azure-repos: fix org name in userinfo (#1522)

mjcheetham · web-flow · commit e51e1a4c4e03 · 2024-02-22T13:48:31.000-08:00
Fix a bug in the Azure Repos host provider that prevented the Azure DevOps organisation name from being pulled from the userinfo part of the remote URL. When creating the remote URL from Git input in multiple places we had not been preserving the userinfo part that was subsequently passed to the `CreateOrganizationUri` helper method to extract the org URL. Also add an additional test for PAT mode to cover this use case. Fixes #1520
diff --git a/src/shared/Microsoft.AzureRepos.Tests/AzureReposHostProviderTests.cs b/src/shared/Microsoft.AzureRepos.Tests/AzureReposHostProviderTests.cs
@@ -239,17 +239,14 @@ public async Task AzureReposProvider_GetCredentialAsync_JwtMode_CachedAuthority_
         [Fact]
         public async Task AzureReposProvider_GetCredentialAsync_JwtMode_CachedAuthority_DevAzureUrlOrgName_ReturnsCredential()
         {
-
             var input = new InputArguments(new Dictionary<string, string>
             {
                 ["protocol"] = "https",
                 ["host"] = "dev.azure.com",
-                ["path"] = "org/project/_git/repo",
                 ["username"] = "org"
             });
 
             var expectedOrgUri = new Uri("https://dev.azure.com/org");
-            var remoteUri = new Uri("https://dev.azure.com/org/project/_git/repo");
             var authorityUrl = "https://login.microsoftonline.com/common";
             var expectedClientId = AzureDevOpsConstants.AadClientId;
             var expectedRedirectUri = AzureDevOpsConstants.AadRedirectUri;
@@ -385,7 +382,6 @@ public async Task AzureReposProvider_GetCredentialAsync_JwtMode_CachedAuthority_
         [Fact]
         public async Task AzureReposProvider_GetCredentialAsync_JwtMode_NoCachedAuthority_NoUser_ReturnsCredential()
         {
-
             var input = new InputArguments(new Dictionary<string, string>
             {
                 ["protocol"] = "https",
@@ -433,9 +429,52 @@ public async Task AzureReposProvider_GetCredentialAsync_JwtMode_NoCachedAuthorit
         }
 
         [Fact]
-        public async Task AzureReposProvider_GetCredentialAsync_PatMode_NoExistingPat_GeneratesCredential()
+        public async Task AzureReposProvider_GetCredentialAsync_PatMode_OrgInUserName_NoExistingPat_GeneratesCredential()
         {
+            var input = new InputArguments(new Dictionary<string, string>
+            {
+                ["protocol"] = "https",
+                ["host"] = "dev.azure.com",
+                ["username"] = "org"
+            });
+
+            var expectedOrgUri = new Uri("https://dev.azure.com/org");
+            var authorityUrl = "https://login.microsoftonline.com/common";
+            var expectedClientId = AzureDevOpsConstants.AadClientId;
+            var expectedRedirectUri = AzureDevOpsConstants.AadRedirectUri;
+            var expectedScopes = AzureDevOpsConstants.AzureDevOpsDefaultScopes;
+            var accessToken = "ACCESS-TOKEN";
+            var personalAccessToken = "PERSONAL-ACCESS-TOKEN";
+            var account = "john.doe";
+            var authResult = CreateAuthResult(account, accessToken);
+
+            var context = new TestCommandContext();
+
+            var azDevOpsMock = new Mock<IAzureDevOpsRestApi>(MockBehavior.Strict);
+            azDevOpsMock.Setup(x => x.GetAuthorityAsync(expectedOrgUri)).ReturnsAsync(authorityUrl);
+            azDevOpsMock.Setup(x => x.CreatePersonalAccessTokenAsync(expectedOrgUri, accessToken, It.IsAny<IEnumerable<string>>()))
+                        .ReturnsAsync(personalAccessToken);
+
+            var msAuthMock = new Mock<IMicrosoftAuthentication>(MockBehavior.Strict);
+            msAuthMock.Setup(x => x.GetTokenForUserAsync(authorityUrl, expectedClientId, expectedRedirectUri, expectedScopes, null, true))
+                      .ReturnsAsync(authResult);
+
+            var authorityCacheMock = new Mock<IAzureDevOpsAuthorityCache>(MockBehavior.Strict);
+
+            var userMgrMock = new Mock<IAzureReposBindingManager>(MockBehavior.Strict);
 
+            var provider = new AzureReposHostProvider(context, azDevOpsMock.Object, msAuthMock.Object, authorityCacheMock.Object, userMgrMock.Object);
+
+            ICredential credential = await provider.GetCredentialAsync(input);
+
+            Assert.NotNull(credential);
+            Assert.Equal(account, credential.Account);
+            Assert.Equal(personalAccessToken, credential.Password);
+        }
+
+        [Fact]
+        public async Task AzureReposProvider_GetCredentialAsync_PatMode_NoExistingPat_GeneratesCredential()
+        {
             var input = new InputArguments(new Dictionary<string, string>
             {
                 ["protocol"] = "https",
diff --git a/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs b/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs
@@ -92,8 +92,8 @@ public async Task<ICredential> GetCredentialAsync(InputArguments input)
 
             if (UsePersonalAccessTokens())
             {
-                Uri remoteUri = input.GetRemoteUri();
-                string service = GetServiceName(remoteUri);
+                Uri remoteWithUserUri = input.GetRemoteUri(includeUser: true);
+                string service = GetServiceName(remoteWithUserUri);
                 string account = GetAccountNameForCredentialQuery(input);
 
                 _context.Trace.WriteLine($"Looking for existing credential in store with service={service} account={account}...");
@@ -219,8 +219,8 @@ private async Task<ICredential> GeneratePersonalAccessTokenAsync(InputArguments
                     "Unencrypted HTTP is not supported for Azure Repos. Ensure the repository remote URL is using HTTPS.");
             }
 
-            Uri remoteUri = input.GetRemoteUri();
-            Uri orgUri = UriHelpers.CreateOrganizationUri(remoteUri, out _);
+            Uri remoteUserUri = input.GetRemoteUri(includeUser: true);
+            Uri orgUri = UriHelpers.CreateOrganizationUri(remoteUserUri, out _);
 
             // Determine the MS authentication authority for this organization
             _context.Trace.WriteLine("Determining Microsoft Authentication Authority...");
@@ -257,17 +257,17 @@ private async Task<ICredential> GeneratePersonalAccessTokenAsync(InputArguments
 
         private async Task<IMicrosoftAuthenticationResult> GetAzureAccessTokenAsync(InputArguments input)
         {
-            Uri remoteUri = input.GetRemoteUri();
+            Uri remoteWithUserUri = input.GetRemoteUri(includeUser: true);
             string userName = input.UserName;
 
             // We should not allow unencrypted communication and should inform the user
-            if (StringComparer.OrdinalIgnoreCase.Equals(remoteUri.Scheme, "http"))
+            if (StringComparer.OrdinalIgnoreCase.Equals(remoteWithUserUri.Scheme, "http"))
             {
                 throw new Trace2Exception(_context.Trace2,
                     "Unencrypted HTTP is not supported for Azure Repos. Ensure the repository remote URL is using HTTPS.");
             }
 
-            Uri orgUri = UriHelpers.CreateOrganizationUri(remoteUri, out string orgName);
+            Uri orgUri = UriHelpers.CreateOrganizationUri(remoteWithUserUri, out string orgName);
 
             _context.Trace.WriteLine($"Determining Microsoft Authentication authority for Azure DevOps organization '{orgName}'...");
             if (TryGetAuthorityFromHeaders(input.WwwAuth, out string authAuthority))
@@ -306,8 +306,8 @@ private async Task<IMicrosoftAuthenticationResult> GetAzureAccessTokenAsync(Inpu
             //
             var icmp = StringComparer.OrdinalIgnoreCase;
             if (!string.IsNullOrWhiteSpace(userName) &&
-                (UriHelpers.IsVisualStudioComHost(remoteUri.Host) ||
-                 (UriHelpers.IsAzureDevOpsHost(remoteUri.Host) && !icmp.Equals(orgName, userName))))
+                (UriHelpers.IsVisualStudioComHost(remoteWithUserUri.Host) ||
+                 (UriHelpers.IsAzureDevOpsHost(remoteWithUserUri.Host) && !icmp.Equals(orgName, userName))))
             {
                 _context.Trace.WriteLine("Using username as specified in remote.");
             }
@@ -422,7 +422,7 @@ private static string GetServiceName(Uri remoteUri)
             {
                 // If we're given the full path for an older *.visualstudio.com-style URL then we should
                 // respect that in the service name.
-                return remoteUri.AbsoluteUri.TrimEnd('/');
+                return remoteUri.WithoutUserInfo().AbsoluteUri.TrimEnd('/');
             }
 
             throw new InvalidOperationException("Host is not Azure DevOps.");
