Keychain is reset on cloud password change when user enters old local…

… password #148

XCreds/VerifyLocalPasswordWindowController.swift

@@ -121,6 +121,7 @@ class VerifyLocalPasswordWindowController: NSWindowController, DSQueryable {
                     }
                     isDone=true
                     window?.close()
+                    TCSLogWithMark("returning success with local password")
                     return .success(UsernamePasswordCredentials(username:nil,password: passwordEntered))
                 default:
                     window?.shake(self)

XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift

@@ -876,6 +876,7 @@ extension SignInViewController: NoMADUserSessionDelegate {
                     promptPasswordWindowController.showResetButton=false
 
                 }
+                TCSLogWithMark("switch  promptPasswordWindowController")
                 switch  promptPasswordWindowController.promptForLocalAccountAndChangePassword(username: user.shortName, newPassword: passString, shouldUpdatePassword: true) {
 
                 case .success(let enteredUsernamePassword):
@@ -889,6 +890,8 @@ extension SignInViewController: NoMADUserSessionDelegate {
                     completeLogin(authResult: .allow)
 
                 case .resetKeychainRequested(let usernamePasswordCredentials):
+                    TCSLogWithMark("resetKeychainRequested")
+
                     if let adminUsername = usernamePasswordCredentials?.username, let adminPassword = usernamePasswordCredentials?.password {
                         mechanismDelegate?.setHint(type: .adminUsername, hint:adminUsername )
                         mechanismDelegate?.setHint(type: .adminPassword, hint: adminPassword)
@@ -899,10 +902,14 @@ extension SignInViewController: NoMADUserSessionDelegate {
 
 
                 case .userCancelled:
+                    TCSLogWithMark("userCancelled")
+
                     completeLogin(authResult: .userCanceled)
 
 
                 case .error(_):
+                    TCSLogWithMark("error")
+
                     completeLogin(authResult: .deny)
                 }
 

XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift

@@ -143,7 +143,12 @@ import OpenDirectory
                 switch  promptPasswordWindowController.promptForLocalAccountAndChangePassword(username: username, newPassword: password, shouldUpdatePassword: true) {
 
 
-                case .success(_):
+                case .success(let enteredUsernamePassword):
+                    TCSLogWithMark("setting original password to use to unlock keychain later")
+
+                    if let enteredUsernamePassword = enteredUsernamePassword {
+                        setHint(type: .existingLocalUserPassword, hint:enteredUsernamePassword.password as Any  )
+                    }
 
                     allowLogin()
 

xCreds.xcodeproj/project.pbxproj

@@ -1436,7 +1436,7 @@
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6256;
+				CURRENT_PROJECT_VERSION = 6260;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1473,7 +1473,7 @@
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6256;
+				CURRENT_PROJECT_VERSION = 6260;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1594,7 +1594,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6256;
+				CURRENT_PROJECT_VERSION = 6260;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1631,7 +1631,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6256;
+				CURRENT_PROJECT_VERSION = 6260;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1781,7 +1781,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6256;
+				CURRENT_PROJECT_VERSION = 6260;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1823,7 +1823,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6256;
+				CURRENT_PROJECT_VERSION = 6260;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1947,7 +1947,7 @@
 			isa = XCRemoteSwiftPackageReference;
 			repositoryURL = "https://github.com/twocanoes/OIDCLite";
 			requirement = {
-				branch = ropg;
+				branch = main;
 				kind = branch;
 			};
 		};

xCreds.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -5,8 +5,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/twocanoes/OIDCLite",
       "state" : {
-        "branch" : "ropg",
-        "revision" : "a95614d1042187f70d5a94c3dfe12248427c0f65"
+        "branch" : "main",
+        "revision" : "eab1496501bfc7ce5ee8cc9f924908fb7370d679"
       }
     },
     {

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -32,7 +32,7 @@
 		<key>auth_mech_fixup.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>7</integer>
+			<integer>6</integer>
 		</dict>
 		<key>authrights.xcscheme_^#shared#^_</key>
 		<dict>
@@ -42,7 +42,7 @@
 		<key>test.xcscheme_^#shared#^_</key>
 		<dict>
 			<key>orderHint</key>
-			<integer>6</integer>
+			<integer>7</integer>
 		</dict>
 	</dict>
 	<key>SuppressBuildableAutocreation</key>