add tests for merge options (#2082)

* add tests for merge options * update a few more tests
AzureAD · Feb 15, 2023 · b8a1b43 · b8a1b43
1 parent 36bdee1
commit b8a1b43
Show file tree

Hide file tree

Showing 6 changed files with 374 additions and 51 deletions.
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/Constants.cs b/src/Microsoft.Identity.Web.TokenAcquisition/Constants.cs
@@ -61,6 +61,22 @@ public static class Constants
         /// </summary>
         public const string SpaAuthCode = "SpaAuthCode";
 
+        /// <summary>
+        /// Defaults which is the value used by Microsoft.Identity.Web.UI.
+        /// </summary>
+        public const string ResetPasswordPath = "/MicrosoftIdentity/Account/ResetPassword";
+
+        /// <summary>
+        /// Defaults to the value used by Microsoft.Identity.Web.UI.
+        /// </summary>
+        public const string ErrorPath = "/MicrosoftIdentity/Account/Error";
+
+        /// <summary>
+        /// Used to convey the original location of the user before
+        /// the remote challenge was triggered up to the access denied page.
+        /// </summary>
+        public const string ReturnUrl = "ReturnUrl";
+
         // IssuerMetadata
         internal const string TenantDiscoveryEndpoint = "tenant_discovery_endpoint";
         internal const string ApiVersion = "api-version";

diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MergedOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MergedOptions.cs
@@ -7,6 +7,7 @@
 using Microsoft.Identity.Abstractions;
 #if !NETSTANDARD2_0 && !NET462 && !NET472
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 #endif
 using Microsoft.Identity.Client;
 
@@ -85,7 +86,7 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
             mergedOptions.ConfigurationManager ??= microsoftIdentityOptions.ConfigurationManager;
             mergedOptions.CorrelationCookie = microsoftIdentityOptions.CorrelationCookie;
             mergedOptions.DataProtectionProvider ??= microsoftIdentityOptions.DataProtectionProvider;
-            mergedOptions.DisableTelemetry = microsoftIdentityOptions.DisableTelemetry;
+            mergedOptions.DisableTelemetry |= microsoftIdentityOptions.DisableTelemetry;
 
             mergedOptions.Events.OnAccessDenied += microsoftIdentityOptions.Events.OnAccessDenied;
             mergedOptions.Events.OnAuthenticationFailed += microsoftIdentityOptions.Events.OnAuthenticationFailed;
@@ -152,10 +153,10 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
 #if NET5_0_OR_GREATER
             mergedOptions.RefreshInterval = microsoftIdentityOptions.RefreshInterval;
 #endif
-            mergedOptions.RefreshOnIssuerKeyNotFound = microsoftIdentityOptions.RefreshOnIssuerKeyNotFound;
+            mergedOptions.RefreshOnIssuerKeyNotFound |= microsoftIdentityOptions.RefreshOnIssuerKeyNotFound;
             mergedOptions.RemoteAuthenticationTimeout = microsoftIdentityOptions.RemoteAuthenticationTimeout;
             mergedOptions.RemoteSignOutPath = microsoftIdentityOptions.RemoteSignOutPath;
-            mergedOptions.RequireHttpsMetadata = microsoftIdentityOptions.RequireHttpsMetadata;
+            mergedOptions.RequireHttpsMetadata |= microsoftIdentityOptions.RequireHttpsMetadata;
             if (string.IsNullOrEmpty(mergedOptions.ResetPasswordPolicyId) && !string.IsNullOrEmpty(microsoftIdentityOptions.ResetPasswordPolicyId))
             {
                 mergedOptions.ResetPasswordPolicyId = microsoftIdentityOptions.ResetPasswordPolicyId;
@@ -166,24 +167,27 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
                 mergedOptions.Resource = microsoftIdentityOptions.Resource;
             }
 
-            if (string.IsNullOrEmpty(mergedOptions.ResponseMode) && !string.IsNullOrEmpty(microsoftIdentityOptions.ResponseMode))
+            if (microsoftIdentityOptions.ResponseMode != OpenIdConnectResponseMode.FormPost)
             {
                 mergedOptions.ResponseMode = microsoftIdentityOptions.ResponseMode;
             }
 
-            mergedOptions.ResponseType = microsoftIdentityOptions.ResponseType;
+            if (microsoftIdentityOptions.ResponseType != OpenIdConnectResponseType.IdToken)
+            {
+                mergedOptions.ResponseType = microsoftIdentityOptions.ResponseType;
+            }
 
-            if (string.IsNullOrEmpty(mergedOptions.ReturnUrlParameter) && !string.IsNullOrEmpty(microsoftIdentityOptions.ReturnUrlParameter))
+            if (microsoftIdentityOptions.ReturnUrlParameter != Constants.ReturnUrl)
             {
                 mergedOptions.ReturnUrlParameter = microsoftIdentityOptions.ReturnUrlParameter;
             }
 
-            mergedOptions.SaveTokens = microsoftIdentityOptions.SaveTokens;
+            mergedOptions.SaveTokens |= microsoftIdentityOptions.SaveTokens;
             mergedOptions.SecurityTokenValidator ??= microsoftIdentityOptions.SecurityTokenValidator;
-            mergedOptions.SendX5C = microsoftIdentityOptions.SendX5C;
-            mergedOptions.WithSpaAuthCode = microsoftIdentityOptions.WithSpaAuthCode;
+            mergedOptions.SendX5C |= microsoftIdentityOptions.SendX5C;
+            mergedOptions.WithSpaAuthCode |= microsoftIdentityOptions.WithSpaAuthCode;
             mergedOptions.SignedOutCallbackPath = microsoftIdentityOptions.SignedOutCallbackPath;
-            if (string.IsNullOrEmpty(mergedOptions.SignedOutRedirectUri) && !string.IsNullOrEmpty(microsoftIdentityOptions.SignedOutRedirectUri))
+            if (microsoftIdentityOptions.SignedOutRedirectUri != "/")
             {
                 mergedOptions.SignedOutRedirectUri = microsoftIdentityOptions.SignedOutRedirectUri;
             }
@@ -198,14 +202,14 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
                 mergedOptions.SignOutScheme = microsoftIdentityOptions.SignOutScheme;
             }
 
-            mergedOptions.SkipUnrecognizedRequests = microsoftIdentityOptions.SkipUnrecognizedRequests;
+            mergedOptions.SkipUnrecognizedRequests |= microsoftIdentityOptions.SkipUnrecognizedRequests;
             mergedOptions.StateDataFormat ??= microsoftIdentityOptions.StateDataFormat;
             mergedOptions.StringDataFormat ??= microsoftIdentityOptions.StringDataFormat;
 
             mergedOptions.TokenValidationParameters = microsoftIdentityOptions.TokenValidationParameters.Clone();
-            mergedOptions.UsePkce = microsoftIdentityOptions.UsePkce;
+            mergedOptions.UsePkce |= microsoftIdentityOptions.UsePkce;
 
-            mergedOptions.UseTokenLifetime = microsoftIdentityOptions.UseTokenLifetime;
+            mergedOptions.UseTokenLifetime |= microsoftIdentityOptions.UseTokenLifetime;
 
             mergedOptions.Scope.Clear();
             if (mergedOptions.Scope != microsoftIdentityOptions.Scope)
@@ -229,9 +233,17 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
                 mergedOptions.Instance = microsoftIdentityOptions.Instance;
             }
 
-            mergedOptions.ResetPasswordPath = microsoftIdentityOptions.ResetPasswordPath;
-            mergedOptions.ErrorPath = microsoftIdentityOptions.ErrorPath;
-            mergedOptions.AllowWebApiToBeAuthorizedByACL = microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL;
+            if (microsoftIdentityOptions.ResetPasswordPath != Constants.ResetPasswordPath)
+            {
+                mergedOptions.ResetPasswordPath = microsoftIdentityOptions.ResetPasswordPath;
+            }
+
+            if (microsoftIdentityOptions.ErrorPath != Constants.ErrorPath)
+            {
+                mergedOptions.ErrorPath = microsoftIdentityOptions.ErrorPath;
+            }
+
+            mergedOptions.AllowWebApiToBeAuthorizedByACL |= microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL;
 
             if (string.IsNullOrEmpty(mergedOptions.Authority) && !string.IsNullOrEmpty(microsoftIdentityOptions.Authority))
             {
@@ -267,7 +279,7 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
                 mergedOptions.EditProfilePolicyId = microsoftIdentityOptions.EditProfilePolicyId;
             }
 
-            mergedOptions.LegacyCacheCompatibilityEnabled = microsoftIdentityOptions.LegacyCacheCompatibilityEnabled;
+            mergedOptions.LegacyCacheCompatibilityEnabled |= microsoftIdentityOptions.LegacyCacheCompatibilityEnabled;
 
             if (string.IsNullOrEmpty(mergedOptions.SignUpSignInPolicyId) && !string.IsNullOrEmpty(microsoftIdentityOptions.SignUpSignInPolicyId))
             {
@@ -281,6 +293,8 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
 
             mergedOptions.TokenDecryptionCertificates ??= microsoftIdentityOptions.TokenDecryptionCertificates;
 
+            mergedOptions.ClientCredentialsUsingManagedIdentity ??= microsoftIdentityOptions.ClientCredentialsUsingManagedIdentity;
+
             mergedOptions._confidentialClientApplicationOptions = null;
         }
 
@@ -321,9 +335,9 @@ internal static void UpdateMergedOptionsFromConfidentialClientApplicationOptions
                 mergedOptions.Instance = confidentialClientApplicationOptions.Instance;
             }
 
-            mergedOptions.IsDefaultPlatformLoggingEnabled = confidentialClientApplicationOptions.IsDefaultPlatformLoggingEnabled;
-            // mergedOptions.LegacyCacheCompatibilityEnabled = confidentialClientApplicationOptions.LegacyCacheCompatibilityEnabled; // must be set through id web options
-            mergedOptions.EnableCacheSynchronization = confidentialClientApplicationOptions.EnableCacheSynchronization;
+            mergedOptions.IsDefaultPlatformLoggingEnabled |= confidentialClientApplicationOptions.IsDefaultPlatformLoggingEnabled;
+            // mergedOptions.LegacyCacheCompatibilityEnabled |= confidentialClientApplicationOptions.LegacyCacheCompatibilityEnabled; // must be set through id web options
+            mergedOptions.EnableCacheSynchronization |= confidentialClientApplicationOptions.EnableCacheSynchronization;
             mergedOptions.LogLevel = confidentialClientApplicationOptions.LogLevel;
             if (string.IsNullOrEmpty(mergedOptions.RedirectUri) && !string.IsNullOrEmpty(confidentialClientApplicationOptions.RedirectUri))
             {
@@ -432,64 +446,77 @@ public void PrepareAuthorityInstanceForMsal()
             }
         }
 
-        public static void UpdateMergedOptionsFromMicrosoftIdentityApplicationOptions(MicrosoftIdentityApplicationOptions MicrosoftIdentityApplicationOptions, MergedOptions mergedOptions)
+        public static void UpdateMergedOptionsFromMicrosoftIdentityApplicationOptions(MicrosoftIdentityApplicationOptions microsoftIdentityApplicationOptions, MergedOptions mergedOptions)
         {
-            mergedOptions.AllowWebApiToBeAuthorizedByACL = MicrosoftIdentityApplicationOptions.AllowWebApiToBeAuthorizedByACL;
-            if (string.IsNullOrEmpty(mergedOptions.Authority) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.Authority))
+            mergedOptions.AllowWebApiToBeAuthorizedByACL |= microsoftIdentityApplicationOptions.AllowWebApiToBeAuthorizedByACL;
+            if (string.IsNullOrEmpty(mergedOptions.Authority) && microsoftIdentityApplicationOptions.Authority != "/v2.0" && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.Authority))
             {
-                mergedOptions.Authority = MicrosoftIdentityApplicationOptions.Authority;
+                mergedOptions.Authority = microsoftIdentityApplicationOptions.Authority;
             }
 
-            if (string.IsNullOrEmpty(mergedOptions.AzureRegion) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.AzureRegion))
+            if (string.IsNullOrEmpty(mergedOptions.AzureRegion) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.AzureRegion))
             {
-                mergedOptions.AzureRegion = MicrosoftIdentityApplicationOptions.AzureRegion;
+                mergedOptions.AzureRegion = microsoftIdentityApplicationOptions.AzureRegion;
             }
 
-            mergedOptions.ClientCapabilities ??= MicrosoftIdentityApplicationOptions.ClientCapabilities;
-            if (string.IsNullOrEmpty(mergedOptions.ClientId) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.ClientId))
+            mergedOptions.ClientCapabilities ??= microsoftIdentityApplicationOptions.ClientCapabilities;
+            if (string.IsNullOrEmpty(mergedOptions.ClientId) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.ClientId))
             {
-                mergedOptions.ClientId = MicrosoftIdentityApplicationOptions.ClientId;
+                mergedOptions.ClientId = microsoftIdentityApplicationOptions.ClientId;
             }
 
-            if (string.IsNullOrEmpty(mergedOptions.Domain) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.Domain))
+            if (string.IsNullOrEmpty(mergedOptions.Domain) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.Domain))
             {
-                mergedOptions.Domain = MicrosoftIdentityApplicationOptions.Domain;
+                mergedOptions.Domain = microsoftIdentityApplicationOptions.Domain;
             }
 
-            if (string.IsNullOrEmpty(mergedOptions.EditProfilePolicyId) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.EditProfilePolicyId))
+            if (string.IsNullOrEmpty(mergedOptions.EditProfilePolicyId) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.EditProfilePolicyId))
             {
-                mergedOptions.EditProfilePolicyId = MicrosoftIdentityApplicationOptions.EditProfilePolicyId;
+                mergedOptions.EditProfilePolicyId = microsoftIdentityApplicationOptions.EditProfilePolicyId;
             }
 
-            mergedOptions.EnablePiiLogging = MicrosoftIdentityApplicationOptions.EnablePiiLogging;
-            mergedOptions.ErrorPath = MicrosoftIdentityApplicationOptions.ErrorPath;
-            if (string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.Instance))
+            mergedOptions.EnablePiiLogging |= microsoftIdentityApplicationOptions.EnablePiiLogging;
+            if (microsoftIdentityApplicationOptions.ErrorPath != Constants.ErrorPath)
             {
-                mergedOptions.Instance = MicrosoftIdentityApplicationOptions.Instance!;
+                mergedOptions.ErrorPath = microsoftIdentityApplicationOptions.ErrorPath;
             }
 
-            mergedOptions.ResetPasswordPath = MicrosoftIdentityApplicationOptions.ResetPasswordPath;
-            if (string.IsNullOrEmpty(mergedOptions.ResetPasswordPolicyId) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.ResetPasswordPolicyId))
+            if (string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.Instance))
             {
-                mergedOptions.ResetPasswordPolicyId = MicrosoftIdentityApplicationOptions.ResetPasswordPolicyId;
+                mergedOptions.Instance = microsoftIdentityApplicationOptions.Instance!;
             }
 
-            mergedOptions.SendX5C = MicrosoftIdentityApplicationOptions.SendX5C;
-            if (string.IsNullOrEmpty(mergedOptions.SignUpSignInPolicyId) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.SignUpSignInPolicyId))
+            if (microsoftIdentityApplicationOptions.ResetPasswordPath != Constants.ResetPasswordPath)
             {
-                mergedOptions.SignUpSignInPolicyId = MicrosoftIdentityApplicationOptions.SignUpSignInPolicyId;
+                mergedOptions.ResetPasswordPath = microsoftIdentityApplicationOptions.ResetPasswordPath;
             }
 
-            if (string.IsNullOrEmpty(mergedOptions.TenantId) && !string.IsNullOrEmpty(MicrosoftIdentityApplicationOptions.TenantId))
+            if (string.IsNullOrEmpty(mergedOptions.ResetPasswordPolicyId) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.ResetPasswordPolicyId))
             {
-                mergedOptions.TenantId = MicrosoftIdentityApplicationOptions.TenantId;
+                mergedOptions.ResetPasswordPolicyId = microsoftIdentityApplicationOptions.ResetPasswordPolicyId;
             }
 
-            mergedOptions.WithSpaAuthCode = MicrosoftIdentityApplicationOptions.WithSpaAuthCode;
+            mergedOptions.SendX5C |= microsoftIdentityApplicationOptions.SendX5C;
+            if (string.IsNullOrEmpty(mergedOptions.SignUpSignInPolicyId) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.SignUpSignInPolicyId))
+            {
+                mergedOptions.SignUpSignInPolicyId = microsoftIdentityApplicationOptions.SignUpSignInPolicyId;
+            }
+
+            if (string.IsNullOrEmpty(mergedOptions.TenantId) && !string.IsNullOrEmpty(microsoftIdentityApplicationOptions.TenantId))
+            {
+                mergedOptions.TenantId = microsoftIdentityApplicationOptions.TenantId;
+            }
+
+            mergedOptions.WithSpaAuthCode |= microsoftIdentityApplicationOptions.WithSpaAuthCode;
+
+            if ((mergedOptions.ClientCredentials == null || !mergedOptions.ClientCredentials.Any()) && microsoftIdentityApplicationOptions.ClientCredentials != null)
+            {
+                mergedOptions.ClientCredentials = microsoftIdentityApplicationOptions.ClientCredentials;
+            }
 
-            if ((mergedOptions.ClientCredentials == null || !mergedOptions.ClientCredentials.Any()) && MicrosoftIdentityApplicationOptions.ClientCredentials != null)
+            if ((mergedOptions.TokenDecryptionCredentials == null || !mergedOptions.TokenDecryptionCredentials.Any()) && microsoftIdentityApplicationOptions.TokenDecryptionCredentials != null)
             {
-                mergedOptions.ClientCredentials = MicrosoftIdentityApplicationOptions.ClientCredentials;
+                mergedOptions.TokenDecryptionCredentials = microsoftIdentityApplicationOptions.TokenDecryptionCredentials;
             }
         }
 

diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityOptions.cs
@@ -200,13 +200,13 @@ internal bool HasClientCredentials
         /// Defaults to /MicrosoftIdentity/Account/ResetPassword,
         /// which is the value used by Microsoft.Identity.Web.UI.
         /// </summary>
-        public PathString? ResetPasswordPath { get; set; } = "/MicrosoftIdentity/Account/ResetPassword";
+        public PathString? ResetPasswordPath { get; set; } = Constants.ResetPasswordPath;
 
         /// <summary>
         /// Sets the Error route path.
         /// Defaults to the value /MicrosoftIdentity/Account/Error,
         /// which is the value used by Microsoft.Identity.Web.UI.
         /// </summary>
-        public PathString? ErrorPath { get; set; } = "/MicrosoftIdentity/Account/Error";
+        public PathString? ErrorPath { get; set; } = Constants.ErrorPath;
     }
 }
diff --git a/tests/Directory.Build.props b/tests/Directory.Build.props
@@ -21,7 +21,7 @@
     <NSubstituteVersion>4.2.2</NSubstituteVersion>
     <NSubstituteAnalyzersCSharpVersion>1.0.13</NSubstituteAnalyzersCSharpVersion>
 		<CoverletCollectorVersion>3.1.2</CoverletCollectorVersion>
-    <SeleniumWebDriverVersion>4.7.0</SeleniumWebDriverVersion>
+    <SeleniumWebDriverVersion>4.8.0</SeleniumWebDriverVersion>
     <SeleniumWebDriverChromeDriverVersion>108.0.5359.7100</SeleniumWebDriverChromeDriverVersion>
     <BenchmarkDotNetVersion>0.12.1</BenchmarkDotNetVersion>
     <MicrosoftApplicationInsightsAspNetCoreVersion>2.21.0</MicrosoftApplicationInsightsAspNetCoreVersion>