Esempio n. 1
0
        /// <summary>
        /// delete all cache entries with intersecting scopes.
        /// this should not happen but we have this as a safe guard
        /// against multiple matches.
        /// </summary>
        private void DeleteAccessTokensWithIntersectingScopes(
            AuthenticationRequestParameters requestParams,
            IEnumerable <string> environmentAliases,
            string tenantId,
            HashSet <string> scopeSet,
            string homeAccountId,
            string tokenType)
        {
            if (requestParams.RequestContext.Logger.IsLoggingEnabled(LogLevel.Info))
            {
                requestParams.RequestContext.Logger.Info(
                    "Looking for scopes for the authority in the cache which intersect with " +
                    requestParams.Scope.AsSingleString());
            }

            var accessTokensToDelete     = new List <MsalAccessTokenCacheItem>();
            var partitionKeyFromResponse = CacheKeyFactory.GetInternalPartitionKeyFromResponse(requestParams, homeAccountId);

            Debug.Assert(partitionKeyFromResponse != null || !requestParams.IsConfidentialClient, "On confidential client, cache must be partitioned.");

            foreach (var accessToken in Accessor.GetAllAccessTokens(partitionKeyFromResponse))
            {
                if (accessToken.ClientId.Equals(ClientId, StringComparison.OrdinalIgnoreCase) &&
                    environmentAliases.Contains(accessToken.Environment) &&
                    string.Equals(accessToken.TokenType ?? "", tokenType ?? "", StringComparison.OrdinalIgnoreCase) &&
                    string.Equals(accessToken.TenantId, tenantId, StringComparison.OrdinalIgnoreCase) &&
                    accessToken.ScopeSet.Overlaps(scopeSet))
                {
                    requestParams.RequestContext.Logger.Verbose("Intersecting scopes found");
                    accessTokensToDelete.Add(accessToken);
                }
            }

            requestParams.RequestContext.Logger.Info("Intersecting scope entries count - " + accessTokensToDelete.Count);

            if (!requestParams.IsClientCredentialRequest)
            {
                // filter by identifier of the user instead
                accessTokensToDelete.RemoveAll(
                    item => !item.HomeAccountId.Equals(homeAccountId, StringComparison.OrdinalIgnoreCase));
                requestParams.RequestContext.Logger.Info("Matching entries after filtering by user - " + accessTokensToDelete.Count);
            }

            foreach (var cacheItem in accessTokensToDelete)
            {
                Accessor.DeleteAccessToken(cacheItem);
            }
        }