Merge pull request #216 from microsoftgraph/po/multiPlatformTokenCache

Multi-Platform Token Cache

Author: peombwa

.azure-pipelines/validate-pr-auth-module.yml

@@ -8,19 +8,18 @@ pr:
     include:
     - dev
     - master
+    - milestone/*
   paths:
     include:
     - src/Authentication/*
 trigger: none
 
 jobs:
-- job: MSGraphPSSDKValidation
-  displayName: MS Graph PS SDK Auth Validation
+- job: MSGraphPSSDKValidation_Windows
+  displayName: MS Graph PS SDK Auth Validation - Windows
   timeoutInMinutes: 300
   pool:
-    name: Microsoft Graph
-    demands: 'Agent.Name -equals Local-Agent'
-  
+    vmImage: 'windows-latest'
   steps:
   - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
     displayName: 'Run CredScan'
@@ -41,6 +40,50 @@ jobs:
       projects: '$(System.DefaultWorkingDirectory)/src/Authentication/Authentication.Test/*.csproj'
       testRunTitle: 'Run Enabled Tests'
 
+  - task: YodLabs.O365PostMessage.O365PostMessageBuild.O365PostMessageBuild@0
+    displayName: 'Graph Client Tooling pipeline fail notification'
+    inputs:
+      addressType: serviceEndpoint
+      serviceEndpointName: 'microsoftgraph pipeline status'
+      title: '$(Build.DefinitionName) failure notification'
+      text: 'This pipeline has failed. View the build details for further information. This is a blocking failure. '
+    condition: and(failed(), ne(variables['Build.Reason'], 'Manual'))
+    enabled: true
+
+- job: MSGraphPSSDKValidation_Linux
+  displayName: MS Graph PS SDK Auth Validation - Linux
+  pool:
+    vmImage: 'ubuntu-latest'
+  steps:
+  - task: DotNetCoreCLI@2
+    displayName: 'Run Enabled Tests'
+    inputs:
+      command: 'test'
+      projects: '$(System.DefaultWorkingDirectory)/src/Authentication/Authentication.Test/*.csproj'
+      testRunTitle: 'Run Enabled Tests'
+
+  - task: YodLabs.O365PostMessage.O365PostMessageBuild.O365PostMessageBuild@0
+    displayName: 'Graph Client Tooling pipeline fail notification'
+    inputs:
+      addressType: serviceEndpoint
+      serviceEndpointName: 'microsoftgraph pipeline status'
+      title: '$(Build.DefinitionName) failure notification'
+      text: 'This pipeline has failed. View the build details for further information. This is a blocking failure. '
+    condition: and(failed(), ne(variables['Build.Reason'], 'Manual'))
+    enabled: true
+  
+- job: MSGraphPSSDKValidation_MacOS
+  displayName: MS Graph PS SDK Auth Validation - MacOS
+  pool:
+    vmImage: 'macOS-latest'
+  steps:
+  - task: DotNetCoreCLI@2
+    displayName: 'Run Enabled Tests'
+    inputs:
+      command: 'test'
+      projects: '$(System.DefaultWorkingDirectory)/src/Authentication/Authentication.Test/*.csproj'
+      testRunTitle: 'Run Enabled Tests'
+
   - task: YodLabs.O365PostMessage.O365PostMessageBuild.O365PostMessageBuild@0
     displayName: 'Graph Client Tooling pipeline fail notification'
     inputs:

.azure-pipelines/validate-pr-beta-modules.yml

@@ -8,6 +8,7 @@ pr:
     include:
     - master
     - dev
+    - milestone/*
   paths:
     include:
     - src/Beta/*

src/Authentication/Authentication.Test/TokenCache/TokenCacheStorageTests.cs

@@ -0,0 +1,154 @@
+namespace Microsoft.Graph.Authentication.Test.TokenCache
+{
+    using Microsoft.Graph.PowerShell.Authentication.TokenCache;
+    using System;
+    using System.Text;
+    using System.Threading;
+    using System.Threading.Tasks;
+    using Xunit;
+
+    public class TokenCacheStorageTests: IDisposable
+    {
+        private const string TestAppId1 = "test_app_id_1";
+
+        [Fact]
+        public void ShouldStoreNewTokenToPlatformCache()
+        {
+            // Arrange
+            string strContent = "random data for app.";
+            byte[] bufferToStore = Encoding.UTF8.GetBytes(strContent);
+
+            // Act
+            TokenCacheStorage.SetToken(TestAppId1, bufferToStore);
+
+            // Assert
+            byte[] storedBuffer = TokenCacheStorage.GetToken(TestAppId1);
+            Assert.Equal(bufferToStore.Length, storedBuffer.Length);
+            Assert.Equal(strContent, Encoding.UTF8.GetString(storedBuffer));
+
+            // Cleanup
+            CleanTokenCache(TestAppId1);
+        }
+
+        [Fact]
+        public void ShouldStoreMultipleAppTokensInPlatformCache()
+        {
+            // Arrange
+            string app1StrContent = "random data for app 1.";
+            byte[] app1BufferToStore = Encoding.UTF8.GetBytes(app1StrContent);
+
+            string TestAppId2 = "test_app_id_2";
+            string app2StrContent = "random data for app 2 plus more data.";
+            byte[] app2BufferToStore = Encoding.UTF8.GetBytes(app2StrContent);
+
+            // Act
+            TokenCacheStorage.SetToken(TestAppId1, app1BufferToStore);
+            TokenCacheStorage.SetToken(TestAppId2, app2BufferToStore);
+
+            // Assert
+            byte[] app1StoredBuffer = TokenCacheStorage.GetToken(TestAppId1);
+            Assert.Equal(app1BufferToStore.Length, app1StoredBuffer.Length);
+            Assert.Equal(app1StrContent, Encoding.UTF8.GetString(app1StoredBuffer));
+
+            byte[] app2StoredBuffer = TokenCacheStorage.GetToken(TestAppId2);
+            Assert.Equal(app2BufferToStore.Length, app2StoredBuffer.Length);
+            Assert.Equal(app2StrContent, Encoding.UTF8.GetString(app2StoredBuffer));
+
+            // Cleanup
+            CleanTokenCache(TestAppId1);
+            CleanTokenCache(TestAppId2);
+        }
+
+
+        [Fact]
+        public void ShouldUpdateTokenInPlatformCache()
+        {
+            // Arrange
+            string originalStrContent = "random data for app.";
+            byte[] originalBuffer = Encoding.UTF8.GetBytes(originalStrContent);
+            TokenCacheStorage.SetToken(TestAppId1, originalBuffer);
+
+            // Act
+            string strContentToUpdate = "updated random data for app.";
+            byte[] updateBuffer = Encoding.UTF8.GetBytes(strContentToUpdate);
+            TokenCacheStorage.SetToken(TestAppId1, updateBuffer);
+
+            // Assert
+            byte[] storedBuffer = TokenCacheStorage.GetToken(TestAppId1);
+            Assert.NotEqual(originalBuffer.Length, storedBuffer.Length);
+            Assert.Equal(updateBuffer.Length, storedBuffer.Length);
+            Assert.Equal(strContentToUpdate, Encoding.UTF8.GetString(storedBuffer));
+
+            // Cleanup
+            CleanTokenCache(TestAppId1);
+        }
+
+        [Fact]
+        public void ShouldReturnNoContentWhenPlatformCacheIsEmpty()
+        {
+            // Arrange
+            CleanTokenCache(TestAppId1);
+
+            // Act
+            byte[] storedBuffer = TokenCacheStorage.GetToken(TestAppId1);
+
+            // Assert
+            Assert.Empty(storedBuffer);
+        }
+
+        [Fact]
+        public void ShouldDeleteCache()
+        {
+            // Arrange
+            string originalStrContent = "random data for app.";
+            byte[] originalBuffer = Encoding.UTF8.GetBytes(originalStrContent);
+            TokenCacheStorage.SetToken(TestAppId1, originalBuffer);
+
+            // Act
+            TokenCacheStorage.DeleteToken(TestAppId1);
+
+            // Assert
+            byte[] storedBuffer = TokenCacheStorage.GetToken(TestAppId1);
+            Assert.Empty(storedBuffer);
+        }
+
+
+        [Fact]
+        public void ShouldMakeParallelCallsToTokenCache()
+        {
+            // Arrange
+            int executions = 50;
+            int count = 0;
+            bool failed = false;
+
+            // Act
+            Parallel.For(0, executions, (index) => {
+                byte[] contentBuffer = Encoding.UTF8.GetBytes(index.ToString());
+                TokenCacheStorage.SetToken($"{index}", contentBuffer);
+
+                byte[] storedBuffer = TokenCacheStorage.GetToken(index.ToString());
+                if (index.ToString() != Encoding.UTF8.GetString(storedBuffer))
+                {
+                    failed = true;
+                }
+
+                CleanTokenCache(index.ToString());
+                Interlocked.Increment(ref count);
+            });
+
+            // Assert
+            Assert.Equal(executions, count);
+            Assert.False(failed, "Unexpected content found.");
+        }
+
+        public void Dispose()
+        {
+            CleanTokenCache(TestAppId1);
+        }
+
+        private void CleanTokenCache(string appId)
+        {
+            TokenCacheStorage.DeleteToken(appId);
+        }
+    }
+}

src/Authentication/Authentication/Constants.cs

@@ -13,8 +13,7 @@ public static class Constants
         internal const string UserParameterSet = "UserParameterSet";
         internal const string AppParameterSet = "AppParameterSet";
         internal const int MaxDeviceCodeTimeOut = 120; // 2 mins timeout.
-        internal const string UserCacheFileName = "userTokenCache.bin3";
-        internal const string AppCacheFileName = "appTokenCache.bin3";
         internal static readonly string TokenCacheDirectory = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".graph");
+        internal const string TokenCacheServiceName = "com.microsoft.graph.powershell.sdkcache";
     }
 }

src/Authentication/Authentication/ErrorConstants.cs

@@ -20,6 +20,8 @@ internal static class Message
             internal const string InvalidJWT = "Invalid JWT access token.";
             internal const string MissingAuthContext = "Authentication needed, call Connect-Graph.";
             internal const string InstanceExists = "An instance of {0} already exists. Call {1} to overwrite it.";
+            internal const string NullOrEmptyParameter = "Parameter '{0}' cannot be null or empty.";
+            internal const string MacKeyChainFailed = "{0} failed with result code {1}.";
         }
     }
 }

src/Authentication/Authentication/Helpers/AuthenticationHelpers.cs

@@ -24,7 +24,7 @@ internal static IAuthenticationProvider GetAuthProvider(IAuthContext authConfig)
                    .WithTenantId(authConfig.TenantId)
                    .Build();
 
-                ConfigureTokenCache(publicClientApp.UserTokenCache, Constants.UserCacheFileName);
+                ConfigureTokenCache(publicClientApp.UserTokenCache, authConfig.ClientId);
                 return new DeviceCodeProvider(publicClientApp, authConfig.Scopes, async (result) => {
                     await Console.Out.WriteLineAsync(result.Message);
                 });
@@ -37,7 +37,7 @@ internal static IAuthenticationProvider GetAuthProvider(IAuthContext authConfig)
                 .WithCertificate(string.IsNullOrEmpty(authConfig.CertificateThumbprint) ? GetCertificateByName(authConfig.CertificateName) : GetCertificateByThumbprint(authConfig.CertificateThumbprint))
                 .Build();
 
-                ConfigureTokenCache(confidentialClientApp.AppTokenCache, Constants.AppCacheFileName);
+                ConfigureTokenCache(confidentialClientApp.AppTokenCache, authConfig.ClientId);
                 return new ClientCredentialProvider(confidentialClientApp);
             }
         }
@@ -46,37 +46,24 @@ internal static void Logout(IAuthContext authConfig)
         {
             lock (FileLock)
             {
-                if (authConfig.AuthType == AuthenticationType.Delegated)
-                    File.Delete(Path.Combine(Constants.TokenCacheDirectory, Constants.UserCacheFileName));
-                else
-                    File.Delete(Path.Combine(Constants.TokenCacheDirectory, Constants.AppCacheFileName));
+                TokenCacheStorage.DeleteToken(authConfig.ClientId);
             }
         }
 
-        private static void ConfigureTokenCache(ITokenCache tokenCache, string tokenCacheFile)
+        private static void ConfigureTokenCache(ITokenCache tokenCache, string appId)
         {
-            if (!Directory.Exists(Constants.TokenCacheDirectory))
-                Directory.CreateDirectory(Constants.TokenCacheDirectory);
-
-            string tokenCacheFilePath = Path.Combine(Constants.TokenCacheDirectory, tokenCacheFile);
-
             tokenCache.SetBeforeAccess((TokenCacheNotificationArgs args) => {
                 lock (FileLock)
                 {
-                    args.TokenCache.DeserializeMsalV3(File.Exists(tokenCacheFilePath)
-                        ? TokenCryptographer.DecryptToken(File.ReadAllBytes(tokenCacheFilePath))
-                        : null,
-                        shouldClearExistingCache: true);
+                    args.TokenCache.DeserializeMsalV3(TokenCacheStorage.GetToken(appId), shouldClearExistingCache: true);
                 }
             });
 
             tokenCache.SetAfterAccess((TokenCacheNotificationArgs args) => {
                 lock (FileLock)
                 {
                     if (args.HasStateChanged)
-                    {
-                        File.WriteAllBytes(tokenCacheFilePath, TokenCryptographer.EncryptToken(args.TokenCache.SerializeMsalV3()));
-                    }
+                        TokenCacheStorage.SetToken(appId, args.TokenCache.SerializeMsalV3());
                 }
             });
         }

src/Authentication/Authentication/Helpers/PlatformHelpers.cs

@@ -0,0 +1,26 @@
+// ------------------------------------------------------------------------------
+//  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
+// ------------------------------------------------------------------------------
+
+namespace Microsoft.Graph.PowerShell.Authentication.Helpers
+{
+    using System.Runtime.InteropServices;
+
+    internal static class OperatingSystem
+    {
+        /// <summary>
+        /// Detects if the platform we are running on is Windows.
+        /// </summary>
+        public static bool IsWindows() => RuntimeInformation.IsOSPlatform(OSPlatform.Windows);
+
+        /// <summary>
+        /// Detects if the platform we are running on is MacOS.
+        /// </summary>
+        public static bool IsMacOS() => RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
+
+        /// <summary>
+        /// Detects if the platform we are running on is Linux.
+        /// </summary>
+        public static bool IsLinux() => RuntimeInformation.IsOSPlatform(OSPlatform.Linux);
+    }
+}

src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1

@@ -12,7 +12,7 @@
 RootModule = './Microsoft.Graph.Authentication.psm1'
 
 # Version number of this module.
-ModuleVersion = '0.5.1'
+ModuleVersion = '0.7.0'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'