From 028bd7fc63ede742ad58867e6ec97466b767f5f9 Mon Sep 17 00:00:00 2001
From: David Rodriguez <davidj@intelequia.com>
Date: Tue, 7 Nov 2023 23:04:55 +0000
Subject: [PATCH] Fix stack overflow issue when validating tokens

---
 .../AzureADProvider.dnn                       |  2 +-
 .../AzureADReleaseNotes.txt                   |  4 +++-
 .../Components/AadController.cs               |  5 +---
 .../Components/AzureClient.cs                 | 24 +++++++++++++------
 .../DotNetNuke.Authentication.Azure.nuspec    |  2 +-
 .../Properties/AssemblyInfo.cs                |  4 ++--
 docs/images/DNNAzureAD_LatestRelease.svg      |  4 ++--
 7 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/DotNetNuke.Authentication.Azure/AzureADProvider.dnn b/DotNetNuke.Authentication.Azure/AzureADProvider.dnn
index 7075798..662f762 100644
--- a/DotNetNuke.Authentication.Azure/AzureADProvider.dnn
+++ b/DotNetNuke.Authentication.Azure/AzureADProvider.dnn
@@ -1,6 +1,6 @@
 <dotnetnuke type="Package" version="5.0">
   <packages>
-    <package name="AzureADProvider" type="Auth_System" version="04.04.04">
+    <package name="AzureADProvider" type="Auth_System" version="04.04.05">
       <friendlyName>DNN Azure Active Directory Provider</friendlyName>
       <description>
         The DNN Azure Active Directory Provider is an Authentication provider for DNN Platform that uses Azure Active Directory OAuth2 authentication to authenticate users.
diff --git a/DotNetNuke.Authentication.Azure/AzureADReleaseNotes.txt b/DotNetNuke.Authentication.Azure/AzureADReleaseNotes.txt
index d1fa044..3ada4fc 100644
--- a/DotNetNuke.Authentication.Azure/AzureADReleaseNotes.txt
+++ b/DotNetNuke.Authentication.Azure/AzureADReleaseNotes.txt
@@ -2,11 +2,13 @@
 <p style="margin: 0"><a href="http://davidjrh.intelequia.com" target="_new">David Rodriguez</a><br /><a href="mailto:davidj@intelequia.com">davidj@intelequia.com</a></p>
 <p style="margin: 0"><strong>About the DNN Azure Active Directory Authorization Provider</strong></p>
 
-<p style="margin: 0"><b>Version 04.04.04</b></p>
+<p style="margin: 0"><b>Version 04.04.05</b></p>
 <p style="margin: 0">
 # Maintenance
 * Updated project to exclude content from NuGet package by using a .nuspec file
 * Properly exclude packages and node_modules
+# Bug Fixes
+* Fix stack overflow exception
 </p>
 
 <p style="margin: 0"><b>Version 04.04.01</b></p>
diff --git a/DotNetNuke.Authentication.Azure/Components/AadController.cs b/DotNetNuke.Authentication.Azure/Components/AadController.cs
index 074e4c1..24ed7cd 100644
--- a/DotNetNuke.Authentication.Azure/Components/AadController.cs
+++ b/DotNetNuke.Authentication.Azure/Components/AadController.cs
@@ -281,10 +281,7 @@ private static UserInfo GetOrCreateCachedUserInfo(JwtSecurityToken jwt, PortalSe
             var cache = DotNetNuke.Services.Cache.CachingProvider.Instance();
             if (string.IsNullOrEmpty((string)cache.GetItem($"SyncAADToken|{tokenKey}")))
             {
-                var azureClient = new AzureClient(portalSettings.PortalId, AuthMode.Login)
-                {
-                    JwtIdToken = jwt
-                };
+                var azureClient = new AzureClient(portalSettings.PortalId, AuthMode.Login, jwt);
                 azureClient.SetAuthTokenInternal(jwt.RawData);
                 azureClient.SetAutoMatchExistingUsers(true);
                 var userData = azureClient.GetCurrentUserInternal(jwt);
diff --git a/DotNetNuke.Authentication.Azure/Components/AzureClient.cs b/DotNetNuke.Authentication.Azure/Components/AzureClient.cs
index 26b9cd9..b50a103 100644
--- a/DotNetNuke.Authentication.Azure/Components/AzureClient.cs
+++ b/DotNetNuke.Authentication.Azure/Components/AzureClient.cs
@@ -88,7 +88,7 @@ private GraphClient GraphClient
                 return _graphClient;
             }
         }
-        private readonly AzureConfig Settings;
+        private AzureConfig Settings;
 
         private List<ProfileMapping> _customClaimsMappings;
         public List<ProfileMapping> CustomClaimsMappings
@@ -250,7 +250,7 @@ public bool PrefixServiceToGroupName
         #region Constructors
 
         internal JwtSecurityToken JwtIdToken { get; set; }
-        public Uri LogoutEndpoint { get; }
+        public Uri LogoutEndpoint { get; set; }
 
         private bool _autoMatchExistingUsers = false;
         public override bool AutoMatchExistingUsers
@@ -277,18 +277,28 @@ private int GetCalculatedPortalId()
 
         public string RedirectUrl { get; set; }
 
+        public AzureClient(int portalId, AuthMode mode) 
+            : base(portalId, mode, AzureConfig.ServiceName)
+        {
+            Initialize(portalId, mode, null);
+        }
 
-        public AzureClient(int portalId, AuthMode mode, JwtSecurityToken jwt = null) 
+        public AzureClient(int portalId, AuthMode mode, JwtSecurityToken jwt)
             : base(portalId, mode, AzureConfig.ServiceName)
+        {
+            Initialize(portalId, mode, jwt);
+        }
+
+        private void Initialize(int portalId, AuthMode mode, JwtSecurityToken jwt)
         {
             Settings = new AzureConfig(AzureConfig.ServiceName, portalId);
 
             TokenMethod = HttpMethod.POST;
-    
-            
+
+
             if (!string.IsNullOrEmpty(Settings.TenantId))
             {
-                TokenEndpoint = new Uri(string.Format(Utils.GetAppSetting("AzureAD.TokenEndpointPattern", TokenEndpointPattern), Settings.TenantId));  
+                TokenEndpoint = new Uri(string.Format(Utils.GetAppSetting("AzureAD.TokenEndpointPattern", TokenEndpointPattern), Settings.TenantId));
                 LogoutEndpoint = new Uri(string.Format(Utils.GetAppSetting("AzureAD.LogoutEndpointPattern", LogoutEndpointPattern), Settings.TenantId, UrlEncode(HttpContext.Current.Request.Url.ToString())));
                 AuthorizationEndpoint = new Uri(string.Format(Utils.GetAppSetting("AzureAD.AuthorizationEndpointPattern", AuthorizationEndpointPattern), Settings.TenantId));
                 MeGraphEndpoint = new Uri(string.Format(Utils.GetAppSetting("AzureAD.GraphEndpointPattern", GraphEndpointPattern), Settings.TenantId));
@@ -406,7 +416,7 @@ internal void LoadTokenCookieInternal(string suffix, bool verifyToken = true)
             {
                 if (authTokenCookie.HasKeys)
                 {
-                    LoadToken(authTokenCookie.Values[OAuthTokenKey]);
+                    LoadTokenInternal(authTokenCookie.Values[OAuthTokenKey], verifyToken);
                 }
             }
         }
diff --git a/DotNetNuke.Authentication.Azure/DotNetNuke.Authentication.Azure.nuspec b/DotNetNuke.Authentication.Azure/DotNetNuke.Authentication.Azure.nuspec
index 4715ed0..cf78c85 100644
--- a/DotNetNuke.Authentication.Azure/DotNetNuke.Authentication.Azure.nuspec
+++ b/DotNetNuke.Authentication.Azure/DotNetNuke.Authentication.Azure.nuspec
@@ -2,7 +2,7 @@
 <package >
 	<metadata>
 		<id>DotNetNuke.Authentication.Azure</id>
-		<version>4.4.4</version>
+		<version>4.4.5</version>
 		<title>DotNetNuke.Authentication.Azure</title>
 		<authors>Intelequia Technologies</authors>
 		<owners>Intelequia Technologies</owners>
diff --git a/DotNetNuke.Authentication.Azure/Properties/AssemblyInfo.cs b/DotNetNuke.Authentication.Azure/Properties/AssemblyInfo.cs
index 44ac281..c8c35dd 100644
--- a/DotNetNuke.Authentication.Azure/Properties/AssemblyInfo.cs
+++ b/DotNetNuke.Authentication.Azure/Properties/AssemblyInfo.cs
@@ -28,6 +28,6 @@
 //
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
-[assembly: AssemblyVersion("4.4.4.0")]
-[assembly: AssemblyFileVersion("4.4.4.0")]
+[assembly: AssemblyVersion("4.4.5.0")]
+[assembly: AssemblyFileVersion("4.4.5.0")]
 
diff --git a/docs/images/DNNAzureAD_LatestRelease.svg b/docs/images/DNNAzureAD_LatestRelease.svg
index 4518d2c..fbbbfdf 100644
--- a/docs/images/DNNAzureAD_LatestRelease.svg
+++ b/docs/images/DNNAzureAD_LatestRelease.svg
@@ -12,7 +12,7 @@
 	</g><g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="110">
 		<text x="255" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="390">release</text>
 		<text x="255" y="140" transform="scale(.1)" textLength="390">release</text>
-		<text x="705" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="350">v4.4.1</text>
-		<text x="705" y="140" transform="scale(.1)" textLength="350">v4.4.1</text>
+		<text x="705" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="350">v4.4.5</text>
+		<text x="705" y="140" transform="scale(.1)" textLength="350">v4.4.5</text>
 	</g>
 </svg>