                        verifyUserId:(BOOL)verifyUserId
 {
     NSError *msidError = nil;
@@ -59,7 +60,7 @@ + (ADAuthenticationResult *)processAndCacheResponse:(MSIDTokenResponse *)respons
                           params:requestParams];
     }
 
-    result = [cache saveTokensWithConfiguration:requestParams.msidConfig
+    result = [cache saveTokensWithConfiguration:configuration
                                        response:response
                                         context:requestParams
                                           error:&msidError];
@@ -70,7 +71,7 @@ + (ADAuthenticationResult *)processAndCacheResponse:(MSIDTokenResponse *)respons
         MSID_LOG_ERROR_PII(nil, @"Failed to save tokens in cache, error %@", msidError);
     }
 
-    MSIDLegacySingleResourceToken *resultToken = [factory legacyTokenFromResponse:response configuration:requestParams.msidConfig];
+    MSIDLegacySingleResourceToken *resultToken = [factory legacyTokenFromResponse:response configuration:configuration];
 
     ADTokenCacheItem *adTokenCacheItem = [[ADTokenCacheItem alloc] initWithLegacySingleResourceToken:resultToken];
 

ADAL/src/cache/ADTokenCacheItem+Internal.h

@@ -31,6 +31,12 @@
 
 @property (readonly) NSDictionary * additionalServer;
 
+// Intune Enrollment ID. Application trying to retrieve access token from cache will need to present a valid intune enrollment ID to complete cache lookup.
+@property (nonatomic) NSString *enrollmentId;
+
+// Unique app identifier used for cases when access token storage needs to be partitioned per application
+@property (nonatomic) NSString *applicationIdentifier;
+
 @end
 
 @interface ADTokenCacheItem ()

ADAL/src/cache/ADTokenCacheItem+MSIDTokens.m

@@ -53,6 +53,8 @@ - (instancetype)initWithLegacyAccessToken:(MSIDLegacyAccessToken *)accessToken
         _accessToken = accessToken.accessToken;
         _resource = accessToken.resource;
         _expiresOn = accessToken.expiresOn;
+        _enrollmentId = accessToken.enrollmentId;
+        _applicationIdentifier = accessToken.applicationIdentifier;
     }
 
     [self calculateHash];
@@ -148,6 +150,8 @@ - (MSIDLegacyTokenCacheKey *)tokenCacheKey
                                                                              clientId:self.clientId
                                                                              resource:self.resource
                                                                          legacyUserId:self.userInformation.userId];
+
+    key.applicationIdentifier = self.applicationIdentifier;
     return key;
 }
 
@@ -170,6 +174,8 @@ - (MSIDLegacyTokenCacheItem *)tokenCacheItem
     cacheItem.homeAccountId = self.userInformation.homeAccountId;
     cacheItem.credentialType = [MSIDCredentialTypeHelpers credentialTypeWithRefreshToken:self.refreshToken accessToken:self.accessToken];
     cacheItem.additionalInfo = self.additionalServer;
+    cacheItem.enrollmentId = self.enrollmentId;
+    cacheItem.applicationIdentifier = self.applicationIdentifier;
     return cacheItem;
 }
 

ADAL/src/cache/ADTokenCacheItem.m

@@ -53,7 +53,7 @@ - (NSUInteger)hash
 
 - (void)calculateHash
 {
-    _hash = [[NSString stringWithFormat:@"%@%@%@%@", _resource, _authority, _clientId, _userInformation.userId] hash];
+    _hash = [[NSString stringWithFormat:@"%@%@%@%@%@", _resource, _authority, _clientId, _userInformation.userId, _applicationIdentifier] hash];
 }
 
 //Multi-resource refresh tokens are stored separately, as they apply to all resources. As such,
@@ -93,12 +93,14 @@ - (ADTokenCacheKey*)extractKey:(ADAuthenticationError* __autoreleasing *)error
         return [ADTokenCacheKey keyWithAuthority:_storageAuthority
                                         resource:_resource
                                         clientId:_clientId
+                                   appIdentifier:_applicationIdentifier
                                            error:error];
     }
 
     return [ADTokenCacheKey keyWithAuthority:_authority
                                     resource:_resource
                                     clientId:_clientId
+                               appIdentifier:_applicationIdentifier
                                        error:error];
 }
 
@@ -139,6 +141,8 @@ - (void)encodeWithCoder:(NSCoder *)aCoder
     [aCoder encodeObject:_expiresOn forKey:@"expiresOn"];
     [aCoder encodeObject:_userInformation forKey:@"userInformation"];
     [aCoder encodeObject:_additionalServer forKey:@"additionalServer"];
+    [aCoder encodeObject:_enrollmentId forKey:@"enrollmentId"];
+    [aCoder encodeObject:_applicationIdentifier forKey:@"applicationIdentifier"];
 }
 
 //Deserializer:
@@ -162,6 +166,8 @@ - (id)initWithCoder:(NSCoder *)aDecoder
     _expiresOn = [aDecoder decodeObjectOfClass:[NSDate class] forKey:@"expiresOn"];
     _userInformation = [aDecoder decodeObjectOfClass:[ADUserInformation class] forKey:@"userInformation"];
     _additionalServer = [aDecoder decodeObjectOfClass:[NSDictionary class] forKey:@"additionalServer"];
+    _enrollmentId = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"enrollmentId"];
+    _applicationIdentifier = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"applicationIdentifier"];
 
     [self calculateHash];
 
@@ -200,6 +206,8 @@ - (BOOL)isEqual:(id)object
     result &= [self.userInformation isEqual:rhs.userInformation]  || (self.userInformation == rhs.userInformation);
     result &= [self.sessionKey isEqualToData:rhs.sessionKey] || (self.sessionKey == rhs.sessionKey);
     result &= [self.additionalServer isEqualToDictionary:rhs.additionalServer] || (self.additionalServer == rhs.additionalServer);
+    result &= [self.enrollmentId isEqualToString:rhs.enrollmentId] || (self.enrollmentId == rhs.enrollmentId);
+    result &= [self.applicationIdentifier isEqualToString:rhs.applicationIdentifier] || (self.applicationIdentifier == rhs.applicationIdentifier);
 
     return result;
 }

ADAL/src/cache/ADTokenCacheKey.h

@@ -46,6 +46,13 @@
                              clientId:(NSString *)clientId
                                 error:(ADAuthenticationError * __autoreleasing *)error;
 
+/*! Creates a key with optional application identifier */
++ (ADTokenCacheKey *)keyWithAuthority:(NSString *)authority
+                             resource:(NSString *)resource
+                             clientId:(NSString *)clientId
+                        appIdentifier:(NSString *)appIdentifier
+                                error:(ADAuthenticationError * __autoreleasing *)error;
+
 /*! The authority that issues access tokens */
 @property (readonly) NSString* authority;
 
@@ -55,6 +62,9 @@
 /*! The application client identifier */
 @property (readonly) NSString* clientId;
 
+/*! Application identifier */
+@property (readonly) NSString *applicationIdentifier;
+
 - (ADTokenCacheKey *)mrrtKey;