tediousjs
diff --git a/‎package-lock.json‎
Lines changed: 99 additions & 5 deletions b/‎package-lock.json‎
Lines changed: 99 additions & 5 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/connection.js‎
Lines changed: 89 additions & 13 deletions b/‎src/connection.js‎
Lines changed: 89 additions & 13 deletions
@@ -40,7 +40,7 @@
     "tag": "next"
   },
   "dependencies": {
-    "adal-node": "^0.1.22",
+    "@azure/ms-rest-nodeauth": "^2.0.2",
     "big-number": "1.0.0",
     "bl": "^3.0.0",
     "depd": "^2.0.0",
 
@@ -4,7 +4,7 @@ const os = require('os');
 const constants = require('constants');
 const { createSecureContext } = require('tls');
 
-const { AuthenticationContext } = require('adal-node');
+const { loginWithUsernamePassword, loginWithVmMSI, loginWithAppServiceMSI } = require('@azure/ms-rest-nodeauth');
 
 const BulkLoad = require('./bulk-load');
 const Debug = require('./debug');
@@ -74,8 +74,8 @@ class Connection extends EventEmitter {
         throw new TypeError('The "config.authentication.type" property must be of type string.');
       }
 
-      if (type !== 'default' && type !== 'ntlm' && type !== 'azure-active-directory-password' && type !== 'azure-active-directory-access-token') {
-        throw new TypeError('The "type" property must one of "default", "ntlm", "azure-active-directory-password" or "azure-active-directory-access-token".');
+      if (type !== 'default' && type !== 'ntlm' && type !== 'azure-active-directory-password' && type !== 'azure-active-directory-access-token' && type !== 'azure-active-directory-msi-vm' && type !== 'azure-active-directory-msi-app-service') {
+        throw new TypeError('The "type" property must one of "default", "ntlm", "azure-active-directory-password", "azure-active-directory-access-token", "azure-active-directory-msi-vm" or "azure-active-directory-msi-app-service".');
       }
 
       if (typeof options !== 'object' || options === null) {
@@ -130,6 +130,43 @@ class Connection extends EventEmitter {
             token: options.token
           }
         };
+      } else if (type === 'azure-active-directory-msi-vm') {
+        if (options.clientId !== undefined && typeof options.clientId !== 'string') {
+          throw new TypeError('The "config.authentication.options.clientId" property must be of type string.');
+        }
+
+        if (options.msiEndpoint !== undefined && typeof options.msiEndpoint !== 'string') {
+          throw new TypeError('The "config.authentication.options.msiEndpoint" property must be of type string.');
+        }
+
+        authentication = {
+          type: 'azure-active-directory-msi-vm',
+          options: {
+            clientId: options.clientId,
+            msiEndpoint: options.msiEndpoint
+          }
+        };
+      } else if (type === 'azure-active-directory-msi-app-service') {
+        if (options.clientId !== undefined && typeof options.clientId !== 'string') {
+          throw new TypeError('The "config.authentication.options.clientId" property must be of type string.');
+        }
+
+        if (options.msiEndpoint !== undefined && typeof options.msiEndpoint !== 'string') {
+          throw new TypeError('The "config.authentication.options.msiEndpoint" property must be of type string.');
+        }
+
+        if (options.msiSecret !== undefined && typeof options.msiSecret !== 'string') {
+          throw new TypeError('The "config.authentication.options.msiSecret" property must be of type string.');
+        }
+
+        authentication = {
+          type: 'azure-active-directory-msi-app-service',
+          options: {
+            clientId: options.clientId,
+            msiEndpoint: options.msiEndpoint,
+            msiSecret: options.msiSecret
+          }
+        };
       } else {
         if (options.userName !== undefined && typeof options.userName !== 'string') {
           throw new TypeError('The "config.authentication.options.userName" property must be of type string.');
@@ -1234,6 +1271,15 @@ class Connection extends EventEmitter {
         };
         break;
 
+      case 'azure-active-directory-msi-vm':
+      case 'azure-active-directory-msi-app-service':
+        payload.fedAuth = {
+          type: 'ADAL',
+          echo: this.fedAuthRequired,
+          workflow: 'integrated'
+        };
+        break;
+
       case 'ntlm':
         payload.sspi = createNTLMRequest({ domain: authentication.options.domain });
         break;
@@ -1262,13 +1308,13 @@ class Connection extends EventEmitter {
     });
   }
 
-  sendFedAuthResponsePacket(tokenResponse) {
-    const accessTokenLen = Buffer.byteLength(tokenResponse.accessToken, 'ucs2');
+  sendFedAuthTokenMessage(token) {
+    const accessTokenLen = Buffer.byteLength(token, 'ucs2');
     const data = Buffer.alloc(8 + accessTokenLen);
     let offset = 0;
     offset = data.writeUInt32LE(accessTokenLen + 4, offset);
     offset = data.writeUInt32LE(accessTokenLen, offset);
-    data.write(tokenResponse.accessToken, offset, 'ucs2');
+    data.write(token, offset, 'ucs2');
     this.messageIo.sendMessage(TYPE.FEDAUTH_TOKEN, data);
     // sent the fedAuth token message, the rest is similar to standard login 7
     this.transitionTo(this.STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN);
@@ -1892,7 +1938,7 @@ Connection.prototype.STATE = {
 
           const { authentication } = this.config;
 
-          if (authentication.type === 'azure-active-directory-password') {
+          if (authentication.type === 'azure-active-directory-password' || authentication.type === 'azure-active-directory-msi-vm' || authentication.type === 'azure-active-directory-msi-app-service') {
             this.transitionTo(this.STATE.SENT_LOGIN7_WITH_FEDAUTH);
           } else if (authentication.type === 'ntlm') {
             this.transitionTo(this.STATE.SENT_LOGIN7_WITH_NTLM);
@@ -1920,7 +1966,7 @@ Connection.prototype.STATE = {
       },
       featureExtAck: function(token) {
         const { authentication } = this.config;
-        if (authentication.type === 'azure-active-directory-password' || authentication.type === 'azure-active-directory-access-token') {
+        if (authentication.type === 'azure-active-directory-password' || authentication.type === 'azure-active-directory-access-token' || authentication.type === 'azure-active-directory-msi-vm' || authentication.type === 'azure-active-directory-msi-app-service') {
           if (token.fedAuth === undefined) {
             this.loginError = ConnectionError('Did not receive Active Directory authentication acknowledgement');
             this.loggedIn = false;
@@ -2025,19 +2071,49 @@ Connection.prototype.STATE = {
       },
       message: function() {
         if (this.fedAuthInfoToken && this.fedAuthInfoToken.stsurl && this.fedAuthInfoToken.spn) {
-          const clientId = '7f98cb04-cd1e-40df-9140-3bf7e2cea4db';
-          const context = new AuthenticationContext(this.fedAuthInfoToken.stsurl);
-          const authentication = this.config.authentication;
+          const { authentication } = this.config;
+
+          const getToken = (callback) => {
+            const getTokenFromCredentials = (err, credentials) => {
+              if (err) {
+                return callback(err);
+              }
+
+              credentials.getToken().then((tokenResponse) => {
+                callback(null, tokenResponse.accessToken);
+              }, callback);
+            };
+
+            if (authentication.type === 'azure-active-directory-password') {
+              loginWithUsernamePassword(authentication.options.userName, authentication.options.password, {
+                clientId: '7f98cb04-cd1e-40df-9140-3bf7e2cea4db',
+                tokenAudience: this.fedAuthInfoToken.spn
+              }, getTokenFromCredentials);
+            } else if (authentication.type === 'azure-active-directory-msi-vm') {
+              loginWithVmMSI({
+                clientId: authentication.options.clientId,
+                msiEndpoint: authentication.options.msiEndpoint,
+                resource: this.fedAuthInfoToken.spn
+              }, getTokenFromCredentials);
+            } else if (authentication.type === 'azure-active-directory-msi-app-service') {
+              loginWithAppServiceMSI({
+                clientId: authentication.options.clientId,
+                msiEndpoint: authentication.options.msiEndpoint,
+                msiSecret: authentication.options.msiSecret,
+                resource: this.fedAuthInfoToken.spn
+              }, getTokenFromCredentials);
+            }
+          };
 
-          context.acquireTokenWithUsernamePassword(this.fedAuthInfoToken.spn, authentication.options.userName, authentication.options.password, clientId, (err, tokenResponse) => {
+          getToken((err, token) => {
             if (err) {
               this.loginError = ConnectionError('Security token could not be authenticated or authorized.', 'EFEDAUTH');
               this.emit('connect', this.loginError);
               this.transitionTo(this.STATE.FINAL);
               return;
             }
 
-            this.sendFedAuthResponsePacket(tokenResponse);
+            this.sendFedAuthTokenMessage(token);
           });
         } else if (this.loginError) {
           if (this.loginError.isTransient) {