Merge pull request #90 from davidjrh/tenant-sync

feat: add separate tenant id option in sync settings

DotNetNuke.Authentication.Azure/AzureAD.Web/src/actions/settings.js

@@ -40,7 +40,8 @@ const settingsActions = {
                         redirectUri: data.redirectUri,
                         onErrorUri: data.onErrorUri,
                         tenantId: data.tenantId,
-                        aadAppClientId: data.aadAppClientId,                        
+                        aadTenantId: data.aadTenantId,
+                        aadAppClientId: data.aadAppClientId,
                         aadAppSecret: data.aadAppSecret,
                         jwtAudiences: data.jwtAudiences,
                         roleSyncEnabled: data.roleSyncEnabled,
@@ -134,6 +135,7 @@ const settingsActions = {
                     redirectUri: settings.redirectUri,
                     onErrorUri: settings.onErrorUri,
                     tenantId: settings.tenantId,
+                    aadTenantId: settings.aadTenantId,
                     aadAppClientId: settings.aadAppClientId,
                     aadAppSecret: settings.aadAppSecret,
                     jwtAudiences: settings.jwtAudiences,

DotNetNuke.Authentication.Azure/AzureAD.Web/src/components/advanced/sync/syncSettings.jsx

@@ -17,6 +17,7 @@ class SyncSettings extends Component {
 
         this.state = {
             error: {
+                aadTenantId: false,
                 aadAppClientId: false,
                 aadAppSecret: false
             }
@@ -32,6 +33,7 @@ class SyncSettings extends Component {
     UNSAFE_componentWillReceiveProps(nextProps) {
         const {state} = this;
 
+        state.error["aadTenantId"] = ((nextProps.roleSyncEnabled || nextProps.userSyncEnabled || nextProps.profileSyncEnabled) && nextProps.aadTenantId === "");
         state.error["aadAppClientId"] = ((nextProps.roleSyncEnabled || nextProps.userSyncEnabled || nextProps.profileSyncEnabled) && nextProps.aadAppClientId === "");
         state.error["aadAppSecret"] = ((nextProps.roleSyncEnabled || nextProps.userSyncEnabled || nextProps.profileSyncEnabled) && nextProps.aadAppSecret === "");
     }      
@@ -40,6 +42,7 @@ class SyncSettings extends Component {
         let {props} = this;
 
         props.dispatch(SettingsActions.settingsClientModified({
+            aadTenantId: (key === "AadTenantId") ? event.target.value : props.aadTenantId,
             aadAppClientId: (key === "AadAppClientId") ? event.target.value : props.aadAppClientId,
             aadAppSecret: (key === "AadAppSecret") ? event.target.value : props.aadAppSecret,
             roleSyncEnabled: (key === "roleSyncEnabled") ? !props.roleSyncEnabled : props.roleSyncEnabled,
@@ -59,6 +62,7 @@ class SyncSettings extends Component {
         let {props} = this;
 
         props.dispatch(SettingsActions.updateAdvancedSyncSettings({
+            aadTenantId: props.aadTenantId,
             aadAppClientId: props.aadAppClientId,
             aadAppSecret: props.aadAppSecret,
             roleSyncEnabled: props.roleSyncEnabled,
@@ -101,7 +105,17 @@ class SyncSettings extends Component {
                         <GridCell columnSize={100}>
                             <h1 className={"sectionLabel"}>{resx.get("lblAADSettings")}</h1>
                             <p>{resx.get("lblGraphClient.Help")}
-                            </p>                            
+                            </p>
+                            <SingleLineInputWithError
+                                withLabel={true}
+                                label={resx.get("lblTenantId")}
+                                enabled={true}
+                                error={this.state.error.aadTenantId}
+                                errorMessage={resx.get("lblTenantId.Error")}
+                                tooltipMessage={resx.get("lblTenantId.Help")}
+                                value={this.props.aadTenantId}
+                                onChange={this.onSettingChange.bind(this, "AadTenantId")}
+                            />
                             <SingleLineInputWithError
                                 withLabel={true}
                                 label={resx.get("lblAADAppClientId")}
@@ -155,7 +169,7 @@ class SyncSettings extends Component {
                                 {resx.get("Cancel")}
                             </Button>
                             <Button
-                                disabled={this.state.error.aadAppClientId || this.state.error.aadAppSecret }
+                                disabled={this.state.error.aadAppClientId || this.state.error.aadAppSecret || this.state.error.aadTenantId}
                                 type="primary"
                                 onClick={this.onClickSave.bind(this)}>
                                 {resx.get("SaveSettings")}
@@ -170,6 +184,7 @@ class SyncSettings extends Component {
 
 SyncSettings.propTypes = {
     dispatch: PropTypes.func.isRequired,
+    aadTenantId: PropTypes.string,
     aadAppClientId: PropTypes.string,
     aadAppSecret: PropTypes.string,
     roleSyncEnabled: PropTypes.bool,
@@ -182,6 +197,7 @@ SyncSettings.propTypes = {
 
 function mapStateToProps(state) {
     return {
+        aadTenantId: state.settings.aadTenantId,
         aadAppClientId: state.settings.aadAppClientId,
         aadAppSecret: state.settings.aadAppSecret,
         roleSyncEnabled: state.settings.roleSyncEnabled,

DotNetNuke.Authentication.Azure/AzureAD.Web/src/reducers/settingsReducer.js

@@ -16,6 +16,7 @@ export default function settings(state = {
                 redirectUri: action.data.redirectUri,
                 onErrorUri: action.data.onErrorUri,
                 tenantId: action.data.tenantId,
+                aadTenantId: action.data.aadTenantId,
                 aadAppClientId: action.data.aadAppClientId,
                 aadAppSecret: action.data.aadAppSecret,
                 jwtAudiences: action.data.jwtAudiences,
@@ -43,6 +44,7 @@ export default function settings(state = {
                 redirectUri: action.data.redirectUri,
                 onErrorUri: action.data.onErrorUri,
                 tenantId: action.data.tenantId,
+                aadTenantId: action.data.aadTenantId,
                 aadAppClientId: action.data.aadAppClientId,
                 aadAppSecret: action.data.aadAppSecret,
                 jwtAudiences: action.data.jwtAudiences,

DotNetNuke.Authentication.Azure/AzureADProvider.dnn

@@ -1,6 +1,6 @@
 <dotnetnuke type="Package" version="5.0">
   <packages>
-    <package name="AzureADProvider" type="Auth_System" version="04.02.01">
+    <package name="AzureADProvider" type="Auth_System" version="04.03.00">
       <friendlyName>DNN Azure Active Directory Provider</friendlyName>
       <description>
         The DNN Azure Active Directory Provider is an Authentication provider for DNN Platform that uses Azure Active Directory OAuth2 authentication to authenticate users.
@@ -175,7 +175,13 @@
               <version>04.00.00</version>
             </script>
 
-            <script type="UnInstall" >
+			  <script type="Install">
+				  <path>Providers\DataProviders\SqlDataProvider</path>
+				  <name>04.03.00.SqlDataProvider</name>
+				  <version>04.03.00</version>
+			  </script>
+
+			  <script type="UnInstall" >
               <path>Providers\DataProviders\SqlDataProvider</path>
               <name>uninstall.SqlDataProvider</name>
               <version>03.00.00</version>

DotNetNuke.Authentication.Azure/AzureADReleaseNotes.txt

@@ -2,6 +2,16 @@
 <p style="margin: 0"><a href="http://davidjrh.intelequia.com" target="_new">David Rodriguez</a><br /><a href="mailto:davidj@intelequia.com">davidj@intelequia.com</a></p>
 <p style="margin: 0"><strong>About the DNN Azure Active Directory Authorization Provider</strong></p>
 
+
+<p style="margin: 0"><b>Version 04.03.00</b></p>
+<p style="margin: 0">
+# New Features
+* Added separate tenant id option in sync settings to allow role syncing when using multi-tenant apps
+
+# Bug Fixes
+* Fixed an issue preventing the persona bar loading on child portals
+</p>
+
 <p style="margin: 0"><b>Version 04.02.01</b></p>
 <p style="margin: 0">
 # Bug fixes

DotNetNuke.Authentication.Azure/Common/Utils.cs

@@ -21,6 +21,7 @@
 
 #endregion
 
+using DotNetNuke.Authentication.Azure.Components;
 using DotNetNuke.Authentication.Azure.Data;
 using DotNetNuke.Common;
 using DotNetNuke.Common.Utilities;
@@ -166,6 +167,19 @@ public static string GetLastName(string displayName)
                 .TrimStart(' ');
         }
 
+        public static void ValidateAadParameters(AzureConfig settings)
+        {
+            ValidateAadParameters(-1, settings);
+        }
+
+        public static void ValidateAadParameters(int portalId, AzureConfig settings)
+        {
+            if (string.IsNullOrEmpty(settings.AADApplicationId) || string.IsNullOrEmpty(settings.AADApplicationKey) || string.IsNullOrEmpty(settings.AADTenantId))
+            {
+                throw new Exception("AAD tenant ID, application ID or application key are not valid" + (portalId >= 0 ? " on portal " + portalId : ""));
+            }
+        }
+
     }
 
 }

DotNetNuke.Authentication.Azure/Components/AzureClient.cs

@@ -78,12 +78,9 @@ private GraphClient GraphClient
             {
                 if (_graphClient == null)
                 {
-                    if (string.IsNullOrEmpty(Settings.AADApplicationId) || string.IsNullOrEmpty(Settings.AADApplicationKey))
-                    {
-                        throw new Exception("AAD application ID or key are not valid");
-                    }
+                    Utils.ValidateAadParameters(Settings);
 
-                    _graphClient = new GraphClient(Settings.AADApplicationId, Settings.AADApplicationKey, Settings.TenantId);
+                    _graphClient = new GraphClient(Settings.AADApplicationId, Settings.AADApplicationKey, Settings.AADTenantId);
                 }
                 return _graphClient;
             }

DotNetNuke.Authentication.Azure/Components/AzureConfig.cs

@@ -52,6 +52,7 @@ protected internal AzureConfig(string service, int portalId) : base(service, por
             TenantId = GetScopedSetting(Service + "_TenantId", portalId, "");
             AutoRedirect = bool.Parse(GetScopedSetting(Service + "_AutoRedirect", portalId, "false"));
             Enabled = bool.Parse(GetScopedSetting(Service + "_Enabled", portalId, "false"));
+            AADTenantId = GetScopedSetting(Service + "_AADTenantId", portalId, "");
             AADApplicationId = GetScopedSetting(Service + "_AADApplicationId", portalId, "");
             AADApplicationKey = GetScopedSetting(Service + "_AADApplicationKey", portalId, "");
             JwtAudiences = GetScopedSetting(Service + "_JwtAudiences", portalId, "");
@@ -90,6 +91,8 @@ internal string GetScopedSetting(string key, int portalId, string defaultValue)
         [SortOrder(2)]
         public bool AutoRedirect { get; set; }
         [SortOrder(7)]
+        public string AADTenantId { get; set; }
+        [SortOrder(7)]
         public string AADApplicationId { get; set; }
         [SortOrder(8)]
         public string AADApplicationKey { get; set; }
@@ -158,6 +161,7 @@ public static void UpdateConfig(AzureConfig config)
             UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_TenantId", config.TenantId);
             UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_AutoRedirect", config.AutoRedirect.ToString());
             UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_Enabled", config.Enabled.ToString());
+            UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_AADTenantId", config.AADTenantId);
             UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_AADApplicationId", config.AADApplicationId);
             UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_AADApplicationKey", config.AADApplicationKey);
             UpdateScopedSetting(config.UseGlobalSettings, config.PortalID, config.Service + "_JwtAudiences", config.JwtAudiences);

DotNetNuke.Authentication.Azure/DotNetNuke.Authentication.Azure.csproj

@@ -276,6 +276,7 @@
     <None Include="app.config" />
     <None Include="AzureADProvider.dnn" />
     <Content Include="packages.config" />
+    <None Include="Providers\DataProviders\SqlDataProvider\04.03.00.SqlDataProvider" />
     <None Include="Providers\DataProviders\SqlDataProvider\04.00.00.SqlDataProvider" />
     <None Include="Providers\DataProviders\SqlDataProvider\03.00.00.SqlDataProvider" />
     <None Include="Providers\DataProviders\SqlDataProvider\uninstall.SqlDataProvider" />

DotNetNuke.Authentication.Azure/Properties/AssemblyInfo.cs

@@ -28,6 +28,6 @@
 //
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
-[assembly: AssemblyVersion("4.2.1.0")]
-[assembly: AssemblyFileVersion("4.2.1.0")]
+[assembly: AssemblyVersion("4.3.0.0")]
+[assembly: AssemblyFileVersion("4.3.0.0")]
 

DotNetNuke.Authentication.Azure/Providers/DataProviders/SqlDataProvider/04.03.00.SqlDataProvider

@@ -0,0 +1,13 @@
+/* Setup default values for new setting for separate Graph TenantId to the current tenantId */
+
+INSERT INTO {databaseOwner}[{objectQualifier}PortalSettings]
+	(PortalID, SettingName, SettingValue, CreatedByUserID, CreatedOnDate, LastModifiedByUserID, LastModifiedOnDate, CultureCode, IsSecure)
+SELECT PortalID, 'Azure_AADTenantId', SettingValue, CreatedByUserID, GETUTCDATE(), LastModifiedByUserID, GETUTCDATE(), CultureCode, IsSecure
+FROM {databaseOwner}[{objectQualifier}PortalSettings]
+WHERE SettingName='Azure_TenantId'
+
+INSERT INTO {databaseOwner}[{objectQualifier}HostSettings]
+	(SettingName, SettingValue, SettingIsSecure, CreatedByUserID, CreatedOnDate, LastModifiedByUserID, LastModifiedOnDate)
+SELECT 'Azure_AADTenantId', SettingValue, SettingIsSecure, CreatedByUserID, GETUTCDATE(), LastModifiedByUserID, GETUTCDATE()
+FROM {databaseOwner}[{objectQualifier}HostSettings]
+WHERE SettingName='Azure_TenantId'

DotNetNuke.Authentication.Azure/Providers/DataProviders/SqlDataProvider/uninstall.SqlDataProvider

@@ -10,6 +10,7 @@
    , 'Azure_AutoAuthorize'
    , 'Azure_AutoMatchExistingUsers'
    , 'Azure_Enabled'
+   , 'Azure_AADTenantId'
    , 'Azure_AADApplicationId'
    , 'Azure_AADApplicationKey'
    , 'Azure_JwtAudiences'
@@ -39,6 +40,7 @@ DELETE {databaseOwner}[{objectQualifier}HostSettings]
    , 'Azure_AutoAuthorize'
    , 'Azure_AutoMatchExistingUsers'
    , 'Azure_Enabled'
+   , 'Azure_AADTenantId'
    , 'Azure_AADApplicationId'
    , 'Azure_AADApplicationKey'
    , 'Azure_JwtAudiences'

DotNetNuke.Authentication.Azure/ScheduledTasks/SyncSchedule.cs

@@ -18,6 +18,7 @@
 using System.Configuration;
 using System.IO;
 using System.Linq;
+using System.Runtime;
 using static System.Windows.Forms.VisualStyles.VisualStyleElement.StartPanel;
 
 namespace DotNetNuke.Authentication.Azure.ScheduledTasks
@@ -133,12 +134,9 @@ internal string SyncRoles(int portalId, AzureConfig settings)
                 var groupsDeleted = 0;
                 var customRoleMappings = GetRoleMappingsForPortal(portalId, settings);
 
-                if (string.IsNullOrEmpty(settings.AADApplicationId) || string.IsNullOrEmpty(settings.AADApplicationKey))
-                {
-                    throw new Exception($"AAD application ID or key are not valid on portal {portalId}");
-                }
+                Utils.ValidateAadParameters(portalId, settings);
 
-                var graphClient = new GraphClient(settings.AADApplicationId, settings.AADApplicationKey, settings.TenantId);
+                var graphClient = new GraphClient(settings.AADApplicationId, settings.AADApplicationKey, settings.AADTenantId);
                 // Add roles from AAD 
                 var aadGroups = graphClient.GetAllGroups();
                 var allaadGroups = new List<Microsoft.Graph.Group>();
@@ -333,12 +331,9 @@ internal string SyncUsers(int portalId, AzureConfig settings)
                 var usersCreated = 0;
                 var usersUpdated = 0;
 
-                if (string.IsNullOrEmpty(settings.AADApplicationId) || string.IsNullOrEmpty(settings.AADApplicationKey))
-                {
-                    throw new Exception($"AAD application ID or key are not valid on portal {portalId}");
-                }
+                Utils.ValidateAadParameters(portalId, settings);
 
-                var graphClient = new GraphClient(settings.AADApplicationId, settings.AADApplicationKey, settings.TenantId);
+                var graphClient = new GraphClient(settings.AADApplicationId, settings.AADApplicationKey, settings.AADTenantId);
                 var userMappings = UserMappingsRepository.Instance.GetUserMappings(portalId).ToList();
 
                 // Add users from AAD 

DotNetNuke.Authentication.Azure/Services/AzureADProviderSettings.cs

@@ -45,6 +45,8 @@ public class AzureADProviderSettings
         public bool Enabled { get; set; }
         [DataMember(Name = "useGlobalSettings")]
         public bool UseGlobalSettings { get; set; }
+        [DataMember(Name = "aadTenantId")]
+        public string AadTenantId { get; set; }
         [DataMember(Name = "aadAppClientId")]
         public string AadAppClientId { get; set; }
         [DataMember(Name = "aadAppSecret")]
@@ -91,6 +93,7 @@ public static AzureADProviderSettings LoadSettings(string service, int portalId)
                 AutoRedirect = config.AutoRedirect,
                 AutoAuthorize = config.AutoAuthorize,
                 AutoMatchExistingUsers = config.AutoMatchExistingUsers,
+                AadTenantId = config.AADTenantId,
                 AadAppClientId = config.AADApplicationId,
                 AadAppSecret = config.AADApplicationKey,
                 Enabled = config.Enabled,
@@ -132,6 +135,7 @@ public static void SaveAdvancedSyncSettings(string service, int portalId, AzureA
         {
             var config = new AzureConfig(service, portalId)
             {
+                AADTenantId = settings.AadTenantId,
                 AADApplicationId = settings.AadAppClientId,
                 AADApplicationKey = settings.AadAppSecret,
                 RoleSyncEnabled = settings.RoleSyncEnabled,