public void VsoMsaValidateCredentialsTest()
{
VsoMsaAuthentication msaAuthority = GetVsoMsaAuthentication("msa-validate");
Credential credentials = null;
Assert.IsFalse(Task.Run(async() => { return(await msaAuthority.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed.");
credentials = DefaultCredentials;
Assert.IsTrue(Task.Run(async() => { return(await msaAuthority.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed.");
}
public void VsoMsaGetCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoMsaAuthentication msaAuthority = GetVsoMsaAuthentication("msa-get");
Credential credentials;
Assert.IsFalse(msaAuthority.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly.");
msaAuthority.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
msaAuthority.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Assert.IsTrue(msaAuthority.GetCredentials(targetUri, out credentials), "Credentials were not retrieved as expected.");
}
public void VsoMsaInteractiveLogonTest()
{
Uri targetUri = DefaultTargetUri;
VsoMsaAuthentication msaAuthority = GetVsoMsaAuthentication("msa-logon");
Credential personalAccessToken;
Token azureToken;
Assert.IsFalse(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token found in store unexpectedly.");
Assert.IsFalse(msaAuthority.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token found in store unexpectedly.");
Assert.IsTrue(msaAuthority.InteractiveLogon(targetUri, false), "Interactive logon failed unexpectedly.");
Assert.IsTrue(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(msaAuthority.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
}
public void VsoMsaSetCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoMsaAuthentication msaAuthority = GetVsoMsaAuthentication("msa-set");
Credential personalAccessToken;
Token azureToken;
try
{
msaAuthority.SetCredentials(targetUri, DefaultCredentials);
Assert.Fail("Credentials were unexpectedly set.");
}
catch { }
Assert.IsFalse(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store.");
Assert.IsFalse(msaAuthority.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token unexpectedly found in store.");
}
public void VsoMsaRefreshCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
Uri invlaidUri = InvalidTargetUri;
VsoMsaAuthentication msaAuthority = GetVsoMsaAuthentication("msa-refresh");
msaAuthority.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Credential personalAccessToken;
Assert.IsFalse(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store.");
Assert.IsTrue(Task.Run(async() => { return(await msaAuthority.RefreshCredentials(targetUri, false)); }).Result, "Credentials refresh failed unexpectedly.");
Assert.IsFalse(Task.Run(async() => { return(await msaAuthority.RefreshCredentials(invlaidUri, false)); }).Result, "Credentials refresh succeeded unexpectedly.");
Assert.IsTrue(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
}
public void VsoMsaDeleteCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoMsaAuthentication msaAuthority = GetVsoMsaAuthentication("msa-delete");
msaAuthority.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
msaAuthority.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Credential personalAccessToken;
Token azureToken;
msaAuthority.DeleteCredentials(targetUri);
Assert.IsFalse(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected");;
Assert.IsTrue(msaAuthority.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token wasn't read as expected.");
msaAuthority.DeleteCredentials(targetUri);
Assert.IsFalse(msaAuthority.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected");;
Assert.IsFalse(msaAuthority.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token were not deleted as expected.");
}
private static void Get()
{
const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Get");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
Credential credentials = null;
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
if (authentication.GetCredentials(operationArguments.TargetUri, out credentials))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
}
break;
case AuthorityType.AzureDirectory:
VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication;
Task.Run(async() =>
{
// attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon
// note that AAD "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await aadAuth.RefreshCredentials(operationArguments.TargetUri, true) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.MicrosoftAccount:
VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication;
Task.Run(async() =>
{
// attmempt to get cached creds -> refresh creds -> interactive logon
// note that MSA "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await msaAuth.RefreshCredentials(operationArguments.TargetUri, true) &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.GitHub:
GithubAuthentication ghAuth = authentication as GithubAuthentication;
Task.Run(async() =>
{
if ((operationArguments.Interactivity != Interactivity.Always &&
ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials) &&
ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(GitHubAuthFailureMessage);
LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.Integrated:
credentials = new Credential(String.Empty, String.Empty);
operationArguments.SetCredentials(credentials);
break;
}
Console.Out.Write(operationArguments);
}
