fixed cancel for AD userspace cancel

NomadLogin/LocalCheckAndMigrate.swift

@@ -30,18 +30,27 @@ class LocalCheckAndMigrate : NSObject, DSQueryable {
     private var pass = ""
 
     public var migrationUsers: [String]?
-
+    var isInUserSpace = false
+
     func migrationTypeRequired(userToCheck: String, passToCheck: String, kerberosPrincipalName:String?) -> MigrationType {
 
         TCSLogWithMark()
         user = userToCheck
         pass = passToCheck
         var user = userToCheck
 
-        if let kerberosPrincipalName = kerberosPrincipalName, let foundRecord = try? getUserRecord(kerberosPrincipalNameToFind: kerberosPrincipalName) {
+        //if we are in userspace, use the console user. If there not and there is a mapped user acccount with a kerb pricipal name in the DS record, use that. Otherwise, just keep on with the user passed in.
+        if isInUserSpace == true {
+            let consoleUser = getConsoleUser()
+            user=consoleUser
+        }
+
+        else
+        {
+            if let kerberosPrincipalName = kerberosPrincipalName, let foundRecord = try? getUserRecord(kerberosPrincipalNameToFind: kerberosPrincipalName) {
             user = foundRecord.recordName
-//            return .mappedUserFound(foundRecord)
         }
+    }
         let shouldPromptToMigrate = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldPromptForMigration.rawValue)
 
         // check local user pass to see if user exists
@@ -58,7 +67,7 @@ class LocalCheckAndMigrate : NSObject, DSQueryable {
 
                 if DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminUserName.rawValue) != nil &&
                     DefaultsOverride.standardOverride.string(forKey: PrefKeys.localAdminPassword.rawValue) != nil &&
-                    getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false {
+                    getManagedPreference(key: .PasswordOverwriteSilent) as? Bool ?? false  && isInUserSpace == false {
                     TCSLogWithMark("Set to write keychain silently and we have admin. Skipping.")
                     TCSLogWithMark("Setting password to be overwritten.")
                     delegate?.setHint(type: .passwordOverwrite, hint: true)

XCreds/MainController.swift

@@ -111,11 +111,17 @@ class MainController: NSObject, NoMADUserSessionDelegate {
                 }
 
                 guard let tokens = tokenInfo["credentials"] as? Creds else {
-                    let alert = NSAlert()
-                    alert.addButton(withTitle: "OK")
-                    alert.messageText="Invalid tokens or password not determined. Please check the log."
-                    alert.runModal()
+                    if let errorMessage = tokenInfo["errorMessage"] as? String, let cause = tokenInfo["cause"] as? AuthorizationResult {
+
+                        if cause != .userCanceled {
+                            let alert = NSAlert()
+                            alert.addButton(withTitle: "OK")
+                            alert.messageText=errorMessage
+                            alert.runModal()
+                        }
+                    }
                     return
+
                 }
                 if let refreshToken = tokens.refreshToken, refreshToken.count>0 {
                     //                    Mark()

XCreds/MenuItems.swift

@@ -100,22 +100,36 @@ class SignInMenuItem: NSMenuItem {
     @objc func showSigninWindow() {
 
         ScheduleManager.shared.setNextCheckTime()
-        if DefaultsOverride.standardOverride.value(forKey: PrefKeys.shouldVerifyPasswordWithRopg.rawValue) != nil {
+        if DefaultsOverride.standardOverride.value(forKey: PrefKeys.shouldVerifyPasswordWithRopg.rawValue) != nil || DefaultsOverride.standardOverride.value(forKey: PrefKeys.aDDomain.rawValue) != nil
+        {
 
             if let window = sharedMainMenu.windowController.window{
                 let bundle = Bundle.findBundleWithName(name: "XCreds")
                 if let bundle = bundle{
                     TCSLogWithMark("Creating signInViewController")
-                    signInViewController = SignInViewController(nibName: "LocalUsersViewController", bundle:bundle)
+                    if signInViewController == nil {
+                        signInViewController = SignInViewController(nibName: "LocalUsersViewController", bundle:bundle)
+                    }
 
+                    signInViewController?.isInUserSpace = true
                     guard let signInViewController = signInViewController else {
                         return
                     }
 
                     if let contentView = window.contentView {
 
                         signInViewController.view.wantsLayer=true
-                        window.contentView?.addSubview(signInViewController.view)
+
+                        if let contentView = window.contentView{
+                            if contentView.subviews.contains(signInViewController.view)==false {
+                                window.contentView?.addSubview(signInViewController.view)
+
+                            }
+
+
+                        }
+                        signInViewController.setupLoginAppearance()
+
                         var x = NSMidX(contentView.frame)
                         var y = NSMidY(contentView.frame)
 

XCreds/WebViewController.swift

@@ -143,7 +143,7 @@ class WebViewController: NSViewController, TokenManagerFeedbackDelegate {
     func tokenError(_ err: String) {
         TCSLogErrorWithMark("authFailure: \(err)")
         //TODO: need to post this?
-        NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:[:])
+        NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":err])
 
     }
 

XCredsLoginPlugIn/LoginWindow/LoginWindow.swift

@@ -9,7 +9,6 @@ import Cocoa
 
 class LoginWindow: NSWindow {
     override var canBecomeKey: Bool {
-        TCSLogWithMark()
         return true
     }
 

XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift

@@ -57,6 +57,7 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"
     var sysInfoIndex = 0
     let tokenManager = TokenManager()
 
+    var isInUserSpace = false
     @objc var visible = true
     override var acceptsFirstResponder: Bool {
         return true
@@ -89,7 +90,6 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"
     //MARK: - Migrate Box IB outlets
     var migrate = false
     var migrateUserRecord : ODRecord?
-    let localCheck = LocalCheckAndMigrate()
     var didUpdateFail = false
     var setupDone=false
     //MARK: - UI Methods
@@ -111,6 +111,11 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"
 
     func setupLoginAppearance() {
         TCSLogWithMark()
+
+        alertTextField.isHidden=true
+
+        self.usernameTextField.stringValue=""
+        self.passwordTextField.stringValue=""
 
         self.view.wantsLayer=true
         self.view.layer?.backgroundColor = CGColor(red: 0.3, green: 0.3, blue: 0.3, alpha: 0.4)
@@ -123,13 +128,16 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"
             TCSLogWithMark("Setting username placeholder: \(usernamePlaceholder)")
             self.usernameTextField.placeholderString=usernamePlaceholder
         }
+        self.usernameTextField.isEnabled=true
 
         if let passwordPlaceholder = UserDefaults.standard.string(forKey: PrefKeys.passwordPlaceholder.rawValue){
             TCSLogWithMark("Setting password placeholder")
 
             self.passwordTextField.placeholderString=passwordPlaceholder
 
         }
+        passwordTextField.isEnabled=true
+        signIn.isEnabled=true
         TCSLogWithMark("Domain is \(domainName)")
         if UserDefaults.standard.bool(forKey: PrefKeys.shouldShowLocalOnlyCheckbox.rawValue) == false {
             TCSLogWithMark("hiding local only")
@@ -215,13 +223,11 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"
     fileprivate func loginStartedUI() {
         TCSLogWithMark()
         signIn.isEnabled = !signIn.isEnabled
-//        signIn.isHidden = !signIn.isHidden
         TCSLogWithMark()
         usernameTextField.isEnabled = !usernameTextField.isEnabled
         passwordTextField.isEnabled = !passwordTextField.isEnabled
         localOnlyCheckBox.isEnabled = !localOnlyCheckBox.isEnabled
 
-//        localOnlyView.isHidden = !localOnlyView.isHidden
         TCSLogWithMark()
     }
 
@@ -426,10 +432,18 @@ let checkADLog = OSLog(subsystem: "menu.nomad.login.ad", category: "CheckADMech"
         case .deny:
             TCSLogWithMark("Complete login process with deny")
             mechanismDelegate?.denyLogin(message:nil)
+            NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":"Login Denied","cause":authResult])
+
+
+        case .userCanceled:
+            TCSLogWithMark("Complete login process with deny")
+            mechanismDelegate?.denyLogin(message:nil)
+            NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":"User Cancelled", "cause":authResult])
 
         default:
             TCSLogWithMark("deny login process with unknown error")
             mechanismDelegate?.denyLogin(message:nil)
+            NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["error":"Unknown error","cause":authResult])
 
         }
         TCSLogWithMark()
@@ -726,14 +740,15 @@ extension SignInViewController: NoMADUserSessionDelegate {
         case .OffDomain:
             TCSLogErrorWithMark("OffDomain")
 
-            if PasswordUtils.verifyUser(name: shortName, auth: passString)  {
+         if getManagedPreference(key: .LocalFallback) as? Bool ?? false && PasswordUtils.verifyUser(name: shortName, auth: passString)  {
                 setRequiredHintsAndContext()
                 completeLogin(authResult: .allow)
             } else {
-                authFail()
+                authFail("Cannot reach domain controller")
+                TCSLogErrorWithMark("AD authentication failed, off domain.")
+
             }
 
-            TCSLogErrorWithMark("AD authentication failed, off domain.")
 //            if getManagedPreference(key: .LocalFallback) as? Bool ?? false {
 //                os_log("Local fallback enabled, passing off to local authentication", log: uiLog, type: .default)
 //                return
@@ -802,8 +817,10 @@ extension SignInViewController: NoMADUserSessionDelegate {
 
             setHints(user: user)
 
+
             // check for any migration and local auth requirements
             let localCheck = LocalCheckAndMigrate()
+            localCheck.isInUserSpace = self.isInUserSpace
             localCheck.delegate = mechanismDelegate
             switch localCheck.migrationTypeRequired(userToCheck: user.shortName, passToCheck: passString, kerberosPrincipalName:user.userPrincipal) {
 
@@ -819,6 +836,11 @@ extension SignInViewController: NoMADUserSessionDelegate {
                 promptPasswordWindowController.showResetText=true
                 promptPasswordWindowController.showResetButton=true
 
+                if isInUserSpace==true{
+                    promptPasswordWindowController.showResetText=false
+                    promptPasswordWindowController.showResetButton=false
+
+                }
                 switch  promptPasswordWindowController.promptForLocalAccountAndChangePassword(username: user.shortName, newPassword: passString, shouldUpdatePassword: true) {
 
                 case .success(_):
@@ -835,7 +857,8 @@ extension SignInViewController: NoMADUserSessionDelegate {
 
 
                 case .userCancelled:
-                    completeLogin(authResult: .deny)
+                    completeLogin(authResult: .userCanceled)
+
 
                 case .error(_):
                     completeLogin(authResult: .deny)