public void VstsAadValidateLoginHintTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-loginhint"); Assert.IsNotNull(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, false)); }).Result, "Non-interactive logon unexpectedly failed."); Assert.IsNotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token not found in store as expected."); }
public void VstsAadGetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-get"); Assert.IsNull(aadAuthentication.GetCredentials(targetUri), "Credentials were retrieved unexpectedly."); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); Assert.IsNotNull(aadAuthentication.GetCredentials(targetUri), "Credentials were not retrieved as expected."); }
public async Task VstsAadNoninteractiveLogonTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-noninteractive"); Assert.NotNull(await aadAuthentication.NoninteractiveLogon(targetUri, new PersonalAccessTokenOptions { RequireCompactToken = false })); Assert.NotNull(await aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); }
public async Task VstsAadSetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-set"); Credential credentials = DefaultCredentials; await aadAuthentication.SetCredentials(targetUri, credentials); Assert.Null(await aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); Assert.Null(credentials = await aadAuthentication.GetCredentials(targetUri)); }
public async Task VstsAadValidateCredentialsTest() { VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-validate"); Credential credentials = null; Assert.False(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials), "Credential validation unexpectedly failed."); credentials = DefaultCredentials; Assert.True(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials), "Credential validation unexpectedly failed."); }
public void VstsAadGetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-get"); Assert.Null(aadAuthentication.GetCredentials(targetUri)); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); Assert.NotNull(aadAuthentication.GetCredentials(targetUri)); }
public void VstsAadInteractiveLogonTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-logon"); Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); Assert.NotNull(aadAuthentication.InteractiveLogon(targetUri, false).Result); Assert.NotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); }
public void VstsAadValidateLoginHintTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-loginhint"); Assert.NotNull(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, new PersonalAccessTokenOptions { RequireCompactToken = false })); }).Result); Assert.NotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); }
public void VstsAadSetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-set"); Credential credentials = DefaultCredentials; aadAuthentication.SetCredentials(targetUri, credentials); Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); Assert.Null(credentials = aadAuthentication.GetCredentials(targetUri)); }
public void VstsAadSetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-set"); Credential credentials = DefaultCredentials; aadAuthentication.SetCredentials(targetUri, credentials); Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token unexpectedly found in store."); Assert.IsNull(credentials = aadAuthentication.GetCredentials(targetUri), "Credentials were retrieved unexpectedly."); }
public void VstsAadInteractiveLogonTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-logon"); Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token found in store unexpectedly."); Assert.IsNotNull(aadAuthentication.InteractiveLogon(targetUri, false).Result, "Interactive logon failed unexpectedly."); Assert.IsNotNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Token not found in store as expected."); }
public async Task VstsAadGetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication(RuntimeContext.Default, "aad-get"); Assert.Null(await aadAuthentication.GetCredentials(targetUri)); await aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); Assert.NotNull(await aadAuthentication.GetCredentials(targetUri)); }
public void VstsAadValidateCredentialsTest() { VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-validate"); Credential credentials = null; Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed."); credentials = DefaultCredentials; Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed."); }
public void VstsAadNoninteractiveLogonTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-noninteractive"); Credential personalAccessToken; Token azureToken; Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, false)); }).Result, "Non-interactive logon unexpectedly failed."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected."); }
public void VstsAadDeleteCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-delete"); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); aadAuthentication.DeleteCredentials(targetUri); Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Tokens were not deleted as expected"); aadAuthentication.DeleteCredentials(targetUri); Assert.IsNull(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri), "Personal Access Tokens were not deleted as expected"); }
public void VstsAadGetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-get"); Credential credentials; Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly."); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken); Assert.IsTrue(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were not retrieved as expected."); }
public void VstsAadSetCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-set"); Credential credentials = DefaultCredentials; Credential personalAccessToken; Token azureToken; Assert.IsFalse(aadAuthentication.SetCredentials(targetUri, credentials), "Credentials were unexpectedly set."); Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store."); Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token unexpectedly found in store."); Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly."); }
public void VstsAadInteractiveLogonTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-logon"); Credential personalAccessToken; Token azureToken; Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token found in store unexpectedly."); Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token found in store unexpectedly."); Assert.IsTrue(aadAuthentication.InteractiveLogon(targetUri, false), "Interactive logon failed unexpectedly."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected."); }
public void VstsAadNoninteractiveLogonWithCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-noninter-creds"); Credential originCreds = DefaultCredentials; Credential personalAccessToken; Token azureToken; Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogonWithCredentials(targetUri, originCreds, false)); }).Result, "Non-interactive logon unexpectedly failed."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected."); Assert.IsFalse(String.Equals(originCreds.Password, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase) || String.Equals(originCreds.Username, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase), "Supplied credentials and Personal Access Token values unexpectedly matched."); }
public void VstsAadRefreshCredentialsTest() { TargetUri targetUri = DefaultTargetUri; TargetUri invalidUri = InvalidTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-refresh"); aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken); Credential personalAccessToken; Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store."); Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(targetUri, false)); }).Result, "Credentials refresh failed unexpectedly."); Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(invalidUri, false)); }).Result, "Credentials refresh succeeded unexpectedly."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); }
public void VstsAadDeleteCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-delete"); if (aadAuthentication.VstsAuthority is AuthorityFake fake) { fake.CredentialsAreValid = false; } aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); aadAuthentication.DeleteCredentials(targetUri); Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); aadAuthentication.DeleteCredentials(targetUri); Assert.Null(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri)); }
public void VstsAadDeleteCredentialsTest() { TargetUri targetUri = DefaultTargetUri; VstsAadAuthentication aadAuthentication = GetVstsAadAuthentication("aad-delete"); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken); Credential personalAccessToken; Token azureToken; aadAuthentication.DeleteCredentials(targetUri); Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected"); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token wasn't read as expected."); aadAuthentication.DeleteCredentials(targetUri); Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected"); Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token were not deleted as expected."); }
public static Credential QueryCredentials(Program program, OperationArguments operationArguments) { if (ReferenceEquals(operationArguments, null)) { throw new ArgumentNullException(nameof(operationArguments)); } if (ReferenceEquals(operationArguments.TargetUri, null)) { throw new ArgumentException("TargetUri property returned null", nameof(operationArguments)); } var task = Task.Run(async() => { return(await program.CreateAuthentication(operationArguments)); }); BaseAuthentication authentication = task.Result; Credential credentials = null; switch (operationArguments.Authority) { default: case AuthorityType.Basic: { BasicAuthentication basicAuth = authentication as BasicAuthentication; Task.Run(async() => { // attempt to get cached creds or acquire creds if interactivity is allowed if ((operationArguments.Interactivity != Interactivity.Always && (credentials = authentication.GetCredentials(operationArguments.TargetUri)) != null) || (operationArguments.Interactivity != Interactivity.Never && (credentials = await basicAuth.AcquireCredentials(operationArguments.TargetUri)) != null)) { Git.Trace.WriteLine("credentials found."); // no need to save the credentials explicitly, as Git will call back with // a store command if the credentials are valid. } else { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found."); program.LogEvent($"Failed to retrieve credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit); } }).Wait(); } break; case AuthorityType.AzureDirectory: { VstsAadAuthentication aadAuth = authentication as VstsAadAuthentication; Task.Run(async() => { // attempt to get cached creds -> non-interactive logon -> interactive // logon note that AAD "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && ((credentials = aadAuth.GetCredentials(operationArguments.TargetUri)) != null) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) || (operationArguments.Interactivity != Interactivity.Always && ((credentials = await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true)) != null) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && ((credentials = await aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) != null) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found."); program.LogEvent($"Azure Directory credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found."); program.LogEvent($"Failed to retrieve Azure Directory credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit); } }).Wait(); } break; case AuthorityType.MicrosoftAccount: { VstsMsaAuthentication msaAuth = authentication as VstsMsaAuthentication; Task.Run(async() => { // attempt to get cached creds -> interactive logon note that MSA // "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && ((credentials = msaAuth.GetCredentials(operationArguments.TargetUri)) != null) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) || (operationArguments.Interactivity != Interactivity.Never && ((credentials = await msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) != null) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found."); program.LogEvent($"Microsoft Live credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found."); program.LogEvent($"Failed to retrieve Microsoft Live credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit); } }).Wait(); } break; case AuthorityType.GitHub: { Github.Authentication ghAuth = authentication as Github.Authentication; Task.Run(async() => { if ((operationArguments.Interactivity != Interactivity.Always && ((credentials = ghAuth.GetCredentials(operationArguments.TargetUri)) != null) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && ((credentials = await ghAuth.InteractiveLogon(operationArguments.TargetUri)) != null) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found."); program.LogEvent($"GitHub credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' not found."); program.LogEvent($"Failed to retrieve GitHub credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit); } }).Wait(); } break; case AuthorityType.Bitbucket: { var bbcAuth = authentication as Bitbucket.Authentication; Task.Run(async() => { if (((operationArguments.Interactivity != Interactivity.Always) && ((credentials = bbcAuth.GetCredentials(operationArguments.TargetUri, operationArguments.CredUsername)) != null) && (!operationArguments.ValidateCredentials || ((credentials = await bbcAuth.ValidateCredentials(operationArguments.TargetUri, operationArguments.CredUsername, credentials)) != null))) || ((operationArguments.Interactivity != Interactivity.Never) && ((credentials = await bbcAuth.InteractiveLogon(operationArguments.TargetUri, operationArguments.CredUsername)) != null) && (!operationArguments.ValidateCredentials || ((credentials = await bbcAuth.ValidateCredentials(operationArguments.TargetUri, operationArguments.CredUsername, credentials)) != null)))) { Git.Trace.WriteLine($"credentials for '{operationArguments.TargetUri}' found."); // Bitbucket relies on a username + secret, so make sure there is a // username to return if (operationArguments.CredUsername != null) { credentials = new Credential(operationArguments.CredUsername, credentials.Password); } program.LogEvent($"Bitbucket credentials for '{operationArguments.TargetUri}' successfully retrieved.", EventLogEntryType.SuccessAudit); } else { program.LogEvent($"Failed to retrieve Bitbucket credentials for '{operationArguments.TargetUri}'.", EventLogEntryType.FailureAudit); } }).Wait(); } break; case AuthorityType.Ntlm: { Git.Trace.WriteLine($"'{operationArguments.TargetUri}' is NTLM."); credentials = BasicAuthentication.NtlmCredentials; } break; } if (credentials != null) { operationArguments.SetCredentials(credentials); } return(credentials); }
public static async Task <BaseAuthentication> CreateAuthentication(Program program, OperationArguments operationArguments) { if (operationArguments is null) { throw new ArgumentNullException(nameof(operationArguments)); } if (operationArguments.TargetUri is null) { var innerException = new NullReferenceException($"`{operationArguments.TargetUri}` cannot be null."); throw new ArgumentException(innerException.Message, nameof(operationArguments), innerException); } var secretsNamespace = operationArguments.CustomNamespace ?? Program.SecretsNamespace; BaseAuthentication authority = null; var basicCredentialCallback = (operationArguments.UseModalUi) ? new AcquireCredentialsDelegate(program.ModalPromptForCredentials) : new AcquireCredentialsDelegate(program.BasicCredentialPrompt); var bitbucketPrompts = new Bitbucket.AuthenticationPrompts(program.Context, operationArguments.ParentHwnd); var bitbucketCredentialCallback = (operationArguments.UseModalUi) ? bitbucketPrompts.CredentialModalPrompt : new Bitbucket.Authentication.AcquireCredentialsDelegate(program.BitbucketCredentialPrompt); var bitbucketOauthCallback = (operationArguments.UseModalUi) ? bitbucketPrompts.AuthenticationOAuthModalPrompt : new Bitbucket.Authentication.AcquireAuthenticationOAuthDelegate(program.BitbucketOAuthPrompt); var githubPrompts = new Github.AuthenticationPrompts(program.Context, operationArguments.ParentHwnd); var githubCredentialCallback = (operationArguments.UseModalUi) ? new Github.Authentication.AcquireCredentialsDelegate(githubPrompts.CredentialModalPrompt) : new Github.Authentication.AcquireCredentialsDelegate(program.GitHubCredentialPrompt); var githubAuthcodeCallback = (operationArguments.UseModalUi) ? new Github.Authentication.AcquireAuthenticationCodeDelegate(githubPrompts.AuthenticationCodeModalPrompt) : new Github.Authentication.AcquireAuthenticationCodeDelegate(program.GitHubAuthCodePrompt); NtlmSupport basicNtlmSupport = NtlmSupport.Auto; switch (operationArguments.Authority) { case AuthorityType.Auto: program.Trace.WriteLine($"detecting authority type for '{operationArguments.TargetUri}'."); // Detect the authority. authority = await BaseVstsAuthentication.GetAuthentication(program.Context, operationArguments.TargetUri, Program.VstsCredentialScope, new SecretStore(program.Context, secretsNamespace, BaseVstsAuthentication.UriNameConversion)) ?? Github.Authentication.GetAuthentication(program.Context, operationArguments.TargetUri, Program.GitHubCredentialScope, new SecretStore(program.Context, secretsNamespace, Secret.UriToName), githubCredentialCallback, githubAuthcodeCallback, null) ?? Bitbucket.Authentication.GetAuthentication(program.Context, operationArguments.TargetUri, new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl), bitbucketCredentialCallback, bitbucketOauthCallback); if (authority != null) { // Set the authority type based on the returned value. if (authority is VstsMsaAuthentication) { operationArguments.Authority = AuthorityType.MicrosoftAccount; goto case AuthorityType.MicrosoftAccount; } else if (authority is VstsAadAuthentication) { operationArguments.Authority = AuthorityType.AzureDirectory; goto case AuthorityType.AzureDirectory; } else if (authority is Github.Authentication) { operationArguments.Authority = AuthorityType.GitHub; goto case AuthorityType.GitHub; } else if (authority is Bitbucket.Authentication) { operationArguments.Authority = AuthorityType.Bitbucket; goto case AuthorityType.Bitbucket; } } goto default; case AuthorityType.AzureDirectory: program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Azure Directory."); if (authority is null) { Guid tenantId = Guid.Empty; // Get the identity of the tenant. var result = await BaseVstsAuthentication.DetectAuthority(program.Context, operationArguments.TargetUri); if (result.HasValue) { tenantId = result.Value; } // Create the authority object. authority = new VstsAadAuthentication(program.Context, tenantId, operationArguments.VstsTokenScope, new SecretStore(program.Context, secretsNamespace, VstsAadAuthentication.UriNameConversion)); } // Return the allocated authority or a generic AAD backed VSTS authentication object. return(authority); case AuthorityType.Basic: // Enforce basic authentication only. basicNtlmSupport = NtlmSupport.Never; goto default; case AuthorityType.GitHub: program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is GitHub."); // Return a GitHub authentication object. return(authority ?? new Github.Authentication(program.Context, operationArguments.TargetUri, Program.GitHubCredentialScope, new SecretStore(program.Context, secretsNamespace, Secret.UriToName), githubCredentialCallback, githubAuthcodeCallback, null)); case AuthorityType.Bitbucket: program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Bitbucket."); // Return a Bitbucket authentication object. return(authority ?? new Bitbucket.Authentication(program.Context, new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl), bitbucketCredentialCallback, bitbucketOauthCallback)); case AuthorityType.MicrosoftAccount: program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is Microsoft Live."); // Return the allocated authority or a generic MSA backed VSTS authentication object. return(authority ?? new VstsMsaAuthentication(program.Context, operationArguments.VstsTokenScope, new SecretStore(program.Context, secretsNamespace, VstsMsaAuthentication.UriNameConversion))); case AuthorityType.Ntlm: // Enforce NTLM authentication only. basicNtlmSupport = NtlmSupport.Always; goto default; default: program.Trace.WriteLine($"authority for '{operationArguments.TargetUri}' is basic with NTLM={basicNtlmSupport}."); // Return a generic username + password authentication object. return(authority ?? new BasicAuthentication(program.Context, new SecretStore(program.Context, secretsNamespace, Secret.UriToIdentityUrl), basicNtlmSupport, basicCredentialCallback, null)); } }