public void VstsAadValidateLoginHintTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-loginhint");
Assert.IsNotNull(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, false)); }).Result, "Non-interactive logon unexpectedly failed.");
Assert.IsNotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token not found in store as expected.");
}
public void VstsAadGetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-get");
Assert.IsNull(aadAuthentication.GetCredentials(targetUri), "Credentials were retrieved unexpectedly.");
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
Assert.IsNotNull(aadAuthentication.GetCredentials(targetUri), "Credentials were not retrieved as expected.");
}
public async Task VstsAadNoninteractiveLogonTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-noninteractive");
Assert.NotNull(await aadAuthentication.NoninteractiveLogon(targetUri, new PersonalAccessTokenOptions {
RequireCompactToken = false
}));
Assert.NotNull(await aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
}
public async Task VstsAadSetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-set");
Credential credentials = DefaultCredentials;
await aadAuthentication.SetCredentials(targetUri, credentials);
Assert.Null(await aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
Assert.Null(credentials = await aadAuthentication.GetCredentials(targetUri));
}
public async Task VstsAadValidateCredentialsTest()
{
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-validate");
Credential credentials = null;
Assert.False(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials), "Credential validation unexpectedly failed.");
credentials = DefaultCredentials;
Assert.True(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials), "Credential validation unexpectedly failed.");
}
public void VstsAadGetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-get");
Assert.Null(aadAuthentication.GetCredentials(targetUri));
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
Assert.NotNull(aadAuthentication.GetCredentials(targetUri));
}
public void VstsAadInteractiveLogonTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-logon");
Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
Assert.NotNull(aadAuthentication.InteractiveLogon(targetUri, false).Result);
Assert.NotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
}
public void VstsAadValidateLoginHintTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-loginhint");
Assert.NotNull(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, new PersonalAccessTokenOptions {
RequireCompactToken = false
})); }).Result);
Assert.NotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
}
public void VstsAadSetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-set");
Credential credentials = DefaultCredentials;
aadAuthentication.SetCredentials(targetUri, credentials);
Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
Assert.Null(credentials = aadAuthentication.GetCredentials(targetUri));
}
public void VstsAadSetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-set");
Credential credentials = DefaultCredentials;
aadAuthentication.SetCredentials(targetUri, credentials);
Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token unexpectedly found in store.");
Assert.IsNull(credentials = aadAuthentication.GetCredentials(targetUri), "Credentials were retrieved unexpectedly.");
}
public void VstsAadInteractiveLogonTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-logon");
Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token found in store unexpectedly.");
Assert.IsNotNull(aadAuthentication.InteractiveLogon(targetUri, false).Result, "Interactive logon failed unexpectedly.");
Assert.IsNotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token not found in store as expected.");
}
public async Task VstsAadGetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-get");
Assert.Null(await aadAuthentication.GetCredentials(targetUri));
await aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
Assert.NotNull(await aadAuthentication.GetCredentials(targetUri));
}
public void VstsAadValidateCredentialsTest()
{
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-validate");
Credential credentials = null;
Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed.");
credentials = DefaultCredentials;
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed.");
}
public void VstsAadNoninteractiveLogonTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-noninteractive");
Credential personalAccessToken;
Token azureToken;
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, false)); }).Result, "Non-interactive logon unexpectedly failed.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
}
public void VstsAadDeleteCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-delete");
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
aadAuthentication.DeleteCredentials(targetUri);
Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Tokens were not deleted as expected");
aadAuthentication.DeleteCredentials(targetUri);
Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Tokens were not deleted as expected");
}
public void VstsAadGetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-get");
Credential credentials;
Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly.");
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Assert.IsTrue(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were not retrieved as expected.");
}
public void VstsAadSetCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-set");
Credential credentials = DefaultCredentials;
Credential personalAccessToken;
Token azureToken;
Assert.IsFalse(aadAuthentication.SetCredentials(targetUri, credentials), "Credentials were unexpectedly set.");
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store.");
Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token unexpectedly found in store.");
Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly.");
}
public void VstsAadInteractiveLogonTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-logon");
Credential personalAccessToken;
Token azureToken;
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token found in store unexpectedly.");
Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token found in store unexpectedly.");
Assert.IsTrue(aadAuthentication.InteractiveLogon(targetUri, false), "Interactive logon failed unexpectedly.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
}
public void VstsAadNoninteractiveLogonWithCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-noninter-creds");
Credential originCreds = DefaultCredentials;
Credential personalAccessToken;
Token azureToken;
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogonWithCredentials(targetUri, originCreds, false)); }).Result, "Non-interactive logon unexpectedly failed.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
Assert.IsFalse(String.Equals(originCreds.Password, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase) || String.Equals(originCreds.Username, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase), "Supplied credentials and Personal Access Token values unexpectedly matched.");
}
public void VstsAadRefreshCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
TargetUri invalidUri = InvalidTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-refresh");
aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Credential personalAccessToken;
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store.");
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(targetUri, false)); }).Result, "Credentials refresh failed unexpectedly.");
Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(invalidUri, false)); }).Result, "Credentials refresh succeeded unexpectedly.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
}
public void VstsAadDeleteCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-delete");
if (aadAuthentication.VstsAuthority is AuthorityFake fake)
{
fake.CredentialsAreValid = false;
}
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
aadAuthentication.DeleteCredentials(targetUri);
Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
aadAuthentication.DeleteCredentials(targetUri);
Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri));
}
public void VstsAadDeleteCredentialsTest()
{
TargetUri targetUri = DefaultTargetUri;
VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-delete");
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Credential personalAccessToken;
Token azureToken;
aadAuthentication.DeleteCredentials(targetUri);
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token wasn't read as expected.");
aadAuthentication.DeleteCredentials(targetUri);
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected");
Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token were not deleted as expected.");
}
public static Credential QueryCredentials(Program program, OperationArguments operationArguments)
{
if (ReferenceEquals(operationArguments, null))
{
throw new ArgumentNullException(nameof(operationArguments));
}
if (ReferenceEquals(operationArguments.TargetUri, null))
{
throw new ArgumentException("TargetUri property returned null", nameof(operationArguments));
}
var task = Task.Run(async() => { return(await program.CreateAuthentication(operationArguments)); });
BaseAuthentication authentication = task.Result;
Credential credentials = null;
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
{
BasicAuthentication basicAuth = authentication as BasicAuthentication;
Task.Run(async() =>
{
// attempt to get cached creds or acquire creds if interactivity is allowed
if ((operationArguments.Interactivity != Interactivity.Always &&
(credentials = authentication.GetCredentials(operationArguments.TargetUri)) != null) ||
(operationArguments.Interactivity != Interactivity.Never &&
(credentials = await basicAuth.AcquireCredentials(operationArguments.TargetUri)) != null))
{
Git.Trace.WriteLine("credentials found.");
// no need to save the credentials explicitly, as Git will call back with
// a store command if the credentials are valid.
}
else
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found.");
program.LogEvent($"Failed to retrieve credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit);
}
}).Wait();
}
break;
case AuthorityType.AzureDirectory:
{
VstsAadAuthentication aadAuth = authentication as VstsAadAuthentication;
Task.Run(async() =>
{
// attempt to get cached creds -> non-interactive logon -> interactive
// logon note that AAD "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
((credentials = aadAuth.GetCredentials(operationArguments.TargetUri)) != null) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) ||
(operationArguments.Interactivity != Interactivity.Always &&
((credentials = await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true)) != null) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
((credentials = await aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) != null) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found.");
program.LogEvent($"Azure Directory credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found.");
program.LogEvent($"Failed to retrieve Azure Directory credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit);
}
}).Wait();
}
break;
case AuthorityType.MicrosoftAccount:
{
VstsMsaAuthentication msaAuth = authentication as VstsMsaAuthentication;
Task.Run(async() =>
{
// attempt to get cached creds -> interactive logon note that MSA
// "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
((credentials = msaAuth.GetCredentials(operationArguments.TargetUri)) != null) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) ||
(operationArguments.Interactivity != Interactivity.Never &&
((credentials = await msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) != null) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found.");
program.LogEvent($"Microsoft Live credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found.");
program.LogEvent($"Failed to retrieve Microsoft Live credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit);
}
}).Wait();
}
break;
case AuthorityType.GitHub:
{
Github.Authentication ghAuth = authentication as Github.Authentication;
Task.Run(async() =>
{
if ((operationArguments.Interactivity != Interactivity.Always &&
((credentials = ghAuth.GetCredentials(operationArguments.TargetUri)) != null) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
((credentials = await ghAuth.InteractiveLogon(operationArguments.TargetUri)) != null) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found.");
program.LogEvent($"GitHub credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found.");
program.LogEvent($"Failed to retrieve GitHub credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit);
}
}).Wait();
}
break;
case AuthorityType.Bitbucket:
{
var bbcAuth = authentication as Bitbucket.Authentication;
Task.Run(async() =>
{
if (((operationArguments.Interactivity != Interactivity.Always) &&
((credentials = bbcAuth.GetCredentials(operationArguments.TargetUri, operationArguments.CredUsername)) != null) &&
(!operationArguments.ValidateCredentials ||
((credentials = await bbcAuth.ValidateCredentials(operationArguments.TargetUri, operationArguments.CredUsername, credentials)) != null))) ||
((operationArguments.Interactivity != Interactivity.Never) &&
((credentials = await bbcAuth.InteractiveLogon(operationArguments.TargetUri, operationArguments.CredUsername)) != null) &&
(!operationArguments.ValidateCredentials ||
((credentials = await bbcAuth.ValidateCredentials(operationArguments.TargetUri, operationArguments.CredUsername, credentials)) != null))))
{
Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found.");
// Bitbucket relies on a username + secret, so make sure there is a
// username to return
if (operationArguments.CredUsername != null)
{
credentials = new Credential(operationArguments.CredUsername, credentials.Password);
}
program.LogEvent($"Bitbucket credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
program.LogEvent($"Failed to retrieve Bitbucket credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit);
}
}).Wait();
}
break;
case AuthorityType.Ntlm:
{
Git.Trace.WriteLine($"'{operationArguments.TargetUri}' is NTLM.");
credentials = BasicAuthentication.NtlmCredentials;
}
break;
}
if (credentials != null)
{
operationArguments.SetCredentials(credentials);
}
return(credentials);
}
public static async Task <BaseAuthentication> CreateAuthentication(Program program, OperationArguments operationArguments)
{
if (operationArguments is null)
{
throw new ArgumentNullException(nameof(operationArguments));
}
if (operationArguments.TargetUri is null)
{
var innerException = new NullReferenceException($"`{operationArguments.TargetUri}` cannot be null.");
throw new ArgumentException(innerException.Message, nameof(operationArguments), innerException);
}
var secretsNamespace = operationArguments.CustomNamespace ?? Program.SecretsNamespace;
BaseAuthentication authority = null;
var basicCredentialCallback = (operationArguments.UseModalUi)
? new AcquireCredentialsDelegate(program.ModalPromptForCredentials)
: new AcquireCredentialsDelegate(program.BasicCredentialPrompt);
var bitbucketPrompts = new Bitbucket.AuthenticationPrompts(program.Context, operationArguments.ParentHwnd);
var bitbucketCredentialCallback = (operationArguments.UseModalUi)
? bitbucketPrompts.CredentialModalPrompt
: new Bitbucket.Authentication.AcquireCredentialsDelegate(program.BitbucketCredentialPrompt);
var bitbucketOauthCallback = (operationArguments.UseModalUi)
? bitbucketPrompts.AuthenticationOAuthModalPrompt
: new Bitbucket.Authentication.AcquireAuthenticationOAuthDelegate(program.BitbucketOAuthPrompt);
var githubPrompts = new Github.AuthenticationPrompts(program.Context, operationArguments.ParentHwnd);
var githubCredentialCallback = (operationArguments.UseModalUi)
? new Github.Authentication.AcquireCredentialsDelegate(githubPrompts.CredentialModalPrompt)
: new Github.Authentication.AcquireCredentialsDelegate(program.GitHubCredentialPrompt);
var githubAuthcodeCallback = (operationArguments.UseModalUi)
? new Github.Authentication.AcquireAuthenticationCodeDelegate(githubPrompts.AuthenticationCodeModalPrompt)
: new Github.Authentication.AcquireAuthenticationCodeDelegate(program.GitHubAuthCodePrompt);
NtlmSupport basicNtlmSupport = NtlmSupport.Auto;
switch (operationArguments.Authority)
{
case AuthorityType.Auto:
program.Trace.WriteLine($"detecting authority type for '{operationArguments.TargetUri}'.");
// Detect the authority.
authority = await BaseVstsAuthentication.GetAuthentication(program.Context,
operationArguments.TargetUri,
Program.VstsCredentialScope,
new SecretStore(program.Context, secretsNamespace, BaseVstsAuthentication.UriNameConversion))
?? Github.Authentication.GetAuthentication(program.Context,
operationArguments.TargetUri,
Program.GitHubCredentialScope,
new SecretStore(program.Context, secretsNamespace, Secret.UriToName),
githubCredentialCallback,
githubAuthcodeCallback,
null)
?? Bitbucket.Authentication.GetAuthentication(program.Context,
operationArguments.TargetUri,
new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl),
bitbucketCredentialCallback,
bitbucketOauthCallback);
if (authority != null)
{
// Set the authority type based on the returned value.
if (authority is VstsMsaAuthentication)
{
operationArguments.Authority = AuthorityType.MicrosoftAccount;
goto case AuthorityType.MicrosoftAccount;
}
else if (authority is VstsAadAuthentication)
{
operationArguments.Authority = AuthorityType.AzureDirectory;
goto case AuthorityType.AzureDirectory;
}
else if (authority is Github.Authentication)
{
operationArguments.Authority = AuthorityType.GitHub;
goto case AuthorityType.GitHub;
}
else if (authority is Bitbucket.Authentication)
{
operationArguments.Authority = AuthorityType.Bitbucket;
goto case AuthorityType.Bitbucket;
}
}
goto default;
case AuthorityType.AzureDirectory:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Azure Directory.");
if (authority is null)
{
Guid tenantId = Guid.Empty;
// Get the identity of the tenant.
var result = await BaseVstsAuthentication.DetectAuthority(program.Context, operationArguments.TargetUri);
if (result.HasValue)
{
tenantId = result.Value;
}
// Create the authority object.
authority = new VstsAadAuthentication(program.Context,
tenantId,
operationArguments.VstsTokenScope,
new SecretStore(program.Context, secretsNamespace, VstsAadAuthentication.UriNameConversion));
}
// Return the allocated authority or a generic AAD backed VSTS authentication object.
return(authority);
case AuthorityType.Basic:
// Enforce basic authentication only.
basicNtlmSupport = NtlmSupport.Never;
goto default;
case AuthorityType.GitHub:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is GitHub.");
// Return a GitHub authentication object.
return(authority ?? new Github.Authentication(program.Context,
operationArguments.TargetUri,
Program.GitHubCredentialScope,
new SecretStore(program.Context, secretsNamespace, Secret.UriToName),
githubCredentialCallback,
githubAuthcodeCallback,
null));
case AuthorityType.Bitbucket:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Bitbucket.");
// Return a Bitbucket authentication object.
return(authority ?? new Bitbucket.Authentication(program.Context,
new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl),
bitbucketCredentialCallback,
bitbucketOauthCallback));
case AuthorityType.MicrosoftAccount:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Microsoft Live.");
// Return the allocated authority or a generic MSA backed VSTS authentication object.
return(authority ?? new VstsMsaAuthentication(program.Context,
operationArguments.VstsTokenScope,
new SecretStore(program.Context, secretsNamespace, VstsMsaAuthentication.UriNameConversion)));
case AuthorityType.Ntlm:
// Enforce NTLM authentication only.
basicNtlmSupport = NtlmSupport.Always;
goto default;
default:
program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is basic with NTLM={basicNtlmSupport}.");
// Return a generic username + password authentication object.
return(authority ?? new BasicAuthentication(program.Context,
new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl),
basicNtlmSupport,
basicCredentialCallback,
null));
}
}
