refactored dialogs for prompting for user info; fixed ad groups for m…

…aking admin user

XCreds/LoginPasswordWindowController.xib

@@ -6,7 +6,7 @@
         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
     </dependencies>
     <objects>
-        <customObject id="-2" userLabel="File's Owner" customClass="LoginPasswordWindowController" customModule="XCreds" customModuleProvider="target">
+        <customObject id="-2" userLabel="File's Owner" customClass="PromptForLocalPasswordWindowController" customModule="XCreds" customModuleProvider="target">
             <connections>
                 <outlet property="passwordTextField" destination="uxk-Kc-Ey2" id="NeY-1n-1d3"/>
                 <outlet property="resetButton" destination="vfc-Lt-21D" id="b6N-K2-qOU"/>

XCreds/MainController.swift

@@ -175,45 +175,27 @@ class MainController: NSObject, NoMADUserSessionDelegate {
             }
         }
         TCSLogWithMark()
-        let passwordWindowController = LoginPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))
+//        let passwordWindowController = LoginPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))
 
-        TCSLogWithMark()
-        while (true){
-            TCSLogWithMark()
-            NSApp.activate(ignoringOtherApps: true)
-            let timer = Timer.scheduledTimer(withTimeInterval: 10, repeats: true) { timer in
-                NSApp.activate(ignoringOtherApps: true)
+        switch  PromptForLocalPasswordWindowController.verifyLocalPasswordAndChange(username: PasswordUtils.currentConsoleUserName, password: nil, shouldUpdatePassword: false) {
 
-            }
-            TCSLogWithMark()
-            let response = NSApp.runModal(for: passwordWindowController.window!)
-
-            timer.invalidate()
-            if response == .cancel {
-                break
-            }
-            if passwordWindowController.resetKeychain==true {
+        case .success(let localPassword):
+            let err = keychainUtil.updatePassword(serviceName: "xcreds local password",accountName:accountName, pass: localPassword, shouldUpdateACL: true)
+            if err == false {
                 return (nil,nil)
             }
-            let localPassword = passwordWindowController.password
-            guard let localPassword = localPassword else {
-                continue
-            }
-            let isPasswordValid = PasswordUtils.verifyCurrentUserPassword(password:localPassword )
-            if isPasswordValid==true {
-                passwordWindowController.window?.close()
-                let err = keychainUtil.updatePassword(serviceName: "xcreds local password",accountName:accountName, pass: localPassword, shouldUpdateACL: true)
-                if err == false {
-                    return (nil,nil)
-                }
-                return (accountName,localPassword)
-            }
-            else{
-                passwordWindowController.window?.shake(self)
-            }
+            return (accountName,localPassword)
+
+        case .resetKeychain:
+            return (nil,nil)
+
+        case .cancelled:
+            return (nil,nil)
+        case .error(_):
+            return (nil,nil)
+
         }
 
-        return (nil,nil)
     }
 }
 

XCreds/PromptForLocalPasswordWindowController.swift

@@ -0,0 +1,137 @@
+//
+//  LoginPasswordWindowController.swift
+//  XCreds
+//
+//  Created by Timothy Perfitt on 6/4/22.
+//
+
+import Cocoa
+
+class PromptForLocalPasswordWindowController: NSWindowController {
+
+    @IBOutlet weak var passwordTextField: NSSecureTextField!
+    @IBOutlet weak var resetButton: NSButton!
+
+    var password:String?
+    var resetKeychain = false
+    enum RequestLocalPasswordResult {
+        case success(String)
+        case resetKeychain
+        case cancelled
+        case error(String)
+
+    }
+    static func verifyLocalPasswordAndChange(username:String, password:String?, shouldUpdatePassword:Bool) -> RequestLocalPasswordResult {
+        let passwordWindowController = PromptForLocalPasswordWindowController.init(windowNibName: NSNib.Name("LoginPasswordWindowController"))
+
+        passwordWindowController.window?.canBecomeVisibleWithoutLogin=true
+        passwordWindowController.window?.isMovable = false
+        passwordWindowController.window?.canBecomeVisibleWithoutLogin = true
+        passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
+
+        var isDone = false
+        while (!isDone){
+            DispatchQueue.main.async{
+                TCSLogWithMark("resetting level")
+                passwordWindowController.window?.level = NSWindow.Level(rawValue: NSWindow.Level.floating.rawValue)
+            }
+
+            let response = NSApp.runModal(for: passwordWindowController.window!)
+            if response == .cancel {
+                isDone=true
+                TCSLogWithMark("User cancelled resetting keychain or entering password. Denying login")
+//                mechanism.denyLogin(message:nil)
+                return .cancelled
+
+            }
+            let resetKeychain = passwordWindowController.resetKeychain
+
+            if resetKeychain == true {
+                passwordWindowController.window?.close()
+                isDone=true
+                return .resetKeychain
+
+            }
+            else {
+                TCSLogWithMark("user gave old password. checking...")
+                let localPassword = passwordWindowController.password
+                guard let localPassword = localPassword else {
+                    continue
+                }
+
+                let isValidPassword = PasswordUtils.isLocalPasswordValid(userName: username, userPass: localPassword)
+                switch isValidPassword {
+                case .success:
+                    let localUser = try? PasswordUtils.getLocalRecord(username)
+                    guard let localUser = localUser else {
+                        TCSLogErrorWithMark("invalid local user")
+                        return .error("The local user \(username) could not be found")
+                    }
+                    if shouldUpdatePassword==false {
+
+                        return .success(localPassword)
+                    }
+                    guard let password = password else {
+                        return .error("Password not provided for changing")
+
+                    }
+
+                    do {
+                        try localUser.changePassword(localPassword, toPassword: password)
+                    }
+                    catch {
+                        TCSLogErrorWithMark("Error setting local password to cloud password")
+
+                        return .error("Error setting local password to cloud password: \(error.localizedDescription)")
+                    }
+                    TCSLogWithMark("setting original password to use to unlock keychain later")
+                    isDone=true
+                    passwordWindowController.window?.close()
+                    return .success(localPassword)
+                default:
+                    passwordWindowController.window?.shake(self)
+
+                }
+            }
+        }
+    }
+
+
+    override func windowDidLoad() {
+        super.windowDidLoad()
+        TCSLogWithMark()
+        if DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue) != nil &&
+            DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue) != nil
+        {
+            resetButton.isHidden=false
+        }
+        else {
+            resetButton.isHidden=true
+
+        }
+
+    }
+
+
+    @IBAction func removeKeychainButtonPressed(_ sender: Any) {
+        if self.window?.isModalPanel==true {
+            resetKeychain=true
+            NSApp.stopModal(withCode: .OK)
+
+        }
+
+
+    }
+    @IBAction func updateButtonPressed(_ sender: Any) {
+        if self.window?.isModalPanel==true {
+            password=passwordTextField.stringValue
+            NSApp.stopModal(withCode: .OK)
+
+        }
+    }
+    @IBAction func cancelButtonPressed(_ sender: Any) {
+        if self.window?.isModalPanel==true {
+            NSApp.stopModal(withCode: .cancel)
+        }
+    }
+}

XCreds/VerifyOIDCPassword.xib

@@ -1,12 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="22154" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES" customObjectInstantitationMethod="direct">
     <dependencies>
-        <deployment identifier="macosx"/>
         <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="22154"/>
         <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
     </dependencies>
     <objects>
-        <customObject id="-2" userLabel="File's Owner" customClass="LoginPasswordWindowController" customModule="XCreds" customModuleProvider="target">
+        <customObject id="-2" userLabel="File's Owner" customClass="PromptForLocalPasswordWindowController" customModule="XCreds" customModuleProvider="target">
             <connections>
                 <outlet property="passwordTextField" destination="uxk-Kc-Ey2" id="NeY-1n-1d3"/>
                 <outlet property="window" destination="y1s-aj-r0T" id="ZcP-JQ-mk1"/>

XCredsLoginPlugIn/ContextAndHintHandling.swift

@@ -30,9 +30,6 @@ enum HintType: String {
 //    case noMADFirst
 //    case noMADLast
 //    case noMADFull
-    case adGroups
-//    case oidcSub
-//    case oidcIssuer
     case aliasName
     case claimsToAddToLocalUserAccount