Skip to content
This repository has been archived by the owner on Sep 29, 2023. It is now read-only.

Commit

Permalink
Merge pull request #229 from AzureAD/release-1.2.3
Browse files Browse the repository at this point in the history
Release 1.2.3
  • Loading branch information
abhidnya13 authored May 1, 2020
2 parents cf6650d + 4e7a708 commit f840cac
Show file tree
Hide file tree
Showing 15 changed files with 62 additions and 32 deletions.
16 changes: 16 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
---

This library, ADAL for Python, will no longer receive new feature improvements. Instead, use the new library
[MSAL for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python).

* If you are starting a new project, you can get started with the
[MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki)
for details about the scenarios, usage, and relevant concepts.
* If your application is using the previous ADAL Python library, you can follow this
[migration guide](https://docs.microsoft.com/en-us/azure/active-directory/develop/migrate-python-adal-msal)
to update to MSAL Python.
* Existing applications relying on ADAL Python will continue to work.

---


# Microsoft Azure Active Directory Authentication Library (ADAL) for Python

`master` branch | `dev` branch | Reference Docs
Expand Down
2 changes: 1 addition & 1 deletion adal/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@

# pylint: disable=wrong-import-position

__version__ = '1.2.2'
__version__ = '1.2.3'

import logging

Expand Down
14 changes: 13 additions & 1 deletion adal/authentication_context.py
Original file line number Diff line number Diff line change
Expand Up @@ -243,9 +243,21 @@ def acquire_token_with_client_certificate(self, resource, client_id,
:param str client_id: The OAuth client id of the calling application.
:param str certificate: A PEM encoded certificate private key.
:param str thumbprint: hex encoded thumbprint of the certificate.
:param public_certificate(optional): if not None, it will be sent to the service for subject name
:param str public_certificate(optional): if not None, it will be sent to the service for subject name
and issuer based authentication, which is to support cert auto rolls. The value must match the
certificate private key parameter.
Per `specs <https://tools.ietf.org/html/rfc7515#section-4.1.6>`_,
"the certificate containing
the public key corresponding to the key used to digitally sign the
JWS MUST be the first certificate. This MAY be followed by
additional certificates, with each subsequent certificate being the
one used to certify the previous one."
However, your certificate's issuer may use a different order.
So, if your attempt ends up with an error AADSTS700027 -
"The provided signature value did not match the expected signature value",
you may try use only the leaf cert (in PEM/str format) instead.
:returns: dict with several keys, include "accessToken".
'''
def token_func(self):
Expand Down
2 changes: 1 addition & 1 deletion adal/authentication_parameters.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ def __init__(self, authorization_uri, resource):
# The 401 challenge is a standard defined in RFC6750, which is based in part on RFC2617.
# The challenge has the following form.
# WWW-Authenticate : Bearer
# authorization_uri="https://login.windows.net/mytenant.com/oauth2/authorize",
# authorization_uri="https://login.microsoftonline.com/mytenant.com/oauth2/authorize",
# Resource_id="00000002-0000-0000-c000-000000000000"

# This regex is used to validate the structure of the challenge header.
Expand Down
7 changes: 3 additions & 4 deletions adal/authority.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,9 @@ def url(self):
return self._url.geturl()

def _whitelisted(self): # testing if self._url.hostname is a dsts whitelisted domain
for domain in AADConstants.WHITELISTED_DOMAINS:
if self._url.hostname.endswith(domain):
return True
return False
# Add dSTS domains to whitelist based on based on domain
# https://microsoft.sharepoint.com/teams/AzureSecurityCompliance/Security/SitePages/dSTS%20Fundamentals.aspx
return ".dsts." in self._url.hostname

def _validate_authority_url(self):

Expand Down
12 changes: 1 addition & 11 deletions adal/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -208,24 +208,14 @@ class HttpError(object):

class AADConstants(object):

WORLD_WIDE_AUTHORITY = 'login.windows.net'
WORLD_WIDE_AUTHORITY = 'login.microsoftonline.com'
WELL_KNOWN_AUTHORITY_HOSTS = [
'login.windows.net',
'login.microsoftonline.com',
'login.chinacloudapi.cn',
'login-us.microsoftonline.com',
'login.microsoftonline.us',
'login.microsoftonline.de',
]
WHITELISTED_DOMAINS = [
# Define dSTS domains whitelist based on its Supported Environments & National Clouds list here
# https://microsoft.sharepoint.com/teams/AzureSecurityCompliance/Security/SitePages/dSTS%20Fundamentals.aspx
'dsts.core.windows.net',
'dsts.core.chinacloudapi.cn',
'dsts.core.cloudapi.de',
'dsts.core.usgovcloudapi.net',
'dsts.core.azure-test.net',
]
INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = 'https://{authorize_host}/common/discovery/instance?authorization_endpoint={authorize_endpoint}&api-version=1.0' # pylint: disable=invalid-name
AUTHORIZE_ENDPOINT_PATH = '/oauth2/authorize'
TOKEN_ENDPOINT_PATH = '/oauth2/token'
Expand Down
2 changes: 1 addition & 1 deletion adal/log.py
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ def scrub_pii(arg_dict, padding="..."):
"redirect_uri",

# Unintuitively, the following can contain PII
"user_realm_url", # e.g. https://login.windows.net/common/UserRealm/{username}
"user_realm_url", # e.g. https://login.microsoftonline.com/common/UserRealm/{username}
])
return {k: padding if k.lower() in pii else arg_dict[k] for k in arg_dict}

14 changes: 14 additions & 0 deletions docs/source/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,20 @@
.. This file is also inspired by
https://pythonhosted.org/an_example_pypi_project/sphinx.html#full-code-example
.. note::
This library, ADAL for Python, will no longer receive new feature improvement. Its successor,
`MSAL for Python <https://github.com/AzureAD/microsoft-authentication-library-for-python>`_,
are now generally available.

* If you are starting a new project, you can get started with the
`MSAL Python docs <https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki>`_
for details about the scenarios, usage, and relevant concepts.
* If your application is using the previous ADAL Python library, you can follow this
`migration guide <https://docs.microsoft.com/en-us/azure/active-directory/develop/migrate-python-adal-msal>`_
to update to MSAL Python.
* Existing applications relying on ADAL Python will continue to work.


Welcome to ADAL Python's documentation!
=======================================

Expand Down
2 changes: 1 addition & 1 deletion sample/website_sample.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
raise ValueError('Please provide parameter file with account information.')

PORT = 8088
TEMPLATE_AUTHZ_URL = ('https://login.windows.net/{}/oauth2/authorize?'+
TEMPLATE_AUTHZ_URL = ('https://login.microsoftonline.com/{}/oauth2/authorize?'+
'response_type=code&client_id={}&redirect_uri={}&'+
'state={}&resource={}')
GRAPH_RESOURCE = '00000002-0000-0000-c000-000000000000'
Expand Down
2 changes: 1 addition & 1 deletion tests/config_sample.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
"password" : "None",
"tenant" : "XXXXXXXX.onmicrosoft.com",

"authorityHostUrl" : "https://login.windows.net",
"authorityHostUrl" : "https://login.microsoftonline.com",
}

ACQUIRE_TOKEN_WITH_CLIENT_CREDENTIALS = {
Expand Down
4 changes: 2 additions & 2 deletions tests/test_api_version.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def test_api_version_default_value(self):
with warnings.catch_warnings(record=True) as caught_warnings:
warnings.simplefilter("always")
context = adal.AuthenticationContext(
"https://login.windows.net/tenant")
"https://login.microsoftonline.com/tenant")
self.assertEqual(context._call_context['api_version'], None)
self.assertEqual(len(caught_warnings), 0)
if len(caught_warnings) == 1:
Expand All @@ -57,7 +57,7 @@ def test_explicitly_turn_off_api_version(self):
with warnings.catch_warnings(record=True) as caught_warnings:
warnings.simplefilter("always")
context = adal.AuthenticationContext(
"https://login.windows.net/tenant", api_version=None)
"https://login.microsoftonline.com/tenant", api_version=None)
self.assertEqual(context._call_context['api_version'], None)
self.assertEqual(len(caught_warnings), 0)

Expand Down
7 changes: 3 additions & 4 deletions tests/test_authority.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ class TestAuthority(unittest.TestCase):
# discovery.
nonHardCodedAuthority = 'https://login.doesntexist.com/' + cp['tenant']
nonHardCodedAuthorizeEndpoint = nonHardCodedAuthority + '/oauth2/authorize'
dstsTestEndpoint = 'https://test-dsts.core.azure-test.net/dstsv2/common'
dstsTestEndpoint = 'https://test-dsts.dsts.core.azure-test.net/dstsv2/common'


def setUp(self):
Expand Down Expand Up @@ -123,14 +123,13 @@ def performStaticInstanceDiscovery(self, authorityHost):
def test_success_static_instance_discovery(self):

self.performStaticInstanceDiscovery('login.microsoftonline.com')
self.performStaticInstanceDiscovery('login.windows.net')
self.performStaticInstanceDiscovery('login.chinacloudapi.cn')
self.performStaticInstanceDiscovery('login-us.microsoftonline.com')
self.performStaticInstanceDiscovery('login.microsoftonline.us')
self.performStaticInstanceDiscovery('test-dsts.dsts.core.windows.net')
self.performStaticInstanceDiscovery('test-dsts.dsts.core.chinacloudapi.cn')
self.performStaticInstanceDiscovery('test-dsts.dsts.core.cloudapi.de')
self.performStaticInstanceDiscovery('test-dsts.dsts.core.usgovcloudapi.net')
self.performStaticInstanceDiscovery('test-dsts.core.azure-test.net')
self.performStaticInstanceDiscovery('test-dsts.dsts.core.azure-test.net')


@httpretty.activate
Expand Down
2 changes: 1 addition & 1 deletion tests/test_self_signed_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ class TestSelfSignedJwt(unittest.TestCase):
expectedJwtWithPublicCert = cp['expectedJwtWithPublicCert']

unexpectedJwt = 'unexpectedJwt'
testAuthority = Authority('https://login.windows.net/naturalcauses.com', False)
testAuthority = Authority('https://login.microsoftonline.com/naturalcauses.com', False)
testClientId = 'd6835713-b745-48d1-bb62-7a8248477d35'
testCert = cp['cert']
testPublicCert=cp['publicCert']
Expand Down
2 changes: 1 addition & 1 deletion tests/test_user_realm.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
class TestUserRealm(unittest.TestCase):

def setUp(self):
self.authority = 'https://login.windows.net'
self.authority = 'https://login.microsoftonline.com'
self.user = 'test@federatedtenant-com'

user_realm_path = cp['userRealmPathTemplate'].replace('<user>', quote(self.user, safe='~()*!.\''))
Expand Down
6 changes: 3 additions & 3 deletions tests/util.py
Original file line number Diff line number Diff line change
Expand Up @@ -122,13 +122,13 @@
'clientId': 'clien&&???tId',
'clientSecret': 'clientSecret*&^(?&',
'resource': '00000002-0000-0000-c000-000000000000',
'evoEndpoint': 'https://login.windows.net/',
'evoEndpoint': 'https://login.microsoftonline.com/',
'username': 'rrandall@rrandallaad1.onmicrosoft.com',
'password': '<password>',
'authorityHosts': {
'global': 'login.windows.net',
'global': 'login.microsoftonline.com',
'china': 'login.chinacloudapi.cn',
'gov': 'login-us.microsoftonline.com'
'gov': 'login.microsoftonline.us'
}
}

Expand Down

0 comments on commit f840cac

Please sign in to comment.