fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMa…

…cLoginWindow

History.md

@@ -1,5 +1,52 @@
 # What's New In XCreds #
 
+## XCreds 3.3 ##
+
+### Select Existing User Account During Account Creation ###
+Using the new preference key “shouldPromptForMigration”, when a new login is detected and there are existing standard user accounts on the system, the user will be prompted for a username and password (#98).
+
+If the username and password are successfully entered for an existing account, this local account will then be used when logging in with this cloud account. The local account has 2 new DS attributes added:
+
+dsAttrTypeNative:_xcreds_oidc_sub: Subscriber. Unique identifier for account within the current issuer. 
+
+dsAttrTypeNative:_xcreds_oidc_iss: Issuer
+In subsequent logins, the user account is selected by matching the sub and iss from the identity token to the values in the local account.
+
+Note that the user will only be prompted if there are existing standard accounts on the system and the login does not have a locally mapped account.
+
+The dialog for migration has a “Create New Account” button that will allow them to skip migration and create a local account. If a local account using the prior logic exists, it will be mapped.
+
+### Key Combination for showing Standard and Mac login window ###
+Setting the new preference key “shouldAllowKeyComboForMacLoginWindow” allows switch login between cloud and standard/Mac login using a key combination regardless of the hidden state of the Switch Login Window button (#121). The keys are as follows:
+
+Option-Control-Return: Switch between cloud and standard login window.
+Command-Option-Control-Return: Switch between cloud and Mac login window.
+
+### Account Alias ###
+When a new preference is set (“aliasName”) to a claim in the identity token, the value in that claim is used to set an alias to the user account, allowing them to login with it.
+
+An example: Set the preferences to have aliasName = “upn”. Log in as barney@twocanoes.com. The identity token has a claim called “upn” whose value was “barney@twocanoes.com“. XCreds then adds barney@twocanoes.com that is an alias and the user can login with either barney or barney@twocanoes.com at the local and mac login window. This gives the user a consistent way to log in at the cloud login or the standard / Mac login window.
+
+### New Features ###
+* Removed logging messages that had a local path from the build system.
+* Updates postinstall to better handle the setup assistant and userland install scenarios. Thanks to Clkw0rk for the pull request.
+* Reload login window on network changes. Thanks to Clkw0rk for the pull request and credit to @hurricanehrndz and the CPE Team at Yelp
+* Reload login window after wifi connected. Thanks to Clkw0rk for the pull request.
+* add encoding for special characters to tokenmanager. Thanks to Clkw0rk for the pull request.
+* use default desktop from CoreServices. Thanks to Clkw0rk and the CPE Team at Yelp for the pull request.
+
+
+## XCreds 3.2 ##
+
+* Support for Okta ROPG
+* New preference key to force local login: shouldPreferLocalLoginInsteadOfCloudLogin
+* New preference key show login window based on detecting network status: shouldDetectNetworkToDetermineLoginWindow
+* Added self healing for auth rights
+* Added support for keyboard nav for controls
+* Detect offline and automatically switch to local login
+* Remove trailing and leading spaces entered in username
+
+
 ## XCreds 3.1 ##
 
 ### Active Directory Login ###

Profile Manifest/com.twocanoes.xcreds.plist

@@ -5,7 +5,7 @@
 	<key>pfm_app_url</key>
 	<string>https://github.com/twocanoes/xcreds</string>
 	<key>pfm_description</key>
-	<string>XCreds 3.3 (5269) OAuth Settings</string>
+	<string>XCreds 3.3 (5273) OAuth Settings</string>
 	<key>pfm_documentation_url</key>
 	<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 	<key>pfm_domain</key>
@@ -443,7 +443,7 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_default</key>
 			<false/>
 			<key>pfm_description</key>
-			<string>Favor using XCreds&apos; local login screen over the cloud login UI.</string>
+			<string>Favor using XCreds' local login screen over the cloud login UI.</string>
 			<key>pfm_documentation_url</key>
 			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
@@ -481,9 +481,9 @@ Note that Google does not support the offline_access scope so instead use the pr
 		</dict>
 		<dict>
 			<key>pfm_description</key>
-			<string>Name of OIDC claim that contains an alias to add to a user account. Usually this is the &quot;upn&quot; (eg syd@twocanoes.com) so the user can log in at the standard login window the same as the IdP login window. Adds the value to record name of the user account as an alias.</string>
+			<string>Name of OIDC claim that contains an alias to add to a user account. Usually this is the "upn" (eg syd@twocanoes.com) so the user can log in at the standard login window the same as the IdP login window. Adds the value to record name of the user account as an alias.</string>
 			<key>pfm_documentation_url</key>
-			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#aliasname</string>
+			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
 			<string>aliasName</string>
 			<key>pfm_title</key>
@@ -593,7 +593,7 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_description</key>
 			<string>Prompt for local account username and password if no account was mapped and there are standard users already on the system.</string>
 			<key>pfm_documentation_url</key>
-			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#shouldPromptForMigration</string>
+			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
 			<string>shouldPromptForMigration</string>
 			<key>pfm_title</key>
@@ -607,7 +607,7 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_description</key>
 			<string>Allow key combo (control-option return) to switch logon window. Use command-option-control-return for Mac Login Window. </string>
 			<key>pfm_documentation_url</key>
-			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#shouldAllowKeyComboForMacLoginWindow</string>
+			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
 			<string>shouldAllowKeyComboForMacLoginWindow</string>
 			<key>pfm_title</key>
@@ -739,7 +739,7 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_default</key>
 			<false/>
 			<key>pfm_description</key>
-			<string>Reset the keychain without prompting if the login password doesn&apos;t match the local password.</string>
+			<string>Reset the keychain without prompting if the login password doesn't match the local password.</string>
 			<key>pfm_documentation_url</key>
 			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
@@ -848,9 +848,9 @@ Note that Google does not support the offline_access scope so instead use the pr
 		</dict>
 		<dict>
 			<key>pfm_description</key>
-			<string>Password element id of the html element that has the password. It is read by using JavaScript to get the value (for example, for Azure, the JavaScript document.getElementById(&apos;i0118&apos;).value is sent. If this default is not set, standard values for Azure and Google Cloud will be used. To find out this value, use a browser to inspect the source of the page that has the password on it. Find the id of the textfield that has the password. Fill in the password and then open the JavaScript console. Run:
+			<string>Password element id of the html element that has the password. It is read by using JavaScript to get the value (for example, for Azure, the JavaScript document.getElementById('i0118').value is sent. If this default is not set, standard values for Azure and Google Cloud will be used. To find out this value, use a browser to inspect the source of the page that has the password on it. Find the id of the textfield that has the password. Fill in the password and then open the JavaScript console. Run:
 
-document.getElementById(&apos;passwordID&apos;).value
+document.getElementById('passwordID').value
 
 changing “passwordID” to the correct element ID. If the value you typed into the textfield is returned, this is the correct ID.</string>
 			<key>pfm_documentation_url</key>

XCreds/defaults.plist

@@ -57,6 +57,6 @@
 	<key>shouldPromptForMigration</key>
 	<false/>
 	<key>shouldAllowKeyComboForMacLoginWindow</key>
-	<true/>
+	<false/>
 </dict>
 </plist>

XCredsLoginPlugIn/LoginWindow/VerifyLocalCredentialsWindowController.swift

@@ -19,12 +19,16 @@ class VerifyLocalCredentialsWindowController: NSWindowController, NSWindowDelega
     var shouldShowCreateNewAccountButton:Bool?=true
     override func windowDidLoad() {
         super.windowDidLoad()
+        if let shouldShowCreateNewAccountButton = shouldShowCreateNewAccountButton{
+            createNewAccountButton.isHidden = !shouldShowCreateNewAccountButton
+        }
 
     }
     func windowDidBecomeKey(_ notification: Notification) {
         if let shouldShowCreateNewAccountButton = shouldShowCreateNewAccountButton{
             createNewAccountButton.isHidden = !shouldShowCreateNewAccountButton
         }
+
     }
 
     @IBAction func okButtonPressed(_ sender: Any) {

XCredsLoginPlugIn/LoginWindow/VerifyLocalCredentialsWindowController.xib

@@ -26,15 +26,15 @@
                 <rect key="frame" x="0.0" y="0.0" width="480" height="198"/>
                 <autoresizingMask key="autoresizingMask"/>
                 <subviews>
-                    <textField focusRingType="none" horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="ZZX-XH-fjB">
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="ZZX-XH-fjB">
                         <rect key="frame" x="34" y="82" width="66" height="16"/>
                         <textFieldCell key="cell" lineBreakMode="clipping" title="Password:" id="rUt-ss-qKo">
                             <font key="font" metaFont="system"/>
                             <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
                             <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
                         </textFieldCell>
                     </textField>
-                    <secureTextField focusRingType="none" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="Cn6-Sr-4P4">
+                    <secureTextField verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="Cn6-Sr-4P4">
                         <rect key="frame" x="106" y="79" width="309" height="21"/>
                         <secureTextFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" usesSingleLineMode="YES" id="scW-MH-3py">
                             <font key="font" metaFont="system"/>
@@ -45,15 +45,15 @@
                             </allowedInputSourceLocales>
                         </secureTextFieldCell>
                     </secureTextField>
-                    <textField focusRingType="none" horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="wo9-Dj-FEZ">
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="wo9-Dj-FEZ">
                         <rect key="frame" x="30" y="111" width="70" height="16"/>
                         <textFieldCell key="cell" lineBreakMode="clipping" title="Username:" id="Ojt-X8-n4q">
                             <font key="font" metaFont="system"/>
                             <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
                             <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
                         </textFieldCell>
                     </textField>
-                    <textField focusRingType="none" verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="08F-oQ-5uA">
+                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="08F-oQ-5uA">
                         <rect key="frame" x="18" y="135" width="444" height="43"/>
                         <constraints>
                             <constraint firstAttribute="height" constant="43" id="GUN-ht-5Os"/>
@@ -96,7 +96,7 @@ Gw
                             <action selector="cancelButtonPressed:" target="-2" id="2bh-OB-agN"/>
                         </connections>
                     </button>
-                    <textField focusRingType="none" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="pxh-m5-P6y">
+                    <textField verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="pxh-m5-P6y">
                         <rect key="frame" x="106" y="108" width="309" height="21"/>
                         <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" id="edT-ab-4tW">
                             <font key="font" metaFont="system"/>

xCreds.xcodeproj/project.pbxproj

@@ -1249,7 +1249,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5270;
+				CURRENT_PROJECT_VERSION = 5273;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1287,7 +1287,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5270;
+				CURRENT_PROJECT_VERSION = 5273;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1407,7 +1407,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5270;
+				CURRENT_PROJECT_VERSION = 5273;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1444,7 +1444,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5270;
+				CURRENT_PROJECT_VERSION = 5273;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1594,7 +1594,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5270;
+				CURRENT_PROJECT_VERSION = 5273;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1635,7 +1635,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 5270;
+				CURRENT_PROJECT_VERSION = 5273;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist

@@ -146,22 +146,6 @@
             landmarkType = "7">
          </BreakpointContent>
       </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "D710C601-67AD-4DF2-9810-08A08BB0F4A2"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "XCredsLoginPlugIn/LoginWindow/VerifyLocalCredentialsWindowController.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "26"
-            endingLineNumber = "26"
-            landmarkName = "windowDidBecomeKey(_:)"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
       <BreakpointProxy
          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
          <BreakpointContent

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -32,7 +32,7 @@
 		<key>auth_mech_fixup.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>8</integer>
+			<integer>7</integer>
 		</dict>
 		<key>authrights.xcscheme_^#shared#^_</key>
 		<dict>
@@ -42,7 +42,7 @@
 		<key>test.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>7</integer>
+			<integer>8</integer>
 		</dict>
 	</dict>
 	<key>SuppressBuildableAutocreation</key>