Enable Easy Auth Local Dev

src/Azure.Functions.Cli/Actions/AzureActions/CreateAADApplication.cs

@@ -8,14 +8,14 @@
 
 namespace Azure.Functions.Cli.Actions.AzureActions
 {
-    // Invoke via `func azure auth create-aad --appRegistrationName {yourAppRegistrationName} --appName {yourAppName}`
-    [Action(Name = "create-aad", Context = Context.Azure, SubContext = Context.Auth, HelpText = "Creates an Azure Active Directory registration. Can be linked to an Azure App Service or Function app.")]
+    // Invoke via `func azure auth create-aad --AADAppRegistrationName {yourAppRegistrationName} --appName {yourAppName}`
+    [Action(Name = "create-aad", Context = Context.Azure, SubContext = Context.Auth, HelpText = "Creates an Azure Active Directory app registration. Can be linked to an Azure App Service or Function app.")]
     class CreateAADApplication : BaseAzureAction
     {
         private readonly IAuthManager _authManager;
         private readonly ISecretsManager _secretsManager;
 
-        public string AADName { get; set; }
+        public string AADAppRegistrationName { get; set; }
 
         public string AppName { get; set; }
 
@@ -29,15 +29,15 @@ public override async Task RunAsync()
         {
             var workerRuntime = WorkerRuntimeLanguageHelper.GetCurrentWorkerRuntimeLanguage(_secretsManager);
 
-            await _authManager.CreateAADApplication(AccessToken, AADName, workerRuntime, AppName);
+            await _authManager.CreateAADApplication(AccessToken, AADAppRegistrationName, workerRuntime, AppName);
         }
 
         public override ICommandLineParserResult ParseArgs(string[] args)
         {
             Parser
-                .Setup<string>("appRegistrationName")
+                .Setup<string>("AADAppRegistrationName")
                 .WithDescription("Name of the Azure Active Directory app registration to create.")
-                .Callback(f => AADName = f);
+                .Callback(f => AADAppRegistrationName = f);
 
             Parser
                 .Setup<string>("appName")

src/Azure.Functions.Cli/Common/AuthManager.cs

@@ -30,41 +30,45 @@ public AuthManager() { }
 
         private WorkerRuntime _workerRuntime;
 
-        public async Task CreateAADApplication(string accessToken, string AADName, WorkerRuntime workerRuntime, string appName)
+        private static string _requiredResourceFilename = "requiredResourceAccessList.txt";
+
+        public async Task CreateAADApplication(string accessToken, string AADAppRegistrationName, WorkerRuntime workerRuntime, string appName)
         {
-            if (string.IsNullOrEmpty(AADName))
+            if (string.IsNullOrEmpty(AADAppRegistrationName))
             {
-                throw new CliArgumentsException("Must specify name of new Azure Active Directory registration with --appRegistrationName parameter.",
-                    new CliArgument { Name = "appRegistrationName", Description = "Name of new Azure Active Directory registration" });
+                throw new CliArgumentsException("Must provide name for a new Azure Active Directory app registration with --AADAppRegistrationName parameter.",
+                    new CliArgument { Name = "AADAppRegistrationName", Description = "Name of new Azure Active Directory app registration" });
             }
 
             if (CommandChecker.CommandExists("az"))
             {
                 _workerRuntime = workerRuntime;
+                _requiredResourceFilename = string.Format("{0}-{1}", AADAppRegistrationName, _requiredResourceFilename);
 
                 List<string> replyUrls;
-                string tempFile, clientSecret, hostName, query = CreateQuery(AADName, appName, out tempFile, out clientSecret, out replyUrls, out hostName);
+                string clientSecret, hostName, commandLineArgs = GetCommandLineArguments(AADAppRegistrationName, appName, out clientSecret, out replyUrls, out hostName);
 
-                ColoredConsole.WriteLine("Query successfully constructed. Creating new Azure AD Application now..");
+                string command = $"ad app create {commandLineArgs}";
+                ColoredConsole.WriteLine($"Creating new Azure AD Application via:\n" +
+                    $"az {command}");
 
                 var az = RuntimeInformation.IsOSPlatform(OSPlatform.Windows)
-                       ? new Executable("cmd", $"/c az ad app create {query}")
-                       : new Executable("az", $"ad app create {query}");
+                       ? new Executable("cmd", $"/c az {command}")
+                       : new Executable("az", command);
+
+
                 var stdout = new StringBuilder();
                 var stderr = new StringBuilder();
 
                 int exitCode = await az.RunAsync(o => stdout.AppendLine(o), e => stderr.AppendLine(e));               
 
-                // Delete temporary file created to pass data in proper format to az CLI
-                File.Delete($"{tempFile}");
-
                 if (exitCode != 0)
                 {
                     throw new CliException(stderr.ToString().Trim(' ', '\n', '\r', '"'));
                 }
 
                 string response = stdout.ToString().Trim(' ', '\n', '\r', '"');
-                ColoredConsole.WriteLine(Green($"Successfully created new AAD registration {AADName}"));
+                ColoredConsole.WriteLine(Green($"Successfully created new AAD registration {AADAppRegistrationName}"));
                 ColoredConsole.WriteLine(White(response));
 
                 JObject application = JObject.Parse(response);
@@ -75,7 +79,7 @@ public async Task CreateAADApplication(string accessToken, string AADName, Worke
                 if (appName == null)
                 {
                     // Update function application's (local) auth settings
-                    CreateAndCommitAuthSettings(hostName, clientId, clientSecret, tenantId, replyUrls);                                        
+                    CreateAndCommitAuthSettings(hostName, clientId, clientSecret, tenantId, replyUrls);
                 }
                 else
                 {
@@ -88,7 +92,7 @@ public async Task CreateAADApplication(string accessToken, string AADName, Worke
 
                     await PublishAuthSettingAsync(connectedSite, accessToken, authSettingsToPublish);
 
-                    ColoredConsole.WriteLine(Green($"Successfully updated {appName}'s auth settings to reference new AAD registration {AADName}"));
+                    ColoredConsole.WriteLine(Green($"Successfully updated {appName}'s auth settings to reference new AAD app registration {AADAppRegistrationName}"));
                 }
             }
             else
@@ -98,20 +102,20 @@ public async Task CreateAADApplication(string accessToken, string AADName, Worke
         }
 
         /// <summary>
-        /// Create the query to send to az ad app create
+        /// Create the string of arguments to send to az ad app create
         /// </summary>
-        /// <param name="AADName">Name of the new AAD application</param>
+        /// <param name="AADAppRegistrationName">Name of the new AAD application</param>
         /// <param name="appName">Name of an existing Azure Application to link to this AAD application</param>
         /// <returns></returns>
-        private string CreateQuery(string AADName, string appName, out string tempFile, out string clientSecret, out List<string> replyUrls, out string hostName)
+        private string GetCommandLineArguments(string AADAppRegistrationName, string appName, out string clientSecret, out List<string> replyUrls, out string hostName)
         {
             clientSecret = GeneratePassword(128);
             string authCallback = "/.auth/login/aad/callback";
 
             var requiredResourceAccess = GetRequiredResourceAccesses();
+
             // It is easiest to pass them in the right format to the az CLI via a (temp) file + filename
-            tempFile = $"{Guid.NewGuid()}.txt";
-            File.WriteAllText(tempFile, JsonConvert.SerializeObject(requiredResourceAccess));
+            File.WriteAllText(_requiredResourceFilename, JsonConvert.SerializeObject(requiredResourceAccess));
 
             // Based on whether or not this AAD application is to be used in production or a local environment,
             // these parameters are different (plus reply URLs):
@@ -122,7 +126,7 @@ private string CreateQuery(string AADName, string appName, out string tempFile,
             {
                 // OAuth is port sensitive. There is no way of using a wildcard in the reply URLs to allow for variable ports
                 // Set the port in the reply URLs to the default used by the Functions Host
-                identifierUrl = "http://" + AADName + ".localhost";
+                identifierUrl = "http://" + AADAppRegistrationName + ".localhost";
                 homepage = "http://localhost:" + StartHostAction.DefaultPort;
                 hostName = "localhost:" + StartHostAction.DefaultPort;
                 string localhostSSL = "https://localhost:" + StartHostAction.DefaultPort + authCallback;
@@ -149,8 +153,8 @@ private string CreateQuery(string AADName, string appName, out string tempFile,
 
             string serializedReplyUrls = string.Join(" ", replyUrls.ToArray<string>());
 
-            return $"--display-name {AADName} --homepage {homepage} --identifier-uris {identifierUrl} --password {clientSecret}" +
-                    $" --reply-urls {serializedReplyUrls} --oauth2-allow-implicit-flow true --required-resource-access @{tempFile}";
+            return $"--display-name {AADAppRegistrationName} --homepage {homepage} --identifier-uris {identifierUrl} --password {clientSecret}" +
+                    $" --reply-urls {serializedReplyUrls} --oauth2-allow-implicit-flow true --required-resource-access @{_requiredResourceFilename}";
 
         }
 
@@ -213,7 +217,7 @@ private List<requiredResourceAccess> GetRequiredResourceAccesses()
         private void CreateAndCommitAuthSettings(string hostName, string clientId, string clientSecret, string tenant, List<string> replyUrls)
         {
             // The WEBSITE_AUTH_ALLOWED_AUDIENCES setting is of the form "{replyURL1} {replyURL2}"
-            string serializedReplyUrls = string.Join(" ", replyUrls.ToArray<string>());
+            string serializedReplyUrls = string.Join(" ", replyUrls);
 
             // Create a local auth .json file that will be used by the middleware
             var middlewareAuthSettingsFile = SecretsManager.MiddlewareAuthSettingsFileName;
@@ -265,24 +269,19 @@ public static string GetCSProjFilePath()
             }
 
             // If we're in the function root\bin\debug\netstandard2.x, the .csproj file will be up three directories
-            try
+            var functionDir = Path.GetFullPath(Path.Combine(Environment.CurrentDirectory, @"..\..\..\"));
+
+            if (Directory.Exists(functionDir))
             {
-                var functionDir = Path.GetFullPath(Path.Combine(Environment.CurrentDirectory, @"..\..\..\"));
                 var functionDirProjFiles = FileSystemHelpers.GetFiles(functionDir, searchPattern: "*.csproj").ToList();
 
                 if (functionDirProjFiles.Count == 1)
                 {
                     return functionDirProjFiles.First();
                 }
-                else
-                {
-                    return null;
-                }
-            }
-            catch (DirectoryNotFoundException e)
-            {
-                return null;
             }
+
+            return null;
         }
 
         /// <summary>
@@ -319,11 +318,11 @@ private static void ModifyCSProj(string csProj)
         private Dictionary<string, string> CreateAuthSettingsToPublish(string clientId, string clientSecret, string tenant, List<string> replyUrls)
         {
             // The 'allowedAudiences' setting of /config/authsettings is of the form ["{replyURL1}", "{replyURL2}"]
-            string serializedArray = JsonConvert.SerializeObject(replyUrls, Formatting.Indented);
+            string serializedReplyUrls = JsonConvert.SerializeObject(replyUrls, Formatting.Indented);
 
             var authSettingsToPublish = new Dictionary<string, string>
             {
-                { "allowedAudiences", serializedArray },
+                { "allowedAudiences", serializedReplyUrls },
                 { "isAadAutoProvisioned", "True" },
                 { "clientId", clientId },
                 { "clientSecret", clientSecret },

src/Azure.Functions.Cli/Common/AuthSettingsFile.cs

@@ -18,15 +18,32 @@ class AuthSettingsFile
 
         public AuthSettingsFile(string filePath)
         {
-            _filePath = filePath;
-            try
+            _filePath = filePath ?? throw new CliException("Received null value for auth settings filename.");
+
+            string path = Path.Combine(Environment.CurrentDirectory, _filePath);
+
+            if (File.Exists(path))
             {
-                string path = Path.Combine(Environment.CurrentDirectory, _filePath);
-                var content = FileSystemHelpers.ReadAllTextFromFile(path);
-                var authSettings = JObject.Parse(content);
-                Values = new Dictionary<string, string>(authSettings.ToObject<Dictionary<string, string>>(), StringComparer.OrdinalIgnoreCase);
+                try
+                {
+                    var content = FileSystemHelpers.ReadAllTextFromFile(path);
+                    var authSettings = JObject.Parse(content);
+                    Values = new Dictionary<string, string>(authSettings.ToObject<Dictionary<string, string>>(), StringComparer.OrdinalIgnoreCase);
+                }
+                catch (UnauthorizedAccessException unauthorizedAccess)
+                {
+                    throw new CliException(unauthorizedAccess.Message);
+                }
+                catch (JsonReaderException jsonError)
+                {
+                    throw new CliException(jsonError.Message);
+                }
+                catch (Exception generic)
+                {
+                    throw new CliException(generic.ToString());
+                }
             }
-            catch
+            else
             {
                 Values = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
                 IsEncrypted = false;
@@ -55,7 +72,18 @@ public void RemoveSetting(string name)
 
         public void Commit()
         {
-            FileSystemHelpers.WriteAllTextToFile(_filePath, JsonConvert.SerializeObject(this.GetValues(), Formatting.Indented));
+            try
+            {
+                FileSystemHelpers.WriteAllTextToFile(_filePath, JsonConvert.SerializeObject(this.GetValues(), Formatting.Indented));
+            }
+            catch (UnauthorizedAccessException unauthorizedAccess)
+            {
+                throw new CliException(unauthorizedAccess.Message);
+            }
+            catch (Exception generic)
+            {
+                throw new CliException(generic.ToString());
+            }
         }
 
         public IDictionary<string, string> GetValues()
@@ -64,8 +92,8 @@ public IDictionary<string, string> GetValues()
             {
                 try
                 {
-                    return Values.ToDictionary(k => k.Key, v => string.IsNullOrEmpty((string)v.Value) ? string.Empty :
-                        Encoding.Default.GetString(ProtectedData.Unprotect(Convert.FromBase64String((string)v.Value), reason)));
+                    return Values.ToDictionary(k => k.Key, v => string.IsNullOrEmpty(v.Value) ? string.Empty :
+                        Encoding.Default.GetString(ProtectedData.Unprotect(Convert.FromBase64String(v.Value), reason)));
                 }
                 catch (Exception e)
                 {
@@ -74,7 +102,7 @@ public IDictionary<string, string> GetValues()
             }
             else
             {
-                return Values.ToDictionary(k => k.Key, v => (string)v.Value);
+                return Values.ToDictionary(k => k.Key, v => v.Value);
             }
         }
     }

src/Azure.Functions.Cli/Common/Constants.cs

@@ -89,7 +89,7 @@ public static class ResourceAccessTypes
                    {
                        MicrosoftGraphReadPermissions.FilesRead,
                        MicrosoftGraphReadPermissions.MailRead,
-                       MicrosoftGraphReadPermissions.UserRead // TODO !! check if this is the case
+                       MicrosoftGraphReadPermissions.UserRead
                    }
                },
                { ("outlook", BindingDirection.In), new List<Guid>

src/Azure.Functions.Cli/Common/SecretsManager.cs

@@ -33,7 +33,7 @@ public static string MiddlewareAuthSettingsFilePath
             get
             {
                 var authFile = "local.middleware.json";
-                var rootPath = ScriptHostHelpers.GetFunctionAppRootDirectory(Environment.CurrentDirectory, new List<string>
+                var rootPath = ScriptHostHelpers.GetFunctionAppRootDirectory(Environment.CurrentDirectory, new []
                 {
                     ScriptConstants.HostMetadataFileName,
                     authFile,

src/Azure.Functions.Cli/Common/Utilities.cs

@@ -88,12 +88,5 @@ internal static bool EqualsIgnoreCaseAndSpace(string str, string another)
         {
             return str.Replace(" ", string.Empty).Equals(another.Replace(" ", string.Empty), StringComparison.OrdinalIgnoreCase);
         }
-
-        public static Uri SetPort(this Uri uri, int newPort)
-        {
-            var builder = new UriBuilder(uri);
-            builder.Port = newPort;
-            return builder.Uri;
-        }
     }
 }

src/Azure.Functions.Cli/Helpers/AzureHelper.cs

@@ -17,6 +17,7 @@ namespace Azure.Functions.Cli.Helpers
     public static class AzureHelper
     {
         private static string _storageApiVersion = "2018-02-01";
+        private static string _authSettingsApiVersion = "2018-02-01";
 
         public static async Task<Site> GetFunctionApp(string name, string accessToken)
         {
@@ -252,7 +253,7 @@ public static async Task<HttpResult<Dictionary<string, string>, string>> UpdateF
 
         public static async Task<HttpResult<Dictionary<string, string>, string>> UpdateFunctionAppAuthSettings(Site site, string accessToken)
         {
-            var url = new Uri($"{ArmUriTemplates.ArmUrl}{site.SiteId}/config/authsettings?api-version={_storageApiVersion}");
+            var url = new Uri($"{ArmUriTemplates.ArmUrl}{site.SiteId}/config/authsettings?api-version={_authSettingsApiVersion}");
             var response = await ArmClient.HttpInvoke(HttpMethod.Put, url, accessToken, new { properties = site.AzureAuthSettings });
             if (response.IsSuccessStatusCode)
             {