Merge branch 'dev' into import_file_extension_fixes

extensions/samples/msal-node-extensions/index.js

@@ -52,7 +52,7 @@ PersistenceCreator
         // get url to sign user in and consent to scopes needed for application
         pca.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
             res.redirect(response);
-        }).catch((error) => console.log(JSON.stringify(error)));
+        });
     });
 
     app.get('/redirect', (req, res) => {
@@ -66,7 +66,7 @@ PersistenceCreator
             console.log("\nResponse: \n", response);
             res.sendStatus(200);
         }).catch((error) => {
-            console.log(error);
+            console.error(error.errorMessage);
             res.status(500).send(error);
         });
     });

samples/e2eTestUtils/src/CertificateUtils.ts

@@ -15,6 +15,28 @@ const p12FilePath = path.join(__dirname, "certificate.p12");
 const certificateKEY = path.join(__dirname, "certificate.key");
 const certificateCER = path.join(__dirname, "certificate.cer");
 
+/**
+ * Retrieves certificate information from Azure Key Vault, extracts the private key and certificate(s),
+ * and verifies the private key with the certificate chain to ensure proper matching.
+ *
+ * This function handles the extraction of a PKCS#12 certificate stored as a secret in Azure Key Vault,
+ * splits it into the private key and certificate(s), and validates the match between the private key
+ * and the certificates. It also ensures the correct order of certificates in the chain (if necessary).
+ *
+ * **Note:** The function writes temporary files to the local filesystem and cleans them up after the process is complete.
+ * 
+ * @async
+ * @param {any} client - The Azure Key Vault client object used to interact with the Key Vault.
+ * @param {string} secretName - The name of the secret in Key Vault that contains the base64-encoded PKCS#12 certificate.
+ * 
+ * @returns {Promise<Array<string>>} A promise that resolves to an array containing:
+ *  - The thumbprint (SHA-256 hash) of the certificate in the correct order.
+ *  - The private key extracted from the PKCS#12 certificate.
+ *  - The full certificate chain (x5c) in PEM format, including all certificates.
+ * 
+ * @throws {Error} If an error occurs while processing the PKCS#12 certificate, such as a malformed certificate or mismatched private key.
+ * @throws {Error} If the private key does not match any of the certificates in the chain.
+ */
 export const getCertificateInfo = async (
     client: any,
     secretName: string

samples/e2eTestUtils/src/LabConfig.ts

@@ -3,7 +3,7 @@ import { MsidApp } from "./MsidApp";
 import { MsidLab } from "./MsidLab";
 
 export type LabConfig = {
-    user: MsidUser,
-    app: MsidApp,
-    lab: MsidLab
+    user: MsidUser;
+    app: MsidApp;
+    lab: MsidLab;
 };

samples/e2eTestUtils/src/MsidApp.ts

@@ -1,11 +1,11 @@
 export type MsidApp = {
-    appName?: string,
-    appId?: string,
-    authority?: string,
-    b2cAuthorities?: string,
-    defaultScopes?: string,
-    appRoles?: string,
-    multitenantApp?: string,
-    clientSecret?: string,
-    clientCertificate?: string
+    appName?: string;
+    appId?: string;
+    authority?: string;
+    b2cAuthorities?: string;
+    defaultScopes?: string;
+    appRoles?: string;
+    multitenantApp?: string;
+    clientSecret?: string;
+    clientCertificate?: string;
 };

samples/e2eTestUtils/src/MsidLab.ts

@@ -1,11 +1,11 @@
 export type MsidLab = {
-    labName?: string,
-    region?: string,
-    id?: number,
-    tenantId?: string,
-    federationProvider?: string,
-    azureEnvironment?: string,
-    credentialKeyVaultKeyName?: string,
-    authority?: string,
-    adfsEndpoint?: string
+    labName?: string;
+    region?: string;
+    id?: number;
+    tenantId?: string;
+    federationProvider?: string;
+    azureEnvironment?: string;
+    credentialKeyVaultKeyName?: string;
+    authority?: string;
+    adfsEndpoint?: string;
 };

samples/msal-browser-samples/HybridSample/routes/auth.js

@@ -31,11 +31,8 @@ router.get('/login', (req, res) => {
     // Generate auth code url and redirect the user
     msalInstance.getAuthCodeUrl(authCodeUrlParameters)
         .then((response) => {
-            console.log("getAuthCodeURL RESPONSE");
-            console.log(response);
             res.redirect(response);
-        })
-        .catch((error) => console.log(JSON.stringify(error)));
+        });
 });
 
 // Route to capture auth code that will be posted by AAD
@@ -105,7 +102,6 @@ router.post('/server-redirect', (req, res) => {
         })
         .catch((error) => {
             console.timeEnd(timeLabel);
-            console.log(error);
             res.status(500).send(error);
         });
 });

samples/msal-node-samples/AGC-README.md

@@ -3,12 +3,12 @@ The non-AGC E2E tests are not able to be run in the AGCE. In order to run - and
 The following seven environment variables must be set in powershell before running the AGC E2E tests. They can be set via the following commands:
 
 1. $env:GRAPH_URL = "The URL of Microsoft Graph API"
-This can be found in the Microsoft Entra admin center in the application's App Registration
-Important to note: "/v1.0/me" and "/.default" should not be appended to the end of the URL.
-These parts of the URL are already accounted for in the E2E tests.
+   This can be found in the Microsoft Entra admin center in the application's App Registration
+   Important to note: "/v1.0/me" and "/.default" should not be appended to the end of the URL.
+   These parts of the URL are already accounted for in the E2E tests.
 
 2. $env:AUTHORITY = "The URL that indicates a directory that MSAL can request tokens from."
-This can be found in the Microsoft Entra admin center in the application's App Registration
+   This can be found in the Microsoft Entra admin center in the application's App Registration
 
 3. $env:KEY_VAULT_URL = "The URL to the key vault where the test user's credentials are stored"
 
@@ -17,8 +17,8 @@ This can be found in the Microsoft Entra admin center in the application's App R
 5. $env:AZURE_CLIENT_ID = "The application (client) ID registered in the Microsoft Entra tenant"
 
 6. $env:AZURE_CLIENT_SECRET = "The client secret for the registered application"
-It is important to note that the AZURE_CLIENT_ID and AZURE_CLIENT_SECRET values will change depending on if the E2E test is utilizing a confidential or public client.
+   It is important to note that the AZURE_CLIENT_ID and AZURE_CLIENT_SECRET values will change depending on if the E2E test is utilizing a confidential or public client.
 
 7. $env:NODE_EXTRA_CA_CERTS = "pathToCert"
-Certificate chains in the AGC are re-signed with an AGC Certificate Authority certificate. NodeJS does not interact with Windows to get a list of Certificate Authorities to trust. Therefore, you must use the NODE_EXTRA_CA_CERTS environment variable to pass the chain of certificates that was re-signed by the AGC certificate.
-The following article provides more context and shows how to re-chain the certificates: https://medium.com/zowe/zowe-cli-providing-node-extra-ca-certs-117727d936e5.
+   Certificate chains in the AGC are re-signed with an AGC Certificate Authority certificate. NodeJS does not interact with Windows to get a list of Certificate Authorities to trust. Therefore, you must use the NODE_EXTRA_CA_CERTS environment variable to pass the chain of certificates that was re-signed by the AGC certificate.
+   The following article provides more context and shows how to re-chain the certificates: https://medium.com/zowe/zowe-cli-providing-node-extra-ca-certs-117727d936e5.

samples/msal-node-samples/ElectronSystemBrowserTestApp/src/App.ts

@@ -1,5 +1,5 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License
 
-import Main from './Main';
-Main.main();
+import Main from "./Main";
+Main.main();

samples/msal-node-samples/ElectronSystemBrowserTestApp/src/AuthProvider.ts

@@ -60,7 +60,7 @@ export default class AuthProvider {
                 .removeAccount(this.account);
             this.account = null;
         } catch (error) {
-            console.log(error);
+            console.error(error);
         }
     }
 
@@ -121,7 +121,9 @@ export default class AuthProvider {
              * A loopback server of your own implementation, which can have custom logic
              * such as attempting to listen on a given port if it is available.
              */
-            const customLoopbackClient = await CustomLoopbackClient.initialize(3874);
+            const customLoopbackClient = await CustomLoopbackClient.initialize(
+                3874
+            );
 
             // opens a browser instance via Electron shell API
             const openBrowser = async (url: any) => {
@@ -141,7 +143,7 @@ export default class AuthProvider {
                 errorTemplate: fs
                     .readFileSync("./public/errorTemplate.html", "utf8")
                     .toString(),
-                loopbackClient: customLoopbackClient // overrides default loopback client
+                loopbackClient: customLoopbackClient, // overrides default loopback client
             };
 
             const authResponse =

samples/msal-node-samples/ElectronSystemBrowserTestApp/src/CachePlugin.ts

@@ -6,14 +6,12 @@ import { ICachePlugin, TokenCacheContext } from "@azure/msal-node";
 import * as fs from "fs";
 import { CACHE_LOCATION } from "./Constants";
 
-
-
 export const cachePlugin = (CACHE_LOCATION: string): ICachePlugin => {
     const beforeCacheAccess = async (cacheContext: TokenCacheContext) => {
         return new Promise<void>(async (resolve, reject) => {
             if (fs.existsSync(CACHE_LOCATION)) {
-                fs.readFile(CACHE_LOCATION, "utf-8", (err, data) => {
-                    if (err) {
+                fs.readFile(CACHE_LOCATION, "utf-8", (error, data) => {
+                    if (error) {
                         reject();
                     } else {
                         cacheContext.tokenCache.deserialize(data);
@@ -24,10 +22,10 @@ export const cachePlugin = (CACHE_LOCATION: string): ICachePlugin => {
                 fs.writeFile(
                     CACHE_LOCATION,
                     cacheContext.tokenCache.serialize(),
-                    (err) => {
-                        if (err) {
+                    (error) => {
+                        if (error) {
                             reject();
-                        } 
+                        }
                     }
                 );
             }
@@ -39,10 +37,10 @@ export const cachePlugin = (CACHE_LOCATION: string): ICachePlugin => {
             fs.writeFile(
                 CACHE_LOCATION,
                 cacheContext.tokenCache.serialize(),
-                (err) => {
-                    if (err) {
-                        console.log(err);
-                    } 
+                (error) => {
+                    if (error) {
+                        console.error(error);
+                    }
                 }
             );
         }

samples/msal-node-samples/ElectronSystemBrowserTestApp/src/Constants.ts

@@ -6,10 +6,9 @@
 // Add here the endpoints for MS Graph API services you would like to use.
 export const GRAPH_CONFIG = {
     GRAPH_ME_ENDPT: "/me",
-    GRAPH_MAIL_ENDPT: "/me/messages"
+    GRAPH_MAIL_ENDPT: "/me/messages",
 };
 
-
 export enum IpcMessages {
     SHOW_WELCOME_MESSAGE = "SHOW_WELCOME_MESSAGE",
     LOGIN = "LOGIN",
@@ -23,7 +22,7 @@ export enum IpcMessages {
 
 export const APPLICATION_DIMENSIONS = {
     WIDTH: 1000,
-    HEIGHT: 1000
-}
+    HEIGHT: 1000,
+};
 
-export const CACHE_LOCATION = "./data/cache.json";
+export const CACHE_LOCATION = "./data/cache.json";