[msal-node] Cache-1: Msal node cache entities

.gitignore

@@ -255,9 +255,6 @@ paket-files/
 .DS_Store
 .DS_Store?
 
-# Visual Studio code
-.vscode/
-
 # MSAL specific ignore files
 node_modules/
 .nyc_output/

lib/msal-common/src/authority/Authority.ts

@@ -111,7 +111,7 @@ export abstract class Authority {
      * @param urlString
      */
     private replaceTenant(urlString: string): string {
-        return urlString.replace("{tenant}", this.tenant);
+        return urlString.replace(/{tenant}|{tenantid}/g, this.tenant);
     }
 
     /**

lib/msal-common/src/authority/AuthorityFactory.ts

@@ -10,8 +10,19 @@ import { ClientAuthError } from "./../error/ClientAuthError";
 import { INetworkModule } from "./../network/INetworkModule";
 import { StringUtils } from "./../utils/StringUtils";
 import { UrlString } from "./../url/UrlString";
+import { B2cAuthority, B2CTrustedHostList } from "./B2cAuthority";
 
 export class AuthorityFactory {
+    /**
+     * Use when Authority is B2C to provide list of trusted/allowed domains.
+     */
+    public static setKnownAuthorities(knownAuthorities: Array<string>): void {
+        if (!B2CTrustedHostList.length) {
+            knownAuthorities.forEach(function(authority){
+                B2CTrustedHostList.push(authority);
+            });
+        }
+    }
 
     /**
      * Parse the url and determine the type of authority
@@ -20,14 +31,16 @@ export class AuthorityFactory {
         const authorityUrl = new UrlString(authorityString);
         const components = authorityUrl.getUrlComponents();
         const pathSegments = components.PathSegments;
-        switch (pathSegments[0]) {
-            case "tfp":
-                // tfp denotes a b2c url
-                return AuthorityType.B2C;
-            default:
-                // default authority is always AAD
-                return AuthorityType.Aad;
+
+        if (pathSegments[0] === "adfs") {
+            return AuthorityType.Adfs;
+        }
+        else if (B2CTrustedHostList.length) {
+            return AuthorityType.B2C;
         }
+
+        // defaults to Aad
+        return AuthorityType.Aad;
     }
 
     /**
@@ -41,12 +54,18 @@ export class AuthorityFactory {
         }
 
         const type = AuthorityFactory.detectAuthorityFromUrl(authorityUrl);
+
         // Depending on above detection, create the right type.
         switch (type) {
             case AuthorityType.Aad:
                 return new AadAuthority(authorityUrl, networkInterface);
+            case AuthorityType.B2C:
+                return new B2cAuthority(authorityUrl, networkInterface);
+            // TODO: Support ADFS here in a later PR
             default:
-                throw ClientAuthError.createInvalidAuthorityTypeError(`Given Url: ${authorityUrl}`);
+                throw ClientAuthError.createInvalidAuthorityTypeError(
+                    `${authorityUrl}`
+                );
         }
     }
 }

lib/msal-common/src/authority/B2cAuthority.ts

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { Authority } from "./Authority";
+import { AuthorityType } from "./AuthorityType";
+import { ClientConfigurationError } from "../error/ClientConfigurationError";
+import { INetworkModule } from "../network/INetworkModule";
+
+export const B2CTrustedHostList: string[] = [];
+
+/**
+ * The AadAuthority class extends the Authority class and adds functionality specific to the Azure AD OAuth Authority.
+ */
+export class B2cAuthority extends Authority {
+    // Set authority type to AAD
+    public get authorityType(): AuthorityType {
+        return AuthorityType.B2C;
+    }
+
+    public constructor(authority: string, networkInterface: INetworkModule) {
+        super(authority, networkInterface);
+    }
+
+    /**
+     * Returns a promise which resolves to the OIDC endpoint
+     * Only responds with the endpoint
+     */
+    public async getOpenIdConfigurationEndpointAsync(): Promise<string> {
+        if (this.isInTrustedHostList(this.canonicalAuthorityUrlComponents.HostNameAndPort)) {
+            return this.defaultOpenIdConfigurationEndpoint;
+        }
+
+        throw ClientConfigurationError.createUntrustedAuthorityError();
+    }
+
+    /**
+     * Checks to see if the host is in a list of trusted hosts
+     * @param {string} The host to look up
+     */
+    private isInTrustedHostList(host: string): boolean {
+        return B2CTrustedHostList.includes(host);
+    }
+}

lib/msal-common/src/client/AuthorizationCodeClient.ts

@@ -11,9 +11,9 @@ import { RequestParameterBuilder } from "../server/RequestParameterBuilder";
 import { RequestValidator } from "../request/RequestValidator";
 import { GrantType } from "../utils/Constants";
 import { Configuration } from "../config/Configuration";
-import {ServerAuthorizationTokenResponse} from "../server/ServerAuthorizationTokenResponse";
-import {NetworkResponse} from "../network/NetworkManager";
-import {ScopeSet} from "../request/ScopeSet";
+import { ServerAuthorizationTokenResponse } from "../server/ServerAuthorizationTokenResponse";
+import { NetworkResponse }  from "../network/NetworkManager";
+import { ScopeSet } from "../request/ScopeSet";
 
 /**
  * Oauth2.0 Authorization Code client

lib/msal-common/src/client/BaseClient.ts

@@ -65,6 +65,9 @@ export abstract class BaseClient {
         this.networkClient = this.config.networkInterface;
 
         // Default authority instance.
+        AuthorityFactory.setKnownAuthorities(
+            this.config.authOptions.knownAuthorities
+        );
         this.defaultAuthorityInstance = AuthorityFactory.createInstance(
             this.config.authOptions.authority || Constants.DEFAULT_AUTHORITY,
             this.networkClient

lib/msal-common/src/config/Configuration.ts

@@ -38,6 +38,7 @@ export type Configuration = {
 export type AuthOptions = {
     clientId: string;
     authority?: string;
+    knownAuthorities?: Array<string>
 };
 
 /**
@@ -74,7 +75,8 @@ export type LoggerOptions = {
 
 const DEFAULT_AUTH_OPTIONS: AuthOptions = {
     clientId: "",
-    authority: null
+    authority: null,
+    knownAuthorities: []
 };
 
 // Default module system options
@@ -85,7 +87,9 @@ const DEFAULT_SYSTEM_OPTIONS: SystemOptions = {
 
 // Default logger implementation
 const DEFAULT_LOGGER_IMPLEMENTATION: LoggerOptions = {
-    loggerCallback: () => {},
+    loggerCallback: () => {
+        // allows users to not pass loggerCallback implementation
+    },
     piiLoggingEnabled: false,
     logLevel: LogLevel.Info
 };

lib/msal-common/src/config/SPAConfiguration.ts

@@ -15,6 +15,7 @@ import { Configuration, buildConfiguration } from "./Configuration";
 export type SPAAuthOptions = {
     clientId: string;
     authority?: string;
+    knownAuthorities?: Array<string>;
     redirectUri?: string | (() => string);
     postLogoutRedirectUri?: string | (() => string);
 };
@@ -32,6 +33,7 @@ export type SPAConfiguration = Configuration & {
 const DEFAULT_AUTH_OPTIONS: SPAAuthOptions = {
     clientId: "",
     authority: null,
+    knownAuthorities: [],
     redirectUri: "",
     postLogoutRedirectUri: ""
 };

lib/msal-common/src/error/ClientConfigurationError.ts

@@ -59,6 +59,14 @@ export const ClientConfigurationErrorMessage = {
     invalidCodeChallengeParams: {
         code: "one_of_code_challenge_code_challenge_method_params_missing",
         desc: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request"
+    },
+    b2cKnownAuthoritiesNotSet: {
+        code: "b2c_known_authorities_not_set",
+        desc: "Must set known authorities when validateAuthority is set to True and using B2C"
+    },
+    untrustedAuthority: {
+        code: "untrusted_authority",
+        desc: "The provided authority is not a trusted authority. If using B2C, please include this authority in the knownAuthorities config parameter."
     }
 };
 
@@ -189,4 +197,20 @@ export class ClientConfigurationError extends ClientAuthError {
             ClientConfigurationErrorMessage.invalidCodeChallengeParams.desc
         );
     }
+
+    /**
+     * Throws an error when the user passes B2C authority and does not set knownAuthorities
+     */
+    static createKnownAuthoritiesNotSetError(): ClientConfigurationError {
+        return new ClientConfigurationError(ClientConfigurationErrorMessage.b2cKnownAuthoritiesNotSet.code,
+            ClientConfigurationErrorMessage.b2cKnownAuthoritiesNotSet.desc);
+    }
+
+    /**
+     * Throws error when provided authority is not a member of the trusted host list
+     */
+    static createUntrustedAuthorityError(): ClientConfigurationError {
+        return new ClientConfigurationError(ClientConfigurationErrorMessage.untrustedAuthority.code,
+            ClientConfigurationErrorMessage.untrustedAuthority.desc);
+    }
 }

lib/msal-common/src/uCache/entities/AccessTokenEntity.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+
+import { Credential } from "./Credential";
+import { Separators } from "../../utils/Constants";
+
+/**
+ * ACCESS_TOKEN Credential Type
+ */
+export class AccessTokenEntity extends Credential {
+    realm: string;
+    target: string;
+    cachedAt: string;
+    expiresOn: string;
+    extendedExpiresOn?: string;
+    refreshOn?: string;
+    keyId?: string; // for POP and SSH tokenTypes
+    tokenType?: string;
+
+    /**
+     * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
+     */
+    public generateAccessTokenEntityKey(): string {
+        const accessTokenKeyArray: Array<string> = [
+            this.homeAccountId,
+            this.environment,
+            this.credentialType,
+            this.clientId,
+            this.realm,
+            this.target
+        ];
+
+        return accessTokenKeyArray.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
+    }
+}

lib/msal-common/src/uCache/entities/AccountEntity.ts

@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+
+import { Separators, CacheAccountType } from "../../utils/Constants";
+import { Authority } from "../../authority/Authority";
+import { IdToken } from "../../account/IdToken";
+import { ICrypto } from "../../crypto/ICrypto";
+import { buildClientInfo } from "../../account/ClientInfo";
+import { StringUtils } from "../../utils/StringUtils";
+
+/**
+ * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs)
+ */
+export class AccountEntity {
+    homeAccountId: string;
+    environment: string;
+    realm: string;
+    localAccountId: string;
+    username: string;
+    authorityType: string;
+    name?: string;
+    clientInfo?: string;
+    lastModificationTime?: string;
+    lastModificationApp?: string;
+
+    /**
+     * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
+     */
+    public generateAccountEntityKey(): string {
+        const accountCacheKeyArray: Array<string> = [
+            this.homeAccountId,
+            this.environment,
+            this.realm
+        ];
+
+        return accountCacheKeyArray.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
+    }
+
+    /**
+     * Build Account cache from IdToken, clientInfo and authority/policy
+     * @param clientInfo
+     * @param authority
+     * @param idToken
+     * @param policy
+     */
+    static createAccount(clientInfo: string, authority: Authority, idToken: IdToken, policy: string, crypto: ICrypto): AccountEntity {
+        let account: AccountEntity;
+
+        account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
+        account.clientInfo = clientInfo;
+        // TBD: Clarify "policy" addition
+        const clientInfoObj = buildClientInfo(clientInfo, crypto);
+        const homeAccountId = `${clientInfoObj.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfoObj.utid}`;
+        account.homeAccountId =
+            policy != null
+                ? homeAccountId + Separators.CACHE_KEY_SEPARATOR + policy
+                : homeAccountId;
+        account.environment =
+            authority.canonicalAuthorityUrlComponents.HostNameAndPort;
+        account.realm = authority.tenant;
+
+        if (idToken) {
+            // How do you account for MSA CID here?
+            const localAccountId = !StringUtils.isEmpty(idToken.claims.oid)
+                ? idToken.claims.oid
+                : idToken.claims.sid;
+            account.localAccountId = localAccountId;
+            account.username = idToken.claims.preferred_username;
+            account.name = idToken.claims.name;
+        }
+
+        return account;
+    }
+
+    /**
+     * Build ADFS account type
+     * @param authority
+     * @param idToken
+     */
+    static createADFSAccount(authority: Authority, idToken: IdToken): AccountEntity {
+        let account: AccountEntity;
+
+        account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
+        account.homeAccountId = idToken.claims.sub;
+        account.environment =
+            authority.canonicalAuthorityUrlComponents.HostNameAndPort;
+        account.username = idToken.claims.upn;
+        // add uniqueName to claims
+        // account.name = idToken.claims.uniqueName;
+
+        return account;
+    }
+}