Merge pull request #33 from github-for-unity/fixes/secure-keychain-adapter

shana · web-flow · commit 9c57623f5c5f · 2017-07-05T15:38:34.000+02:00
Fix for Keychain to validate credentials from CredentialManager
diff --git a/src/GitHub.Api/Authentication/Keychain.cs b/src/GitHub.Api/Authentication/Keychain.cs
@@ -52,19 +52,26 @@ public IKeychainAdapter Connect(UriString host)
 
         public async Task<IKeychainAdapter> Load(UriString host)
         {
-            var keychainAdapter = FindOrCreateAdapter(host);
+            KeychainAdapter keychainAdapter = FindOrCreateAdapter(host);
+            var cachedConnection = connectionCache[host];
+
+            logger.Trace($@"Loading KeychainAdapter Host:""{host}"" Cached Username:""{cachedConnection.Username}""");
 
-            logger.Trace("Load KeychainAdapter Host:\"{0}\"", host);
             var keychainItem = await credentialManager.Load(host);
 
             if (keychainItem == null)
             {
-                logger.Warning("Cannot load host from credential manager; removing from cache");
+                logger.Warning("Cannot load host from Credential Manager; removing from cache");
+                await Clear(host, false);
+            }
+            else if (keychainItem.Username != cachedConnection.Username)
+            {
+                logger.Warning("Item loaded from credential manager does not match connection cache ; removing from cache");
                 await Clear(host, false);
             }
             else
             {
-                logger.Trace("Loading KeychainItem:{0}", keychainItem.ToString());
+                logger.Trace($@"Loaded from Credential Manager Host:""{keychainItem.Host}"" Username:""{keychainItem.Username}""");
                 keychainAdapter.Set(keychainItem);
             }
 
@@ -113,7 +120,10 @@ private void ReadCacheFromDisk()
             if (connections != null)
             {
                 connectionCache =
-                    connections.Select(item => new Connection { Host = new UriString(item.Host), Username = item.Username })
+                    connections.Select(item => {
+                                    logger.Trace("ReadCacheFromDisk Item Host:{0} Username:{1}", item.Host, item.Username);
+                                    return new Connection { Host = new UriString(item.Host), Username = item.Username };
+                               })
                                .ToDictionary(connection => connection.Host);
             }
             else
diff --git a/src/tests/UnitTests/Authentication/KeychainTests.cs b/src/tests/UnitTests/Authentication/KeychainTests.cs
@@ -18,7 +18,7 @@ public class KeychainTests
         private static readonly SubstituteFactory SubstituteFactory = new SubstituteFactory();
 
         [Test]
-        public void Should_Initialize_When_Cache_Does_Not_Exist()
+        public void ShouldInitializeWhenCacheDoesNotExist()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
 
@@ -52,7 +52,7 @@ public void Should_Initialize_When_Cache_Does_Not_Exist()
         }
 
         [Test]
-        public void Should_Initialize_When_Cache_Invalid()
+        public void ShouldInitializeWhenCacheInvalid()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
             const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
@@ -92,7 +92,7 @@ public void Should_Initialize_When_Cache_Invalid()
         }
 
         [Test]
-        public void Should_Initialize_When_Cache_Exists()
+        public void ShouldInitializeWhenCacheExists()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
             const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
@@ -134,7 +134,7 @@ public void Should_Initialize_When_Cache_Exists()
         }
 
         [Test]
-        public void Should_Load_From_ConnectionManager()
+        public void ShouldLoadFromConnectionManager()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
             const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
@@ -194,7 +194,7 @@ public void Should_Load_From_ConnectionManager()
         }
 
         [Test]
-        public void Should_Delete_From_Cache_When_Load_Returns_Null_From_ConnectionManager()
+        public void ShouldDeleteFromCacheWhenLoadReturnsNullFromConnectionManager()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
             const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
@@ -248,7 +248,82 @@ public void Should_Delete_From_Cache_When_Load_Returns_Null_From_ConnectionManag
         }
 
         [Test]
-        public void Should_Connect_Set_Credentials_Token_And_Save()
+        public void ShouldDeleteFromCacheWhenLoadReturnsNullFromConnectionManagerDueToUserMismatch()
+        {
+            const string connectionsCachePath = @"c:\UserCachePath\";
+            const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
+
+            const string cachedUsername = "SomeCachedUser";
+            const string credentialedUsername = "SomeCredentialedUser";
+
+            const string token = "SomeToken";
+
+            var hostUri = new UriString("https://github.com/");
+
+            var fileSystem = SubstituteFactory.CreateFileSystem(new CreateFileSystemOptions
+            {
+                FilesThatExist = new List<string> { connectionsCacheFile },
+                FileContents = new Dictionary<string, IList<string>> {
+                    {connectionsCacheFile, new List<string> {$@"[{{""Host"":""https://github.com/"",""Username"":""{cachedUsername}""}}]"
+                    }}
+                }
+            });
+
+            NPath.FileSystem = fileSystem;
+
+            var environment = SubstituteFactory.CreateEnvironment();
+            environment.UserCachePath.Returns(info => connectionsCachePath.ToNPath());
+            environment.FileSystem.Returns(fileSystem);
+
+            var credentialManager = Substitute.For<ICredentialManager>();
+            credentialManager.Load(hostUri).Returns(info =>
+            {
+                var credential = Substitute.For<ICredential>();
+                credential.Username.Returns(credentialedUsername);
+                credential.Token.Returns(token);
+                credential.Host.Returns(hostUri);
+                return TaskEx.FromResult(credential);
+            });
+
+            var keychain = new Keychain(environment, credentialManager);
+            keychain.Initialize();
+
+            fileSystem.Received(1).FileExists(connectionsCacheFile);
+            fileSystem.DidNotReceive().FileDelete(Args.String);
+            fileSystem.Received(1).ReadAllText(connectionsCacheFile);
+            fileSystem.DidNotReceive().ReadAllLines(Args.String);
+            fileSystem.DidNotReceive().WriteAllText(Args.String, Args.String);
+            fileSystem.DidNotReceive().WriteAllLines(Args.String, Arg.Any<string[]>());
+
+            credentialManager.DidNotReceive().Load(Args.UriString);
+            credentialManager.DidNotReceive().HasCredentials();
+            credentialManager.DidNotReceive().Delete(Args.UriString);
+            credentialManager.DidNotReceive().Save(Arg.Any<ICredential>());
+
+            fileSystem.ClearReceivedCalls();
+
+            var uriString = keychain.Connections.FirstOrDefault();
+            var keychainAdapter = keychain.Load(uriString).Result;
+            keychainAdapter.Credential.Should().BeNull();
+
+            keychainAdapter.OctokitCredentials.AuthenticationType.Should().Be(AuthenticationType.Anonymous);
+            keychainAdapter.OctokitCredentials.Login.Should().BeNull();
+            keychainAdapter.OctokitCredentials.Password.Should().BeNull();
+
+            fileSystem.DidNotReceive().FileExists(Args.String);
+            fileSystem.DidNotReceive().ReadAllText(Args.String);
+            fileSystem.DidNotReceive().FileDelete(Args.String);
+            fileSystem.Received(1).WriteAllText(connectionsCacheFile, "[]");
+            fileSystem.DidNotReceive().WriteAllLines(Args.String, Arg.Any<string[]>());
+
+            credentialManager.Received(1).Load(hostUri);
+            credentialManager.DidNotReceive().HasCredentials();
+            credentialManager.DidNotReceive().Delete(Args.UriString);
+            credentialManager.DidNotReceive().Save(Arg.Any<ICredential>());
+        }
+
+        [Test]
+        public void ShouldConnectSetCredentialsTokenAndSave()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
             const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
@@ -334,7 +409,7 @@ public void Should_Connect_Set_Credentials_Token_And_Save()
         }
 
         [Test]
-        public void Should_Connect_Set_Credentials_And_Clear()
+        public void ShouldConnectSetCredentialsAndClear()
         {
             const string connectionsCachePath = @"c:\UserCachePath\";
             const string connectionsCacheFile = @"c:\UserCachePath\connections.json";
diff --git a/src/tests/UnitTests/SetUpFixture.cs b/src/tests/UnitTests/SetUpFixture.cs
@@ -10,7 +10,7 @@ public class SetUpFixture
         [SetUp]
         public void SetUp()
         {
-            //Logging.TracingEnabled = true;
+            Logging.TracingEnabled = true;
 
             Logging.LogAdapter = new MultipleLogAdapter(new FileLogAdapter($"..\\{DateTime.UtcNow.ToString("yyyyMMddHHmmss")}-unit-tests.log"));
         }

Original file line number	Diff line number	Diff line change
`@@ -52,19 +52,26 @@ public IKeychainAdapter Connect(UriString host)`
`52`	`52`
`53`	`53`	`public async Task<IKeychainAdapter> Load(UriString host)`
`54`	`54`	`{`
`55`		`- var keychainAdapter = FindOrCreateAdapter(host);`
	`55`	`+ KeychainAdapter keychainAdapter = FindOrCreateAdapter(host);`
	`56`	`+ var cachedConnection = connectionCache[host];`
	`57`	`+`
	`58`	`+ logger.Trace($@"Loading KeychainAdapter Host:""{host}"" Cached Username:""{cachedConnection.Username}""");`
`56`	`59`
`57`		`- logger.Trace("Load KeychainAdapter Host:\"{0}\"", host);`
`58`	`60`	`var keychainItem = await credentialManager.Load(host);`
`59`	`61`
`60`	`62`	`if (keychainItem == null)`
`61`	`63`	`{`
`62`		`- logger.Warning("Cannot load host from credential manager; removing from cache");`
	`64`	`+ logger.Warning("Cannot load host from Credential Manager; removing from cache");`
	`65`	`+ await Clear(host, false);`
	`66`	`+ }`
	`67`	`+ else if (keychainItem.Username != cachedConnection.Username)`
	`68`	`+ {`
	`69`	`+ logger.Warning("Item loaded from credential manager does not match connection cache ; removing from cache");`
`63`	`70`	`await Clear(host, false);`
`64`	`71`	`}`
`65`	`72`	`else`
`66`	`73`	`{`
`67`		`- logger.Trace("Loading KeychainItem:{0}", keychainItem.ToString());`
	`74`	`+ logger.Trace($@"Loaded from Credential Manager Host:""{keychainItem.Host}"" Username:""{keychainItem.Username}""");`
`68`	`75`	`keychainAdapter.Set(keychainItem);`
`69`	`76`	`}`
`70`	`77`
`@@ -113,7 +120,10 @@ private void ReadCacheFromDisk()`
`113`	`120`	`if (connections != null)`
`114`	`121`	`{`
`115`	`122`	`connectionCache =`
`116`		`- connections.Select(item => new Connection { Host = new UriString(item.Host), Username = item.Username })`
	`123`	`+ connections.Select(item => {`
	`124`	`+ logger.Trace("ReadCacheFromDisk Item Host:{0} Username:{1}", item.Host, item.Username);`
	`125`	`+ return new Connection { Host = new UriString(item.Host), Username = item.Username };`
	`126`	`+ })`
`117`	`127`	`.ToDictionary(connection => connection.Host);`
`118`	`128`	`}`
`119`	`129`	`else`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ public class SetUpFixture`
`10`	`10`	`[SetUp]`
`11`	`11`	`public void SetUp()`
`12`	`12`	`{`
`13`		`- //Logging.TracingEnabled = true;`
	`13`	`+ Logging.TracingEnabled = true;`
`14`	`14`
`15`	`15`	`Logging.LogAdapter = new MultipleLogAdapter(new FileLogAdapter($"..\\{DateTime.UtcNow.ToString("yyyyMMddHHmmss")}-unit-tests.log"));`
`16`	`16`	`}`