public void VsoAadValidateCredentialsTest() { VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-validate"); Credential credentials = null; Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed."); credentials = DefaultCredentials; Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed."); }
public void VsoAadNoninteractiveLogonTest() { Uri targetUri = DefaultTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-noninteractive"); Credential personalAccessToken; Token azureToken; Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, false)); }).Result, "Non-interactive logon unexpectedly failed."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected."); }
public void VsoAadGetCredentialsTest() { Uri targetUri = DefaultTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-get"); Credential credentials; Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly."); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken); Assert.IsTrue(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were not retrieved as expected."); }
public void VsoAadSetCredentialsTest() { Uri targetUri = DefaultTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-set"); Credential credentials = DefaultCredentials; Credential personalAccessToken; Token azureToken; Assert.IsFalse(aadAuthentication.SetCredentials(targetUri, credentials), "Credentials were unexpectedly set."); Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store."); Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token unexpectedly found in store."); Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly."); }
public void VsoAadNoninteractiveLogonWithCredentialsTest() { Uri targetUri = DefaultTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-noninter-creds"); Credential originCreds = DefaultCredentials; Credential personalAccessToken; Token azureToken; Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogonWithCredentials(targetUri, originCreds, false)); }).Result, "Non-interactive logon unexpectedly failed."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected."); Assert.IsFalse(String.Equals(originCreds.Password, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase) || String.Equals(originCreds.Username, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase), "Supplied credentials and Personal Access Token values unexpectedly matched."); }
public void VsoAadInteractiveLogonTest() { Uri targetUri = DefaultTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-logon"); Credential personalAccessToken; Token azureToken; Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token found in store unexpectedly."); Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token found in store unexpectedly."); Assert.IsTrue(aadAuthentication.InteractiveLogon(targetUri, false), "Interactive logon failed unexpectedly."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected."); }
public void VsoAadRefreshCredentialsTest() { Uri targetUri = DefaultTargetUri; Uri invalidUri = InvalidTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-refresh"); aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken); Credential personalAccessToken; Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store."); Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(targetUri, false)); }).Result, "Credentials refresh failed unexpectedly."); Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(invalidUri, false)); }).Result, "Credentials refresh succeeded unexpectedly."); Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected."); }
public void VsoAadDeleteCredentialsTest() { Uri targetUri = DefaultTargetUri; VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-delete"); aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken); aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken); Credential personalAccessToken; Token azureToken; aadAuthentication.DeleteCredentials(targetUri); Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected"); Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token wasn't read as expected."); aadAuthentication.DeleteCredentials(targetUri); Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected"); Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token were not deleted as expected."); }
private static void Get() { const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt."; const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt."; // parse the operations arguments from stdin (this is how git sends commands) // see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html // see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html OperationArguments operationArguments = new OperationArguments(Console.In); Debug.Assert(operationArguments != null, "The operationArguments is null"); Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null"); LoadOperationArguments(operationArguments); EnableTraceLogging(operationArguments); Trace.WriteLine("Program::Get"); Trace.WriteLine(" targetUri = " + operationArguments.TargetUri); BaseAuthentication authentication = CreateAuthentication(operationArguments); Credential credentials = null; switch (operationArguments.Authority) { default: case AuthorityType.Basic: if (authentication.GetCredentials(operationArguments.TargetUri, out credentials)) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); } break; case AuthorityType.AzureDirectory: VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication; Task.Run(async() => { // attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon // note that AAD "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await aadAuth.RefreshCredentials(operationArguments.TargetUri, true) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) && aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(AadMsaAuthFailureMessage); LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.MicrosoftAccount: VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication; Task.Run(async() => { // attmempt to get cached creds -> refresh creds -> interactive logon // note that MSA "credentials" are always scoped access tokens if (((operationArguments.Interactivity != Interactivity.Always && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Always && await msaAuth.RefreshCredentials(operationArguments.TargetUri, true) && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) && msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(AadMsaAuthFailureMessage); LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.GitHub: GithubAuthentication ghAuth = authentication as GithubAuthentication; Task.Run(async() => { if ((operationArguments.Interactivity != Interactivity.Always && ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) || (operationArguments.Interactivity != Interactivity.Never && ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials) && ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) && (!operationArguments.ValidateCredentials || await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials)))) { Trace.WriteLine(" credentials found"); operationArguments.SetCredentials(credentials); LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit); } else { Console.Error.WriteLine(GitHubAuthFailureMessage); LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit); } }).Wait(); break; case AuthorityType.Integrated: credentials = new Credential(String.Empty, String.Empty); operationArguments.SetCredentials(credentials); break; } Console.Out.Write(operationArguments); }