diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore index 9c814da0b7..330fcd8564 160000 --- a/MSAL/IdentityCore +++ b/MSAL/IdentityCore @@ -1 +1 @@ -Subproject commit 9c814da0b778473f247fb59ae7fa3bbd9045cb4f +Subproject commit 330fcd8564ca1edab8fd92b161d0f1e3d85c3cbc diff --git a/MSAL/MSAL.xcodeproj/project.pbxproj b/MSAL/MSAL.xcodeproj/project.pbxproj index 219b55bfed..b905028f30 100644 --- a/MSAL/MSAL.xcodeproj/project.pbxproj +++ b/MSAL/MSAL.xcodeproj/project.pbxproj @@ -75,6 +75,12 @@ 96875DEF1E59A39C00D7847F /* MSALAuthorityBaseResolverTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 96875DED1E59A39C00D7847F /* MSALAuthorityBaseResolverTests.m */; }; 96875DF11E59A3B000D7847F /* MSALAadAuthorityResolverTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 96875DF01E59A3B000D7847F /* MSALAadAuthorityResolverTests.m */; }; 96875DF21E59A3B000D7847F /* MSALAadAuthorityResolverTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 96875DF01E59A3B000D7847F /* MSALAadAuthorityResolverTests.m */; }; + 96902DF320E1577500200E6F /* WebKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 96902DEC20E1574F00200E6F /* WebKit.framework */; }; + 96902DF420E1578700200E6F /* WebKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 96902DEC20E1574F00200E6F /* WebKit.framework */; }; + 96902DF620E1579000200E6F /* WebKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 96902DF520E1579000200E6F /* WebKit.framework */; }; + 96902DF920E157B400200E6F /* WebKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 96902DF520E1579000200E6F /* WebKit.framework */; }; + 96902DFB20E158E700200E6F /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 96902DFA20E158E700200E6F /* GSS.framework */; }; + 96902DFD20E1590200200E6F /* SecurityInterface.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 96902DFC20E1590200200E6F /* SecurityInterface.framework */; }; 969B86871E776042000AF437 /* MSALPkce.h in Headers */ = {isa = PBXBuildFile; fileRef = 969B86851E776042000AF437 /* MSALPkce.h */; }; 969B86891E776042000AF437 /* MSALPkce.m in Sources */ = {isa = PBXBuildFile; fileRef = 969B86861E776042000AF437 /* MSALPkce.m */; }; 969B868B1E7778FF000AF437 /* MSALPkceTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 969B868A1E7778FF000AF437 /* MSALPkceTests.m */; }; @@ -490,6 +496,10 @@ 9675A14D1E53DFC0002A4741 /* MSALAadAuthorityResolver.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSALAadAuthorityResolver.m; sourceTree = ""; }; 96875DED1E59A39C00D7847F /* MSALAuthorityBaseResolverTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSALAuthorityBaseResolverTests.m; sourceTree = ""; }; 96875DF01E59A3B000D7847F /* MSALAadAuthorityResolverTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSALAadAuthorityResolverTests.m; sourceTree = ""; }; + 96902DEC20E1574F00200E6F /* WebKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = WebKit.framework; path = Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.4.sdk/System/Library/Frameworks/WebKit.framework; sourceTree = DEVELOPER_DIR; }; + 96902DF520E1579000200E6F /* WebKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = WebKit.framework; path = System/Library/Frameworks/WebKit.framework; sourceTree = SDKROOT; }; + 96902DFA20E158E700200E6F /* GSS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = GSS.framework; path = System/Library/Frameworks/GSS.framework; sourceTree = SDKROOT; }; + 96902DFC20E1590200200E6F /* SecurityInterface.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SecurityInterface.framework; path = System/Library/Frameworks/SecurityInterface.framework; sourceTree = SDKROOT; }; 969B86851E776042000AF437 /* MSALPkce.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MSALPkce.h; sourceTree = ""; }; 969B86861E776042000AF437 /* MSALPkce.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSALPkce.m; sourceTree = ""; }; 969B868A1E7778FF000AF437 /* MSALPkceTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSALPkceTests.m; sourceTree = ""; }; @@ -715,6 +725,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 96902DF320E1577500200E6F /* WebKit.framework in Frameworks */, B2C17B071FC8DAC50070A514 /* libIdentityCore.a in Frameworks */, D6A206341FC5109B00755A51 /* SafariServices.framework in Frameworks */, D6A206321FC5108900755A51 /* UIKit.framework in Frameworks */, @@ -726,6 +737,9 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 96902DFD20E1590200200E6F /* SecurityInterface.framework in Frameworks */, + 96902DFB20E158E700200E6F /* GSS.framework in Frameworks */, + 96902DF620E1579000200E6F /* WebKit.framework in Frameworks */, B2C17B081FC8DACC0070A514 /* libIdentityCore.a in Frameworks */, D6A2063C1FC510FB00755A51 /* IOKit.framework in Frameworks */, D6A206381FC510B500755A51 /* Security.framework in Frameworks */, @@ -737,6 +751,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 96902DF420E1578700200E6F /* WebKit.framework in Frameworks */, 231CE9DE1FEC684C00E95D3E /* Security.framework in Frameworks */, 231CE9DC1FEC682000E95D3E /* libIdentityTest.a in Frameworks */, D6A206401FC512F400755A51 /* SafariServices.framework in Frameworks */, @@ -749,6 +764,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 96902DF920E157B400200E6F /* WebKit.framework in Frameworks */, 231CE9DF1FEC7E8400E95D3E /* libIdentityTest.a in Frameworks */, D65A6FD51E3FF49C00C69FBA /* MSAL.framework in Frameworks */, ); @@ -1308,6 +1324,10 @@ D6A2062E1FC5106F00755A51 /* Frameworks */ = { isa = PBXGroup; children = ( + 96902DFC20E1590200200E6F /* SecurityInterface.framework */, + 96902DFA20E158E700200E6F /* GSS.framework */, + 96902DEC20E1574F00200E6F /* WebKit.framework */, + 96902DF520E1579000200E6F /* WebKit.framework */, 231CE9DD1FEC684C00E95D3E /* Security.framework */, D6A2063B1FC510FB00755A51 /* IOKit.framework */, D6A206371FC510B500755A51 /* Security.framework */, diff --git a/MSAL/src/MSALErrorConverter.m b/MSAL/src/MSALErrorConverter.m index 76205ae46e..bf4d6ee3a1 100644 --- a/MSAL/src/MSALErrorConverter.m +++ b/MSAL/src/MSALErrorConverter.m @@ -44,29 +44,35 @@ + (void)initialize s_errorCodeMapping = @{ MSIDErrorDomain:@{ + // General @(MSIDErrorInternal) : @(MSALErrorInternal), @(MSIDErrorInvalidInternalParameter) : @(MSALErrorInternal), @(MSIDErrorInvalidDeveloperParameter) :@(MSALErrorInvalidParameter), - @(MSIDErrorAmbiguousAuthority) : @(MSALErrorAmbiguousAuthority), - @(MSIDErrorInteractionRequired) : @(MSALErrorInteractionRequired), + @(MSIDErrorUnsupportedFunctionality): @(MSALErrorInternal), + // Cache @(MSIDErrorCacheMultipleUsers) : @(MSALErrorInternal), - @(MSIDErrorTokenCacheItemFailure) : @(MSALErrorTokenCacheItemFailure), - @(MSIDErrorWrapperCacheFailure) : @(MSALErrorWrapperCacheFailure), @(MSIDErrorCacheBadFormat) : @(MSALErrorWrapperCacheFailure), - @(MSIDErrorCacheVersionMismatch) : @(MSALErrorInternal), - @(MSIDErrorServerInvalidResponse) : @(MSALErrorInvalidResponse), - @(MSIDErrorDeveloperAuthorityValidation) : @(MSALErrorFailedAuthorityValidation), - @(MSIDErrorServerRefreshTokenRejected) : @(MSALErrorAuthorizationFailed), - @(MSIDErrorServerOauth) : @(MSALErrorAuthorizationFailed), - @(MSIDErrorUnsupportedFunctionality): @(MSALErrorInternal) + // Authority Validation + @(MSIDErrorAuthorityValidation) : @(MSALErrorFailedAuthorityValidation), + // Interactive flow + @(MSIDErrorAuthorizationFailed) : @(MSALErrorAuthorizationFailed), + @(MSIDErrorUserCancel) : @(MSALErrorUserCanceled), + @(MSIDErrorSessionCanceledProgrammatically) : @(MSALErrorSessionCanceled), + @(MSIDErrorInteractiveSessionStartFailure) : @(MSALErrorInternal), + @(MSIDErrorInteractiveSessionAlreadyRunning) : @(MSALErrorInteractiveSessionAlreadyRunning), + @(MSIDErrorNoMainViewController) : @(MSALErrorNoViewController), }, MSIDOAuthErrorDomain:@{ - @(MSIDErrorInvalidRequest) :@(MSALErrorInvalidRequest), - @(MSIDErrorInvalidClient) : @(MSALErrorInvalidClient), - @(MSIDErrorInvalidGrant) : @(MSALErrorInvalidParameter), - @(MSIDErrorInvalidParameter) : @(MSALErrorInvalidParameter), - @(MSIDErrorServerRefreshTokenRejected) : @(MSALErrorAuthorizationFailed), + @(MSIDErrorInteractionRequired) : @(MSALErrorInteractionRequired), @(MSIDErrorServerOauth) : @(MSALErrorAuthorizationFailed), + @(MSIDErrorServerInvalidResponse) : @(MSALErrorInvalidResponse), + @(MSIDErrorServerRefreshTokenRejected) : @(MSALErrorRefreshTokenRejected), + @(MSIDErrorServerInvalidRequest) :@(MSALErrorInvalidRequest), + @(MSIDErrorServerInvalidClient) : @(MSALErrorInvalidClient), + @(MSIDErrorServerInvalidGrant) : @(MSALErrorInvalidGrant), + @(MSIDErrorServerInvalidScope) : @(MSALErrorInvalidScope), + @(MSIDErrorServerInvalidState) : @(MSALErrorInvalidState), + @(MSIDErrorServerNonHttpsRedirect) : @(MSALErrorNonHttpsRedirect) } }; diff --git a/MSAL/src/public/MSALError.h b/MSAL/src/public/MSALError.h index b2331b8bc6..f802550657 100644 --- a/MSAL/src/public/MSALError.h +++ b/MSAL/src/public/MSALError.h @@ -89,13 +89,15 @@ typedef NS_ENUM(NSInteger, MSALErrorCode) MSALErrorInvalidRequest = -42002, MSALErrorInvalidClient = -42003, - + MSALErrorInvalidGrant = -42004, + MSALErrorInvalidScope = -42005, + /*! The passed in authority URL does not pass validation. If you're trying to use B2C, you must disable authority validation by setting validateAuthority of MSALPublicClientApplication to NO. */ - MSALErrorFailedAuthorityValidation = -42004, + MSALErrorFailedAuthorityValidation = -42010, /*! Interaction required errors occur because of a wide variety of errors @@ -182,12 +184,21 @@ typedef NS_ENUM(NSInteger, MSALErrorCode) /*! Response was received in a network call, but the response body was invalid. - + R e.g. Response was to be expected a key-value pair with "key1" and the json response does not contain "key1" elements */ MSALErrorInvalidResponse = -42600, + /*! + Server returned a refresh token reject response + */ + MSALErrorRefreshTokenRejected = -42601, + + /*! + Server tried to redirect to non http URL + */ + MSALErrorNonHttpsRedirect = -42602, }; diff --git a/MSAL/test/automation/ios/MSALAutoMainViewController.m b/MSAL/test/automation/ios/MSALAutoMainViewController.m index 0d95d0bfe0..450a7496c2 100644 --- a/MSAL/test/automation/ios/MSALAutoMainViewController.m +++ b/MSAL/test/automation/ios/MSALAutoMainViewController.m @@ -290,8 +290,7 @@ - (IBAction)expireAccessToken:(__unused id)sender MSIDConfiguration *configuration = [[MSIDConfiguration alloc] initWithAuthority:[[NSURL alloc] initWithString:parameters[MSAL_AUTHORITY_PARAM]] redirectUri:nil clientId:parameters[MSAL_CLIENT_ID_PARAM] - target:parameters[MSAL_SCOPES_PARAM] - correlationId:nil]; + target:parameters[MSAL_SCOPES_PARAM]]; __auto_type accessToken = [self.defaultAccessor getAccessTokenForAccount:account configuration:configuration context:nil error:nil]; accessToken.expiresOn = [NSDate dateWithTimeIntervalSinceNow:-1.0]; @@ -320,8 +319,7 @@ - (IBAction)invalidateRefreshToken:(__unused id)sender MSIDConfiguration *configuration = [[MSIDConfiguration alloc] initWithAuthority:[[NSURL alloc] initWithString:parameters[MSAL_AUTHORITY_PARAM]] redirectUri:nil clientId:parameters[MSAL_CLIENT_ID_PARAM] - target:parameters[MSAL_SCOPES_PARAM] - correlationId:nil]; + target:parameters[MSAL_SCOPES_PARAM]]; __auto_type refreshToken = [self.defaultAccessor getRefreshTokenWithAccount:account familyId:nil diff --git a/MSAL/test/unit/MSALAcquireTokenTests.m b/MSAL/test/unit/MSALAcquireTokenTests.m index 10bbf7d225..e5ce0d381a 100644 --- a/MSAL/test/unit/MSALAcquireTokenTests.m +++ b/MSAL/test/unit/MSALAcquireTokenTests.m @@ -49,7 +49,7 @@ #import "MSIDTestTokenResponse.h" #import "MSIDTestConfiguration.h" #import "MSIDAADV2TokenResponse.h" -#import "MSIDTestCacheIdentifiers.h" +#import "MSIDTestIdentifiers.h" #import "MSALAccount+Internal.h" #import "MSIDClientInfo.h" #import "MSIDTestIdTokenUtil.h" diff --git a/MSAL/test/unit/MSALErrorConverterTests.m b/MSAL/test/unit/MSALErrorConverterTests.m index dfa84fe5ae..1e5c7144fd 100644 --- a/MSAL/test/unit/MSALErrorConverterTests.m +++ b/MSAL/test/unit/MSALErrorConverterTests.m @@ -92,7 +92,7 @@ - (void)testErrorConversion_whenBothErrorDomainAndCodeAreMapped_shouldMapBoth { NSDictionary *httpHeaders = @{@"fake header key" : @"fake header value"}; NSString *httpResponseCode = @"-99999"; - NSError *msidError = MSIDCreateError(MSIDErrorDomain, + NSError *msidError = MSIDCreateError(MSIDOAuthErrorDomain, errorCode, errorDescription, oauthError, @@ -126,29 +126,20 @@ - (void)testErrorConversion_whenBothErrorDomainAndCodeAreMapped_shouldMapBoth { */ - (void)testErrorConversion_whenErrorConverterInitialized_shouldMapAllMSIDErrors { - NSInteger errorCode = MSIDErrorCodeFirst; + NSDictionary *domainsAndCodes = MSIDErrorDomainsAndCodes(); - while (errorCode >= MSIDErrorCodeLast) + for (NSString *domain in domainsAndCodes) { - // All error codes in MSIDError.h are of MSIDErrorDomain except that, - // the following six are of MSIDOAuthErrorDomain - NSString *domain = MSIDErrorDomain; - if (errorCode == MSIDErrorServerRefreshTokenRejected || - errorCode == MSIDErrorServerOauth || - errorCode == MSIDErrorInvalidRequest || - errorCode == MSIDErrorInvalidClient || - errorCode == MSIDErrorInvalidGrant || - errorCode == MSIDErrorInvalidParameter) + NSArray *codes = domainsAndCodes[domain]; + for (NSNumber *code in codes) { - domain = MSIDOAuthErrorDomain; + MSIDErrorCode errorCode = [code integerValue]; + NSError *msidError = MSIDCreateError(domain, errorCode, @"test", nil, nil, nil, nil, nil); + NSError *error = [MSALErrorConverter MSALErrorFromMSIDError:msidError]; + + XCTAssertNotEqual(error.code, errorCode); + } - - NSError *msidError = MSIDCreateError(domain, errorCode, @"test", nil, nil, nil, nil, nil); - NSError *error = [MSALErrorConverter MSALErrorFromMSIDError:msidError]; - - XCTAssertNotEqual(error.code, errorCode); - - errorCode--; } }