Merge pull request #794 from AzureAD/hotfix/1.0.4

oldalton · web-flow · commit dd25fe322ec8 · 2019-12-04T17:38:40.000-08:00
Release MSAL 1.0.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## [1.0.4] - 2019-11-26
+### Fixed
+- Fixed external account matching when identifier is not present (#787)
+
 ## [1.0.3] - 2019-11-15
 ### Added
 - Added default implementation for ADAL legacy persistence
diff --git a/MSAL.podspec b/MSAL.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.0.3"
+  s.version      = "1.0.4"
   s.summary      = "Microsoft Authentication Library (MSAL) Preview for iOS"
 
   s.description  = <<-DESC
diff --git a/MSAL/resources/ios/Info.plist b/MSAL/resources/ios/Info.plist
@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.0.3</string>
+	<string>1.0.4</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>
diff --git a/MSAL/resources/mac/Info.plist b/MSAL/resources/mac/Info.plist
@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.0.3</string>
+	<string>1.0.4</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>
diff --git a/MSAL/src/MSALAccount+Internal.h b/MSAL/src/MSALAccount+Internal.h
@@ -42,7 +42,7 @@
 @property (nonatomic) MSALAccountId *homeAccountId;
 @property (nonatomic) NSString *username;
 @property (nonatomic) NSString *environment;
-@property (nonatomic) NSMutableArray<MSALTenantProfile *> *mTenantProfiles;
+@property (nonatomic) NSMutableDictionary<NSString *, MSALTenantProfile *> *mTenantProfiles;
 @property (nonatomic) NSDictionary<NSString *, NSString *> *accountClaims;
 @property (nonatomic) NSString *identifier;
 @property (nonatomic) MSIDAccountIdentifier *lookupAccountIdentifier;
diff --git a/MSAL/src/MSALAccount.m b/MSAL/src/MSALAccount.m
@@ -61,10 +61,7 @@ - (instancetype)initWithUsername:(NSString *)username
         _identifier = homeAccountId.identifier;
         _lookupAccountIdentifier = [[MSIDAccountIdentifier alloc] initWithDisplayableId:username homeAccountId:homeAccountId.identifier];
         
-        if (tenantProfiles.count > 0)
-        {
-            self.mTenantProfiles = [[NSMutableArray alloc] initWithArray:tenantProfiles];
-        }
+        [self addTenantProfiles:tenantProfiles];
     }
 
     return self;
@@ -80,7 +77,7 @@ - (instancetype)initWithMSIDAccount:(MSIDAccount *)account
         
         MSALTenantProfile *tenantProfile = [[MSALTenantProfile alloc] initWithIdentifier:account.localAccountId
                                                                                 tenantId:account.realm
-                                                                             environment:account.environment
+                                                                             environment:account.storageEnvironment ?: account.environment
                                                                      isHomeTenantProfile:account.isHomeTenantAccount
                                                                                   claims:allClaims];
         if (tenantProfile)
@@ -95,7 +92,7 @@ - (instancetype)initWithMSIDAccount:(MSIDAccount *)account
     
     return [self initWithUsername:account.username
                     homeAccountId:homeAccountId
-                      environment:account.environment
+                      environment:account.storageEnvironment ?: account.environment
                    tenantProfiles:tenantProfiles];
 }
 
@@ -135,7 +132,7 @@ - (instancetype)copyWithZone:(NSZone *)zone
     NSString *username = [self.username copyWithZone:zone];
     MSALAccountId *homeAccountId = [self.homeAccountId copyWithZone:zone];
     NSString *environment = [self.environment copyWithZone:zone];
-    NSArray *tenantProfiles = [[NSMutableArray alloc] initWithArray:self.mTenantProfiles copyItems:YES];
+    NSArray *tenantProfiles = [[NSMutableArray alloc] initWithArray:[self tenantProfiles] copyItems:YES];
     
     MSALAccount *account = [[MSALAccount allocWithZone:zone] initWithUsername:username homeAccountId:homeAccountId environment:environment tenantProfiles:tenantProfiles];
     account.accountClaims = [self.accountClaims copyWithZone:zone];
@@ -162,8 +159,6 @@ - (BOOL)isEqual:(id)object
 - (NSUInteger)hash
 {
     NSUInteger hash = 0;
-    hash = hash * 31 + self.username.hash;
-    hash = hash * 31 + self.homeAccountId.hash;
     hash = hash * 31 + self.environment.hash;
     return hash;
 }
@@ -173,8 +168,16 @@ - (BOOL)isEqualToAccount:(MSALAccount *)user
     if (!user) return NO;
 
     BOOL result = YES;
-    result &= (!self.username && !user.username) || [self.username isEqualToString:user.username];
-    result &= (!self.homeAccountId && !user.homeAccountId) || [self.homeAccountId.identifier isEqualToString:user.homeAccountId.identifier];
+    
+    if (self.homeAccountId.identifier && user.homeAccountId.identifier)
+    {
+        result &= [self.homeAccountId.identifier isEqualToString:user.homeAccountId.identifier];
+    }
+    else if (self.username || user.username)
+    {
+        result &= [self.username.lowercaseString isEqualToString:user.username.lowercaseString];
+    }
+    
     result &= (!self.environment && !user.environment) || [self.environment isEqualToString:user.environment];
     return result;
 }
@@ -183,20 +186,24 @@ - (BOOL)isEqualToAccount:(MSALAccount *)user
 
 - (NSArray<MSALTenantProfile *> *)tenantProfiles
 {
-    return self.mTenantProfiles;
+    return self.mTenantProfiles.allValues;
 }
 
 - (void)addTenantProfiles:(NSArray<MSALTenantProfile *> *)tenantProfiles
 {
     if (tenantProfiles.count <= 0) return;
     
-    if (self.mTenantProfiles)
+    if (!self.mTenantProfiles)
     {
-        [self.mTenantProfiles addObjectsFromArray:tenantProfiles];
+        self.mTenantProfiles = [NSMutableDictionary new];
     }
-    else
+    
+    for (MSALTenantProfile *profile in tenantProfiles)
     {
-        self.mTenantProfiles = [[NSMutableArray alloc] initWithArray:tenantProfiles];
+        if (profile.tenantId && !self.mTenantProfiles[profile.tenantId])
+        {
+            self.mTenantProfiles[profile.tenantId] = profile;
+        }
     }
 }
 
diff --git a/MSAL/src/MSALPublicClientApplication.m b/MSAL/src/MSALPublicClientApplication.m
@@ -357,6 +357,8 @@ - (MSALAccount *)accountForHomeAccountId:(NSString *)homeAccountId
 - (MSALAccount *)accountForIdentifier:(NSString *)identifier
                                 error:(NSError **)error
 {
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Querying MSAL account for identifier %@", MSID_PII_LOG_TRACKABLE(identifier));
+    
     MSALAccountsProvider *request = [[MSALAccountsProvider alloc] initWithTokenCache:self.tokenCache
                                                                             clientId:self.internalConfig.clientId
                                                              externalAccountProvider:self.externalAccountHandler];
@@ -368,12 +370,16 @@ - (MSALAccount *)accountForIdentifier:(NSString *)identifier
     
     if (error) *error = [MSALErrorConverter msalErrorFromMsidError:msidError];
     
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Found MSAL account with identifier %@, username %@", MSID_PII_LOG_TRACKABLE(account.identifier), MSID_PII_LOG_EMAIL(account.username));
+    
     return account;
 }
 
 - (NSArray<MSALAccount *> *)accountsForParameters:(MSALAccountEnumerationParameters *)parameters
                                             error:(NSError **)error
 {
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Querying MSAL accounts with parameters (identifier=%@, tenantProfileId=%@, username=%@, return only signed in accounts %d)", MSID_PII_LOG_MASKABLE(parameters.identifier), MSID_PII_LOG_MASKABLE(parameters.tenantProfileIdentifier), MSID_PII_LOG_EMAIL(parameters.username), parameters.returnOnlySignedInAccounts);
+    
     MSALAccountsProvider *request = [[MSALAccountsProvider alloc] initWithTokenCache:self.tokenCache
                                                                             clientId:self.internalConfig.clientId
                                                              externalAccountProvider:self.externalAccountHandler];
@@ -382,12 +388,16 @@ - (MSALAccount *)accountForIdentifier:(NSString *)identifier
     
     if (error) *error = [MSALErrorConverter msalErrorFromMsidError:msidError];
     
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Found MSAL accounts with count %ld", (long)accounts.count);
+    
     return accounts;
 }
 
 - (MSALAccount *)accountForUsername:(NSString *)username
                               error:(NSError * __autoreleasing *)error
 {
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Querying MSAL account for username %@", MSID_PII_LOG_EMAIL(username));
+    
     MSALAccountsProvider *request = [[MSALAccountsProvider alloc] initWithTokenCache:self.tokenCache
                                                                             clientId:self.internalConfig.clientId
                                                              externalAccountProvider:self.externalAccountHandler];
@@ -396,6 +406,8 @@ - (MSALAccount *)accountForUsername:(NSString *)username
     MSALAccount *account = [request accountForParameters:parameters error:&msidError];
 
     if (error) *error = [MSALErrorConverter msalErrorFromMsidError:msidError];
+    
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Found MSAL account with identifier %@, username %@", MSID_PII_LOG_TRACKABLE(account.identifier), MSID_PII_LOG_EMAIL(account.username));
 
     return account;
 }
diff --git a/MSAL/src/MSAL_Internal.h b/MSAL/src/MSAL_Internal.h
@@ -27,7 +27,7 @@
 
 #define MSAL_VER_HIGH       1
 #define MSAL_VER_LOW        0
-#define MSAL_VER_PATCH      3
+#define MSAL_VER_PATCH      4
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)
diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m
@@ -51,9 +51,7 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE
     self = [super initWithJSONDictionary:jsonDictionary error:error];
     
     if (self)
-    {
-        MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Creating external account from ADAL account");
-        
+    {        
         if (![_accountType isEqualToString:kADALAccountType])
         {
             MSID_LOG_WITH_CTX(MSIDLogLevelError, nil, @"Failed to create ADAL account. Wrong account type %@ provided", _accountType);
@@ -97,6 +95,20 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE
         {
             _identifier = [MSIDAccountIdentifier homeAccountIdentifierFromUid:_objectId utid:_tenantId];
         }
+        else
+        {
+            NSDictionary *additionalPropertiesDictionary = [jsonDictionary msidObjectForKey:@"additionalProperties" ofClass:[NSDictionary class]];
+            
+            if (additionalPropertiesDictionary)
+            {
+                NSString *homeAccountId = [additionalPropertiesDictionary msidObjectForKey:@"home_account_id" ofClass:[NSString class]];
+                
+                if (![NSString msidIsStringNilOrBlank:homeAccountId])
+                {
+                    _identifier = homeAccountId;
+                }
+            }
+        }
         
         NSMutableDictionary *claims = [NSMutableDictionary new];
         
@@ -134,17 +146,17 @@ - (BOOL)matchesParameters:(MSALAccountEnumerationParameters *)parameters
     
     if (parameters.identifier)
     {
-        matchResult &= ([self.identifier caseInsensitiveCompare:parameters.identifier] == NSOrderedSame);
+        matchResult &= (self.identifier && [self.identifier caseInsensitiveCompare:parameters.identifier] == NSOrderedSame);
     }
     
     if (parameters.username)
     {
-        matchResult &= ([self.username caseInsensitiveCompare:parameters.username] == NSOrderedSame);
+        matchResult &= (self.username && [self.username caseInsensitiveCompare:parameters.username] == NSOrderedSame);
     }
     
     if (parameters.tenantProfileIdentifier)
     {
-        matchResult &= ([self.objectId caseInsensitiveCompare:parameters.tenantProfileIdentifier] == NSOrderedSame);
+        matchResult &= (self.objectId && [self.objectId caseInsensitiveCompare:parameters.tenantProfileIdentifier] == NSOrderedSame);
     }
     
     return matchResult &= [super matchesParameters:parameters];
diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m
@@ -104,7 +104,11 @@ - (instancetype)initWithMSALAccount:(id<MSALAccount>)account
     
     jsonDictionary[@"signInStatus"] = @{appBundleId : @"SignedIn"};
     jsonDictionary[@"username"] = account.username;
-    jsonDictionary[@"additionalProperties"] = @{@"createdBy": appName};
+    
+    NSMutableDictionary *additionalProperties = [NSMutableDictionary new];
+    [additionalProperties addEntriesFromDictionary:@{@"createdBy": appName}];
+    [additionalProperties addEntriesFromDictionary:[self additionalPropertiesFromMSALAccount:account claims:claims]];
+    jsonDictionary[@"additionalProperties"] = additionalProperties;
     [jsonDictionary addEntriesFromDictionary:[self claimsFromMSALAccount:account claims:claims]];
     return [self initWithJSONDictionary:jsonDictionary error:error];
 }
@@ -118,6 +122,7 @@ - (BOOL)matchesParameters:(MSALAccountEnumerationParameters *)parameters
         NSString *appIdentifier = [[NSBundle mainBundle] bundleIdentifier];
         NSString *signinStatus = [self.signinStatusDictionary msidStringObjectForKey:appIdentifier];
         
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Requested to only returned signed in accounts. Current sign in status for the app is %@", signinStatus);
         return [signinStatus isEqualToString:@"SignedIn"];
     }
     else if (![self.signinStatusDictionary count])
@@ -179,6 +184,7 @@ - (BOOL)updateAccountWithMSALAccount:(id<MSALAccount>)account
     
     mutableAdditionalInfo[@"updatedBy"] = appName;
     mutableAdditionalInfo[@"updatedAt"] = [[[self class] dateFormatter] stringFromDate:[NSDate date]];
+    [mutableAdditionalInfo addEntriesFromDictionary:[self additionalPropertiesFromMSALAccount:account claims:nil]];
     
     oldDictionary[@"additionalProperties"] = mutableAdditionalInfo;
     
@@ -197,6 +203,16 @@ - (NSDictionary *)claimsFromMSALAccount:(id<MSALAccount>)account claims:(NSDicti
     return nil;
 }
 
+- (NSDictionary *)additionalPropertiesFromMSALAccount:(id<MSALAccount>)account claims:(NSDictionary *)claims
+{
+    if (account.identifier)
+    {
+        return @{@"home_account_id": account.identifier};
+    }
+    
+    return nil;
+}
+
 #pragma mark - Helpers
 
 + (NSDateFormatter *)dateFormatter
diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedAccountsProvider.m b/MSAL/src/configuration/external/ios/MSALLegacySharedAccountsProvider.m
@@ -90,7 +90,7 @@ - (instancetype)initWithSharedKeychainAccessGroup:(NSString *)sharedGroup
 - (nullable NSArray<id<MSALAccount>> *)accountsWithParametersImpl:(MSALAccountEnumerationParameters *)parameters
                                                             error:(NSError * _Nullable * _Nullable)error
 {
-    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Reading accounts with parameters %@", MSID_PII_LOG_MASKABLE(parameters));
+    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Reading accounts with parameters (identifier=%@, tenantProfileId=%@, username=%@, return only signed in accounts %d)", MSID_PII_LOG_MASKABLE(parameters.identifier), MSID_PII_LOG_MASKABLE(parameters.tenantProfileIdentifier), MSID_PII_LOG_EMAIL(parameters.username), parameters.returnOnlySignedInAccounts);
     
     NSMutableSet *allAccounts = [NSMutableSet new];
     NSTimeInterval lastWrite = [[NSDate distantPast] timeIntervalSince1970];
diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedMSAAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedMSAAccount.m
@@ -110,12 +110,12 @@ - (BOOL)matchesParameters:(MSALAccountEnumerationParameters *)parameters
     
     if (parameters.identifier)
     {
-        matchResult &= ([self.identifier caseInsensitiveCompare:parameters.identifier] == NSOrderedSame);
+        matchResult &= (self.identifier && [self.identifier caseInsensitiveCompare:parameters.identifier] == NSOrderedSame);
     }
     
     if (parameters.username)
     {
-        matchResult &= ([self.username caseInsensitiveCompare:parameters.username] == NSOrderedSame);
+        matchResult &= (self.username && [self.username caseInsensitiveCompare:parameters.username] == NSOrderedSame);
     }
     
     if (parameters.tenantProfileIdentifier)
diff --git a/MSAL/src/instance/MSALAccountsProvider.m b/MSAL/src/instance/MSALAccountsProvider.m
@@ -47,6 +47,7 @@
 #import "MSALAccountEnumerationParameters.h"
 #import "MSALErrorConverter.h"
 #import "MSALTenantProfile.h"
+#import "MSALAccount+MultiTenantAccount.h"
 
 @interface MSALAccountsProvider()
 
@@ -231,7 +232,7 @@ - (MSALAccount *)accountForParameters:(MSALAccountEnumerationParameters *)parame
         
         if ([externalAccount.mTenantProfiles count])
         {
-            NSArray<MSALTenantProfile *> *homeTenantProfileArray = [externalAccount.mTenantProfiles filteredArrayUsingPredicate:self.homeTenantFilterPredicate];
+            NSArray<MSALTenantProfile *> *homeTenantProfileArray = [externalAccount.tenantProfiles filteredArrayUsingPredicate:self.homeTenantFilterPredicate];
             if ([homeTenantProfileArray count] == 1) accountClaims = homeTenantProfileArray[0].claims;
         }
     
@@ -252,12 +253,13 @@ - (void)addMSALAccount:(MSALAccount *)account toSet:(NSMutableSet *)allAccountsS
     }
     else
     {
-        [existingAccount addTenantProfiles:account.mTenantProfiles];
+        [existingAccount addTenantProfiles:account.tenantProfiles];
     }
     
     if (accountClaims)
     {
         existingAccount.accountClaims = accountClaims;
+        existingAccount.username = account.username;
     }
 }
 
diff --git a/MSAL/test/unit/MSALAccountTests.m b/MSAL/test/unit/MSALAccountTests.m
diff --git a/MSAL/test/unit/ios/external-cache/MSALLegacySharedADALAccountTests.m b/MSAL/test/unit/ios/external-cache/MSALLegacySharedADALAccountTests.m
diff --git a/MSAL/test/unit/ios/external-cache/MSALLegacySharedAccountTests.m b/MSAL/test/unit/ios/external-cache/MSALLegacySharedAccountTests.m

Original file line number	Diff line number	Diff line change
`@@ -51,9 +51,7 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE`
`51`	`51`	`self = [super initWithJSONDictionary:jsonDictionary error:error];`
`52`	`52`
`53`	`53`	`if (self)`
`54`		`- {`
`55`		`- MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Creating external account from ADAL account");`
`56`		`-`
	`54`	`+ {`
`57`	`55`	`if (![_accountType isEqualToString:kADALAccountType])`
`58`	`56`	`{`
`59`	`57`	`MSID_LOG_WITH_CTX(MSIDLogLevelError, nil, @"Failed to create ADAL account. Wrong account type %@ provided", _accountType);`
`@@ -97,6 +95,20 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE`
`97`	`95`	`{`
`98`	`96`	`_identifier = [MSIDAccountIdentifier homeAccountIdentifierFromUid:_objectId utid:_tenantId];`
`99`	`97`	`}`
	`98`	`+ else`
	`99`	`+ {`
	`100`	`+ NSDictionary *additionalPropertiesDictionary = [jsonDictionary msidObjectForKey:@"additionalProperties" ofClass:[NSDictionary class]];`
	`101`	`+`
	`102`	`+ if (additionalPropertiesDictionary)`
	`103`	`+ {`
	`104`	`+ NSString *homeAccountId = [additionalPropertiesDictionary msidObjectForKey:@"home_account_id" ofClass:[NSString class]];`
	`105`	`+`
	`106`	`+ if (![NSString msidIsStringNilOrBlank:homeAccountId])`
	`107`	`+ {`
	`108`	`+ _identifier = homeAccountId;`
	`109`	`+ }`
	`110`	`+ }`
	`111`	`+ }`
`100`	`112`
`101`	`113`	`NSMutableDictionary *claims = [NSMutableDictionary new];`
`102`	`114`
`@@ -134,17 +146,17 @@ - (BOOL)matchesParameters:(MSALAccountEnumerationParameters *)parameters`
`134`	`146`
`135`	`147`	`if (parameters.identifier)`
`136`	`148`	`{`
`137`		`- matchResult &= ([self.identifier caseInsensitiveCompare:parameters.identifier] == NSOrderedSame);`
	`149`	`+ matchResult &= (self.identifier && [self.identifier caseInsensitiveCompare:parameters.identifier] == NSOrderedSame);`
`138`	`150`	`}`
`139`	`151`
`140`	`152`	`if (parameters.username)`
`141`	`153`	`{`
`142`		`- matchResult &= ([self.username caseInsensitiveCompare:parameters.username] == NSOrderedSame);`
	`154`	`+ matchResult &= (self.username && [self.username caseInsensitiveCompare:parameters.username] == NSOrderedSame);`
`143`	`155`	`}`
`144`	`156`
`145`	`157`	`if (parameters.tenantProfileIdentifier)`
`146`	`158`	`{`
`147`		`- matchResult &= ([self.objectId caseInsensitiveCompare:parameters.tenantProfileIdentifier] == NSOrderedSame);`
	`159`	`+ matchResult &= (self.objectId && [self.objectId caseInsensitiveCompare:parameters.tenantProfileIdentifier] == NSOrderedSame);`
`148`	`160`	`}`
`149`	`161`
`150`	`162`	`return matchResult &= [super matchesParameters:parameters];`