Refactor to allow HostProviders to override store and erase

Refactor the core commands and host provider types to permit providers
to customise how they store and erase credentials. This would allow for
providers that do not want to use the OS credential store for example.

Author: mjcheetham

src/shared/GitHub.Tests/GitHubHostProviderTests.cs

@@ -24,7 +24,7 @@ public void GitHubHostProvider_IsSupported_GitHubHost_UnencryptedHttp_ReturnsTru
             var provider = new GitHubHostProvider(new TestCommandContext());
 
             // We report that we support unencrypted HTTP here so that we can fail and
-            // show a helpful error message in the call to `CreateCredentialAsync` instead.
+            // show a helpful error message in the call to `GenerateCredentialAsync` instead.
             Assert.True(provider.IsSupported(input));
         }
 
@@ -40,7 +40,7 @@ public void GitHubHostProvider_IsSupported_GistHost_UnencryptedHttp_ReturnsTrue(
             var provider = new GitHubHostProvider(new TestCommandContext());
 
             // We report that we support unencrypted HTTP here so that we can fail and
-            // show a helpful error message in the call to `CreateCredentialAsync` instead.
+            // show a helpful error message in the call to `GenerateCredentialAsync` instead.
             Assert.True(provider.IsSupported(input));
         }
 
@@ -102,7 +102,7 @@ public void GitHubHostProvider_IsSupported_NonGitHub_ReturnsFalse()
         [Fact]
         public void GitHubHostProvider_GetCredentialKey_GitHubHost_ReturnsCorrectKey()
         {
-            const string expectedKey = "https://github.com";
+            const string expectedKey = "git:https://github.com";
             var input = new InputArguments(new Dictionary<string, string>
             {
                 ["protocol"] = "https",
@@ -117,7 +117,7 @@ public void GitHubHostProvider_GetCredentialKey_GitHubHost_ReturnsCorrectKey()
         [Fact]
         public void GitHubHostProvider_GetCredentialKey_GistHost_ReturnsCorrectKey()
         {
-            const string expectedKey = "https://github.com";
+            const string expectedKey = "git:https://github.com";
             var input = new InputArguments(new Dictionary<string, string>
             {
                 ["protocol"] = "https",
@@ -130,7 +130,7 @@ public void GitHubHostProvider_GetCredentialKey_GistHost_ReturnsCorrectKey()
         }
 
         [Fact]
-        public async Task GitHubHostProvider_CreateCredentialAsync_UnencryptedHttp_ThrowsException()
+        public async Task GitHubHostProvider_GenerateCredentialAsync_UnencryptedHttp_ThrowsException()
         {
             var input = new InputArguments(new Dictionary<string, string>
             {
@@ -144,11 +144,11 @@ public async Task GitHubHostProvider_CreateCredentialAsync_UnencryptedHttp_Throw
 
             var provider = new GitHubHostProvider(context, ghApi, ghAuth);
 
-            await Assert.ThrowsAsync<Exception>(() => provider.CreateCredentialAsync(input));
+            await Assert.ThrowsAsync<Exception>(() => provider.GenerateCredentialAsync(input));
         }
 
         [Fact]
-        public async Task GitHubHostProvider_CreateCredentialAsync_1FAOnly_ReturnsCredential()
+        public async Task GitHubHostProvider_GenerateCredentialAsync_1FAOnly_ReturnsCredential()
         {
             var input = new InputArguments(new Dictionary<string, string>
             {
@@ -181,15 +181,15 @@ public async Task GitHubHostProvider_CreateCredentialAsync_1FAOnly_ReturnsCreden
 
             var provider = new GitHubHostProvider(context, ghApiMock.Object, ghAuthMock.Object);
 
-            GitCredential credential = await provider.CreateCredentialAsync(input);
+            ICredential credential = await provider.GenerateCredentialAsync(input);
 
             Assert.NotNull(credential);
             Assert.Equal(Constants.PersonalAccessTokenUserName, credential.UserName);
             Assert.Equal(patValue, credential.Password);
         }
 
         [Fact]
-        public async Task GitHubHostProvider_CreateCredentialAsync_2FARequired_ReturnsCredential()
+        public async Task GitHubHostProvider_GenerateCredentialAsync_2FARequired_ReturnsCredential()
         {
             var input = new InputArguments(new Dictionary<string, string>
             {
@@ -228,7 +228,7 @@ public async Task GitHubHostProvider_CreateCredentialAsync_2FARequired_ReturnsCr
 
             var provider = new GitHubHostProvider(context, ghApiMock.Object, ghAuthMock.Object);
 
-            GitCredential credential = await provider.CreateCredentialAsync(input);
+            ICredential credential = await provider.GenerateCredentialAsync(input);
 
             Assert.NotNull(credential);
             Assert.Equal(Constants.PersonalAccessTokenUserName, credential.UserName);

src/shared/GitHub/GitHubHostProvider.cs

@@ -51,13 +51,13 @@ public override string GetCredentialKey(InputArguments input)
             // Trim trailing slash
             if (url.EndsWith("/"))
             {
-                return url.Substring(0, url.Length - 1);
+                url = url.Substring(0, url.Length - 1);
             }
 
-            return url;
+            return $"git:{url}";
         }
 
-        public override async Task<GitCredential> CreateCredentialAsync(InputArguments input)
+        public override async Task<ICredential> GenerateCredentialAsync(InputArguments input)
         {
             // We should not allow unencrypted communication and should inform the user
             if (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http"))

src/shared/Microsoft.AzureRepos.Tests/AzureReposHostProviderTests.cs

@@ -114,67 +114,7 @@ public void AzureReposProvider_IsSupported_NonAzureRepos_ReturnsFalse()
         }
 
         [Fact]
-        public void AzureReposProvider_GetCredentialKey_AzureHost_ReturnsCorrectKey()
-        {
-            const string expectedKey = "https://dev.azure.com/org";
-            var input = new InputArguments(new Dictionary<string, string>
-            {
-                ["protocol"] = "https",
-                ["host"] = "dev.azure.com",
-                ["path"] = "org/proj/_git/repo",
-            });
-
-            var provider = new AzureReposHostProvider(new TestCommandContext());
-            string actualKey = provider.GetCredentialKey(input);
-            Assert.Equal(expectedKey, actualKey);
-        }
-
-        [Fact]
-        public void AzureReposProvider_GetCredentialKey_AzureHost_MissingPath_UseUserAsOrg()
-        {
-            const string expectedKey = "https://dev.azure.com/userorg";
-            var input = new InputArguments(new Dictionary<string, string>
-            {
-                ["protocol"] = "https",
-                ["host"] = "dev.azure.com",
-                ["username"] = "userorg",
-            });
-
-            var provider = new AzureReposHostProvider(new TestCommandContext());
-            string actualKey = provider.GetCredentialKey(input);
-            Assert.Equal(expectedKey, actualKey);
-        }
-
-        [Fact]
-        public void AzureReposProvider_GetCredentialKey_AzureHost_MissingPathAndUser_ThrowsException()
-        {
-            var input = new InputArguments(new Dictionary<string, string>
-            {
-                ["protocol"] = "https",
-                ["host"] = "dev.azure.com",
-            });
-
-            var provider = new AzureReposHostProvider(new TestCommandContext());
-            Assert.Throws<InvalidOperationException>(() => provider.GetCredentialKey(input));
-        }
-
-        [Fact]
-        public void AzureReposProvider_GetCredentialKey_VisualStudioHost_ReturnsCorrectKey()
-        {
-            const string expectedKey = "https://org.visualstudio.com/";
-            var input = new InputArguments(new Dictionary<string, string>
-            {
-                ["protocol"] = "https",
-                ["host"] = "org.visualstudio.com",
-            });
-
-            var provider = new AzureReposHostProvider(new TestCommandContext());
-            string actualKey = provider.GetCredentialKey(input);
-            Assert.Equal(expectedKey, actualKey);
-        }
-
-        [Fact]
-        public async Task AzureReposProvider_CreateCredentialAsync_UnencryptedHttp_ThrowsException()
+        public async Task AzureReposProvider_GetCredentialAsync_UnencryptedHttp_ThrowsException()
         {
             var input = new InputArguments(new Dictionary<string, string>
             {
@@ -189,11 +129,11 @@ public async Task AzureReposProvider_CreateCredentialAsync_UnencryptedHttp_Throw
 
             var provider = new AzureReposHostProvider(context, azDevOps, msAuth);
 
-            await Assert.ThrowsAsync<Exception>(() => provider.CreateCredentialAsync(input));
+            await Assert.ThrowsAsync<Exception>(() => provider.GetCredentialAsync(input));
         }
 
         [Fact]
-        public async Task AzureReposProvider_CreateCredentialAsync_ReturnsCredential()
+        public async Task AzureReposProvider_GetCredentialAsync_ReturnsCredential()
         {
             var input = new InputArguments(new Dictionary<string, string>
             {
@@ -208,32 +148,27 @@ public async Task AzureReposProvider_CreateCredentialAsync_ReturnsCredential()
             var expectedRedirectUri = AzureDevOpsConstants.AadRedirectUri;
             var expectedResource = AzureDevOpsConstants.AadResourceId;
             var accessToken = "ACCESS-TOKEN";
-            var pat = "PERSONAL-ACCESS-TOKEN";
-            IEnumerable<string> expectedPatScopes = new[]
-            {
-                AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite,
-                AzureDevOpsConstants.PersonalAccessTokenScopes.ArtifactsRead
-            };
+            var personalAccessToken = "PERSONAL-ACCESS-TOKEN";
 
             var context = new TestCommandContext();
 
             var azDevOpsMock = new Mock<IAzureDevOpsRestApi>();
             azDevOpsMock.Setup(x => x.GetAuthorityAsync(expectedOrgUri))
                         .ReturnsAsync(authorityUrl);
-            azDevOpsMock.Setup(x => x.CreatePersonalAccessTokenAsync(expectedOrgUri, accessToken, expectedPatScopes))
-                        .ReturnsAsync(pat);
+            azDevOpsMock.Setup(x => x.CreatePersonalAccessTokenAsync(expectedOrgUri, accessToken, It.IsAny<IEnumerable<string>>()))
+                        .ReturnsAsync(personalAccessToken);
 
             var msAuthMock = new Mock<IMicrosoftAuthentication>();
             msAuthMock.Setup(x => x.GetAccessTokenAsync(authorityUrl, expectedClientId, expectedRedirectUri, expectedResource))
                       .ReturnsAsync(accessToken);
 
             var provider = new AzureReposHostProvider(context, azDevOpsMock.Object, msAuthMock.Object);
 
-            GitCredential credential = await provider.CreateCredentialAsync(input);
+            ICredential credential = await provider.GetCredentialAsync(input);
 
             Assert.NotNull(credential);
-            Assert.Equal(Constants.PersonalAccessTokenUserName, credential.UserName);
-            Assert.Equal(pat, credential.Password);
+            Assert.Equal(personalAccessToken, credential.Password);
+            // We don't care about the username value
         }
     }
 }

src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 using System;
-using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.Git.CredentialManager;
 using Microsoft.Git.CredentialManager.Authentication;
@@ -17,7 +16,7 @@ public AzureReposHostProvider(ICommandContext context)
             : this(context, new AzureDevOpsRestApi(context), new MicrosoftAuthentication(context)) { }
 
         public AzureReposHostProvider(ICommandContext context, IAzureDevOpsRestApi azDevOps, IMicrosoftAuthentication msAuth)
-            : base (context)
+            : base(context)
         {
             EnsureArgument.NotNull(azDevOps, nameof(azDevOps));
             EnsureArgument.NotNull(msAuth, nameof(msAuth));
@@ -42,10 +41,10 @@ public override bool IsSupported(InputArguments input)
 
         public override string GetCredentialKey(InputArguments input)
         {
-            return UriHelpers.CreateOrganizationUri(input).AbsoluteUri;
+            return $"git:{UriHelpers.CreateOrganizationUri(input).AbsoluteUri}";
         }
 
-        public override async Task<GitCredential> CreateCredentialAsync(InputArguments input)
+        public override async Task<ICredential> GenerateCredentialAsync(InputArguments input)
         {
             // We should not allow unencrypted communication and should inform the user
             if (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http"))