Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split authority #151

Merged
merged 58 commits into from
Sep 12, 2018
Merged

Split authority #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
e84b227
Split authorities.
antrix1989 Jun 23, 2018
263cf6f
Merge branch 'dev' into sedemche/split_authorities
antrix1989 Jun 23, 2018
e4e2bc3
Fixes after merge conflict.
antrix1989 Jun 23, 2018
94b7545
Refactor MSIDAadAuthorityCache.
antrix1989 Jun 25, 2018
d4b1ded
Use MSIDAuthority in MSIDAccount.
antrix1989 Jun 25, 2018
346dd15
Uncomment MSIDAADAuthorityTests.
antrix1989 Jun 25, 2018
14a75fe
Normalize MSIDADFSAuthority.
antrix1989 Jun 25, 2018
3f3f925
Use universal url in cacheUrlWithContext.
antrix1989 Jun 25, 2018
77ee6d3
Use universal url in cacheAliases.
antrix1989 Jun 25, 2018
12739ce
Code cleaning.
antrix1989 Jun 25, 2018
423d24f
Merge branch 'dev' into sedemche/split_authorities
antrix1989 Jun 27, 2018
7d57ca4
Fixes after merge.
antrix1989 Jun 27, 2018
5ade21d
Fix project file.
antrix1989 Jul 3, 2018
b6ef418
Rename DRS enum.
antrix1989 Jul 3, 2018
8f245a9
Remove commented code.
antrix1989 Jul 3, 2018
374a7b9
Fix DRS discovery request.
antrix1989 Jul 3, 2018
33a5041
Support NSCopying in MSIDCache.
antrix1989 Jul 3, 2018
ee537b0
Fill in the error.
antrix1989 Jul 3, 2018
10a8ada
Pass host instead of url in aadAuthorityWithEnvironment.
antrix1989 Jul 3, 2018
7ac3f98
Removed cache from public properties.
antrix1989 Jul 4, 2018
fe02792
Fix unit tests.
antrix1989 Jul 4, 2018
d5457e3
Remove cacheURLForAuthority from factories.
antrix1989 Jul 4, 2018
d06fd38
Use MSIDAuthority in MSIDConfiguration.
antrix1989 Jul 4, 2018
4f7642e
Change storageAuthority type to MSIDAuthority.
antrix1989 Jul 4, 2018
eea6019
Code cleaning.
antrix1989 Jul 4, 2018
fa1d573
Merge branch 'sedemche/split_authorities' of github.com:AzureAD/micro…
antrix1989 Jul 4, 2018
50aa997
Save authority metadata in property.
antrix1989 Jul 5, 2018
8d320a5
Refactor authorities.
antrix1989 Jul 6, 2018
18255d8
Configure MSIDOpenIdConfigurationInfoRequest.
antrix1989 Jul 6, 2018
e032078
Fix issue with nil metadata in authority.
antrix1989 Jul 6, 2018
5fd5f21
Move out logic for detecting known host from MSIDAuthority to MSIDAAD…
antrix1989 Jul 10, 2018
e45ed5d
Add legacyCacheRefreshTokenLookupAliases to authorities.
antrix1989 Jul 12, 2018
ee20e42
Remove isTenantless.
antrix1989 Jul 12, 2018
b7b7c2a
Reuse authority factory.
antrix1989 Jul 13, 2018
8063c50
Remove isKnownHost from MSIDAuthority.
antrix1989 Jul 13, 2018
ca446c4
Remove trustedHosts method from MSIDAuthority.
antrix1989 Jul 13, 2018
0812464
Merge branch 'dev' into sedemche/split_authorities
antrix1989 Jul 13, 2018
3d1d0a6
Merge branch 'dev' into sedemche/split_authorities
antrix1989 Sep 5, 2018
d2a1d30
Fix list of known hosts.
antrix1989 Sep 6, 2018
1991882
Remove cacheURLForAuthority from MSIDOauth2Factory.
antrix1989 Sep 6, 2018
9ccc679
Remove legacyRefreshTokenLookupAuthorities from MSIDOauth2Factory.
antrix1989 Sep 6, 2018
666c64b
Remove legacyAccessTokenLookupAuthorities from MSIDOauth2Factory.
antrix1989 Sep 6, 2018
1434eb0
Code cleaning.
antrix1989 Sep 6, 2018
c0b00df
Rename authorityType -> telemetryAuthorityType.
antrix1989 Sep 6, 2018
11d74cc
Copy openIdConfigurationEndpoint.
antrix1989 Sep 6, 2018
2785096
Remove intitializer with url & tenant from base MSIDAuthroity class.
antrix1989 Sep 7, 2018
ff5e718
Fix validating MSIDADFSAuthority in MSIDAuthorityFactory.
antrix1989 Sep 7, 2018
26ebba1
Refactor MSIDAuthorityFactory.
antrix1989 Sep 7, 2018
94a7622
Provide underlyingError in MSIDAuthorityFactory during authority pars…
antrix1989 Sep 7, 2018
8985b65
Add 'environment' property to authority class.
antrix1989 Sep 7, 2018
5bbda28
Merge branch 'dev' into sedemche/split_authorities
antrix1989 Sep 8, 2018
c9e0945
Verify for nil authority.
antrix1989 Sep 8, 2018
5f33aa3
Fixed default accessor with authority aliases
oldalton Sep 9, 2018
1308a1b
Fixed duplicate file issues
oldalton Sep 9, 2018
c517b89
Fixed automation with new authorities
oldalton Sep 9, 2018
9b30681
Use authority factory in credential helper.
antrix1989 Sep 10, 2018
b14ff46
Merge from sedemche/split_authorities
oldalton Sep 10, 2018
bbcb8c6
Merge pull request #225 from AzureAD/oldalton/authority_aliases_fixes
oldalton Sep 10, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
195 changes: 126 additions & 69 deletions IdentityCore/IdentityCore.xcodeproj/project.pbxproj
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions IdentityCore/src/MSIDAADNetworkConfiguration.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,8 @@

@property (nonatomic, nullable) NSString *drsDiscoveryApiVersion;

- (BOOL)isAADPublicCloud:(nonnull NSString *)host;

- (nonnull NSSet<NSString *> *)trustedHosts;

@end
23 changes: 23 additions & 0 deletions IdentityCore/src/MSIDAADNetworkConfiguration.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@

#import "MSIDAADNetworkConfiguration.h"
#import "MSIDAADEndpointProvider.h"
#import "MSIDConstants.h"

static MSIDAADNetworkConfiguration *s_defaultConfiguration;
static NSSet<NSString *> *s_trustedHostList;

@implementation MSIDAADNetworkConfiguration

Expand All @@ -33,6 +35,15 @@ + (void)initialize
if (self == [MSIDAADNetworkConfiguration self])
{
s_defaultConfiguration = [MSIDAADNetworkConfiguration new];

s_trustedHostList = [NSSet setWithObjects:MSIDTrustedAuthority,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please see a comment in another PR about making sure the list of authorities is up to date

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

MSIDTrustedAuthorityUS,
MSIDTrustedAuthorityChina,
MSIDTrustedAuthorityChina2,
MSIDTrustedAuthorityGermany,
MSIDTrustedAuthorityWorldWide,
MSIDTrustedAuthorityUSGovernment,
MSIDTrustedAuthorityCloudGovApi, nil];
}
}

Expand All @@ -59,4 +70,16 @@ + (void)setDefaultConfiguration:(MSIDAADNetworkConfiguration *)defaultConfigurat
s_defaultConfiguration = defaultConfiguration;
}

- (BOOL)isAADPublicCloud:(NSString *)host
{
if (!host) return NO;

return [s_trustedHostList containsObject:host];
}

- (NSSet<NSString *> *)trustedHosts
{
return s_trustedHostList;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: remove ;

}

@end
2 changes: 1 addition & 1 deletion IdentityCore/src/MSIDCache.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@

NS_ASSUME_NONNULL_BEGIN

@interface MSIDCache <KeyType, ObjectType> : NSObject
@interface MSIDCache <KeyType, ObjectType> : NSObject <NSCopying>

- (nullable ObjectType)objectForKey:(KeyType)key;

Expand Down
10 changes: 10 additions & 0 deletions IdentityCore/src/MSIDCache.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,14 @@ - (NSUInteger)count
return count;
}

#pragma mark - NSCopying

- (id)copyWithZone:(NSZone *)zone
{
MSIDCache *item = [[self.class allocWithZone:zone] init];
item->_container = [_container copyWithZone:zone];

return item;
}

@end
19 changes: 14 additions & 5 deletions IdentityCore/src/MSIDConstants.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,17 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.

extern NSString *const MSID_PLATFORM_KEY;//The SDK platform. iOS or OSX
extern NSString *const MSID_VERSION_KEY;
extern NSString *const MSID_CPU_KEY;//E.g. ARM64
extern NSString *const MSID_OS_VER_KEY;//iOS/OSX version
extern NSString *const MSID_DEVICE_MODEL_KEY;//E.g. iPhone 5S
extern NSString * _Nonnull const MSID_PLATFORM_KEY;//The SDK platform. iOS or OSX
extern NSString * _Nonnull const MSID_VERSION_KEY;
extern NSString * _Nonnull const MSID_CPU_KEY;//E.g. ARM64
extern NSString * _Nonnull const MSID_OS_VER_KEY;//iOS/OSX version
extern NSString * _Nonnull const MSID_DEVICE_MODEL_KEY;//E.g. iPhone 5S

extern NSString * _Nonnull const MSIDTrustedAuthority;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can we follow the same format as other constants?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decided to keep camel case constants and change upper case constants to camel case latter.

extern NSString * _Nonnull const MSIDTrustedAuthorityUS;
extern NSString * _Nonnull const MSIDTrustedAuthorityChina;
extern NSString * _Nonnull const MSIDTrustedAuthorityChina2;
extern NSString * _Nonnull const MSIDTrustedAuthorityGermany;
extern NSString * _Nonnull const MSIDTrustedAuthorityWorldWide;
extern NSString * _Nonnull const MSIDTrustedAuthorityUSGovernment;
extern NSString * _Nonnull const MSIDTrustedAuthorityCloudGovApi;
9 changes: 9 additions & 0 deletions IdentityCore/src/MSIDConstants.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,12 @@
NSString *const MSID_CPU_KEY = @"x-client-CPU";
NSString *const MSID_OS_VER_KEY = @"x-client-OS";
NSString *const MSID_DEVICE_MODEL_KEY = @"x-client-DM";

NSString *const MSIDTrustedAuthority = @"login.windows.net";
NSString *const MSIDTrustedAuthorityUS = @"login.microsoftonline.us";
NSString *const MSIDTrustedAuthorityChina = @"login.chinacloudapi.cn";
NSString *const MSIDTrustedAuthorityChina2 = @"login.partner.microsoftonline.cn";
NSString *const MSIDTrustedAuthorityGermany = @"login.microsoftonline.de";
NSString *const MSIDTrustedAuthorityWorldWide = @"login.microsoftonline.com";
NSString *const MSIDTrustedAuthorityUSGovernment = @"login-us.microsoftonline.com";
NSString *const MSIDTrustedAuthorityCloudGovApi = @"login.usgovcloudapi.net";
6 changes: 3 additions & 3 deletions IdentityCore/src/MSIDADFSType.h → IdentityCore/src/MSIDDRSType.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.

typedef NS_ENUM(NSInteger, MSIDADFSType)
typedef NS_ENUM(NSInteger, MSIDDRSType)
{
MSIDADFSTypeOnPrems,
MSIDADFSTypeCloud
MSIDDRSTypeOnPrem,
MSIDDRSTypeInCloud
};
75 changes: 36 additions & 39 deletions IdentityCore/src/cache/accessor/MSIDDefaultTokenCacheAccessor.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
#import "MSIDDefaultAccountCacheQuery.h"
#import "MSIDAccountIdentifier.h"
#import "MSIDTelemetry+Cache.h"
#import "MSIDAuthority.h"
#import "MSIDAuthorityFactory.h"

@interface MSIDDefaultTokenCacheAccessor()
{
Expand Down Expand Up @@ -137,8 +139,8 @@ - (MSIDRefreshToken *)getRefreshTokenWithAccount:(MSIDAccountIdentifier *)accoun

MSIDDefaultCredentialCacheQuery *query = [MSIDDefaultCredentialCacheQuery new];
query.homeAccountId = account.homeAccountId;
query.environment = configuration.authority.msidHostWithPortIfNecessary;
query.clientId = configuration.clientId;
query.environmentAliases = [_factory defaultCacheAliasesForEnvironment:configuration.authority.environment];
query.clientId = familyId ? nil : configuration.clientId;
query.familyId = familyId;
query.credentialType = MSIDRefreshTokenType;

Expand Down Expand Up @@ -219,8 +221,8 @@ - (MSIDAccessToken *)getAccessTokenForAccount:(MSIDAccountIdentifier *)account

MSIDDefaultCredentialCacheQuery *query = [MSIDDefaultCredentialCacheQuery new];
query.homeAccountId = account.homeAccountId;
query.environment = configuration.authority.msidHostWithPortIfNecessary;
query.realm = configuration.authority.msidTenant;
query.environmentAliases = [_factory defaultCacheAliasesForEnvironment:configuration.authority.environment];
query.realm = configuration.authority.url.msidTenant;
query.clientId = configuration.clientId;
query.target = configuration.target;
query.targetMatchingOptions = MSIDSubSet;
Expand All @@ -239,8 +241,8 @@ - (MSIDIdToken *)getIDTokenForAccount:(MSIDAccountIdentifier *)account
{
MSIDDefaultCredentialCacheQuery *query = [MSIDDefaultCredentialCacheQuery new];
query.homeAccountId = account.homeAccountId;
query.environment = configuration.authority.msidHostWithPortIfNecessary;
query.realm = configuration.authority.msidTenant;
query.environmentAliases = [_factory defaultCacheAliasesForEnvironment:configuration.authority.environment];
query.realm = configuration.authority.url.msidTenant;
query.clientId = configuration.clientId;
query.credentialType = MSIDIDTokenType;

Expand All @@ -265,11 +267,11 @@ - (MSIDIdToken *)getIDTokenForAccount:(MSIDAccountIdentifier *)account
NSArray<NSString *> *environmentAliases = [_factory defaultCacheAliasesForEnvironment:environment];
__auto_type accountsPerUserId = [self getAccountsPerUserIdForAliases:environmentAliases context:context error:error];

if (!accountsPerUserId)
if (![accountsPerUserId count])
{
MSID_LOG_INFO(context, @"No accounts found, returning!");
[MSIDTelemetry stopCacheEvent:event withItem:nil success:NO context:context];
return nil;
return @[];
}

MSIDDefaultCredentialCacheQuery *credentialsQuery = [MSIDDefaultCredentialCacheQuery new];
Expand Down Expand Up @@ -321,7 +323,7 @@ - (MSIDAccount *)accountForIdentifier:(MSIDAccountIdentifier *)accountIdentifier

MSIDDefaultAccountCacheQuery *cacheQuery = [MSIDDefaultAccountCacheQuery new];
cacheQuery.homeAccountId = accountIdentifier.homeAccountId;
cacheQuery.environmentAliases = [_factory defaultCacheAliasesForEnvironment:configuration.authority.msidHostWithPortIfNecessary];
cacheQuery.environmentAliases = [_factory defaultCacheAliasesForEnvironment:configuration.authority.environment];
cacheQuery.accountType = MSIDAccountTypeMSSTS;

NSArray<MSIDAccountCacheItem *> *accountCacheItems = [_accountCredentialCache getAccountsWithQuery:cacheQuery context:context error:error];
Expand Down Expand Up @@ -440,7 +442,7 @@ - (BOOL)validateAndRemoveRefreshToken:(MSIDRefreshToken *)token
MSID_LOG_VERBOSE(context, @"Removing refresh token with clientID %@, authority %@", token.clientId, token.authority);
MSID_LOG_VERBOSE_PII(context, @"Removing refresh token with clientID %@, authority %@, userId %@, token %@", token.clientId, token.authority, token.accountIdentifier.homeAccountId, _PII_NULLIFY(token.refreshToken));

NSURL *authority = token.storageAuthority ? token.storageAuthority : token.authority;
NSURL *authority = token.storageAuthority.url ? token.storageAuthority.url : token.authority.url;

MSIDDefaultCredentialCacheQuery *query = [MSIDDefaultCredentialCacheQuery new];
query.homeAccountId = token.accountIdentifier.homeAccountId;
Expand Down Expand Up @@ -650,8 +652,8 @@ - (BOOL)saveAccessToken:(MSIDAccessToken *)accessToken
// Delete access tokens with intersecting scopes
MSIDDefaultCredentialCacheQuery *query = [MSIDDefaultCredentialCacheQuery new];
query.homeAccountId = accessToken.accountIdentifier.homeAccountId;
query.environment = accessToken.authority.msidHostWithPortIfNecessary;
query.realm = accessToken.authority.msidTenant;
query.environment = accessToken.authority.environment;
query.realm = accessToken.authority.url.msidTenant;
query.clientId = accessToken.clientId;
query.target = [accessToken.scopes msidToString];
query.targetMatchingOptions = MSIDIntersect;
Expand Down Expand Up @@ -727,42 +729,37 @@ - (BOOL)removeToken:(MSIDBaseToken *)token

#pragma mark - Private

- (MSIDBaseToken *)getTokenWithAuthority:(NSURL *)authority
- (MSIDBaseToken *)getTokenWithAuthority:(MSIDAuthority *)authority
cacheQuery:(MSIDDefaultCredentialCacheQuery *)cacheQuery
context:(id<MSIDRequestContext>)context
error:(NSError **)error
{
MSIDTelemetryCacheEvent *event = [MSIDTelemetry startCacheEventWithName:MSID_TELEMETRY_EVENT_TOKEN_CACHE_LOOKUP context:context];

NSArray<NSString *> *aliases = [_factory defaultCacheAliasesForEnvironment:authority.msidHostWithPortIfNecessary];
MSID_LOG_VERBOSE(context, @"(Default accessor) Looking for token with aliases %@, tenant %@, clientId %@, scopes %@", cacheQuery.environmentAliases, cacheQuery.realm, cacheQuery.clientId, cacheQuery.target);

for (NSString *alias in aliases)
{
MSID_LOG_VERBOSE(context, @"(Default accessor) Looking for token with alias %@, tenant %@, clientId %@, scopes %@", alias, cacheQuery.realm, cacheQuery.clientId, cacheQuery.target);
NSError *cacheError = nil;

NSError *cacheError = nil;
NSArray<MSIDCredentialCacheItem *> *cacheItems = [_accountCredentialCache getCredentialsWithQuery:cacheQuery legacyUserId:nil context:context error:error];

NSArray<MSIDCredentialCacheItem *> *cacheItems = [_accountCredentialCache getCredentialsWithQuery:cacheQuery legacyUserId:nil context:context error:error];
if (cacheError)
{
if (error) *error = cacheError;
[MSIDTelemetry stopCacheEvent:event withItem:nil success:NO context:context];
return nil;
}

if (cacheError)
{
if (error) *error = cacheError;
[MSIDTelemetry stopCacheEvent:event withItem:nil success:NO context:context];
return nil;
}
if ([cacheItems count])
{
MSIDBaseToken *resultToken = [cacheItems[0] tokenWithType:cacheQuery.credentialType];

if ([cacheItems count])
if (resultToken)
{
MSIDBaseToken *resultToken = [cacheItems[0] tokenWithType:cacheQuery.credentialType];

if (resultToken)
{
MSID_LOG_VERBOSE(context, @"(Default accessor) Found %lu tokens", (unsigned long)[cacheItems count]);
resultToken.storageAuthority = resultToken.authority;
resultToken.authority = authority;
[MSIDTelemetry stopCacheEvent:event withItem:resultToken success:YES context:context];
return resultToken;
}
MSID_LOG_VERBOSE(context, @"(Default accessor) Found %lu tokens", (unsigned long)[cacheItems count]);
resultToken.storageAuthority = resultToken.authority;
resultToken.authority = authority;
[MSIDTelemetry stopCacheEvent:event withItem:resultToken success:YES context:context];
return resultToken;
}
}

Expand All @@ -778,7 +775,7 @@ - (MSIDBaseToken *)getTokenWithAuthority:(NSURL *)authority
}

- (MSIDBaseToken *)getRefreshTokenByLegacyUserId:(NSString *)legacyUserId
authority:(NSURL *)authority
authority:(MSIDAuthority *)authority
clientId:(NSString *)clientId
familyId:(NSString *)familyId
context:(id<MSIDRequestContext>)context
Expand All @@ -789,7 +786,7 @@ - (MSIDBaseToken *)getRefreshTokenByLegacyUserId:(NSString *)legacyUserId

MSIDTelemetryCacheEvent *event = [MSIDTelemetry startCacheEventWithName:MSID_TELEMETRY_EVENT_TOKEN_CACHE_LOOKUP context:context];

NSArray<NSString *> *aliases = [_factory defaultCacheAliasesForEnvironment:authority.msidHostWithPortIfNecessary];
NSArray<NSString *> *aliases = [_factory defaultCacheAliasesForEnvironment:authority.environment];

NSString *clientIdForQueries = clientId;

Expand Down Expand Up @@ -875,7 +872,7 @@ - (BOOL)saveAccount:(MSIDAccount *)account

MSIDTelemetryCacheEvent *event = [MSIDTelemetry startCacheEventWithName:MSID_TELEMETRY_EVENT_TOKEN_CACHE_WRITE context:context];
MSIDAccountCacheItem *cacheItem = account.accountCacheItem;
cacheItem.environment = [_factory cacheEnvironmentFromEnvironment:account.authority.msidHostWithPortIfNecessary context:context];
cacheItem.environment = [_factory cacheEnvironmentFromEnvironment:account.authority.environment context:context];

BOOL result = [_accountCredentialCache saveAccount:cacheItem context:context error:error];
[MSIDTelemetry stopCacheEvent:event withItem:nil success:result context:context];
Expand Down
Loading