From e8bb47730a5953352cc5c4caba72f3980740e405 Mon Sep 17 00:00:00 2001
From: jennyf19 <jeferrie@microsoft.com>
Date: Tue, 8 Dec 2020 12:48:21 -0800
Subject: [PATCH] fix tsa issues (#827)

* fix tsa issues

* pass empty options
---
 .../MicrosoftIdentity/Controllers/AccountController.cs    | 2 +-
 ...rosoftIdentityWebApiAuthenticationBuilderExtensions.cs | 2 +-
 .../MicrosoftIdentityWebAppAuthenticationBuilder.cs       | 8 ++++----
 ...rosoftIdentityWebAppAuthenticationBuilderExtensions.cs | 7 ++++---
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs b/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs
index 87d602e07..6e23b0af3 100644
--- a/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs
+++ b/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs
@@ -74,7 +74,7 @@ public IActionResult Challenge(
                 { Constants.Claims, claims },
                 { Constants.Policy, policy },
             };
-            Dictionary<string, object> parameters = new Dictionary<string, object>
+            Dictionary<string, object?> parameters = new Dictionary<string, object?>
             {
                 { Constants.LoginHint, loginHint },
                 { Constants.DomainHint, domainHint },
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
index b59aac5ae..405a79a79 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
@@ -219,7 +219,7 @@ private static void AddMicrosoftIdentityWebApiImplementation(
                     var tokenValidatedHandler = options.Events.OnTokenValidated;
                     options.Events.OnTokenValidated = async context =>
                     {
-                        if (!microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL && !context.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
+                        if (!microsoftIdentityOptions.AllowWebApiToBeAuthorizedByACL && !context!.Principal.Claims.Any(x => x.Type == ClaimConstants.Scope)
                             && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Scp)
                             && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Roles)
                             && !context.Principal.Claims.Any(y => y.Type == ClaimConstants.Role))
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
index 8db266378..78dc88997 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -121,7 +121,7 @@ internal static void WebAppCallsWebApiImplementation(
                        var codeReceivedHandler = options.Events.OnAuthorizationCodeReceived;
                        options.Events.OnAuthorizationCodeReceived = async context =>
                        {
-                           var tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService<ITokenAcquisitionInternal>();
+                           var tokenAcquisition = context!.HttpContext.RequestServices.GetRequiredService<ITokenAcquisitionInternal>();
                            await tokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(context, options.Scope).ConfigureAwait(false);
                            await codeReceivedHandler(context).ConfigureAwait(false);
                        };
@@ -130,7 +130,7 @@ internal static void WebAppCallsWebApiImplementation(
                        var onTokenValidatedHandler = options.Events.OnTokenValidated;
                        options.Events.OnTokenValidated = async context =>
                        {
-                           string? clientInfo = context.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);
+                           string? clientInfo = context!.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);
 
                            if (!string.IsNullOrEmpty(clientInfo))
                            {
@@ -138,8 +138,8 @@ internal static void WebAppCallsWebApiImplementation(
 
                                if (clientInfoFromServer != null)
                                {
-                                   context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));
-                                   context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));
+                                   context!.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));
+                                   context!.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));
                                }
                            }
 
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index e7421273f..b6b637c32 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -116,7 +116,7 @@ public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityW
             Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
             Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,
             string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,
-            string cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
+            string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
             bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false)
         {
             if (builder == null)
@@ -186,7 +186,7 @@ private static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftWebAppWi
         Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
         Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions,
         string openIdConnectScheme,
-        string cookieScheme,
+        string? cookieScheme,
         bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents)
         {
             if (!AppServicesAuthenticationInformation.IsAppServicesAadAuthenticationEnabled)
@@ -237,7 +237,8 @@ private static void AddMicrosoftIdentityWebAppInternal(
 
             if (!string.IsNullOrEmpty(cookieScheme))
             {
-                builder.AddCookie(cookieScheme, configureCookieAuthenticationOptions);
+                Action<CookieAuthenticationOptions> emptyOption = option => { };
+                builder.AddCookie(cookieScheme, configureCookieAuthenticationOptions ?? emptyOption);
             }
 
             builder.Services.TryAddSingleton<MicrosoftIdentityIssuerValidatorFactory>();