Fix issue that ADAL mistakenly set token expiration time in local storage

.travis.yml

@@ -1,7 +1,6 @@
 language: node_js
 node_js:
-  - "0.11"
-  - "0.10"
-  - "4.7.3"
-  - "5.12.0"
-  - "6.1.0"
+  - "node"
+cache:
+ directories:
+  - "node_modules"

changelog.txt

@@ -1,3 +1,14 @@
+Version 1.0.18
+=========================
+* Fixed circular reference error in JSON.stringify https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/806
+* Set user to null in clear cache https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/807
+* Fixed minor iframe border issue https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/788 https://github.com/AzureAD/azure-activedirectory-library-for-js/pull/789
+* Remove dependency on node version 0.10 and 0.11. https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/799
+* Check if callback function exists before calling it. https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/794
+* Cache the values of _supportsLocalStorage and _supportsSessionStorage. https://github.com/AzureAD/azure-activedirectory-library-for-js/pull/786
+* Fixed issue with interceptor https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/731
+* Fixed issue with responseType id_token token https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/736
+
 Version 1.0.17
 =========================
 * Added sid support. When the session id parameter is provided in the id_token, use that instead of the upn

contributing.md

@@ -19,7 +19,7 @@ Example for JS:
 ```
 $ git clone git@github.com:username/azure-activedirectory-library-for-js.git
 $ cd azure-activedirectory-library-for-js
-$ git remote add upstream git@github.com:MSOpenTech/azure-activedirectory-library-for-js.git
+$ git remote add upstream git@github.com:AzureAD/azure-activedirectory-library-for-js.git
 ```
 
 Now decide if you want your feature or bug fix to go into the dev branch
@@ -122,5 +122,5 @@ feature branch.  Post a comment in the pull request afterwards; GitHub does
 not send out notifications when you add commits.
 
 
-[on GitHub]: https://github.com/MSOpenTech/azure-activedirectory-library-for-js
-[issue tracker]: https://github.com/MSOpenTech/azure-activedirectory-library-for-js/issues
+[on GitHub]: https://github.com/AzureAD/azure-activedirectory-library-for-js
+[issue tracker]: https://github.com/AzureAD/azure-activedirectory-library-for-js/issues

issue_template.md

@@ -0,0 +1,44 @@
+<!--
+PLEASE HELP US TO HELP YOU BETTER AND FASTER BY PROVIDING THE FOLLOWING INFORMATION.
+-->
+
+## I'm submitting a...
+<!-- Check one of the following options with "x" -->
+<pre><code>
+[ ] Regression (a behavior that used to work and stopped working in a new release)
+[ ] Bug report  <!-- Please search GitHub for a similar issue or PR before submitting -->
+[ ] Performance issue
+[ ] Feature request
+[ ] Documentation issue or request
+[ ] Other... Please describe:
+</code></pre>
+
+## Browser:
+- [ ] Chrome version XX
+- [ ] Firefox version XX
+- [ ] IE version XX
+- [ ] Edge version XX
+- [ ] Safari version XX
+
+## Library Name
+- [ ] adal.js XX
+- [ ] adal-angular XX
+
+## Library version
+Library version: X.Y.Z
+<!-- Check whether this is still an issue in the most recent version -->
+
+
+## Current behavior
+<!-- Describe how the issue manifests. -->
+
+
+## Expected behavior
+<!-- Describe what the desired behavior would be. -->
+
+
+## Minimal reproduction of the problem with instructions
+<!-- please provide the *STEPS TO REPRODUCE* -->
+
+
+</code></pre>

lib/adal-angular.js

@@ -1,5 +1,5 @@
 //----------------------------------------------------------------------
-// AdalJS v1.0.17
+// AdalJS v1.0.18
 // @preserve Copyright (c) Microsoft Open Technologies, Inc.
 // All Rights Reserved
 // Apache License 2.0
@@ -491,7 +491,7 @@
                                     $rootScope.$on('adal:loginSuccess', function (event, token) {
                                         if (token) {
                                             authService.info('Login completed, sending request for ' + config.url);
-                                            config.headers.Authorization = 'Bearer ' + tokenStored;
+                                            config.headers.Authorization = 'Bearer ' + token;
                                             delayedRequest.resolve(config);
                                         }
                                     });

lib/adal.js

@@ -1,5 +1,5 @@
 //----------------------------------------------------------------------
-// AdalJS v1.0.17
+// AdalJS v1.0.18
 // @preserve Copyright (c) Microsoft Open Technologies, Inc.
 // All Rights Reserved
 // Apache License 2.0
@@ -135,6 +135,10 @@ var AuthenticationContext = (function () {
         this._openedWindows = [];
         this._requestType = this.REQUEST_TYPE.LOGIN;
         window._adalInstance = this;
+        this._storageSupport = {
+            localStorage: null,
+            sessionStorage: null
+        };
 
         // validate before constructor assignments
         if (config.displayCall && typeof config.displayCall !== 'function') {
@@ -494,7 +498,7 @@ var AuthenticationContext = (function () {
         // use given resource to create new authz url
         this.info('renewToken is called for resource:' + resource);
         var frameHandle = this._addAdalFrame('adalRenewFrame' + resource);
-        var expectedState = this._guid() + '|' + resource;
+        var expectedState = this._guid() + '|' + resource + '|' + this._now();
         this.config.state = expectedState;
         // renew happens in iframe, so it keeps javascript context
         this._renewStates.push(expectedState);
@@ -809,6 +813,7 @@ var AuthenticationContext = (function () {
      * Clears cache items.
      */
     AuthenticationContext.prototype.clearCache = function () {
+        this._user = null;
         this._saveItem(this.CONSTANTS.STORAGE.LOGIN_REQUEST, '');
         this._saveItem(this.CONSTANTS.STORAGE.ANGULAR_LOGIN_REQUEST, '');
         this._saveItem(this.CONSTANTS.STORAGE.SESSION_STATE, '');
@@ -855,7 +860,6 @@ var AuthenticationContext = (function () {
      */
     AuthenticationContext.prototype.logOut = function () {
         this.clearCache();
-        this._user = null;
         var urlNavigate;
 
         if (this.config.logOutUri) {
@@ -924,7 +928,8 @@ var AuthenticationContext = (function () {
      * @ignore
      */
     AuthenticationContext.prototype._addHintParameters = function (urlNavigate) {
-        //If you don�t use prompt=none, then if the session does not exist, there will be a failure.
+
+        //If you don't use prompt=none, then if the session does not exist, there will be a failure.
         //If sid is sent alongside domain or login hints, there will be a failure since request is ambiguous.
         //If sid is sent with a prompt value other than none or attempt_none, there will be a failure since the request is ambiguous.
 
@@ -1148,16 +1153,30 @@ var AuthenticationContext = (function () {
      */
     AuthenticationContext.prototype._getResourceFromState = function (state) {
         if (state) {
-            var splitIndex = state.indexOf('|');
+            var splitInfo = state.split('|');
 
-            if (splitIndex > -1 && splitIndex + 1 < state.length) {
-                return state.substring(splitIndex + 1);
+            if (splitInfo.length > 1) {
+                return splitInfo[1];
             }
         }
-
         return '';
     };
 
+    /**
+     * Extracts token expiration base time value from state, return current local time if state doesn't contain such info.
+     * @ignore
+     */
+    AuthenticationContext.prototype._getExpireBaseTimeFromState = function (state) {
+        if (state) {
+            var splitInfo = state.split('|');
+
+            if (splitInfo.length > 2) {
+                return parseInt(splitInfo[2], 10);
+            }
+        }
+        return this._now();
+    };
+
     /**
      * Saves token or error received in the response from AAD in the cache. In case of id_token, it also creates the user object.
      */
@@ -1199,7 +1218,7 @@ var AuthenticationContext = (function () {
 
                     // save token with related resource
                     this._saveItem(this.CONSTANTS.STORAGE.ACCESS_TOKEN_KEY + resource, requestInfo.parameters[this.CONSTANTS.ACCESS_TOKEN]);
-                    this._saveItem(this.CONSTANTS.STORAGE.EXPIRATION_KEY + resource, this._expiresIn(requestInfo.parameters[this.CONSTANTS.EXPIRES_IN]));
+                    this._saveItem(this.CONSTANTS.STORAGE.EXPIRATION_KEY + resource, this._expiresIn(requestInfo.parameters[this.CONSTANTS.EXPIRES_IN], requestInfo.stateResponse));
                 }
 
                 if (requestInfo.parameters.hasOwnProperty(this.CONSTANTS.ID_TOKEN)) {
@@ -1213,17 +1232,16 @@ var AuthenticationContext = (function () {
                             this._user = null;
                         } else {
                             this._saveItem(this.CONSTANTS.STORAGE.IDTOKEN, requestInfo.parameters[this.CONSTANTS.ID_TOKEN]);
-
                             // Save idtoken as access token for app itself
-                            resource = this.config.loginResource ? this.config.loginResource : this.config.clientId;
+                            var idTokenResource = this.config.loginResource ? this.config.loginResource : this.config.clientId;
 
-                            if (!this._hasResource(resource)) {
+                            if (!this._hasResource(idTokenResource)) {
                                 keys = this._getItem(this.CONSTANTS.STORAGE.TOKEN_KEYS) || '';
-                                this._saveItem(this.CONSTANTS.STORAGE.TOKEN_KEYS, keys + resource + this.CONSTANTS.RESOURCE_DELIMETER);
+                                this._saveItem(this.CONSTANTS.STORAGE.TOKEN_KEYS, keys + idTokenResource + this.CONSTANTS.RESOURCE_DELIMETER);
                             }
 
-                            this._saveItem(this.CONSTANTS.STORAGE.ACCESS_TOKEN_KEY + resource, requestInfo.parameters[this.CONSTANTS.ID_TOKEN]);
-                            this._saveItem(this.CONSTANTS.STORAGE.EXPIRATION_KEY + resource, this._user.profile.exp);
+                            this._saveItem(this.CONSTANTS.STORAGE.ACCESS_TOKEN_KEY + idTokenResource, requestInfo.parameters[this.CONSTANTS.ID_TOKEN]);
+                            this._saveItem(this.CONSTANTS.STORAGE.EXPIRATION_KEY + idTokenResource, this._user.profile.exp);
                         }
                     }
                     else {
@@ -1651,10 +1669,10 @@ var AuthenticationContext = (function () {
      * Calculates the expires in value in milliseconds for the acquired token
      * @ignore
      */
-    AuthenticationContext.prototype._expiresIn = function (expires) {
+    AuthenticationContext.prototype._expiresIn = function (expires, state) {
         // if AAD did not send "expires_in" property, use default expiration of 3599 seconds, for some reason AAD sends 3599 as "expires_in" value instead of 3600
         if (!expires) expires = 3599;
-        return this._now() + parseInt(expires, 10);
+        return this._getExpireBaseTimeFromState(state) + parseInt(expires, 10);
     };
 
     /**
@@ -1685,7 +1703,7 @@ var AuthenticationContext = (function () {
                 ifr.setAttribute('aria-hidden', 'true');
                 ifr.style.visibility = 'hidden';
                 ifr.style.position = 'absolute';
-                ifr.style.width = ifr.style.height = ifr.borderWidth = '0px';
+                ifr.style.width = ifr.style.height = ifr.style.borderWidth = '0px';
 
                 adalFrame = document.getElementsByTagName('body')[0].appendChild(ifr);
             }
@@ -1760,37 +1778,52 @@ var AuthenticationContext = (function () {
     };
 
     /**
-     * Returns true if browser supports localStorage, false otherwise.
+     * Returns true if the browser supports given storage type
      * @ignore
      */
-    AuthenticationContext.prototype._supportsLocalStorage = function () {
+    AuthenticationContext.prototype._supportsStorage = function(storageType) {
+        if (!(storageType in this._storageSupport)) {
+            return false;
+        }
+
+        if (this._storageSupport[storageType] !== null) {
+            return this._storageSupport[storageType];
+        }
+
         try {
-            if (!window.localStorage) return false; // Test availability
-            window.localStorage.setItem('storageTest', 'A'); // Try write
-            if (window.localStorage.getItem('storageTest') != 'A') return false; // Test read/write
-            window.localStorage.removeItem('storageTest'); // Try delete
-            if (window.localStorage.getItem('storageTest')) return false; // Test delete
-            return true; // Success
+            if (!(storageType in window) || window[storageType] === null) {
+                throw new Error();
+            }
+            var testKey = '__storageTest__';
+            window[storageType].setItem(testKey, 'A');
+            if (window[storageType].getItem(testKey) !== 'A') {
+                throw new Error();
+            }
+            window[storageType].removeItem(testKey);
+            if (window[storageType].getItem(testKey)) {
+                throw new Error();
+            }
+            this._storageSupport[storageType] = true;
         } catch (e) {
-            return false;
+            this._storageSupport[storageType] = false;
         }
+        return this._storageSupport[storageType];
+    }
+
+    /**
+     * Returns true if browser supports localStorage, false otherwise.
+     * @ignore
+     */
+    AuthenticationContext.prototype._supportsLocalStorage = function () {        
+        return this._supportsStorage('localStorage');
     };
 
     /**
      * Returns true if browser supports sessionStorage, false otherwise.
      * @ignore
      */
     AuthenticationContext.prototype._supportsSessionStorage = function () {
-        try {
-            if (!window.sessionStorage) return false; // Test availability
-            window.sessionStorage.setItem('storageTest', 'A'); // Try write
-            if (window.sessionStorage.getItem('storageTest') != 'A') return false; // Test read/write
-            window.sessionStorage.removeItem('storageTest'); // Try delete
-            if (window.sessionStorage.getItem('storageTest')) return false; // Test delete
-            return true; // Success
-        } catch (e) {
-            return false;
-        }
+        return this._supportsStorage('sessionStorage');
     };
 
     /**
@@ -1920,7 +1953,7 @@ var AuthenticationContext = (function () {
      * @ignore
      */
     AuthenticationContext.prototype._libVersion = function () {
-        return '1.0.17';
+        return '1.0.18';
     };
 
     /**
@@ -1936,4 +1969,4 @@ var AuthenticationContext = (function () {
 
     return AuthenticationContext;
 
-}());
+}());

package.json

@@ -10,7 +10,7 @@
     "type": "git",
     "url": "https://github.com/AzureAD/azure-activedirectory-library-for-js.git"
   },
-  "version": "1.0.17",
+  "version": "1.0.18",
   "description": "Windows Azure Active Directory Client Library for js",
   "keywords": [
     "implicit",
@@ -38,7 +38,7 @@
     "grunt-contrib-uglify": "~0.6.0",
     "grunt-contrib-watch": "~0.2.0",
     "grunt-karma": "^0.9.x",
-    "atob": "~1.1.2",
+    "atob": "~2.1.0",
     "karma-chrome-launcher": "^0.1.5",
     "karma": "^0.12.24",
     "karma-jasmine": "^0.1.5",