From 36cce86776dcdb102b5e210d88f46bc4e6213370 Mon Sep 17 00:00:00 2001 From: Jennyf19 Date: Sun, 21 May 2023 17:39:39 -0700 Subject: [PATCH] Fix two issues with dSTS authority, one when using WithTenantId, and adding dSTS as a supported tenant override. Add a test --- .../AbstractAcquireTokenParameterBuilder.cs | 22 ++++++++++++++----- .../AppConfig/AuthorityInfo.cs | 7 +++++- .../TestConstants.cs | 2 +- .../TestData.cs | 2 +- .../ApiConfigTests/AuthorityTests.cs | 20 ++++++++++++++++- .../InstanceTests/DstsAuthorityTests.cs | 5 ++--- .../PublicApiTests/TenantIdTests.cs | 2 +- 7 files changed, 47 insertions(+), 13 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs index a74fbbe746..a127adc4c6 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs @@ -274,11 +274,23 @@ public T WithTenantId(string tenantId) MsalErrorMessage.TenantOverrideNonAad); } - AadAuthority aadAuthority = (AadAuthority)ServiceBundle.Config.Authority; - string tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true); - var newAuthorityInfo = AuthorityInfo.FromAadAuthority( - tenantedAuthority, - ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority); + AuthorityInfo newAuthorityInfo; + if (ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType == AuthorityType.Dsts) + { + DstsAuthority dSTSAuthority = (DstsAuthority)ServiceBundle.Config.Authority; + string tenantedAuthority = dSTSAuthority.GetTenantedAuthority(tenantId, true); + newAuthorityInfo = AuthorityInfo.FromDstsAuthority( + tenantedAuthority, + ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority); + } + else + { + AadAuthority aadAuthority = (AadAuthority)ServiceBundle.Config.Authority; + string tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true); + newAuthorityInfo = AuthorityInfo.FromAadAuthority( + tenantedAuthority, + ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority); + } CommonParameters.AuthorityOverride = newAuthorityInfo; diff --git a/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs b/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs index 1b5743fc77..962acdcda8 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs @@ -138,7 +138,7 @@ private AuthorityInfo( internal bool IsUserAssertionSupported => AuthorityType != AuthorityType.Adfs && AuthorityType != AuthorityType.B2C; - internal bool IsTenantOverrideSupported => AuthorityType == AuthorityType.Aad; + internal bool IsTenantOverrideSupported => AuthorityType == AuthorityType.Aad || AuthorityType == AuthorityType.Dsts; internal bool IsMultiTenantSupported => AuthorityType != AuthorityType.Adfs; internal bool IsClientInfoSupported => AuthorityType == AuthorityType.Aad || AuthorityType == AuthorityType.Dsts || AuthorityType == AuthorityType.B2C; @@ -238,6 +238,11 @@ internal static AuthorityInfo FromAdfsAuthority(string authorityUri, bool valida return new AuthorityInfo(AuthorityType.Adfs, authorityUri, validateAuthority); } + internal static AuthorityInfo FromDstsAuthority(string authorityUri, bool validateAuthority) + { + return new AuthorityInfo(AuthorityType.Dsts, authorityUri, validateAuthority); + } + internal static AuthorityInfo FromB2CAuthority(string authorityUri) { return new AuthorityInfo(AuthorityType.B2C, authorityUri, false); diff --git a/tests/Microsoft.Identity.Test.Common/TestConstants.cs b/tests/Microsoft.Identity.Test.Common/TestConstants.cs index 0efe1dac1d..01dff6094a 100644 --- a/tests/Microsoft.Identity.Test.Common/TestConstants.cs +++ b/tests/Microsoft.Identity.Test.Common/TestConstants.cs @@ -104,7 +104,7 @@ public static HashSet s_scope public const string ADFSAuthority2 = "https://someAdfs.com/adfs/"; public const string DstsAuthorityTenantless = "https://some.url.dsts.core.azure-test.net/dstsv2/"; - public const string DstsAuthorityTenanted = "https://some.url.dsts.core.azure-test.net/dstsv2/" + TenantIdString; + public const string DstsAuthorityTenanted = "https://some.url.dsts.core.azure-test.net/dstsv2/" + TenantId; public const string DstsAuthorityCommon = "https://some.url.dsts.core.azure-test.net/dstsv2/" + Common; public const string B2CLoginGlobal = ".b2clogin.com"; diff --git a/tests/Microsoft.Identity.Test.Common/TestData.cs b/tests/Microsoft.Identity.Test.Common/TestData.cs index 83725395e8..3405df494c 100644 --- a/tests/Microsoft.Identity.Test.Common/TestData.cs +++ b/tests/Microsoft.Identity.Test.Common/TestData.cs @@ -37,7 +37,7 @@ public static IEnumerable GetAuthorityWithExpectedTenantId() yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.AuthorityTestTenant), ExpectedTenantId = TestConstants.Utid }.ToObjectArray(); yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.AadAuthorityWithTestTenantId), ExpectedTenantId = TestConstants.AadTenantId }.ToObjectArray(); yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.AuthorityWindowsNet), ExpectedTenantId = TestConstants.Utid }.ToObjectArray(); - yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.DstsAuthorityTenanted), ExpectedTenantId = TestConstants.TenantIdString }.ToObjectArray(); + yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.DstsAuthorityTenanted), ExpectedTenantId = TestConstants.TenantId }.ToObjectArray(); } } } diff --git a/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs b/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs index 645b3ff02b..21f87ede38 100644 --- a/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs @@ -11,7 +11,6 @@ using Microsoft.Identity.Test.Common.Core.Helpers; using Microsoft.Identity.Test.Common.Core.Mocks; using Microsoft.VisualStudio.TestTools.UnitTesting; -using NSubstitute.ReceivedExtensions; namespace Microsoft.Identity.Test.Unit.ApiConfigTests { @@ -78,6 +77,25 @@ public void WithTenantIdExceptions() Assert.AreEqual(ex2.ErrorCode, MsalError.TenantOverrideNonAad); } + [TestMethod] + public void DstsAuthority_WithTenantId_Success() + { + var app = ConfidentialClientApplicationBuilder + .Create(TestConstants.ClientId) + .WithAuthority(TestConstants.DstsAuthorityTenanted) + .WithClientSecret("secret") + .Build(); + + var parameterBuilder = app.AcquireTokenByAuthorizationCode(TestConstants.s_scope, "code") + .WithTenantId(TestConstants.TenantId); + + // Verify Host still matches the original Authority + Assert.AreEqual(new Uri(TestConstants.DstsAuthorityTenanted).Host, parameterBuilder.CommonParameters.AuthorityOverride.Host); + + // Verify the Tenant Id matches + Assert.AreEqual(TestConstants.TenantId, AuthorityHelpers.GetTenantId(parameterBuilder.CommonParameters.AuthorityOverride.CanonicalAuthority)); + } + [DataTestMethod] [DynamicData(nameof(TestData.GetAuthorityWithExpectedTenantId), typeof(TestData), DynamicDataSourceType.Method)] public void WithTenantId_Success(Uri authorityValue, string tenantId) diff --git a/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs b/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs index 7c091c1ab7..68da95cf33 100644 --- a/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs @@ -118,10 +118,9 @@ public void Validate_MinNumberOfSegments() [TestMethod] public void CreateAuthorityFromTenantedWithTenantTest() - { - + { Authority authority = AuthorityTestHelper.CreateAuthorityFromUrl(TestConstants.DstsAuthorityTenanted); - Assert.AreEqual("tenantid", authority.TenantId); + Assert.AreEqual(TestConstants.TenantId, authority.TenantId); string updatedAuthority = authority.GetTenantedAuthority("tenant2"); diff --git a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/TenantIdTests.cs b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/TenantIdTests.cs index fdc8a1fe27..6409baff3e 100644 --- a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/TenantIdTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/TenantIdTests.cs @@ -38,7 +38,7 @@ public void TestInitialize() [DataRow(TestConstants.B2CLoginAuthorityMoonCake, TestConstants.SomeTenantId, DisplayName = "B2C MoonCake Tenant Id")] [DataRow(TestConstants.AuthoritySovereignCNTenant, TestConstants.TenantId, DisplayName = "Sovereign Tenant Id")] [DataRow(TestConstants.AuthoritySovereignDETenant, TestConstants.TenantId, DisplayName = "Sovereign Tenant Id")] - [DataRow(TestConstants.DstsAuthorityTenanted, "tenantid", DisplayName = "DSTS Tenant Id")] + [DataRow(TestConstants.DstsAuthorityTenanted, TestConstants.TenantId, DisplayName = "DSTS Tenant Id")] [DataRow(TestConstants.DstsAuthorityCommon, TestConstants.Common, DisplayName = "DSTS Common Tenant Id")] public void ParseTest_Success(string authorityUrl, string expectedTenantId) {