Merge pull request #663 from AzureAD/rn/sid

add sid value instead of login_hint if present
AzureAD · Feb 27, 2018 · 0d21ac0 · 0d21ac0
2 parents beee84c + f1c1120
commit 0d21ac0
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 14 deletions.
diff --git a/lib/adal.js b/lib/adal.js
@@ -924,21 +924,32 @@ var AuthenticationContext = (function () {
      * @ignore
      */
     AuthenticationContext.prototype._addHintParameters = function (urlNavigate) {
-        // include hint params only if upn is present
-        if (this._user && this._user.profile && this._user.profile.hasOwnProperty('upn')) {
-
-            // don't add login_hint twice if user provided it in the extraQueryParameter value
-            if (!this._urlContainsQueryStringParameter("login_hint", urlNavigate)) {
-                // add login_hint
-                urlNavigate += '&login_hint=' + encodeURIComponent(this._user.profile.upn);
+        //If you dont use prompt=none, then if the session does not exist, there will be a failure.
+        //If sid is sent alongside domain or login hints, there will be a failure since request is ambiguous.
+        //If sid is sent with a prompt value other than none or attempt_none, there will be a failure since the request is ambiguous.
+
+        if (this._user && this._user.profile) {
+            if (this._user.profile.sid && urlNavigate.indexOf('&prompt=none') !== -1) {
+                // don't add sid twice if user provided it in the extraQueryParameter value
+                if (!this._urlContainsQueryStringParameter("sid", urlNavigate)) {
+                    // add sid
+                    urlNavigate += '&sid=' + encodeURIComponent(this._user.profile.sid);
+                }
             }
-
-            // don't add domain_hint twice if user provided it in the extraQueryParameter value
-            if (!this._urlContainsQueryStringParameter("domain_hint", urlNavigate) && this._user.profile.upn.indexOf('@') > -1) {
-                var parts = this._user.profile.upn.split('@');
-                // local part can include @ in quotes. Sending last part handles that.
-                urlNavigate += '&domain_hint=' + encodeURIComponent(parts[parts.length - 1]);
+            else if (this._user.profile.upn) {
+                // don't add login_hint twice if user provided it in the extraQueryParameter value
+                if (!this._urlContainsQueryStringParameter("login_hint", urlNavigate)) {
+                    // add login_hint
+                    urlNavigate += '&login_hint=' + encodeURIComponent(this._user.profile.upn);
+                }
+                // don't add domain_hint twice if user provided it in the extraQueryParameter value
+                if (!this._urlContainsQueryStringParameter("domain_hint", urlNavigate) && this._user.profile.upn.indexOf('@') > -1) {
+                    var parts = this._user.profile.upn.split('@');
+                    // local part can include @ in quotes. Sending last part handles that.
+                    urlNavigate += '&domain_hint=' + encodeURIComponent(parts[parts.length - 1]);
+                }
             }
+
         }
 
         return urlNavigate;

diff --git a/tests/unit/spec/AdalSpec.js b/tests/unit/spec/AdalSpec.js
@@ -1056,7 +1056,31 @@ describe('Adal', function () {
         newUrl = adal._urlRemoveQueryStringParameter(url, 'prompt');
         expect(newUrl).toBe('https://login.onmicrosoft.com?client_id=12345&response_type=id_token');
     })
+
+    it('to add sid=<sid value> instead of login_hint=<upn value> if sid is present in the id_token response received from the server ', function () {
+        //If you don�t use prompt=none, then if the session does not exist, there will be a failure.
+        //If sid is sent alongside domain or login hints, there will be a failure since request is ambiguous.
+        //If sid is sent with a prompt value other than none or attempt_none, there will be a failure since the request is ambiguous.
+        var url = 'https://login.onmicrosoft.com&prompt=none'; // add sid if prompt=none and user.profile has sid
+        adal._user = { 
+            profile: {
+                sid: '123',
+                upn:'[email protected]'
+            }
+        }
+        var newUrl = adal._addHintParameters(url);
+        expect(newUrl).toBe('https://login.onmicrosoft.com&prompt=none' + '&sid=' + encodeURIComponent(adal._user.profile.sid));
 
+        var url = 'https://login.onmicrosoft.com'; //  if prompt!==none, do not add sid
+        adal._user.profile = {
+                sid: '123',
+                upn: '[email protected]'
+        }
+        var newUrl = adal._addHintParameters(url);
+        expect(newUrl).toBe('https://login.onmicrosoft.com' + '&login_hint=' + encodeURIComponent(adal._user.profile.upn) + '&domain_hint=' + encodeURIComponent(adal._user.profile.upn.split('@')[1]));
+        adal._user = null;
+    })
+
     it('checks Logger to see if pii messages are logged when piiLogging is disabled by the developer', function () {
         Logging.level = 2;//error, warning, info, verbose
         Logging.log = function (message) {
@@ -1073,6 +1097,5 @@ describe('Adal', function () {
         expect(window.logMessage).toContain("https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=token&state=9ff87e68-76a6-4537-9b2a-9313da6c576b&nonce=d503ae2c-51fc-447b-8b44-a0aed28033b8");
         expect(Logging.level).toEqual(2);
         Logging.piiLoggingEnabled = false;
-
     })
 });