ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-02-06 17:23:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Verify the token belongs to the proper user. (#11593)" (#13321)

Browse Source 
This reverts commit 45cbaca31f.
This commit is contained in:
Karl Burtram
2020-11-09 15:32:21 -08:00
committed by GitHub
parent 9d766198b5
commit 8cf5e4c9fd
2 changed files with 15 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
extensions/azurecore/src/test/account-provider/auths/azureAuth.test.ts
View File

@@ -32,9 +32,7 @@ let mockRefreshToken: RefreshToken;
const mockClaims = {
name: 'Name',
email: 'example@example.com',
sub: 'someUniqueId',
idp: 'idp',
oid: 'userUniqueKey'
sub: 'someUniqueId'
} as TokenClaims;
const mockTenant: Tenant = {
@@ -57,9 +55,6 @@ describe('Azure Authentication', function () {
// authDeviceCode.callBase = true;
mockAccount = {
key: {
accountId: mockClaims.oid
},
isStale: false,
properties: {
tenants: [mockTenant]
@@ -164,8 +159,7 @@ describe('Azure Authentication', function () {
const mockToken: AccessToken = JSON.parse(JSON.stringify(mockAccessToken));
delete (mockToken as any).invalidData;
return Promise.resolve({
accessToken: mockToken,
tokenClaims: mockClaims
accessToken: mockToken
} as OAuthTokenResponse);
});
const securityToken = await azureAuthCodeGrant.object.getAccountSecurityToken(mockAccount, mockTenant.id, AzureResource.MicrosoftResourceManagement);
@@ -198,15 +192,14 @@ describe('Azure Authentication', function () {
return Promise.resolve({
accessToken: mockAccessToken,
refreshToken: mockRefreshToken,
expiresOn: '',
expiresOn: ''
});
});
delete (mockAccessToken as any).tokenType;
azureAuthCodeGrant.setup(x => x.refreshToken(TypeMoq.It.isAny(), TypeMoq.It.isAny(), TypeMoq.It.isAny())).returns(() => {
return Promise.resolve({
accessToken: mockAccessToken,
tokenClaims: mockClaims,
accessToken: mockAccessToken
} as OAuthTokenResponse);
});
@@ -280,77 +273,4 @@ describe('Azure Authentication', function () {
});
});
describe('getUserKey', function () {
let tokenClaims: TokenClaims;
beforeEach(function () {
tokenClaims = {
unique_name: 'unique_name',
email: 'email',
sub: 'sub',
oid: 'oid',
home_oid: 'home_oid'
} as TokenClaims;
});
describe('personal accounts - live.com', function () {
beforeEach(function () {
tokenClaims.idp = 'live.com';
});
it('prefer unique_name', function () {
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.unique_name);
});
it('fallback to email', function () {
delete tokenClaims.unique_name;
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.email);
});
it('fallback to sub', function () {
delete tokenClaims.unique_name;
delete tokenClaims.email;
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.sub);
});
});
describe('work accounts', function () {
it('prefer home_oid', function () {
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.home_oid);
});
it('fallback to oid', function () {
delete tokenClaims.home_oid;
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.oid);
});
it('fallback to unique_name', function () {
delete tokenClaims.home_oid;
delete tokenClaims.oid;
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.unique_name);
});
it('fallback to email', function () {
delete tokenClaims.home_oid;
delete tokenClaims.oid;
delete tokenClaims.unique_name;
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.email);
});
it('fallback to sub', function () {
delete tokenClaims.home_oid;
delete tokenClaims.oid;
delete tokenClaims.unique_name;
delete tokenClaims.email;
const value = azureAuthCodeGrant.object.getUserKey(tokenClaims);
should(value).be.equal(tokenClaims.sub);
});
});
});
});