fixed authority issue #452
Conversation
rohitnarula7176
requested review from
nehaagrawal,
pkanher617,
manoj-rath and
aashiman
lib/msal-angular/package.json
Outdated
| @@ -92,9 +92,9 @@ | |||
| "clean": "shx rm -rf dist docs", | |||
| "doc": "typedoc --out ./docs ./src/**/* --gitRevision dev", | |||
| "build:modules": "tsc && tsc -m es6 --outDir lib-es6", | |||
| "build": "npm run clean && npm run doc && npm run build:modules && webpack", | |||
| "build": "npm run clean && npm run build:modules && webpack", | |||
There was a problem hiding this comment.
Why are we removing the docs here?
There was a problem hiding this comment.
Please see my comment summary on the PR above. I removed the docs temporarily as the doc script was failing on travis.
There was a problem hiding this comment.
It used to work. Do you know what is the issue. May be we should fix the issue instead of removing it. Also why we are making changes in msal-angular as part of this PR? This PR is only to fix the authority issue in msal-core.
lib/msal-core/src/Utils.ts
Outdated
| return url; | ||
| var urlObject = this.GetUrlComponents(url); | ||
| var pathArray = urlObject.PathSegments; | ||
| if (pathArray.length !== 0 && pathArray[0] === "common" || pathArray[0] === "organizations") { |
There was a problem hiding this comment.
please use constants for common and organizations.
There was a problem hiding this comment.
This existed previously and constants need to be applied at many places in the code base still. I will leave that up to you and Prithvi to take when you guys have time.
| } else { | ||
| this._logger.warning("ClientInfo not received in the response from AAD"); | ||
| user = User.createUser(idToken, new ClientInfo(clientInfo), authority); | ||
| user = User.createUser(idToken, new ClientInfo(clientInfo),); |
There was a problem hiding this comment.
extra comma? may be a typo?
lib/msal-core/package.json
Outdated
| @@ -80,7 +80,7 @@ | |||
| "clean": "shx rm -rf dist docs lib-commonjs lib-es6", | |||
| "doc": "typedoc --out ./docs ./src/**/* --gitRevision dev", | |||
| "build:modules": "tsc && tsc -m es6 --outDir lib-es6", | |||
| "build": "npm run clean && npm run doc && npm run build:modules && webpack && grunt && npm test", | |||
| "build": "npm run clean && npm run build:modules && webpack && grunt && npm test", | |||
There was a problem hiding this comment.
why are we removing the docs here?
| @@ -1784,7 +1758,10 @@ protected getCachedTokenInternal(scopes : Array<string> , user: User): CacheResu | |||
| this._cacheStorage.setItem(Constants.renewStatus + tokenResponse.stateResponse, Constants.tokenRenewStatusCompleted); | |||
| this._cacheStorage.removeAcquireTokenEntries(authorityKey, acquireTokenUserKey); | |||
| //this is required if navigateToLoginRequestUrl=false | |||
| this._cacheStorage.clearCookie(); | |||
| if (this.storeAuthStateInCookie) { | |||
| this._cacheStorage.setItemCookie(authorityKey, '', -1); | |||
There was a problem hiding this comment.
why are we not doing this 'this._cacheStorage.setItemCookie(authorityKey, '', -1);' inside clearcookie?
There was a problem hiding this comment.
Because authority key is dynamically created with state unlike state, nonce and loginStartPage. In order to set it inside the clearCookie function, you will have to change the clearCookie api to accept a optional string.
| this._cacheStorage.setItem(authorityKey, this.authority); | ||
| } | ||
|
|
||
| this._cacheStorage.setItem(authorityKey, this.authority, this.storeAuthStateInCookie); |
There was a problem hiding this comment.
why are we storing authority key in cookie? In the original design of IE/Edge fix, we were storing only state and nonce. Does authority key get wiped out during changing security zone?
There was a problem hiding this comment.
The entire storage can get wiped out during the transition between zones. Since the tokens are tied to authority, we need a way to restore the authority from cookie as well otherwise all the tokens will be saved with authority set to undefined.
There was a problem hiding this comment.
we never saw this issue when we released IE/Edge fix. I am curious why we didn't notice it. We can discuss this offline.
There was a problem hiding this comment.
The issue existed in the IE/Edge fix release but was not caught during testing. We can easily reproduce this. We can discuss this during our meeting tom.
There was a problem hiding this comment.
Can you please add some test cases?
| this._cacheStorage.setItem(authorityKey, this.authority); | ||
| } | ||
|
|
||
| this._cacheStorage.setItem(authorityKey, this.authority); |
There was a problem hiding this comment.
are we missing the storeAuthStateInCookie flag here? You are passing it on line 412.
There was a problem hiding this comment.
No, we only need this flag for redirect functions like loginRedirect and acquireTokenRedirect.
There was a problem hiding this comment.
We saw some issues earlier when storeAuthStateInCookie flag was added to only loginRedirect and acquireTokenRedirect. We are currently passing this flag for popup cases as well. I think we should do it everywhere for consistency.
| if (Utils.isEmpty(this._cacheStorage.getItem(authorityKey))) { | ||
| this._cacheStorage.setItem(authorityKey, acquireTokenAuthority.CanonicalAuthority); | ||
| } | ||
| this._cacheStorage.setItem(authorityKey, acquireTokenAuthority.CanonicalAuthority); |
There was a problem hiding this comment.
are we missing the storeAuthStateInCookie flag here? You are passing it on line 412.
There was a problem hiding this comment.
same comment as above.
| this._cacheStorage.setItem(authorityKey, authenticationRequest.authority); | ||
| } | ||
|
|
||
| this._cacheStorage.setItem(authorityKey, authenticationRequest.authority); |
There was a problem hiding this comment.
are we missing the storeAuthStateInCookie flag here? You are passing it on line 412.
There was a problem hiding this comment.
same comment as above.
rohitnarula7176
force-pushed
the
ronaru/Issue_347
branch
from
f7187f1 to
134d60a
Compare
lib/msal-angular/package.json
Outdated
| @@ -36,7 +36,7 @@ | |||
| "@angular/platform-browser-dynamic": "~4.3.0", | |||
| "@angular/router": "^4.3.0", | |||
| "@types/handlebars": "4.0.33", | |||
| "@types/jasmine": "^2.8.6", | |||
| "@types/jasmine": "2.5.38", | |||
There was a problem hiding this comment.
I think we should upgrade to @types/jasmine": "2.5.41",instead of 2.5.38 as per this github issue DefinitelyTyped/DefinitelyTyped#14569. I have created a separate PR to fix this issue. Please revert.
There was a problem hiding this comment.
The same link has the version 2.5.38 listed as well which worked for other users. I don't think it matters which version to use as long as the doc issue is fixed. If you want , you can change the version later on after merging this PR.
There was a problem hiding this comment.
If a higher version fixes the issue we shouldn't downgrade too much. I have fixed it in a different PR and merge changes to this PR.
lib/msal-core/package.json
Outdated
| @@ -29,7 +29,7 @@ | |||
| }, | |||
| "devDependencies": { | |||
| "@types/handlebars": "4.0.33", | |||
| "@types/jasmine": "^2.6.0", | |||
| "@types/jasmine": "2.5.38", | |||
#347
*Fixed issue regarding saving authorities tied to AT.
*Added storeAuthStateInCookie check for authority for IE/Edge fix.
*Other minor fixes.
*Removed doc script from package.json just for the time being. Travis build is failing with the doc script. Need to re-add it.