added sub as local user account if other methods not available; added…

… some additional logging
twocanoes · Dec 14, 2022 · fd4067d · fd4067d
1 parent 5bd5f84
commit fd4067d
Show file tree

Hide file tree

Showing 9 changed files with 157 additions and 23 deletions.
diff --git a/XCreds/TokenManager.swift b/XCreds/TokenManager.swift
@@ -186,7 +186,7 @@ class TokenManager {
 
                     }
                     else {
-                        TCSLogWithMark("got status code of \(response.statusCode)")
+                        TCSLogWithMark("got status code of \(response.statusCode):\(response)")
                         completion(false,false)
 
                     }

diff --git a/XCreds/WebView.swift b/XCreds/WebView.swift
@@ -67,6 +67,105 @@ class WebViewController: NSWindowController {
     }
     func tokensUpdated(tokens: Creds){
 //to be overridden by superclasses
+/*
+        var username:String
+        let defaultsUsername = UserDefaults.standard.string(forKey: PrefKeys.username.rawValue)
+
+        guard let idToken = tokens.idToken else {
+            TCSLogWithMark("invalid idToken")
+
+            return
+        }
+
+        let array = idToken.components(separatedBy: ".")
+
+        if array.count != 3 {
+            TCSLogWithMark("idToken is invalid")
+        }
+        let body = array[1]
+        guard let data = base64UrlDecode(value:body ) else {
+            TCSLogWithMark("error decoding id token base64")
+            return
+        }
+        let decoder = JSONDecoder()
+        var idTokenObject:IDToken
+        do {
+            idTokenObject = try decoder.decode(IDToken.self, from: data)
+
+        }
+        catch {
+            TCSLogWithMark("error decoding idtoken::")
+            TCSLogWithMark("Token:\(body)")
+            return
+
+        }
+
+        let idTokenInfo = jwtDecode(value: idToken)  //dictionary for mappnigs
+
+        // username static map
+        if let defaultsUsername = defaultsUsername {
+            username = defaultsUsername
+        }
+        else if let idTokenInfo = idTokenInfo, let mapKey = UserDefaults.standard.object(forKey: "map_username")  as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String {
+//we have a mapping for username, so use that.
+
+            username = mapValue
+            TCSLogWithMark("mapped username found: \(username)")
+
+        }
+        else {
+            var emailString:String
+
+            if let email = idTokenObject.email  {
+                emailString=email.lowercased()
+            }
+            else if let uniqueName=idTokenObject.unique_name {
+                emailString=uniqueName
+            }
+
+            else {
+                TCSLogWithMark("no username found. Using sub.")
+                emailString=idTokenObject.sub
+            }
+            guard let tUsername = emailString.components(separatedBy: "@").first?.lowercased() else {
+                TCSLogWithMark("email address invalid")
+                return
+
+            }
+
+            TCSLogWithMark("username found: \(tUsername)")
+            username = tUsername
+        }
+
+        //full name
+        TCSLogWithMark("checking map_fullname")
+
+        if let idTokenInfo = idTokenInfo, let mapKey = UserDefaults.standard.object(forKey: "map_fullname")  as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String {
+//we have a mapping so use that.
+            TCSLogWithMark("full name mapped to: \(mapKey)")
+
+
+        }
+
+        else if let firstName = idTokenObject.given_name, let lastName = idTokenObject.family_name {
+            TCSLogWithMark("firstName: \(firstName)")
+            TCSLogWithMark("lastName: \(lastName)")
+
+        }
+
+        //first name
+        if let idTokenInfo = idTokenInfo, let mapKey = UserDefaults.standard.object(forKey: "map_firstname")  as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String {
+//we have a mapping for username, so use that.
+            TCSLogWithMark("first name mapped to: \(mapKey)")
+
+        }
+
+       else if let firstName = idTokenObject.given_name {
+           TCSLogWithMark("firstName from token: \(firstName)")
+
+
+        }
+ */
     }
 }
 

diff --git a/XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift b/XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift
@@ -144,9 +144,7 @@ class LoginWebViewController: WebViewController {
 
         let idTokenInfo = jwtDecode(value: idToken)  //dictionary for mappnigs
 
-
-
-        // username
+        // username static map
         if let defaultsUsername = defaultsUsername {
             username = defaultsUsername
         }
@@ -166,11 +164,10 @@ class LoginWebViewController: WebViewController {
             else if let uniqueName=idTokenObject.unique_name {
                 emailString=uniqueName
             }
-            else {
-                TCSLogWithMark("no username found or invalid")
-                delegate.denyLogin()
-                return
 
+            else {
+                TCSLogWithMark("no username found. Using sub.")
+                emailString=idTokenObject.sub
             }
             guard let tUsername = emailString.components(separatedBy: "@").first?.lowercased() else {
                 TCSLogWithMark("email address invalid")
@@ -184,6 +181,8 @@ class LoginWebViewController: WebViewController {
         }
 
         //full name
+        TCSLogWithMark("checking map_fullname")
+
         if let idTokenInfo = idTokenInfo, let mapKey = UserDefaults.standard.object(forKey: "map_fullname")  as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String {
 //we have a mapping so use that.
             TCSLogWithMark("full name mapped to: \(mapKey)")
@@ -193,6 +192,8 @@ class LoginWebViewController: WebViewController {
         }
 
         else if let firstName = idTokenObject.given_name, let lastName = idTokenObject.family_name {
+            TCSLogWithMark("firstName: \(firstName)")
+            TCSLogWithMark("lastName: \(lastName)")
             delegate.setHint(type: .fullName, hint: "\(firstName) \(lastName)")
 
         }
@@ -206,10 +207,13 @@ class LoginWebViewController: WebViewController {
         }
 
        else if let firstName = idTokenObject.given_name {
+           TCSLogWithMark("firstName from token: \(firstName)")
+
             delegate.setHint(type: .firstName, hint:firstName)
 
         }
         //last name
+        TCSLogWithMark("checking map_lastname")
 
         if let idTokenInfo = idTokenInfo, let mapKey = UserDefaults.standard.object(forKey: "map_lastname")  as? String, mapKey.count>0, let mapValue = idTokenInfo[mapKey] as? String {
 //we have a mapping for lastName, so use that.
@@ -219,9 +223,13 @@ class LoginWebViewController: WebViewController {
         }
 
         else if let lastName = idTokenObject.family_name {
+            TCSLogWithMark("lastName from token: \(lastName)")
+
             delegate.setHint(type: .lastName, hint:lastName)
 
         }
+        TCSLogWithMark("checking local password for username:\(username) and password length: \(tokens.password.count)");
+
         let isValidPassword =  try? PasswordUtils.isLocalPasswordValid(userName: username, userPass: tokens.password)
 
         if isValidPassword==false{
@@ -299,9 +307,17 @@ class LoginWebViewController: WebViewController {
 
         }
         TCSLogWithMark("passing username:\(username), password, and tokens")
+        TCSLogWithMark("setting kAuthorizationEnvironmentUsername")
+
         delegate.setContextString(type: kAuthorizationEnvironmentUsername, value: username)
+        TCSLogWithMark("setting kAuthorizationEnvironmentPassword")
+
         delegate.setContextString(type: kAuthorizationEnvironmentPassword, value: tokens.password)
+        TCSLogWithMark("setting username")
+
         delegate.setHint(type: .user, hint: username)
+        TCSLogWithMark("setting tokens.password")
+
         delegate.setHint(type: .pass, hint: tokens.password)
 //        setHint(type: .noMADFirst, hint: user.firstName)
 //        setHint(type: .noMADLast, hint: user.lastName)
@@ -311,7 +327,8 @@ class LoginWebViewController: WebViewController {
 //        delegate.setHint(type: .firstName, hint: idTokenObject.given_name ?? "")
 //        delegate.setHint(type: .lastName, hint: idTokenObject.family_name ?? "")
 
-        delegate.setHint(type: .tokens, hint: [tokens.idToken,tokens.refreshToken,tokens.accessToken])
+        TCSLogWithMark("setting tokens")
+        delegate.setHint(type: .tokens, hint: [tokens.idToken ?? "",tokens.refreshToken ?? "",tokens.accessToken ?? ""])
         if let resolutionObserver = resolutionObserver {
             NotificationCenter.default.removeObserver(resolutionObserver)
         }

diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift b/XCredsLoginPlugIn/Mechanisms/XCredsBaseMechanism.swift
@@ -67,7 +67,7 @@ protocol XCredsMechanismProtocol {
     var xcredsFirst: String? {
         get {
             guard let firstName = getHint(type: .firstName) as? String else {
-                return nil
+                return ""
             }
             os_log("Computed nomadFirst accessed: %{public}@", log: noLoMechlog, type: .debug, firstName)
             return firstName
@@ -77,7 +77,7 @@ protocol XCredsMechanismProtocol {
     var xcredsLast: String? {
         get {
             guard let lastName = getHint(type: .lastName) as? String else {
-                return nil
+                return ""
             }
             os_log("Computed nomadLast accessed: %{public}@", log: noLoMechlog, type: .debug, lastName)
             return lastName
@@ -145,6 +145,7 @@ protocol XCredsMechanismProtocol {
 
     // disallow login
     func denyLogin() {
+        TCSLog("***************** DENYING LOGIN ********************");
         TCSLogWithMark("\(#function) \(#file):\(#line)")
 
         let error = mechCallbacks.SetResult(mechEngine, .deny)

diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift b/XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift
@@ -103,7 +103,7 @@ class XCredsCreateUser: XCredsBaseMechanism {
 //            customAttributes["dsAttrTypeNative:\(nomadMetaPrefix)_domain"] = nomadDomain!
 
             createUser(shortName: xcredsUser!,
-                       first: xcredsFirst!,
+                       first: xcredsFirst! ,
                        last: xcredsLast!,
                        pass: xcredsPass!,
                        uid: uid,

diff --git a/XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift b/XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift
@@ -140,6 +140,7 @@ import Cocoa
     }
     override func denyLogin() {
         loginWindowControlsWindowController.close()
+        TCSLog("***************** DENYING LOGIN ********************");
         super.denyLogin()
     }
 }
diff --git a/xCreds.xcodeproj/project.pbxproj b/xCreds.xcodeproj/project.pbxproj
@@ -868,6 +868,8 @@
 				MACOSX_DEPLOYMENT_TARGET = 11.0;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SKIP_INSTALL = YES;
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;
 			};
@@ -882,6 +884,8 @@
 				MACOSX_DEPLOYMENT_TARGET = 11.0;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SKIP_INSTALL = YES;
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;
 			};
@@ -893,7 +897,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3336;
+				CURRENT_PROJECT_VERSION = 3345;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -910,6 +914,8 @@
 				PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SKIP_INSTALL = YES;
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h";
 				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
@@ -924,7 +930,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3336;
+				CURRENT_PROJECT_VERSION = 3345;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -941,6 +947,8 @@
 				PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.XCredsLoginPlugin;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SKIP_INSTALL = YES;
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCredsLoginPlugin-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;
@@ -983,7 +991,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3336;
+				CURRENT_PROJECT_VERSION = 3345;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -999,6 +1007,8 @@
 				PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SKIP_INSTALL = YES;
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;
@@ -1013,7 +1023,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3336;
+				CURRENT_PROJECT_VERSION = 3345;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1029,6 +1039,8 @@
 				PRODUCT_BUNDLE_IDENTIFIER = "com.twocanoes.XCreds-Login-Overlay";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				SKIP_INSTALL = YES;
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;
@@ -1156,7 +1168,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3336;
+				CURRENT_PROJECT_VERSION = 3345;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1171,6 +1183,8 @@
 				MARKETING_VERSION = 2.2;
 				PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;
@@ -1185,7 +1199,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3336;
+				CURRENT_PROJECT_VERSION = 3345;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1200,6 +1214,8 @@
 				MARKETING_VERSION = 2.2;
 				PRODUCT_BUNDLE_IDENTIFIER = com.twocanoes.xcreds;
 				PRODUCT_NAME = "$(TARGET_NAME)";
+				STRIP_INSTALLED_PRODUCT = NO;
+				STRIP_SWIFT_SYMBOLS = NO;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OBJC_BRIDGING_HEADER = "XCreds/XCreds-Bridging-Header.h";
 				SWIFT_VERSION = 5.0;

diff --git a/...deproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/UserInterfaceState.xcuserstate b/...deproj/project.xcworkspace/xcuserdata/tperfitt.xcuserdatad/UserInterfaceState.xcuserstate