Merge branch 'dev' into somalaya/takeFlightValFromOneAuth

Author: somalaya

changelog.txt

@@ -12,6 +12,7 @@ vNext
 - [MINOR] Added error handling when webcp redirects have browser protocol #2767
 - [PATCH] Fix for app link redirect from CCT due to forced browser preference (#2775)
 - [MINOR] getAllSsoTokens method for Edge (#2774)
+- [MINOR] WebApps AccountId Registry (#2787)
 
 Version 22.1.3
 ----------

common/src/main/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistry.kt

@@ -0,0 +1,187 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.cache
+
+import com.microsoft.identity.common.java.cache.IMultiTypeNameValueStorage
+import com.microsoft.identity.common.java.interfaces.IStorageSupplier
+import com.microsoft.identity.common.java.util.ObjectMapper
+import com.microsoft.identity.common.logging.Logger
+import java.util.concurrent.locks.ReentrantReadWriteLock
+import kotlin.concurrent.read
+import kotlin.concurrent.write
+
+/**
+ * A registry that maps home account IDs to sets of web app client IDs.
+ *
+ * This is used to track which web applications are associated with which accounts,
+ * enabling coordinated sign-out and management of web app sessions.
+ */
+class WebAppsAccountIdRegistry private constructor(
+    private val storage: IMultiTypeNameValueStorage
+){
+    companion object {
+        private val TAG = WebAppsAccountIdRegistry::class.java.simpleName
+        private const val WEBAPPS_ACCOUNT_ID_REGISTRY_STORAGE_KEY = "WebAppsAccountIdRegistryStorageKey"
+        private val rwLock = ReentrantReadWriteLock()
+
+        /**
+         * Factory method to create an instance of [WebAppsAccountIdRegistry].
+         *
+         * @param supplier The storage supplier.
+         * @return A new instance of [WebAppsAccountIdRegistry].
+         */
+        fun create(supplier: IStorageSupplier): WebAppsAccountIdRegistry {
+            val store = supplier.getEncryptedFileStore(WEBAPPS_ACCOUNT_ID_REGISTRY_STORAGE_KEY)
+            return WebAppsAccountIdRegistry(store)
+        }
+    }
+
+    /**
+     * Deserialize a JSON string into a set of client IDs.
+     *
+     * @param raw The JSON string to deserialize.
+     * @return A mutable set of client IDs.
+     */
+    private fun deserializeSet(raw: String?): MutableSet<String> {
+        if (raw.isNullOrBlank()) return mutableSetOf()
+        return try {
+            ObjectMapper.deserializeJsonStringToObject(raw, Array<String>::class.java).toMutableSet()
+        } catch (e: Exception) {
+            Logger.warn(TAG, "Failed to deserialize set: ${e.message}")
+            mutableSetOf()
+        }
+    }
+
+    /**
+     * Serialize the set of client IDs to a JSON string.
+     *
+     * @param set The set of client IDs to serialize.
+     * @return The JSON string representation of the set.
+     */
+    private fun serializeSet(set: Set<String>): String {
+        return ObjectMapper.serializeObjectToJsonString(set)
+    }
+
+    /**
+     * Load the account entry from storage.
+     *
+     * @param homeAccountId The home account ID to load.
+     * @return A set of client IDs associated with the given account ID. Or an empty set if none exist.
+     */
+    private fun loadClientIdsForAccount(homeAccountId: String): MutableSet<String>{
+        return deserializeSet(storage.getString(homeAccountId))
+    }
+
+    /**
+     * Save the account entry to storage.
+     *
+     * @param homeAccountId The home account ID.
+     * @param set The set of client IDs to associate with the account ID.
+     */
+    private fun saveAccount(homeAccountId: String, set: Set<String>) {
+        storage.putString(homeAccountId, serializeSet(set))
+    }
+
+
+    /**
+     * Remove the account entry from storage.
+     *
+     * @param homeAccountId The account ID to remove.
+     */
+    private fun removeAccountStorage(homeAccountId: String) {
+        try {
+            storage.remove(homeAccountId)
+        } catch (e: Exception) {
+            storage.putString(homeAccountId, null)
+        }
+    }
+
+    /**
+     * Add a client ID to the set associated with the given account ID.
+     *
+     * @param homeAccountId The account ID.
+     * @param clientId The client ID to add.
+     */
+    fun addClient(homeAccountId: String, clientId: String) {
+        rwLock.write {
+            val set = loadClientIdsForAccount(homeAccountId)
+            if (set.add(clientId)) {
+                saveAccount(homeAccountId, set)
+            }
+        }
+    }
+    /**
+     * Remove a client ID from the set associated with the given account ID.
+     * If the set becomes empty after removal, the account ID is also removed from the registry.
+     *
+     * @param homeAccountId The account ID.
+     * @param clientId The client ID to remove.
+     */
+    fun removeClient(homeAccountId: String, clientId: String) {
+        rwLock.write {
+            val set = loadClientIdsForAccount(homeAccountId)
+            if (!set.remove(clientId)) return
+            if (set.isEmpty()) {
+                removeAccountStorage(homeAccountId)
+            } else {
+                saveAccount(homeAccountId, set)
+            }
+        }
+    }
+
+    /** Get the set of client IDs associated with the given account ID.
+     *
+     * @param homeAccountId The account ID.
+     * @return A set of client IDs associated with the account ID, or an empty set if none exist.
+     */
+    fun getClients(homeAccountId: String): Set<String> {
+        return rwLock.read {
+            loadClientIdsForAccount(homeAccountId).toSet()
+        }
+    }
+
+    /** Check if the registry contains the given client ID for the specified account ID.
+     *
+     * @param homeAccountId The account ID.
+     * @param clientId The client ID to check for.
+     * @return True if the client ID is associated with the account ID, false otherwise.
+     */
+    fun contains(homeAccountId: String, clientId: String): Boolean {
+        return rwLock.read {
+            loadClientIdsForAccount(homeAccountId).contains(clientId)
+        }
+    }
+
+    /**
+     * Remove the given account ID and all its associated client IDs from the registry.
+     *
+     * @param homeAccountId The account ID to remove.
+     */
+    fun removeAccount(homeAccountId: String) {
+        rwLock.write {
+            val set = loadClientIdsForAccount(homeAccountId)
+            if (set.isEmpty()) return
+            removeAccountStorage(homeAccountId)
+        }
+    }
+}

common/src/test/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistryTest.kt

@@ -0,0 +1,145 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.cache
+
+import com.microsoft.identity.common.components.InMemoryStorageSupplier
+import org.junit.Assert
+import org.junit.Test
+
+class WebAppsAccountIdRegistryTest {
+    private val accountId1 = "11111111-1111-1111-1111-111111111111.aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
+    private val accountId2 = "22222222-2222-2222-2222-222222222222.bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
+    private val accountId3 = "33333333-3333-3333-3333-333333333333.cccccccc-cccc-cccc-cccc-cccccccccccc"
+
+    private val clientId1 = "99999999-1111-4444-8888-121212121212"
+    private val clientId2 = "aaaaaaaa-2222-5555-9999-131313131313"
+    private val clientId3 = "bbbbbbbb-3333-6666-aaaa-141414141414"
+
+    @Test
+    fun testAddClient_veryBasicTest() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testRemoveClient_veryBasicTest() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId2)
+        Assert.assertEquals(2, registry.getClients(accountId1).size)
+        registry.removeClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testRemoveClient_accountEntryCleanedUp() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.removeClient(accountId1, clientId1)
+        Assert.assertEquals(0, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testManyCombinedAddAndRemove() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId2)
+        registry.addClient(accountId2, clientId1)
+        registry.addClient(accountId2, clientId3)
+        registry.addClient(accountId3, clientId1)
+        Assert.assertEquals(2, registry.getClients(accountId1).size)
+        Assert.assertEquals(2, registry.getClients(accountId2).size)
+        Assert.assertEquals(1, registry.getClients(accountId3).size)
+
+        registry.removeClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+
+        registry.removeClient(accountId1, clientId2)
+        Assert.assertEquals(0, registry.getClients(accountId1).size)
+
+        registry.removeClient(accountId2, clientId3)
+        Assert.assertEquals(1, registry.getClients(accountId2).size)
+
+        registry.removeClient(accountId2, clientId1)
+        Assert.assertEquals(0, registry.getClients(accountId2).size)
+
+        registry.removeClient(accountId3, clientId1)
+        Assert.assertEquals(0, registry.getClients(accountId3).size)
+    }
+
+    @Test
+    fun testAddClient_addSameClient() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testRemoveAccount_removeAccount() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId2)
+        registry.addClient(accountId2, clientId1)
+        registry.removeAccount(accountId1)
+        Assert.assertEquals(0, registry.getClients(accountId1).size)
+        Assert.assertEquals(1, registry.getClients(accountId2).size)
+    }
+
+    @Test
+    fun testContains_containsClientId() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        Assert.assertTrue(registry.contains(accountId1, clientId1))
+        Assert.assertFalse(registry.contains(accountId1, clientId2))
+        Assert.assertFalse(registry.contains(accountId2, clientId1))
+    }
+
+    @Test
+    fun testPersistenceAcrossInstances() {
+        val storageSupplier = InMemoryStorageSupplier()
+        val registry1 = WebAppsAccountIdRegistry.create(storageSupplier)
+        registry1.addClient(accountId1, clientId1)
+        registry1.addClient(accountId1, clientId2)
+        registry1.addClient(accountId2, clientId1)
+
+        val registry2 = WebAppsAccountIdRegistry.create(storageSupplier)
+        Assert.assertEquals(2, registry2.getClients(accountId1).size)
+        Assert.assertEquals(1, registry2.getClients(accountId2).size)
+
+        registry2.removeClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry2.getClients(accountId1).size)
+
+        val registry3 = WebAppsAccountIdRegistry.create(storageSupplier)
+        Assert.assertEquals(1, registry3.getClients(accountId1).size)
+        Assert.assertEquals(1, registry3.getClients(accountId2).size)
+
+        registry3.removeAccount(accountId2)
+        Assert.assertEquals(0, registry3.getClients(accountId2).size)
+    }
+
+    private fun createRegistry(): WebAppsAccountIdRegistry {
+        return WebAppsAccountIdRegistry.create(InMemoryStorageSupplier())
+    }
+}