From 2a3e41e821c6b741962a83e4de44fcda070f0794 Mon Sep 17 00:00:00 2001
From: Christopher Suh <chsuh@microsoft.com>
Date: Fri, 30 Sep 2022 11:59:53 -0400
Subject: [PATCH] Update redirect-uri to localhost (#20692)

* wip

* change clientId

* change redirect-uri to localhost

* change clientId to staging env

* wip, using ppe endpoint

* management-preview

* change back management endpoint

* localhost/redirect

* wip

* route redirect

* change back to prod endpoints/clientId

* add error handling
---
 .../auths/azureAuthCodeGrant.ts               | 19 +++++++++++++++++--
 .../src/account-provider/providerSettings.ts  | 10 +++++-----
 .../microsoft-authentication/src/AADHelper.ts |  2 +-
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/extensions/azurecore/src/account-provider/auths/azureAuthCodeGrant.ts b/extensions/azurecore/src/account-provider/auths/azureAuthCodeGrant.ts
index 2b6ace1e39..6961dc25e9 100644
--- a/extensions/azurecore/src/account-provider/auths/azureAuthCodeGrant.ts
+++ b/extensions/azurecore/src/account-provider/auths/azureAuthCodeGrant.ts
@@ -157,7 +157,7 @@ export class AzureAuthCodeGrant extends AzureAuth {
 			response_type: 'code',
 			response_mode: 'query',
 			client_id: this.clientId,
-			redirect_uri: this.redirectUri,
+			redirect_uri: `${this.redirectUri}:${serverPort}/redirect`,
 			state,
 			prompt: 'select_account',
 			code_challenge_method: 'S256',
@@ -170,7 +170,7 @@ export class AzureAuthCodeGrant extends AzureAuth {
 		return {
 			authCode,
 			codeVerifier,
-			redirectUri: this.redirectUri
+			redirectUri: `${this.redirectUri}:${serverPort}/redirect`
 		};
 
 	}
@@ -222,6 +222,21 @@ export class AzureAuthCodeGrant extends AzureAuth {
 		});
 
 		return new Promise<string>((resolve, reject) => {
+			server.on('/redirect', (req, reqUrl, res) => {
+				const state = reqUrl.query.state as string ?? '';
+				const split = state.split(',');
+				if (split.length !== 2) {
+					res.writeHead(400, { 'content-type': 'text/html' });
+					res.write(localize('azureAuth.stateError', 'Authentication failed due to a state mismatch, please close ADS and try again.'));
+					res.end();
+					reject(new Error('State mismatch'));
+					return;
+				}
+				const port = split[0];
+				res.writeHead(302, { Location: `http://127.0.0.1:${port}/callback${reqUrl.search}` });
+				res.end();
+			});
+
 			server.on('/callback', (req, reqUrl, res) => {
 				const state = reqUrl.query.state as string ?? '';
 				const code = reqUrl.query.code as string ?? '';
diff --git a/extensions/azurecore/src/account-provider/providerSettings.ts b/extensions/azurecore/src/account-provider/providerSettings.ts
index 1fb2242fe1..2ced26345f 100644
--- a/extensions/azurecore/src/account-provider/providerSettings.ts
+++ b/extensions/azurecore/src/account-provider/providerSettings.ts
@@ -93,7 +93,7 @@ const publicAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.azure.com/user_impersonation',
@@ -158,7 +158,7 @@ const usGovAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.usgovcloudapi.net/user_impersonation'
@@ -217,7 +217,7 @@ const usNatAzureSettings: ProviderSettings = {
 				endpointSuffix: '.core.eaglex.ic.gov',
 				azureResourceId: AzureResource.AzureStorage
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.core.eaglex.ic.gov/user_impersonation'
@@ -267,7 +267,7 @@ const germanyAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.microsoftazure.de/user_impersonation'
@@ -331,7 +331,7 @@ const chinaAzureSettings: ProviderSettings = {
 				endpoint: 'https://analysis.windows.net/powerbi/api',
 				azureResourceId: AzureResource.PowerBi
 			},
-			redirectUri: 'https://vscode-redirect.azurewebsites.net/',
+			redirectUri: 'http://localhost',
 			scopes: [
 				'openid', 'email', 'profile', 'offline_access',
 				'https://management.chinacloudapi.cn/user_impersonation'
diff --git a/extensions/microsoft-authentication/src/AADHelper.ts b/extensions/microsoft-authentication/src/AADHelper.ts
index db59487803..1f42d0afee 100644
--- a/extensions/microsoft-authentication/src/AADHelper.ts
+++ b/extensions/microsoft-authentication/src/AADHelper.ts
@@ -20,7 +20,7 @@ import { MicrosoftAuthenticationSession } from './microsoft-authentication';
 
 const localize = nls.loadMessageBundle();
 
-const redirectUrl = 'https://vscode-redirect.azurewebsites.net/';
+const redirectUrl = 'http://localhost/redirect';
 const loginEndpointUrl = 'https://login.microsoftonline.com/';
 const clientId = 'aebc6443-996d-45c2-90f0-388ff96faa56';
 const tenant = 'organizations';