Merge pull request #14271 from HuihuiWu-Microsoft/fix-m365-tenant-not-match

fix: instruct user to switch account when meet m365 tenant id mismatc…

Author: wh-alice

packages/api/src/utils/login.ts

@@ -183,6 +183,11 @@ export interface M365TokenProvider {
    * @param tokenRequest permission scopes or show user interactive UX
    */
   getStatus(tokenRequest: TokenRequest): Promise<Result<LoginStatus, FxError>>;
+
+  /**
+   * Sign out from current M365 account
+   */
+  signout(): Promise<boolean>;
   /**
    * Switch to specified tenant for current user account
    * @param tenantId id of tenant that user wants to switch to

packages/api/tests/login.test.ts

@@ -24,6 +24,10 @@ class M365Provider extends BasicLogin implements M365TokenProvider {
   async switchTenant(tenantId: string): Promise<Result<string, FxError>> {
     return ok("fakeToken");
   }
+
+  async signout(): Promise<boolean> {
+    return true;
+  }
 }
 
 describe("m365Login", function () {

packages/cli/src/commonlib/m365LoginUserPassword.ts

@@ -133,8 +133,8 @@ export class M365ProviderUserPassword extends BasicLogin implements M365TokenPro
     throw new Error("Method not implemented.");
   }
 
-  signout(): boolean {
-    return true;
+  signout(): Promise<boolean> {
+    return Promise.resolve(true);
   }
 
   switchTenant(tenantId: string): Promise<Result<string, FxError>> {

packages/fx-core/resource/package.nls.json

@@ -16,6 +16,8 @@
   "core.provision.confirmEnvAndCostNotice": "Costs may apply based on usage. Do you want to provision resources in %s environment using listed accounts?",
   "core.deploy.confirmEnvNoticeV3": "Do you want to deploy resources in %s environment?",
   "core.provision.viewResources": "View provisioned resources",
+  "core.provision.switchAccount": "You're signed in with a Microsoft 365 account that doesn't match this environment. Please sign out and sign in with the correct one.",
+  "core.provision.switchAccount.continue": "Continue",
   "core.deploy.aadManifestSuccessNotice": "Your Microsoft Entra app has been deployed successfully. To view that, click \"More info\"",
   "core.deploy.aadManifestOnCLISuccessNotice": "Your Microsoft Entra app has been updated successfully.",
   "core.deploy.aadManifestLearnMore": "More info",

packages/fx-core/src/component/coordinator/index.ts

@@ -36,6 +36,7 @@ import {
   InputValidationError,
   MissingEnvironmentVariablesError,
   MissingRequiredInputError,
+  UserCancelError,
   assembleError,
 } from "../../error/common";
 import { LifeCycleUndefinedError } from "../../error/yml";
@@ -439,10 +440,32 @@ class Coordinator {
 
       const checkM365TenatRes = provisionUtils.ensureM365TenantMatchesV3(
         tenantSwitchCheckActions,
-        m365tenantInfo?.tenantIdInToken
+        m365tenantInfo.tenantIdInToken
       );
       if (checkM365TenatRes.isErr()) {
-        return err(checkM365TenatRes.error);
+        const msg = getLocalizedString("core.provision.switchAccount");
+        const continueItem = getLocalizedString("core.provision.switchAccount.continue");
+        const userCofirmRes = await ctx.ui?.showMessage("warn", msg, true, continueItem);
+        if (userCofirmRes?.isOk() && userCofirmRes.value === continueItem) {
+          await ctx.m365TokenProvider.signout();
+
+          const tenantInfoInTokenRes1 = await provisionUtils.getM365TenantId(ctx.m365TokenProvider);
+          if (tenantInfoInTokenRes1.isErr()) {
+            return err(tenantInfoInTokenRes1.error);
+          }
+          m365tenantInfo = tenantInfoInTokenRes1.value;
+
+          const checkM365TenatRes1 = provisionUtils.ensureM365TenantMatchesV3(
+            tenantSwitchCheckActions,
+            m365tenantInfo.tenantIdInToken
+          );
+
+          if (checkM365TenatRes1.isErr()) {
+            return err(checkM365TenatRes1.error);
+          }
+        } else {
+          return err(new UserCancelError("coordinator"));
+        }
       }
     }