Creating new SSO auth token for new user or tenant

Signed-off-by: ypartovski <ypartovski@vmware.com>

Author: ypartovski

common/src/maven/MavenCliProxy.ts

@@ -6,7 +6,7 @@
 import * as path from "path"
 
 import * as fs from "fs-extra"
-
+import * as jwtDecode from "jwt-decode"
 
 import { BaseEnvironment } from "../platform"
 import { MavenInfo } from "../types"
@@ -39,7 +39,7 @@ export class MavenCliProxy {
         this.writeTokenPom(tokenPom)
 
         let token = fs.existsSync(tokenFile) ? this.readTokenFile(tokenFile) : null
-        if (!token || this.isExpired(token)) {
+        if (!token || this.isExpired(token) || this.isDiffUserOrTenant(token)) {
             const command = `mvn vrealize:auth -P${this.mavenSettings.profile} -DoutputDir="${tokenFolder}" -N -e`
             const cmdOptions = { cwd: tokenFolder }
 
@@ -144,4 +144,39 @@ export class MavenCliProxy {
 
         return now > expirationDate
     }
+
+    private isDiffUserOrTenant(token: { value: string; expirationDate: string }): boolean {
+        let decodedToken
+        try {
+            decodedToken = jwtDecode(token.value)
+        } catch (e) {
+            this.logger.warn(`Invalid local SSO authentication token format!`)
+            return true;
+        }
+
+        // token (stored locally) details
+        const tokenUserQualifier = decodedToken.prn // user@TENANT
+        if (!tokenUserQualifier) {
+            return true;
+        }
+        const tokenUsername = tokenUserQualifier.match(/.+?(?=@)/)
+        if (!tokenUsername) {
+            return true;
+        }
+        const tokenTenant = tokenUserQualifier.match(/(?<=@).+[^\s]/)
+        if (!tokenTenant) {
+            return true;
+        }
+        const tokenDomain = decodedToken.domain
+        if (!tokenDomain) {
+            return true;
+        }
+
+        // Maven active profile details
+        const vroUsername = this.environment.getVroUsername() // user@domain
+        const vroTenant = this.environment.getVroTenant()
+        
+        return (`${tokenUsername[0]}@${tokenDomain}`.toUpperCase() != vroUsername.toUpperCase() || 
+         tokenTenant[0].toUpperCase() != vroTenant.toUpperCase());
+    }
 }

common/src/platform/BaseEnvironment.ts

@@ -117,4 +117,20 @@ export abstract class BaseEnvironment {
 
         return this.config.activeProfile.getOptional("vro.host", "")
     }
+
+    getVroUsername(): string {
+        if (!this.config.hasActiveProfile()) {
+            return ""
+        }
+
+        return this.config.activeProfile.getOptional("vro.username", "")
+    }
+
+    getVroTenant(): string {
+        if (!this.config.hasActiveProfile()) {
+            return ""
+        }
+
+        return this.config.activeProfile.getOptional("vro.tenant", "")
+    }
 }

package.json

@@ -579,6 +579,7 @@
     "fs-extra": "~7.0.0",
     "glob": "^7.1.6",
     "jsonc-parser": "^2.1.0",
+    "jwt-decode": "^2.2.0",
     "lodash": "^4.17.15",
     "micromatch": "^4.0.2",
     "module-alias": "^2.2.2",

yarn.lock

@@ -4141,6 +4141,11 @@ just-debounce@^1.0.0:
   resolved "https://registry.yarnpkg.com/just-debounce/-/just-debounce-1.0.0.tgz#87fccfaeffc0b68cd19d55f6722943f929ea35ea"
   integrity sha1-h/zPrv/AtozRnVX2cilD+SnqNeo=
 
+jwt-decode@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-2.2.0.tgz#7d86bd56679f58ce6a84704a657dd392bba81a79"
+  integrity sha1-fYa9VmefWM5qhHBKZX3TkruoGnk=
+
 keytar@*:
   version "6.0.1"
   resolved "https://registry.yarnpkg.com/keytar/-/keytar-6.0.1.tgz#996961abdebf300b2d34bb2eab6e42a8096b1ed8"