Merge branch 'dev'

AzureAD · Jun 18, 2016 · b48bbd7 · b48bbd7
2 parents 53cf4c8 + 25b1ba8
commit b48bbd7
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 13 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1,3 +1,8 @@
+Version 0.1.20
+--------------
+Release Date: 17 Jun 2016
+    * Add support for resource owner grant flow for ADFS
+
 Version 0.1.19
 --------------
 Release Date: 26 Apr 2016

diff --git a/lib/authority.js b/lib/authority.js
@@ -42,14 +42,14 @@ function Authority(authorityUrl, validateAuthority) {
   this._validateAuthorityUrl();
 
   this._validated = !validateAuthority;
-
   this._host = null;
   this._tenant = null;
   this._parseAuthority();
 
   this._authorizationEndpoint = null;
   this._tokenEndpoint = null;
   this._deviceCodeEndpoint = null;
+  this._isAdfsAuthority = (this._tenant.toLowerCase() === "adfs");
 }
 
 /**
@@ -233,7 +233,7 @@ Authority.prototype._getOAuthEndpoints = function(tenantDiscoveryEndpoint, callb
     if (!this._deviceCodeEndpoint){
        this._deviceCodeEndpoint = url.format(this._url) + AADConstants.DEVICE_ENDPOINT_PATH;
     }
-    
+
     callback();
     return;
   }

diff --git a/lib/token-request.js b/lib/token-request.js
@@ -164,8 +164,8 @@ TokenRequest.prototype._getTokenWithCacheWrapper = function(callback, getTokenFu
 };
 
 /**
- * Store token into cache. 
- * @param {object} tokenResponse Token response to be added into the cache. 
+ * Store token into cache.
+ * @param {object} tokenResponse Token response to be added into the cache.
  */
 TokenRequest.prototype._addTokenIntoCache = function(tokenResponse, callback) {
     this._cacheDriver = this._createCacheDriver();
@@ -275,7 +275,7 @@ TokenRequest.prototype._performWSTrustAssertionOAuthExchange = function(wstrustR
 /**
  * Exchange a username and password for a SAML token from an ADFS instance via WSTrust.
  * @param  {string}   wstrustEndpoint An url of an ADFS WSTrust endpoint.
- * @param  {string}   wstrustEndpointVersion The version of the wstrust endpoint. 
+ * @param  {string}   wstrustEndpointVersion The version of the wstrust endpoint.
  * @param  {string}   username        username
  * @param  {string}   password        password
  * @param  {AcquireTokenCallback} callback        callback
@@ -379,19 +379,19 @@ TokenRequest.prototype._getTokenUsernamePasswordFederated = function(username, p
  * Gets wstrust endpoint version from the federation active auth url.
  * @private
  * @param  {string}   federationActiveAuthUrl  federationActiveAuthUrl
- * @return {object}   The wstrust endpoint version.  
+ * @return {object}   The wstrust endpoint version.
  */
 TokenRequest.prototype._parseWStrustVersionFromFederationActiveAuthUrl = function(federationActiveAuthUrl) {
     var wstrust2005Regex = /[/trust]?[2005][/usernamemixed]?/;
     var wstrust13Regex = /[/trust]?[13][/usernamemixed]?/;
-    
+
     if (wstrust2005Regex.exec(federationActiveAuthUrl)) {
         return WSTrustVersion.WSTRUST2005;
     }
     else if (wstrust13Regex.exec(federationActiveAuthUrl)) {
         return WSTrustVersion.WSTRUST13;
     }
-    
+
     return WSTrustVersion.UNDEFINED;
 };
 
@@ -405,10 +405,18 @@ TokenRequest.prototype._parseWStrustVersionFromFederationActiveAuthUrl = functio
  */
 TokenRequest.prototype.getTokenWithUsernamePassword = function(username, password, callback) {
   this._log.info('Acquiring token with username password');
-
   this._userId = username;
+
   this._getTokenWithCacheWrapper(callback, function(getTokenCompleteCallback) {
     var self = this;
+
+      if(this._authenticationContext._authority._isAdfsAuthority) {
+        this._log.info('Skipping user realm discovery for ADFS authority');
+
+        self._getTokenUsernamePasswordManaged(username, password, getTokenCompleteCallback);
+        return;
+      }
+
     this._userRealm = this._createUserRealmRequest(username);
     this._userRealm.discover(function(err) {
       if (err) {

diff --git a/package.json b/package.json
@@ -15,7 +15,7 @@
     "type": "git",
     "url": "https://github.com/AzureAD/azure-activedirectory-library-for-nodejs.git"
   },
-  "version": "0.1.19",
+  "version": "0.1.20",
   "description": "Windows Azure Active Directory Client Library for node",
   "keywords": [ "node", "azure", "AAD", "adal", "adfs", "oauth" ],
   "main": "./lib/adal.js",

diff --git a/test/username-password.js b/test/username-password.js
@@ -79,9 +79,8 @@ suite('username-password', function() {
     return util.setupExpectedOAuthResponse(queryParameters, cp.tokenUrlPath, 200, response.wireResponse, cp.authority);
   }
 
-  function setupExpectedUserNamePasswordRequestResponse(httpCode, returnDoc, authorityEndpoint) {
+  function setupExpectedUserNamePasswordRequestResponse(httpCode, returnDoc, authorityEndpoint, isAdfs) {
     var authEndpoint = util.getNockAuthorityHost(authorityEndpoint);
-
     var queryParameters = {};
     queryParameters['grant_type'] = 'password';
     queryParameters['client_id'] = cp.clientId;
@@ -91,19 +90,39 @@ suite('username-password', function() {
     queryParameters['scope'] = 'openid';
 
     var query = querystring.stringify(queryParameters);
+    var tokenUrl = cp.tokenUrlPath;
+    if(isAdfs) {
+      tokenUrl = '/adfs' + cp.tokenPath + cp.extraQP;
+    }
 
     var tokenRequest = nock(authEndpoint)
                             .filteringRequestBody(function(body) {
                               return util.filterQueryString(query, body);
                             })
-                           .post(cp.tokenUrlPath, query)
+                           .post(tokenUrl, query)
                            .reply(httpCode, returnDoc);
 
     util.matchStandardRequestHeaders(tokenRequest);
 
     return tokenRequest;
   }
 
+  test('happy-path-adfs-authority', function(done) {
+    var adfsAuthority = "https://contoso.com/adfs";
+    var responseOptions = { authority : adfsAuthority,  mrrt : true };
+    var response = util.createResponse(responseOptions);
+    var upRequest = setupExpectedUserNamePasswordRequestResponse(200, response.wireResponse, adfsAuthority, true);
+
+    var context = new AuthenticationContext(adfsAuthority, false);
+    context.acquireTokenWithUsernamePassword(response.resource, cp.username, cp.password, cp.clientId, function(err, tokenResponse) {
+      if (!err) {
+        upRequest.done();
+        assert(util.isMatchTokenResponse(response.cachedResponse, tokenResponse), 'Response did not match expected: ' + JSON.stringify(tokenResponse));
+      }
+      done(err);
+    });
+  });
+
   test('managed-happy-path', function(done) {
     var preRequests = util.setupExpectedUserRealmResponseCommon(false);
     var response = util.createResponse();