def test_serialization():
expected = {
"authority": "http://localhost",
"clientId": "client-id",
"homeAccountId": "object-id.tenant-id",
"tenantId": "tenant-id",
"username": "******",
"version": "1.0",
}
record = AuthenticationRecord(
expected["tenantId"],
expected["clientId"],
expected["authority"],
expected["homeAccountId"],
expected["username"],
)
serialized = record.serialize()
assert json.loads(serialized) == expected
deserialized = AuthenticationRecord.deserialize(serialized)
assert sorted(vars(deserialized)) == sorted(vars(record))
assert record.authority == deserialized.authority == expected["authority"]
assert record.client_id == deserialized.client_id == expected["clientId"]
assert record.home_account_id == deserialized.home_account_id == expected[
"homeAccountId"]
assert record.tenant_id == deserialized.tenant_id == expected["tenantId"]
assert record.username == deserialized.username == expected["username"]
def _azure_interactive_auth(self):
if self._authentication_record_json is None:
_interactive_credential = DeviceCodeCredential(
tenant_id=self._tenant_id,
timeout=180,
prompt_callback=None,
_cache=load_persistent_cache(
TokenCachePersistenceOptions(
name=self._azure_cred_cache_name,
allow_unencrypted_storage=True,
cache_location=self._azure_cred_cache_location)))
_auth_record = _interactive_credential.authenticate()
self._authentication_record_json = _auth_record.serialize()
else:
deserialized_auth_record = AuthenticationRecord.deserialize(
self._authentication_record_json)
_interactive_credential = DeviceCodeCredential(
tenant_id=self._tenant_id,
timeout=180,
prompt_callback=None,
_cache=load_persistent_cache(
TokenCachePersistenceOptions(
name=self._azure_cred_cache_name,
allow_unencrypted_storage=True,
cache_location=self._azure_cred_cache_location)),
authentication_record=deserialized_auth_record)
return _interactive_credential
def test_unknown_version(version):
"""deserialize should raise ValueError when the data doesn't contain a known version"""
data = {
"authority": "http://localhost",
"clientId": "client-id",
"homeAccountId": "object-id.tenant-id",
"tenantId": "tenant-id",
"username": "******",
}
if version:
data["version"] = version
with pytest.raises(ValueError, match=".*{}.*".format(version)) as ex:
AuthenticationRecord.deserialize(json.dumps(data))
assert str(SUPPORTED_VERSIONS) in str(ex.value)
def get_auth_record(self) -> AuthenticationRecord:
result = None
try:
with open(AUTH_RECORD_LOCATION, 'r') as file:
result = file.read()
return AuthenticationRecord.deserialize(result)
except IOError as ex:
raise CLIException('Login to run this command') from ex
def _get_cache_args(token_path: Path):
cache_args = {
'cache_persistence_options':
TokenCachePersistenceOptions(name='parsedmarc')
}
auth_record = _load_token(token_path)
if auth_record:
cache_args['authentication_record'] = \
AuthenticationRecord.deserialize(auth_record)
return cache_args
def test_serialization():
"""serialize should accept arbitrary additional key/value pairs, which deserialize should ignore"""
attrs = ("authority", "client_id", "home_account_id", "tenant_id",
"username")
nums = (n for n in range(len(attrs)))
record_values = {attr: next(nums) for attr in attrs}
record = AuthenticationRecord(**record_values)
serialized = record.serialize()
# AuthenticationRecord's fields should have been serialized
assert json.loads(serialized) == record_values
deserialized = AuthenticationRecord.deserialize(serialized)
# the deserialized record and the constructed record should have the same fields
assert sorted(vars(deserialized)) == sorted(vars(record))
# the constructed and deserialized records should have the same values
assert all(
getattr(deserialized, attr) == record_values[attr] for attr in attrs)
record = credential.authenticate()
print("\nAuthenticated first credential")
# The record contains no authentication secrets. You can serialize it to JSON for storage.
record_json = record.serialize()
# An authenticated credential is ready for use with a client. This request should succeed
# without prompting for authentication again.
client = SecretClient(VAULT_URL, credential)
secret_names = [s.name for s in client.list_properties_of_secrets()]
print("\nCompleted request with first credential")
# An authentication record stored by your application enables other credentials to access data from
# past authentications. If the cache contains sufficient data, this eliminates the need for your
# application to prompt for authentication every time it runs.
deserialized_record = AuthenticationRecord.deserialize(record_json)
new_credential = InteractiveBrowserCredential(
cache_persistence_options=TokenCachePersistenceOptions(),
authentication_record=deserialized_record)
# This request should also succeed without prompting for authentication.
client = SecretClient(VAULT_URL, new_credential)
secret_names = [s.name for s in client.list_properties_of_secrets()]
print("\nCompleted request with credential using shared cache")
# To isolate the token cache from other applications, you can provide a cache name to TokenCachePersistenceOptions.
separate_cache_credential = InteractiveBrowserCredential(
cache_persistence_options=TokenCachePersistenceOptions(name="my_app"),
authentication_record=deserialized_record)
# This request should prompt for authentication since the credential is using a separate cache.
