Fixing IsCommonOrOrganizationsTenant check to not return true for consumers (#5195)

* Fixing IsCommonOrOrganizationsTenant check to not return true for consumers

* Updating tests to better validate IsCommonOrOrganizationsTenant

* Removing extra test

* Test update

---------

Co-authored-by: trwalke <[email protected]>

Author: trwalke

src/client/Microsoft.Identity.Client/Instance/AadAuthority.cs

@@ -75,7 +75,8 @@ internal bool IsCommonOrOrganizationsTenant()
 
         internal static bool IsCommonOrOrganizationsTenant(string tenantId)
         {
-            return !string.IsNullOrEmpty(tenantId) && 
+            return !string.IsNullOrEmpty(tenantId) &&
+                   !IsConsumers(tenantId) &&
                 s_tenantlessTenantNames.Contains(tenantId);
         }
 

tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/AadAuthorityTests.cs

@@ -333,6 +333,34 @@ public void IsOrganizationsTenantWithMsaPassthroughEnabled()
             Assert.IsTrue(aadAuthorityInstance.IsOrganizationsTenantWithMsaPassthroughEnabled(true, "9188040d-6c67-4c5b-b112-36a304b66dad"));
         }
 
+        [TestMethod]
+        public void IsCommonOrOrganizationsTenantTest()
+        {
+            //Test for common tenant
+            AadAuthority aadAuthorityInstance = new AadAuthority(Authority.CreateAuthority("https://login.microsoftonline.com/common").AuthorityInfo);
+
+            Assert.IsNotNull(aadAuthorityInstance);
+            Assert.AreEqual(aadAuthorityInstance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
+
+            Assert.IsTrue(aadAuthorityInstance.IsCommonOrOrganizationsTenant());
+
+            //Test for common Organizations tenant
+            aadAuthorityInstance = new AadAuthority(Authority.CreateAuthority("https://login.microsoftonline.com/organizations").AuthorityInfo);
+
+            Assert.IsNotNull(aadAuthorityInstance);
+            Assert.AreEqual(aadAuthorityInstance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
+
+            Assert.IsTrue(aadAuthorityInstance.IsCommonOrOrganizationsTenant());
+
+            //Test for common Organizations tenant
+            aadAuthorityInstance = new AadAuthority(Authority.CreateAuthority("https://login.microsoftonline.com/consumers").AuthorityInfo);
+
+            Assert.IsNotNull(aadAuthorityInstance);
+            Assert.AreEqual(aadAuthorityInstance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
+
+            Assert.IsFalse(aadAuthorityInstance.IsCommonOrOrganizationsTenant());
+        }
+
         [TestMethod]
         public async Task CreateAuthorityForRequestAsync_MSAPassthroughAsync()
         {

tests/Microsoft.Identity.Test.Unit/PublicApiTests/ConfidentialClientApplicationTests.cs

@@ -1881,7 +1881,10 @@ private void AfterCacheAccess(TokenCacheNotificationArgs args)
         }
 
         [TestMethod]
-        public async Task AcquireTokenForClientAuthorityCheckTestAsync()
+        [DataRow(TestConstants.AuthorityCommonTenant)]
+        [DataRow(TestConstants.AuthorityOrganizationsTenant)]
+        [DataRow(TestConstants.AuthorityConsumersTenant)]
+        public async Task AcquireTokenForClientAuthorityCheckTestAsync(string tenant)
         {
             using (var httpManager = new MockHttpManager())
             {
@@ -1895,32 +1898,29 @@ public async Task AcquireTokenForClientAuthorityCheckTestAsync()
                     .WithClientSecret(TestConstants.ClientSecret)
                     .WithHttpManager(httpManager)
                     .WithLogging((LogLevel _, string message, bool _) => log += message)
+                    .WithAuthority(tenant, true)
                     .BuildConcrete();
 
-#pragma warning disable CS0618 // Type or member is obsolete
                 var result = await app
                     .AcquireTokenForClient(TestConstants.s_scope)
-                    .WithAuthority(TestConstants.AuthorityCommonTenant, true)
-                    .ExecuteAsync(CancellationToken.None)
-                    .ConfigureAwait(false);
-
-                Assert.IsTrue(log.Contains(MsalErrorMessage.ClientCredentialWrongAuthority));
-
-                log = string.Empty;
-                result = await app
-                    .AcquireTokenForClient(TestConstants.s_scope)
-                    .WithAuthority(TestConstants.AuthorityOrganizationsTenant, true)
                     .ExecuteAsync(CancellationToken.None)
                     .ConfigureAwait(false);
-#pragma warning restore CS0618 // Type or member is obsolete
 
-                Assert.IsTrue(log.Contains(MsalErrorMessage.ClientCredentialWrongAuthority));
+                if (tenant.Equals(TestConstants.AuthorityConsumersTenant))
+                {
+                    Assert.IsFalse(log.Contains(MsalErrorMessage.ClientCredentialWrongAuthority));
+                }
+                else
+                {
+                    Assert.IsTrue(log.Contains(MsalErrorMessage.ClientCredentialWrongAuthority));
+                }
             }
         }
 
         [TestMethod]
         [DataRow(TestConstants.AuthorityCommonTenant)]
         [DataRow(TestConstants.AuthorityOrganizationsTenant)]
+        [DataRow(TestConstants.AuthorityConsumersTenant)]
         public async Task AcquireTokenOboAuthorityCheckTestAsync(string tenant)
         {
             using (var httpManager = new MockHttpManager())
@@ -1943,7 +1943,14 @@ public async Task AcquireTokenOboAuthorityCheckTestAsync(string tenant)
                     .ExecuteAsync(CancellationToken.None)
                     .ConfigureAwait(false);
 
-                Assert.IsTrue(log.Contains(MsalErrorMessage.OnBehalfOfWrongAuthority));
+                if (tenant.Equals(TestConstants.AuthorityConsumersTenant))
+                {
+                    Assert.IsFalse(log.Contains(MsalErrorMessage.OnBehalfOfWrongAuthority));
+                }
+                else
+                {
+                    Assert.IsTrue(log.Contains(MsalErrorMessage.OnBehalfOfWrongAuthority));
+                }
             }
         }