estruyf / doctor

Doctor - Maintain your documentation on SharePoint without pain.

Home Page:http://getdoctor.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

base64 certificate authentication should not use password parameter in m365 cli [BUG]

RRosier opened this issue · comments

Describe the bug
When calling doctor with a Base64Encoded certificate, it is calling the m365 cli with an empty --password option.

This is causing an error since m365 does not require a password when passing a Base64Encoded certificate.

m365 cli login
-p, --password [password]
Password for the user or the certificate. Required when authType is set to password, or when authType is set to certificate and the provided certificate requires a password to open

I generated and retrieve my certificate from Azure KeyVault, which is not giving me a password at all.

To Reproduce
Steps to reproduce the behavior:

  1. call doctor publish with a Base64Encoded certificate
    doctor publish --auth certificate --certificateBase64Encoded $(sharepoint-ad-certificate) --appId $(sharepoint-ad-client-id) --tenant $(sharepoint-ad-tenant-id) --url $(sharepoint-docs-site) --disableTracking --debug

  2. returned error (debug mode)
    DEBUG Running with the following options: {"task":"publish","auth":"certificate","overwriteImages":false,"tenant":"","appId":"","certificateBase64Encoded":"","commandName":"localm365","webUrl":"https://.sharepoint.com/sites/","startFolder":"/home/vsts/work/1/s/Docs/src","startFolderRel":"./src","assetLibrary":"Shared Documents","webPartTitle":"documentation-placeholder","skipPrecheck":false,"skipExistingPages":false,"continueOnError":false,"retryWhenFailed":false,"disableTracking":true,"menu":null,"debug":true,"cleanEnd":false,"cleanStart":false,"outputFolder":"","siteDesign":{"chrome":{"headerLayout":"Compact","headerEmphasis":"Darkest","footerEnabled":false}},"markdown":{"allowHtml":true,"theme":"Light","shortcodesFolder":"./shortcodes"},"multilingual":null,"shortcodesFolder":"./shortcodes","skipPages":false,"skipNavigation":false,"skipSiteDesign":false,"cleanQuickLaunch":false,"cleanTopNavigation":false,"pageTemplate":null,"disableComments":true}
    [07:12:12] Authenticate to M365 with certificate [started]
    DEBUG
    DEBUG Command: localm365 login --authType certificate --appId "
    " --tenant "" --certificateBase64Encoded "" --password
    [07:12:13] Authenticate to M365 with certificate [failed]
    [07:12:13] → undefined
    ERROR: Cannot create property 'context' on string 'Command failed: localm365 login --authType certificate --appId "
    " --tenant "" --certificateBase64Encoded "***" --password
    Error: Error: Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?

Expected behavior
doctor should call m365 like this
localm365 login --authType certificate --appId "*****" --tenant "***" --certificateBase64Encoded "*****"

Additional context
I would love to contribute to the project, unfortunatly I am currently not able to set-up a linux-based dev environment.
When I look at the code, I believe the bug is located in the authenticate.ts file.

else if (auth === "certificate") {
            await execScript(ArgumentsHelper.parse(`login --authType certificate --appId "${appId}" --tenant "${tenant}" --certificateBase64Encoded "${certificateBase64Encoded}" ${password ? `--password ${password}` : `--password`}`), false, false, [certificateBase64Encoded, password]);
          }

Here we probably should just ommit the --password parameter completely when no password is passed to doctor.

else if (auth === "certificate") {
            await execScript(ArgumentsHelper.parse(`login --authType certificate --appId "${appId}" --tenant "${tenant}" --certificateBase64Encoded "${certificateBase64Encoded}" ${password ? `--password ${password}` : ``}`), false, false, [certificateBase64Encoded, password]);
          }