Merge pull request #793 from AzureAD/oldalton/account_collapsing_fixes

oldalton · web-flow · commit 7f08ed74c9c4 · 2019-12-04T15:57:24.000-08:00
MSAL account collapsing improvements for guest users
diff --git a/MSAL/src/MSALAccount+Internal.h b/MSAL/src/MSALAccount+Internal.h
@@ -42,7 +42,7 @@
 @property (nonatomic) MSALAccountId *homeAccountId;
 @property (nonatomic) NSString *username;
 @property (nonatomic) NSString *environment;
-@property (nonatomic) NSMutableArray<MSALTenantProfile *> *mTenantProfiles;
+@property (nonatomic) NSMutableDictionary<NSString *, MSALTenantProfile *> *mTenantProfiles;
 @property (nonatomic) NSDictionary<NSString *, NSString *> *accountClaims;
 @property (nonatomic) NSString *identifier;
 @property (nonatomic) MSIDAccountIdentifier *lookupAccountIdentifier;
diff --git a/MSAL/src/MSALAccount.m b/MSAL/src/MSALAccount.m
@@ -61,10 +61,7 @@ - (instancetype)initWithUsername:(NSString *)username
         _identifier = homeAccountId.identifier;
         _lookupAccountIdentifier = [[MSIDAccountIdentifier alloc] initWithDisplayableId:username homeAccountId:homeAccountId.identifier];
         
-        if (tenantProfiles.count > 0)
-        {
-            self.mTenantProfiles = [[NSMutableArray alloc] initWithArray:tenantProfiles];
-        }
+        [self addTenantProfiles:tenantProfiles];
     }
 
     return self;
@@ -80,7 +77,7 @@ - (instancetype)initWithMSIDAccount:(MSIDAccount *)account
         
         MSALTenantProfile *tenantProfile = [[MSALTenantProfile alloc] initWithIdentifier:account.localAccountId
                                                                                 tenantId:account.realm
-                                                                             environment:account.environment
+                                                                             environment:account.storageEnvironment ?: account.environment
                                                                      isHomeTenantProfile:account.isHomeTenantAccount
                                                                                   claims:allClaims];
         if (tenantProfile)
@@ -95,7 +92,7 @@ - (instancetype)initWithMSIDAccount:(MSIDAccount *)account
     
     return [self initWithUsername:account.username
                     homeAccountId:homeAccountId
-                      environment:account.environment
+                      environment:account.storageEnvironment ?: account.environment
                    tenantProfiles:tenantProfiles];
 }
 
@@ -135,7 +132,7 @@ - (instancetype)copyWithZone:(NSZone *)zone
     NSString *username = [self.username copyWithZone:zone];
     MSALAccountId *homeAccountId = [self.homeAccountId copyWithZone:zone];
     NSString *environment = [self.environment copyWithZone:zone];
-    NSArray *tenantProfiles = [[NSMutableArray alloc] initWithArray:self.mTenantProfiles copyItems:YES];
+    NSArray *tenantProfiles = [[NSMutableArray alloc] initWithArray:[self tenantProfiles] copyItems:YES];
     
     MSALAccount *account = [[MSALAccount allocWithZone:zone] initWithUsername:username homeAccountId:homeAccountId environment:environment tenantProfiles:tenantProfiles];
     account.accountClaims = [self.accountClaims copyWithZone:zone];
@@ -162,8 +159,6 @@ - (BOOL)isEqual:(id)object
 - (NSUInteger)hash
 {
     NSUInteger hash = 0;
-    hash = hash * 31 + self.username.hash;
-    hash = hash * 31 + self.homeAccountId.hash;
     hash = hash * 31 + self.environment.hash;
     return hash;
 }
@@ -173,8 +168,16 @@ - (BOOL)isEqualToAccount:(MSALAccount *)user
     if (!user) return NO;
 
     BOOL result = YES;
-    result &= (!self.username && !user.username) || [self.username isEqualToString:user.username];
-    result &= (!self.homeAccountId && !user.homeAccountId) || [self.homeAccountId.identifier isEqualToString:user.homeAccountId.identifier];
+    
+    if (self.homeAccountId.identifier && user.homeAccountId.identifier)
+    {
+        result &= [self.homeAccountId.identifier isEqualToString:user.homeAccountId.identifier];
+    }
+    else if (self.username || user.username)
+    {
+        result &= [self.username.lowercaseString isEqualToString:user.username.lowercaseString];
+    }
+    
     result &= (!self.environment && !user.environment) || [self.environment isEqualToString:user.environment];
     return result;
 }
@@ -183,20 +186,24 @@ - (BOOL)isEqualToAccount:(MSALAccount *)user
 
 - (NSArray<MSALTenantProfile *> *)tenantProfiles
 {
-    return self.mTenantProfiles;
+    return self.mTenantProfiles.allValues;
 }
 
 - (void)addTenantProfiles:(NSArray<MSALTenantProfile *> *)tenantProfiles
 {
     if (tenantProfiles.count <= 0) return;
     
-    if (self.mTenantProfiles)
+    if (!self.mTenantProfiles)
     {
-        [self.mTenantProfiles addObjectsFromArray:tenantProfiles];
+        self.mTenantProfiles = [NSMutableDictionary new];
     }
-    else
+    
+    for (MSALTenantProfile *profile in tenantProfiles)
     {
-        self.mTenantProfiles = [[NSMutableArray alloc] initWithArray:tenantProfiles];
+        if (profile.tenantId && !self.mTenantProfiles[profile.tenantId])
+        {
+            self.mTenantProfiles[profile.tenantId] = profile;
+        }
     }
 }
 
diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m
@@ -95,6 +95,20 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE
         {
             _identifier = [MSIDAccountIdentifier homeAccountIdentifierFromUid:_objectId utid:_tenantId];
         }
+        else
+        {
+            NSDictionary *additionalPropertiesDictionary = [jsonDictionary msidObjectForKey:@"additionalProperties" ofClass:[NSDictionary class]];
+            
+            if (additionalPropertiesDictionary)
+            {
+                NSString *homeAccountId = [additionalPropertiesDictionary msidObjectForKey:@"home_account_id" ofClass:[NSString class]];
+                
+                if (![NSString msidIsStringNilOrBlank:homeAccountId])
+                {
+                    _identifier = homeAccountId;
+                }
+            }
+        }
         
         NSMutableDictionary *claims = [NSMutableDictionary new];
         
diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m
@@ -104,7 +104,11 @@ - (instancetype)initWithMSALAccount:(id<MSALAccount>)account
     
     jsonDictionary[@"signInStatus"] = @{appBundleId : @"SignedIn"};
     jsonDictionary[@"username"] = account.username;
-    jsonDictionary[@"additionalProperties"] = @{@"createdBy": appName};
+    
+    NSMutableDictionary *additionalProperties = [NSMutableDictionary new];
+    [additionalProperties addEntriesFromDictionary:@{@"createdBy": appName}];
+    [additionalProperties addEntriesFromDictionary:[self additionalPropertiesFromMSALAccount:account claims:claims]];
+    jsonDictionary[@"additionalProperties"] = additionalProperties;
     [jsonDictionary addEntriesFromDictionary:[self claimsFromMSALAccount:account claims:claims]];
     return [self initWithJSONDictionary:jsonDictionary error:error];
 }
@@ -180,6 +184,7 @@ - (BOOL)updateAccountWithMSALAccount:(id<MSALAccount>)account
     
     mutableAdditionalInfo[@"updatedBy"] = appName;
     mutableAdditionalInfo[@"updatedAt"] = [[[self class] dateFormatter] stringFromDate:[NSDate date]];
+    [mutableAdditionalInfo addEntriesFromDictionary:[self additionalPropertiesFromMSALAccount:account claims:nil]];
     
     oldDictionary[@"additionalProperties"] = mutableAdditionalInfo;
     
@@ -198,6 +203,16 @@ - (NSDictionary *)claimsFromMSALAccount:(id<MSALAccount>)account claims:(NSDicti
     return nil;
 }
 
+- (NSDictionary *)additionalPropertiesFromMSALAccount:(id<MSALAccount>)account claims:(NSDictionary *)claims
+{
+    if (account.identifier)
+    {
+        return @{@"home_account_id": account.identifier};
+    }
+    
+    return nil;
+}
+
 #pragma mark - Helpers
 
 + (NSDateFormatter *)dateFormatter
diff --git a/MSAL/src/instance/MSALAccountsProvider.m b/MSAL/src/instance/MSALAccountsProvider.m
@@ -47,6 +47,7 @@
 #import "MSALAccountEnumerationParameters.h"
 #import "MSALErrorConverter.h"
 #import "MSALTenantProfile.h"
+#import "MSALAccount+MultiTenantAccount.h"
 
 @interface MSALAccountsProvider()
 
@@ -231,7 +232,7 @@ - (MSALAccount *)accountForParameters:(MSALAccountEnumerationParameters *)parame
         
         if ([externalAccount.mTenantProfiles count])
         {
-            NSArray<MSALTenantProfile *> *homeTenantProfileArray = [externalAccount.mTenantProfiles filteredArrayUsingPredicate:self.homeTenantFilterPredicate];
+            NSArray<MSALTenantProfile *> *homeTenantProfileArray = [externalAccount.tenantProfiles filteredArrayUsingPredicate:self.homeTenantFilterPredicate];
             if ([homeTenantProfileArray count] == 1) accountClaims = homeTenantProfileArray[0].claims;
         }
     
@@ -252,12 +253,13 @@ - (void)addMSALAccount:(MSALAccount *)account toSet:(NSMutableSet *)allAccountsS
     }
     else
     {
-        [existingAccount addTenantProfiles:account.mTenantProfiles];
+        [existingAccount addTenantProfiles:account.tenantProfiles];
     }
     
     if (accountClaims)
     {
         existingAccount.accountClaims = accountClaims;
+        existingAccount.username = account.username;
     }
 }
 
diff --git a/MSAL/test/unit/MSALAccountTests.m b/MSAL/test/unit/MSALAccountTests.m
@@ -190,6 +190,56 @@ - (void)testAddTenantProfiles_whenAddValidTenantProfiles_shouldAddIt
     XCTAssertEqual(account.tenantProfiles[1].isHomeTenantProfile, YES);
 }
 
+- (void)testAddTenantProfiles_whenDuplicateTenantProfile_shouldNotAddToExistingAccount
+{
+    // Create MSAL account 1
+    MSIDAccount *msidAccount = [MSIDAccount new];
+    msidAccount.accountIdentifier = [[MSIDAccountIdentifier alloc] initWithDisplayableId:@"user@contoso.com" homeAccountId:@"uid.tid"];
+    msidAccount.username = @"user@contoso.com";
+    msidAccount.accountType = MSIDAccountTypeMSSTS;
+    msidAccount.name = @"User";
+    msidAccount.localAccountId = @"guest_oid";
+    __auto_type authorityUrl = [NSURL URLWithString:@"https://login.microsoftonline.com/guest_tid"];
+    __auto_type authority = [[MSIDAADAuthority alloc] initWithURL:authorityUrl context:nil error:nil];
+    msidAccount.environment = authority.environment;
+    msidAccount.realm = authority.realm;
+    NSDictionary *clientInfoClaims = @{ @"uid" : @"uid",
+                                        @"utid" : @"tid"
+                                        };
+    
+    
+    MSIDClientInfo *clientInfo = [[MSIDClientInfo alloc] initWithJSONDictionary:clientInfoClaims error:nil];
+    msidAccount.clientInfo = clientInfo;
+    
+    NSDictionary *idTokenDictionary = @{ @"aud" : @"b6c69a37",
+                                         @"oid" : @"ff9feb5a"
+                                         };
+    
+    MSIDIdTokenClaims *idTokenClaims = [[MSIDIdTokenClaims alloc] initWithJSONDictionary:idTokenDictionary error:nil];
+    XCTAssertNotNil(idTokenClaims);
+    msidAccount.idTokenClaims = idTokenClaims;
+    MSALAccount *account = [[MSALAccount alloc] initWithMSIDAccount:msidAccount createTenantProfile:YES];
+    
+    // Create MSAL account 2
+    MSIDAccount *msidAccount2 = [msidAccount copy];
+    msidAccount2.localAccountId = @"new_oid";
+    __auto_type homeAuthorityUrl = [NSURL URLWithString:@"https://login.microsoftonline.com/guest_tid"];
+    __auto_type homeAuthority = [[MSIDAADAuthority alloc] initWithURL:homeAuthorityUrl context:nil error:nil];
+    msidAccount2.environment = homeAuthority.environment;
+    msidAccount2.realm = homeAuthority.realm;
+    
+    MSALAccount *account2 = [[MSALAccount alloc] initWithMSIDAccount:msidAccount2 createTenantProfile:YES];
+    XCTAssertNotNil(account2);
+    
+    // Add tenant profiles
+    [account addTenantProfiles:account2.tenantProfiles];
+    
+    XCTAssertEqual(account.tenantProfiles.count, 1);
+    XCTAssertEqualObjects(account.tenantProfiles[0].identifier, @"guest_oid");
+    XCTAssertEqualObjects(account.tenantProfiles[0].tenantId, @"guest_tid");
+    XCTAssertEqual(account.tenantProfiles[0].isHomeTenantProfile, NO);
+}
+
 - (void)testAddTenantProfiles_whenAddNilTenantProfiles_shouldNotAddToExistingAccount
 {
     MSALAuthority *authority = [MSALAuthority authorityWithURL:[NSURL URLWithString:@"https://login.microsoftonline.com/tid"]
@@ -324,4 +374,35 @@ - (void)testEquals_whenEqual_shouldReturnTrue
     XCTAssertEqualObjects(account, account2);
 }
 
+- (void)testEquals_whenIdentifiersEqual_userNameDifferent_shouldConsiderEqual
+{
+    MSALAccountId *accountId = [[MSALAccountId alloc] initWithAccountIdentifier:@"1.2" objectId:@"1" tenantId:@"2"];
+    MSALAccount *account1 = [[MSALAccount alloc] initWithUsername:@"displayableID"
+                                                    homeAccountId:accountId
+                                                      environment:@"login.microsoftonline.com"
+                                                   tenantProfiles:nil];
+    
+    XCTAssertNotNil(account1);
+    MSALAccount *account2 = [account1 copy];
+    account2.username = @"differentDisplayableIDAlias";
+    
+    XCTAssertNotNil(account2);
+    XCTAssertEqualObjects(account1, account2);
+}
+
+- (void)testEquals_whenIdentifiersMissing_userNameDifferent_shouldConsiderDifferentAccount
+{
+    MSALAccount *account1 = [[MSALAccount alloc] initWithUsername:@"displayableID"
+                                                    homeAccountId:nil
+                                                      environment:@"login.microsoftonline.com"
+                                                   tenantProfiles:nil];
+    
+    XCTAssertNotNil(account1);
+    MSALAccount *account2 = [account1 copy];
+    account2.username = @"differentDisplayableIDAlias";
+    
+    XCTAssertNotNil(account2);
+    XCTAssertNotEqualObjects(account1, account2);
+}
+
 @end
diff --git a/MSAL/test/unit/ios/external-cache/MSALLegacySharedADALAccountTests.m b/MSAL/test/unit/ios/external-cache/MSALLegacySharedADALAccountTests.m
@@ -115,19 +115,20 @@ - (void)testInitWithJSONDictionary_whenAllInformationPresentAndGuestTenant_shoul
     
     NSMutableDictionary *mutableDict = [adalAccountDictionary mutableCopy];
     mutableDict[@"authEndpointUrl"] = @"https://login.microsoftonline.com/contoso.com";
+    mutableDict[@"additionalProperties"] = @{@"home_account_id": @"uid.utid"};
     
     NSError *error = nil;
     MSALLegacySharedADALAccount *account = [[MSALLegacySharedADALAccount alloc] initWithJSONDictionary:mutableDict error:&error];
     XCTAssertNotNil(account);
     XCTAssertNil(error);
     XCTAssertEqualObjects(account.accountType, @"ADAL");
     XCTAssertEqualObjects(account.environment, @"login.microsoftonline.com");
-    XCTAssertNil(account.identifier);
     XCTAssertEqualObjects(account.accountIdentifier, accountId);
     XCTAssertEqualObjects(account.username, @"user@contoso.com");
     XCTAssertEqualObjects(account.accountClaims[@"oid"], objectId);
     XCTAssertEqualObjects(account.accountClaims[@"tid"], tenantId);
     XCTAssertEqualObjects(account.accountClaims[@"name"], @"myDisplayName.contoso.user");
+    XCTAssertEqualObjects(account.identifier, @"uid.utid");
 }
 
 #pragma mark - InitWithMSALAccount
diff --git a/MSAL/test/unit/ios/external-cache/MSALLegacySharedAccountTests.m b/MSAL/test/unit/ios/external-cache/MSALLegacySharedAccountTests.m
@@ -208,6 +208,8 @@ - (void)testUpdateAccountWithMSALAccount_whenRemoveOperation_shouldUpdateSigninS
     XCTAssertNotNil(updatedAt);
     XCTAssertEqualObjects(account.accountType, @"ADAL");
     XCTAssertEqualObjects(account.accountIdentifier, accountId);
+    NSString *homeAccountId = [account jsonDictionary][@"additionalProperties"][@"home_account_id"];
+    XCTAssertEqualObjects(homeAccountId, @"uid.utid");
 }
 
 - (void)testUpdateAccountWithMSALAccount_whenUpdateOperation_shouldUpdateSigninStatusAndUpdatedDict
@@ -238,6 +240,8 @@ - (void)testUpdateAccountWithMSALAccount_whenUpdateOperation_shouldUpdateSigninS
     XCTAssertNotNil(updatedAt);
     XCTAssertEqualObjects(account.accountType, @"ADAL");
     XCTAssertEqualObjects(account.accountIdentifier, accountId);
+    NSString *homeAccountId = [account jsonDictionary][@"additionalProperties"][@"home_account_id"];
+    XCTAssertEqualObjects(homeAccountId, @"uid.utid");
 }
 
 @end

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@`
`47`	`47`	`#import "MSALAccountEnumerationParameters.h"`
`48`	`48`	`#import "MSALErrorConverter.h"`
`49`	`49`	`#import "MSALTenantProfile.h"`
	`50`	`+#import "MSALAccount+MultiTenantAccount.h"`
`50`	`51`
`51`	`52`	`@interface MSALAccountsProvider()`
`52`	`53`
`@@ -231,7 +232,7 @@ - (MSALAccount )accountForParameters:(MSALAccountEnumerationParameters )parame`
`231`	`232`
`232`	`233`	`if ([externalAccount.mTenantProfiles count])`
`233`	`234`	`{`
`234`		`- NSArray<MSALTenantProfile > homeTenantProfileArray = [externalAccount.mTenantProfiles filteredArrayUsingPredicate:self.homeTenantFilterPredicate];`
	`235`	`+ NSArray<MSALTenantProfile > homeTenantProfileArray = [externalAccount.tenantProfiles filteredArrayUsingPredicate:self.homeTenantFilterPredicate];`
`235`	`236`	`if ([homeTenantProfileArray count] == 1) accountClaims = homeTenantProfileArray[0].claims;`
`236`	`237`	`}`
`237`	`238`
`@@ -252,12 +253,13 @@ - (void)addMSALAccount:(MSALAccount )account toSet:(NSMutableSet )allAccountsS`
`252`	`253`	`}`
`253`	`254`	`else`
`254`	`255`	`{`
`255`		`- [existingAccount addTenantProfiles:account.mTenantProfiles];`
	`256`	`+ [existingAccount addTenantProfiles:account.tenantProfiles];`
`256`	`257`	`}`
`257`	`258`
`258`	`259`	`if (accountClaims)`
`259`	`260`	`{`
`260`	`261`	`existingAccount.accountClaims = accountClaims;`
	`262`	`+ existingAccount.username = account.username;`
`261`	`263`	`}`
`262`	`264`	`}`
`263`	`265`