public void VsoAadValidateCredentialsTest()
{
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-validate");
Credential credentials = null;
Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed.");
credentials = DefaultCredentials;
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.ValidateCredentials(DefaultTargetUri, credentials)); }).Result, "Credential validation unexpectedly failed.");
}
public void VsoAadNoninteractiveLogonTest()
{
Uri targetUri = DefaultTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-noninteractive");
Credential personalAccessToken;
Token azureToken;
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogon(targetUri, false)); }).Result, "Non-interactive logon unexpectedly failed.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
}
public void VsoAadGetCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-get");
Credential credentials;
Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly.");
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Assert.IsTrue(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were not retrieved as expected.");
}
public void VsoAadSetCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-set");
Credential credentials = DefaultCredentials;
Credential personalAccessToken;
Token azureToken;
Assert.IsFalse(aadAuthentication.SetCredentials(targetUri, credentials), "Credentials were unexpectedly set.");
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store.");
Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token unexpectedly found in store.");
Assert.IsFalse(aadAuthentication.GetCredentials(targetUri, out credentials), "Credentials were retrieved unexpectedly.");
}
public void VsoAadNoninteractiveLogonWithCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-noninter-creds");
Credential originCreds = DefaultCredentials;
Credential personalAccessToken;
Token azureToken;
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.NoninteractiveLogonWithCredentials(targetUri, originCreds, false)); }).Result, "Non-interactive logon unexpectedly failed.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
Assert.IsFalse(String.Equals(originCreds.Password, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase) || String.Equals(originCreds.Username, personalAccessToken.Password, StringComparison.OrdinalIgnoreCase), "Supplied credentials and Personal Access Token values unexpectedly matched.");
}
public void VsoAadInteractiveLogonTest()
{
Uri targetUri = DefaultTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-logon");
Credential personalAccessToken;
Token azureToken;
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token found in store unexpectedly.");
Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "ADA Refresh Token found in store unexpectedly.");
Assert.IsTrue(aadAuthentication.InteractiveLogon(targetUri, false), "Interactive logon failed unexpectedly.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken) && azureToken.Value == "token-refresh", "ADA Refresh Token not found in store as expected.");
}
public void VsoAadRefreshCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
Uri invalidUri = InvalidTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-refresh");
aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Credential personalAccessToken;
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token unexpectedly found in store.");
Assert.IsTrue(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(targetUri, false)); }).Result, "Credentials refresh failed unexpectedly.");
Assert.IsFalse(Task.Run(async() => { return(await aadAuthentication.RefreshCredentials(invalidUri, false)); }).Result, "Credentials refresh succeeded unexpectedly.");
Assert.IsTrue(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Token not found in store as expected.");
}
public void VsoAadDeleteCredentialsTest()
{
Uri targetUri = DefaultTargetUri;
VsoAadAuthentication aadAuthentication = GetVsoAadAuthentication("aad-delete");
aadAuthentication.PersonalAccessTokenStore.WriteCredentials(targetUri, DefaultPersonalAccessToken);
aadAuthentication.AdaRefreshTokenStore.WriteToken(targetUri, DefaultAzureRefreshToken);
Credential personalAccessToken;
Token azureToken;
aadAuthentication.DeleteCredentials(targetUri);
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected");
Assert.IsTrue(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token wasn't read as expected.");
aadAuthentication.DeleteCredentials(targetUri);
Assert.IsFalse(aadAuthentication.PersonalAccessTokenStore.ReadCredentials(targetUri, out personalAccessToken), "Personal Access Tokens were not deleted as expected");
Assert.IsFalse(aadAuthentication.AdaRefreshTokenStore.ReadToken(targetUri, out azureToken), "Refresh Token were not deleted as expected.");
}
private static void Get()
{
const string AadMsaAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
const string GitHubAuthFailureMessage = "Logon failed, use ctrl+c to cancel basic credential prompt.";
// parse the operations arguments from stdin (this is how git sends commands)
// see: https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html
// see: https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
OperationArguments operationArguments = new OperationArguments(Console.In);
Debug.Assert(operationArguments != null, "The operationArguments is null");
Debug.Assert(operationArguments.TargetUri != null, "The operationArgument.TargetUri is null");
LoadOperationArguments(operationArguments);
EnableTraceLogging(operationArguments);
Trace.WriteLine("Program::Get");
Trace.WriteLine(" targetUri = " + operationArguments.TargetUri);
BaseAuthentication authentication = CreateAuthentication(operationArguments);
Credential credentials = null;
switch (operationArguments.Authority)
{
default:
case AuthorityType.Basic:
if (authentication.GetCredentials(operationArguments.TargetUri, out credentials))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
}
break;
case AuthorityType.AzureDirectory:
VsoAadAuthentication aadAuth = authentication as VsoAadAuthentication;
Task.Run(async() =>
{
// attmempt to get cached creds -> refresh creds -> non-interactive logon -> interactive logon
// note that AAD "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await aadAuth.RefreshCredentials(operationArguments.TargetUri, true) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await aadAuth.NoninteractiveLogon(operationArguments.TargetUri, true) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
aadAuth.InteractiveLogon(operationArguments.TargetUri, true)) &&
aadAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await aadAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Azure Directory credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Azure Directory credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.MicrosoftAccount:
VsoMsaAuthentication msaAuth = authentication as VsoMsaAuthentication;
Task.Run(async() =>
{
// attmempt to get cached creds -> refresh creds -> interactive logon
// note that MSA "credentials" are always scoped access tokens
if (((operationArguments.Interactivity != Interactivity.Always &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Always &&
await msaAuth.RefreshCredentials(operationArguments.TargetUri, true) &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
msaAuth.InteractiveLogon(operationArguments.TargetUri, true)) &&
msaAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await msaAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("Microsoft Live credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(AadMsaAuthFailureMessage);
LogEvent("Failed to retrieve Microsoft Live credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.GitHub:
GithubAuthentication ghAuth = authentication as GithubAuthentication;
Task.Run(async() =>
{
if ((operationArguments.Interactivity != Interactivity.Always &&
ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))) ||
(operationArguments.Interactivity != Interactivity.Never &&
ghAuth.InteractiveLogon(operationArguments.TargetUri, out credentials) &&
ghAuth.GetCredentials(operationArguments.TargetUri, out credentials) &&
(!operationArguments.ValidateCredentials ||
await ghAuth.ValidateCredentials(operationArguments.TargetUri, credentials))))
{
Trace.WriteLine(" credentials found");
operationArguments.SetCredentials(credentials);
LogEvent("GitHub credentials for " + operationArguments.TargetUri + " successfully retrieved.", EventLogEntryType.SuccessAudit);
}
else
{
Console.Error.WriteLine(GitHubAuthFailureMessage);
LogEvent("Failed to retrieve GitHub credentials for " + operationArguments.TargetUri + ".", EventLogEntryType.FailureAudit);
}
}).Wait();
break;
case AuthorityType.Integrated:
credentials = new Credential(String.Empty, String.Empty);
operationArguments.SetCredentials(credentials);
break;
}
Console.Out.Write(operationArguments);
}
