merge from dev

AzureAD · Apr 26, 2016 · 606d011 · 606d011
2 parents 9ffb498 + 12440a0
commit 606d011
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 7 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1,3 +1,15 @@
+Version 0.1.19
+--------------
+Release Date: 26 Apr 2016
+    * Fixed CredScan issue for the checked in pem file
+    * Policheck fixes
+    * Updated node-uuid
+    * Fixed Readme.md
+    * Inline the adal version during compile time
+    * Fix issue #71 - client-credential cert-bad-cert failing
+    * Fix issue #78 - Express dependency in package.json doesn't match syntax used in website-sample.js
+    * Fix issue #80 - Unreachable ADFS server results in misleading error message
+
 Version 0.1.18
 --------------
 Release Date: 5 Feb 2016

diff --git a/lib/self-signed-jwt.js b/lib/self-signed-jwt.js
@@ -124,7 +124,15 @@ SelfSignedJwt.prototype._throwOnInvalidJwtSignature = function(jwt) {
 };
 
 SelfSignedJwt.prototype._signJwt = function(header, payload, certificate) {
-  var jwt = jws.sign({ header : header, payload : payload, secret : certificate});
+  var jwt;
+  try {
+     jwt = jws.sign({ header : header, payload : payload, secret : certificate });
+  }
+  catch (err) {
+     this._log.error(err);
+     throw this._log.createError('Failed to sign JWT.This is most likely due to an invalid certificate.');   
+  }
+
   this._throwOnInvalidJwtSignature(jwt);
   return jwt;
 };

diff --git a/lib/token-request.js b/lib/token-request.js
@@ -202,7 +202,7 @@ TokenRequest.prototype._createOAuthParameters = function(grantType) {
 
   if (OAuth2GrantType.AUTHORIZATION_CODE !== grantType &&
     OAuth2GrantType.CLIENT_CREDENTIALS !== grantType &&
-    OAuth2GrantType.REFRESH_TOKEN !== grantType && OAuth2GrantType.DEVICE_CODE != grantType) {
+    OAuth2GrantType.DEVICE_CODE != grantType) {
     oauthParameters[OAuth2Parameters.SCOPE] = OAuth2Scope.OPENID;
   }
 
@@ -354,11 +354,12 @@ TokenRequest.prototype._getTokenUsernamePasswordFederated = function(username, p
     var mex = this._createMex(mexEndpoint);
     mex.discover(function(mexErr) {
       var wstrustEndpoint;
-      var wstrustVersion = WSTrustVersion.UNDEFINED;
+      wstrustVersion = WSTrustVersion.UNDEFINED;
       if (mexErr) {
         self._log.warn('MEX exchange failed.  Attempting fallback to AAD supplied endpoint.');
 
         wstrustEndpoint = self._userRealm.federationActiveAuthUrl;
+        wstrustVersion = self._parseWStrustVersionFromFederationActiveAuthUrl(self._userRealm.federationActiveAuthUrl);
         if (!wstrustEndpoint) {
           callback(self._createADWSTrustEndpointError());
           return;

diff --git a/package.json b/package.json
@@ -15,7 +15,7 @@
     "type": "git",
     "url": "https://github.com/AzureAD/azure-activedirectory-library-for-nodejs.git"
   },
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "Windows Azure Active Directory Client Library for node",
   "keywords": [ "node", "azure", "AAD", "adal", "adfs", "oauth" ],
   "main": "./lib/adal.js",

diff --git a/sample/package.json b/sample/package.json
@@ -4,7 +4,7 @@
   , "private": true
   , "dependencies": {
       "adal-node": ">= 0.1.3",
-      "express": "2.x",
+      "express": "3.x",
       "connect-logger": "0.x",
       "cookie-parser": "1.x",
       "cookie-session": "1.x"

diff --git a/test/device-code.js b/test/device-code.js
@@ -230,6 +230,7 @@ suite('device-code', function () {
             var responseOptions = { refreshedRefresh : true, mrrt: true};
             var response = util.createResponse(responseOptions);
             var wireResponse = response.wireResponse;
+            wireResponse.id_token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jY2ViYTE0Yy02YTAwLTQ5YWMtYjgwNi04NGRlNTJiZjFkNDIvIiwiaWF0IjpudWxsLCJleHAiOm51bGwsImF1ZCI6ImU5NThjMDlhLWFjMzctNDkwMC1iNGQ3LWZiM2VlYWY3MzM4ZCIsInN1YiI6IjRnVHY0RXRvWVctRFRvdzBiRG5KZDFBQTRzZkNoQmJqZXJtcXQ2UV9aYTQiLCJ0aWQiOiJkM2I3ODEzZC0zYTAzLTQyZmEtODk2My1iOTBhNzQ1NTIyYTUiLCJvaWQiOiJhNDQzMjA0YS1hYmM5LTRjYjgtYWRjMS1jMGRmYzEyMzAwYWEiLCJ1cG4iOiJycmFuZGFsbEBycmFuZGFsbGFhZDEub25taWNyb3NvZnQuY29tIiwidW5pcXVlX25hbWUiOiJycmFuZGFsbEBycmFuZGFsbGFhZDEub25taWNyb3NvZnQuY29tIiwiZmFtaWx5X25hbWUiOiJSYW5kYWxsIiwiZ2l2ZW5fbmFtZSI6IlJpY2gifQ.r-XHRqqtxI_7IEmwciFTBJpzwetz4wrM2Is_Z8-O7lw";
             //need to change tokenUrlPath for the different tenant token request, and make sure get it changed back to not affect other tests
             var tokenUrlPath = cp.tokenUrlPath;
             cp.tokenUrlPath = someOtherAuthority.pathname + cp.tokenPath + cp.extraQP;
@@ -245,11 +246,13 @@ suite('device-code', function () {
                 memCache.find({userId: tokenResponse.userId, _clientId: response.clientId, _authority: cp.evoEndpoint + '/' + cp.tenant}, function (err, entry) {
                     assert(!err, 'Unexpected error received');
                     assert(entry.length === 1, 'no result returned for given tenant.');
+                    assert(entry[0].tenantId === 'cceba14c-6a00-49ac-b806-84de52bf1d42');
                 });
 
                 memCache.find({userId: tokenResponse.userId, _clientId: response.clientId, _authority: url.format(someOtherAuthority)}, function (err, entry) {
                     assert(!err, 'unexpected error received');
                     assert(entry.length === 1, 'no result returned for given tenant.');
+                    assert(entry[0].tenantId === 'd3b7813d-3a03-42fa-8963-b90a745522a5');
                 });
                 done(err);
             });

diff --git a/test/util/util.js b/test/util/util.js
@@ -41,7 +41,8 @@ var parsedIdToken = {
   'userId' : '[email protected]',
   'givenName' : 'Rich',
   'familyName' : 'Randall',
-  'isUserIdDisplayable' : true
+  'isUserIdDisplayable' : true, 
+  'oid' : 'a443204a-abc9-4cb8-adc1-c0dfc12300aa'
 };
 
 
@@ -94,7 +95,7 @@ parameters.clientSecret = 'clientSecret*&^(?&';
 parameters.resource = '00000002-0000-0000-c000-000000000000';
 parameters.evoEndpoint = 'https://login.windows.net';
 parameters.username = 'rrandall@' + parameters.tenant;
-parameters.password = 'Atestpass!@#$';
+parameters.password = '<password>';
 parameters.authorityHosts = {
   global : 'login.windows.net',
   china : 'login.chinacloudapi.cn',
@@ -142,6 +143,14 @@ parameters.AssertionFile = __dirname + '/../wstrust/common.base64.encoded.assert
 parameters.logContext = { correlationId : 'test-correlation-id-123456789' };
 parameters.callContext = { _logContext : parameters.logContext };
 
+// 
+// a placeholder comment explaining why we have a fake cert here
+// 
+//[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine")]
+// This is a dummy RSA private cert used for testing purpose.It does not represent valid credential.
+// privatePem variable is a fake certificate in the form of a string.
+// Hence the following message is added to suppress CredScan warning.
+//[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine")]
 
 util.getSelfSignedCert = function() {
   var privatePem = fs.readFileSync(__dirname + '/self-signed-cert.pem', { encoding : 'utf8'});
@@ -507,6 +516,7 @@ util.setupExpectedRefreshTokenRequestResponse = function(httpCode, returnDoc, au
 
   var queryParameters = {};
   queryParameters['grant_type'] = 'refresh_token';
+  queryParameters['scope'] = 'openid';
   queryParameters['client_id'] = parameters.clientId;
   if (clientSecret) {
     queryParameters['client_secret'] = clientSecret;