fix tsa issues (#827)

jennyf19 · web-flow · commit e8bb47730a59 · 2020-12-08T12:48:21.000-08:00
* fix tsa issues

* pass empty options
diff --git a/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs b/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs
@@ -74,7 +74,7 @@ public IActionResult Challenge(
                 { Constants.Claims, claims },
                 { Constants.Policy, policy },
             };
-            Dictionary<string, object> parameters = new Dictionary<string, object>
+            Dictionary<string, object?> parameters = new Dictionary<string, object?>
             {
                 { Constants.LoginHint, loginHint },
                 { Constants.DomainHint, domainHint },
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
@@ -219,7 +219,7 @@ private static void AddMicrosoftIdentityWebApiImplementation(
                     var tokenValidatedHandler = options.Events.OnTokenValidated;
                     options.Events.OnTokenValidated = async context =>
                     {
-                        if (!microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL && !context.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
+                        if (!microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL && !context!.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
                             && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Scp)
                             && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Roles)
                             && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Role))
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -121,7 +121,7 @@ internal static void WebAppCallsWebApiImplementation(
                        var codeReceivedHandler = options.Events.OnAuthorizationCodeReceived;
                        options.Events.OnAuthorizationCodeReceived = async context =>
                        {
-                           var tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService<ITokenAcquisitionInternal>();
+                           var tokenAcquisition = context!.HttpContext.RequestServices.GetRequiredService<ITokenAcquisitionInternal>();
                            await tokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(context, options.Scope).ConfigureAwait(false);
                            await codeReceivedHandler(context).ConfigureAwait(false);
                        };
@@ -130,16 +130,16 @@ internal static void WebAppCallsWebApiImplementation(
                        var onTokenValidatedHandler = options.Events.OnTokenValidated;
                        options.Events.OnTokenValidated = async context =>
                        {
-                           string? clientInfo = context.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);
+                           string? clientInfo = context!.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);
 
                            if (!string.IsNullOrEmpty(clientInfo))
                            {
                                ClientInfo? clientInfoFromServer = ClientInfo.CreateFromJson(clientInfo);
 
                                if (clientInfoFromServer != null)
                                {
-                                   context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));
-                                   context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));
+                                   context!.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));
+                                   context!.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));
                                }
                            }
 
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -116,7 +116,7 @@ public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityW
             Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
             Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,
             string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,
-            string cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
+            string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
             bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false)
         {
             if (builder == null)
@@ -186,7 +186,7 @@ private static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftWebAppWi
         Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
         Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions,
         string openIdConnectScheme,
-        string cookieScheme,
+        string? cookieScheme,
         bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents)
         {
             if (!AppServicesAuthenticationInformation.IsAppServicesAadAuthenticationEnabled)
@@ -237,7 +237,8 @@ private static void AddMicrosoftIdentityWebAppInternal(
 
             if (!string.IsNullOrEmpty(cookieScheme))
             {
-                builder.AddCookie(cookieScheme, configureCookieAuthenticationOptions);
+                Action<CookieAuthenticationOptions> emptyOption = option => { };
+                builder.AddCookie(cookieScheme, configureCookieAuthenticationOptions ?? emptyOption);
             }
 
             builder.Services.TryAddSingleton<MicrosoftIdentityIssuerValidatorFactory>();

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ public IActionResult Challenge(`
`74`	`74`	`{ Constants.Claims, claims },`
`75`	`75`	`{ Constants.Policy, policy },`
`76`	`76`	`};`
`77`		`- Dictionary<string, object> parameters = new Dictionary<string, object>`
	`77`	`+ Dictionary<string, object?> parameters = new Dictionary<string, object?>`
`78`	`78`	`{`
`79`	`79`	`{ Constants.LoginHint, loginHint },`
`80`	`80`	`{ Constants.DomainHint, domainHint },`
Original file line number	Diff line number	Diff line change
`@@ -219,7 +219,7 @@ private static void AddMicrosoftIdentityWebApiImplementation(`
`219`	`219`	`var tokenValidatedHandler = options.Events.OnTokenValidated;`
`220`	`220`	`options.Events.OnTokenValidated = async context =>`
`221`	`221`	`{`
`222`		`- if (!microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL && !context.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)`
	`222`	`+ if (!microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL && !context!.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)`
`223`	`223`	`&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Scp)`
`224`	`224`	`&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Roles)`
`225`	`225`	`&& !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Role))`
Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ internal static void WebAppCallsWebApiImplementation(`
`121`	`121`	`var codeReceivedHandler = options.Events.OnAuthorizationCodeReceived;`
`122`	`122`	`options.Events.OnAuthorizationCodeReceived = async context =>`
`123`	`123`	`{`
`124`		`- var tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService<ITokenAcquisitionInternal>();`
	`124`	`+ var tokenAcquisition = context!.HttpContext.RequestServices.GetRequiredService<ITokenAcquisitionInternal>();`
`125`	`125`	`await tokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(context, options.Scope).ConfigureAwait(false);`
`126`	`126`	`await codeReceivedHandler(context).ConfigureAwait(false);`
`127`	`127`	`};`
`@@ -130,16 +130,16 @@ internal static void WebAppCallsWebApiImplementation(`
`130`	`130`	`var onTokenValidatedHandler = options.Events.OnTokenValidated;`
`131`	`131`	`options.Events.OnTokenValidated = async context =>`
`132`	`132`	`{`
`133`		`- string? clientInfo = context.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);`
	`133`	`+ string? clientInfo = context!.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);`
`134`	`134`
`135`	`135`	`if (!string.IsNullOrEmpty(clientInfo))`
`136`	`136`	`{`
`137`	`137`	`ClientInfo? clientInfoFromServer = ClientInfo.CreateFromJson(clientInfo);`
`138`	`138`
`139`	`139`	`if (clientInfoFromServer != null)`
`140`	`140`	`{`
`141`		`- context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));`
`142`		`- context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));`
	`141`	`+ context!.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));`
	`142`	`+ context!.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));`
`143`	`143`	`}`
`144`	`144`	`}`
`145`	`145`
Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityW`
`116`	`116`	`Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,`
`117`	`117`	`Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,`
`118`	`118`	`string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,`
`119`		`- string cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,`
	`119`	`+ string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,`
`120`	`120`	`bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false)`
`121`	`121`	`{`
`122`	`122`	`if (builder == null)`
`@@ -186,7 +186,7 @@ private static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftWebAppWi`
`186`	`186`	`Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,`
`187`	`187`	`Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions,`
`188`	`188`	`string openIdConnectScheme,`
`189`		`- string cookieScheme,`
	`189`	`+ string? cookieScheme,`
`190`	`190`	`bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents)`
`191`	`191`	`{`
`192`	`192`	`if (!AppServicesAuthenticationInformation.IsAppServicesAadAuthenticationEnabled)`
`@@ -237,7 +237,8 @@ private static void AddMicrosoftIdentityWebAppInternal(`
`237`	`237`
`238`	`238`	`if (!string.IsNullOrEmpty(cookieScheme))`
`239`	`239`	`{`
`240`		`- builder.AddCookie(cookieScheme, configureCookieAuthenticationOptions);`
	`240`	`+ Action<CookieAuthenticationOptions> emptyOption = option => { };`
	`241`	`+ builder.AddCookie(cookieScheme, configureCookieAuthenticationOptions ?? emptyOption);`
`241`	`242`	`}`
`242`	`243`
`243`	`244`	`builder.Services.TryAddSingleton<MicrosoftIdentityIssuerValidatorFactory>();`