fix(auth): HMAC is recreated and re-issued on redirect. (Azure#22748)

* fix(auth): HMAC is recreated and re-issued on redirect.

Author: chrwhit

sdk/communication/Azure.Communication.CallingServer/api/Azure.Communication.CallingServer.netstandard2.0.cs

@@ -79,7 +79,7 @@ public CallingServerClient(string connectionString, Azure.Communication.CallingS
     }
     public partial class CallingServerClientOptions : Azure.Core.ClientOptions
     {
-        public CallingServerClientOptions(Azure.Communication.CallingServer.CallingServerClientOptions.ServiceVersion version = Azure.Communication.CallingServer.CallingServerClientOptions.ServiceVersion.V2021_06_15_Preview) { }
+        public CallingServerClientOptions(Azure.Communication.CallingServer.CallingServerClientOptions.ServiceVersion version = Azure.Communication.CallingServer.CallingServerClientOptions.ServiceVersion.V2021_06_15_Preview, bool allowAutoRedirect = false) { }
         public enum ServiceVersion
         {
             V2021_06_15_Preview = 1,

sdk/communication/Azure.Communication.CallingServer/src/Azure.Communication.CallingServer.csproj

@@ -18,6 +18,7 @@
   <ItemGroup>
     <Compile Include="..\..\Shared\src\ClientOptionsExtensions.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\src\HMACAuthenticationPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
+    <Compile Include="..\..\Shared\src\RedirectPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\src\CommunicationIdentifierSerializer.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)Argument.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)ArrayBufferWriter.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />

sdk/communication/Azure.Communication.CallingServer/src/CallingServerClient.cs

@@ -290,7 +290,7 @@ public virtual ServerCall InitializeServerCall(string serverCallId)
         /// </param>
         /// <param name="cancellationToken">
         /// Optional <see cref="CancellationToken"/> to propagate
-        /// notifications that the operation should be cancelled.
+        /// notifications that the operation should be canceled.
         /// </param>
         /// <returns>
         /// A <see cref="Response{Stream}"/> containing the
@@ -325,7 +325,7 @@ await _contentDownloader.DownloadStreamingInternal(
         /// </param>
         /// <param name="cancellationToken">
         /// Optional <see cref="CancellationToken"/> to propagate
-        /// notifications that the operation should be cancelled.
+        /// notifications that the operation should be canceled.
         /// </param>
         /// <returns>
         /// A <see cref="Response{Stream}"/> containing the
@@ -363,7 +363,7 @@ public virtual Response<Stream> DownloadStreaming(
         /// </param>
         /// <param name="cancellationToken">
         /// Optional <see cref="CancellationToken"/> to propagate
-        /// notifications that the operation should be cancelled.
+        /// notifications that the operation should be canceled.
         /// </param>
         /// <returns>
         /// A <see cref="Response"/> describing the operation.
@@ -393,7 +393,7 @@ public virtual Response DownloadTo(Uri sourceEndpoint, Stream destinationStream,
         /// </param>
         /// <param name="cancellationToken">
         /// Optional <see cref="CancellationToken"/> to propagate
-        /// notifications that the operation should be cancelled.
+        /// notifications that the operation should be canceled.
         /// </param>
         /// <returns>
         /// A <see cref="Response"/> describing the operation.
@@ -422,7 +422,7 @@ public virtual async Task<Response> DownloadToAsync(Uri sourceEndpoint, Stream d
         /// </param>
         /// <param name="cancellationToken">
         /// Optional <see cref="CancellationToken"/> to propagate
-        /// notifications that the operation should be cancelled.
+        /// notifications that the operation should be canceled.
         /// </param>
         /// <returns>
         /// A <see cref="Response"/> describing the operation.
@@ -456,7 +456,7 @@ public virtual Response DownloadTo(Uri sourceEndpoint, string destinationPath,
         /// </param>
         /// <param name="cancellationToken">
         /// Optional <see cref="CancellationToken"/> to propagate
-        /// notifications that the operation should be cancelled.
+        /// notifications that the operation should be canceled.
         /// </param>
         /// <returns>
         /// A <see cref="Response"/> describing the operation.

sdk/communication/Azure.Communication.CallingServer/src/CallingServerClientOptions.cs

@@ -2,7 +2,9 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Net.Http;
 using Azure.Core;
+using Azure.Core.Pipeline;
 
 namespace Azure.Communication.CallingServer
 {
@@ -18,16 +20,29 @@ public class CallingServerClientOptions : ClientOptions
 
         internal string ApiVersion { get; }
 
+        /// <summary>
+        /// Enable auto redirect
+        /// </summary>
+        internal bool AllowAutoRedirect { get; set; }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="CallingServerClientOptions"/>.
         /// </summary>
-        public CallingServerClientOptions(ServiceVersion version = LatestVersion)
+        public CallingServerClientOptions(ServiceVersion version = LatestVersion, bool allowAutoRedirect = false)
         {
+            AllowAutoRedirect = allowAutoRedirect;
             ApiVersion = version switch
             {
                 ServiceVersion.V2021_06_15_Preview => "2021-06-15-preview",
                 _ => throw new ArgumentOutOfRangeException(nameof(version)),
             };
+
+            var clientHandler = new HttpClientHandler()
+            {
+                AllowAutoRedirect = allowAutoRedirect
+            };
+
+            Transport = new HttpClientTransport(clientHandler);
         }
 
         /// <summary>

sdk/communication/Azure.Communication.Identity/src/Azure.Communication.Identity.csproj

@@ -27,6 +27,7 @@
     <Compile Include="..\..\Shared\src\ClientOptionsExtensions.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\src\HMACAuthenticationPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\Properties\CommunicationAssembyInfo.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
+    <Compile Include="..\..\Shared\src\RedirectPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />    
     <Compile Include="$(AzureCoreSharedSources)AzureResourceProviderNamespaceAttribute.cs" Link="Shared\Core\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)Argument.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)ArrayBufferWriter.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />

sdk/communication/Azure.Communication.NetworkTraversal/src/Azure.Communication.NetworkTraversal.csproj

@@ -23,6 +23,7 @@
   <ItemGroup>
     <Compile Include="..\..\Shared\src\ClientOptionsExtensions.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\src\HMACAuthenticationPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
+    <Compile Include="..\..\Shared\src\RedirectPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />    
     <Compile Include="..\..\Shared\Properties\CommunicationAssembyInfo.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)AzureResourceProviderNamespaceAttribute.cs" Link="Shared\Core\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)Argument.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />

sdk/communication/Azure.Communication.PhoneNumbers/src/Azure.Communication.PhoneNumbers.csproj

@@ -25,6 +25,7 @@
   <ItemGroup>
     <Compile Include="..\..\Shared\src\ClientOptionsExtensions.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\src\HMACAuthenticationPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
+    <Compile Include="..\..\Shared\src\RedirectPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\Properties\CommunicationAssembyInfo.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)AzureResourceProviderNamespaceAttribute.cs" Link="Shared\Core\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)Argument.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />

sdk/communication/Azure.Communication.Sms/src/Azure.Communication.Sms.csproj

@@ -24,6 +24,7 @@
   <ItemGroup>
     <Compile Include="..\..\Shared\src\ClientOptionsExtensions.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="..\..\Shared\src\HMACAuthenticationPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
+    <Compile Include="..\..\Shared\src\RedirectPolicy.cs" Link="Shared\Communication\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)Argument.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)ArrayBufferWriter.cs" Link="Shared\%(RecursiveDir)\%(Filename)%(Extension)" />
     <Compile Include="$(AzureCoreSharedSources)AzureResourceProviderNamespaceAttribute.cs" Link="Shared\Core\%(RecursiveDir)\%(Filename)%(Extension)" />

sdk/communication/Shared/src/ClientOptionsExtensions.cs

@@ -8,22 +8,24 @@ namespace Azure.Communication.Pipeline
 {
     internal static class ClientOptionsExtensions
     {
+        private static readonly RedirectPolicy _redirectPolicy = new();
+
         public static HttpPipeline BuildHttpPipeline(this ClientOptions options, ConnectionString connectionString)
         {
             var authPolicy = new HMACAuthenticationPolicy(new AzureKeyCredential(connectionString.GetRequired("accesskey")));
-            return HttpPipelineBuilder.Build(options, authPolicy);
+            return HttpPipelineBuilder.Build(options, _redirectPolicy, authPolicy);
         }
 
         public static HttpPipeline BuildHttpPipeline(this ClientOptions options, AzureKeyCredential keyCredential)
         {
             var authPolicy = new HMACAuthenticationPolicy(keyCredential);
-            return HttpPipelineBuilder.Build(options, authPolicy);
+            return HttpPipelineBuilder.Build(options, _redirectPolicy, authPolicy);
         }
 
         public static HttpPipeline BuildHttpPipeline(this ClientOptions options, TokenCredential tokenCredential)
         {
             var authPolicy = new BearerTokenAuthenticationPolicy(tokenCredential, "https://communication.azure.com//.default");
-            return HttpPipelineBuilder.Build(options, authPolicy);
+            return HttpPipelineBuilder.Build(options, _redirectPolicy, authPolicy);
         }
     }
 }

sdk/communication/Shared/src/RedirectPolicy.cs

@@ -0,0 +1,97 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Core.Pipeline;
+
+namespace Azure.Communication.Pipeline
+{
+    internal class RedirectPolicy : HttpPipelinePolicy
+    {
+        private const string LOCATION_HEADER_STRING = "LOCATION";
+        private readonly int maxRedirects;
+
+        public RedirectPolicy(int maxRedirects = 10)
+        {
+            this.maxRedirects = maxRedirects;
+        }
+
+        public override void Process(HttpMessage message, ReadOnlyMemory<HttpPipelinePolicy> pipeline)
+        {
+            ProcessAsync(message, pipeline, false).EnsureCompleted();
+        }
+
+        public override ValueTask ProcessAsync(HttpMessage message, ReadOnlyMemory<HttpPipelinePolicy> pipeline)
+        {
+            return ProcessAsync(message, pipeline, true);
+        }
+
+        private async ValueTask ProcessAsync(HttpMessage message, ReadOnlyMemory<HttpPipelinePolicy> pipeline, bool async)
+        {
+            var redirectCount = 0;
+
+            while (true)
+            {
+                if (async)
+                {
+                    await ProcessNextAsync(message, pipeline).ConfigureAwait(false);
+                }
+                else
+                {
+                    ProcessNext(message, pipeline);
+                }
+
+                if (!IsRedirectResponse(message))
+                {
+                    // Request does not require a redirect, continue
+                    // up the policy pipeline.
+                    return;
+                }
+
+                if (!TryGetRedirect(message, out Uri location))
+                {
+                    throw new MissingFieldException("Location header was not retrieved from the redirect response, or URL was invalid.");
+                }
+
+                if (++redirectCount > maxRedirects)
+                {
+                    throw new RequestFailedException("Maximum number of redirections exceeded.");
+                }
+
+                message.Request.Uri.Reset(location);
+            }
+        }
+
+        private static bool IsRedirectResponse(HttpMessage message)
+        {
+            if (message is null || !message.HasResponse)
+            {
+                return false;
+            }
+
+            switch ((HttpStatusCode)message.Response.Status)
+            {
+                case HttpStatusCode.Moved:
+                case HttpStatusCode.Found:
+                    return true;
+                default:
+                    return false;
+            }
+        }
+
+        private static bool TryGetRedirect(HttpMessage message, out Uri location)
+        {
+            location = default;
+
+            if (!message.Response.Headers.TryGetValue(LOCATION_HEADER_STRING, out string locationHeader))
+            {
+                return false;
+            }
+
+            return Uri.TryCreate(locationHeader, UriKind.Absolute, out location);
+        }
+    }
+}