From 9cfae282121f6c1bdf2e040c99295b1113fa2db0 Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 14:06:34 -0400
Subject: [PATCH 1/8] display okta user and org in password prompt

---
 src/D2L.Bmx/ConsolePrompter.cs       | 7 ++++---
 src/D2L.Bmx/OktaAuthenticator.cs     | 4 ++--
 src/D2L.Bmx/ParameterDescriptions.cs | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/D2L.Bmx/ConsolePrompter.cs b/src/D2L.Bmx/ConsolePrompter.cs
index eae26f91..60ddf0cf 100644
--- a/src/D2L.Bmx/ConsolePrompter.cs
+++ b/src/D2L.Bmx/ConsolePrompter.cs
@@ -8,7 +8,7 @@ internal interface IConsolePrompter {
 	string PromptOrg( bool allowEmptyInput );
 	string PromptProfile();
 	string PromptUser( bool allowEmptyInput );
-	string PromptPassword();
+	string PromptPassword( string user, string org );
 	int? PromptDuration();
 	string PromptAccount( string[] accounts );
 	string PromptRole( string[] roles );
@@ -63,7 +63,7 @@ string IConsolePrompter.PromptUser( bool allowEmptyInput ) {
 		return user;
 	}
 
-	string IConsolePrompter.PromptPassword() {
+	string IConsolePrompter.PromptPassword( string user, string org ) {
 		Func<char> readKey;
 		if( IS_WINDOWS ) {
 			// On Windows, Console.ReadKey calls native console API, and will fail without a console attached
@@ -84,7 +84,8 @@ Input to BMX is redirected. Password input may be displayed on screen!
 			readKey = () => (char)_stdinReader.Read();
 		}
 
-		Console.Error.Write( $"{ParameterDescriptions.Password}: " );
+		string passwordPrompt = string.Format( ParameterDescriptions.Password, user, org );
+		Console.Error.Write( $"{passwordPrompt}: " );
 
 		string? originalTerminalSettings = null;
 		try {
diff --git a/src/D2L.Bmx/OktaAuthenticator.cs b/src/D2L.Bmx/OktaAuthenticator.cs
index 79741457..8d2cee80 100644
--- a/src/D2L.Bmx/OktaAuthenticator.cs
+++ b/src/D2L.Bmx/OktaAuthenticator.cs
@@ -50,7 +50,7 @@ bool ignoreCache
 			throw new BmxException( "Okta authentication failed. Please run `bmx login` first." );
 		}
 
-		string password = consolePrompter.PromptPassword();
+		string password = consolePrompter.PromptPassword( user, org );
 
 		var authnResponse = await oktaApi.AuthenticateAsync( user, password );
 
@@ -86,7 +86,7 @@ bool ignoreCache
 			return new AuthenticatedOktaApi( Org: org, User: user, Api: oktaApi );
 		}
 
-		throw new BmxException( "Okta authentication failed" );
+		throw new BmxException( $"Okta authentication failed using username {user} in org {org}" );
 	}
 
 	private bool TryAuthenticateFromCache(
diff --git a/src/D2L.Bmx/ParameterDescriptions.cs b/src/D2L.Bmx/ParameterDescriptions.cs
index 726df5e5..8a6f08bf 100644
--- a/src/D2L.Bmx/ParameterDescriptions.cs
+++ b/src/D2L.Bmx/ParameterDescriptions.cs
@@ -3,7 +3,7 @@ namespace D2L.Bmx;
 internal static class ParameterDescriptions {
 	public const string Org = "Okta org short name or domain name";
 	public const string User = "Okta username";
-	public const string Password = "Okta password";
+	public const string Password = "Okta password for username {0} in org {1}";
 	public const string Account = "AWS account name";
 	public const string Role = "AWS role name";
 	public const string Duration = "AWS session duration in minutes";

From af1708b8323b12eef85cdbf3d0a09cd4cb7c808b Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 14:30:50 -0400
Subject: [PATCH 2/8] wrap in single quotes

---
 src/D2L.Bmx/Okta/OktaApi.cs          | 12 ++++++++----
 src/D2L.Bmx/OktaAuthenticator.cs     |  2 +-
 src/D2L.Bmx/ParameterDescriptions.cs |  2 +-
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/D2L.Bmx/Okta/OktaApi.cs b/src/D2L.Bmx/Okta/OktaApi.cs
index b21fcc6c..858f812a 100644
--- a/src/D2L.Bmx/Okta/OktaApi.cs
+++ b/src/D2L.Bmx/Okta/OktaApi.cs
@@ -23,15 +23,18 @@ Task<AuthenticateResponse> VerifyMfaChallengeResponseAsync(
 internal class OktaApi : IOktaApi {
 	private readonly CookieContainer _cookieContainer;
 	private readonly HttpClient _httpClient;
+	private string organization = string.Empty;
 
 	public OktaApi() {
 		_cookieContainer = new CookieContainer();
-		_httpClient = new HttpClient( new HttpClientHandler { CookieContainer = _cookieContainer } );
-		_httpClient.Timeout = TimeSpan.FromSeconds( 30 );
+		_httpClient = new HttpClient( new HttpClientHandler { CookieContainer = _cookieContainer } ) {
+			Timeout = TimeSpan.FromSeconds( 30 )
+		};
 		_httpClient.DefaultRequestHeaders.Accept.Add( new MediaTypeWithQualityHeaderValue( "application/json" ) );
 	}
 
 	void IOktaApi.SetOrganization( string organization ) {
+		this.organization = organization;
 		if( !organization.Contains( '.' ) ) {
 			_httpClient.BaseAddress = new Uri( $"https://{organization}.okta.com/api/v1/" );
 		} else {
@@ -83,7 +86,9 @@ await resp.Content.ReadAsStreamAsync(),
 				authnResponse.Embedded.Factors
 			);
 		}
-		throw new BmxException( "Okta authentication failed. Check if org, user and password is correct" );
+		throw new BmxException(
+			$"Okta authentication for user '{username}' and org '{organization}' failed."
+				+ " Check if org, user and password is correct" );
 	}
 
 	async Task IOktaApi.IssueMfaChallengeAsync( string stateToken, string factorId ) {
@@ -168,7 +173,6 @@ async Task<OktaApp[]> IOktaApi.GetAwsAccountAppsAsync() {
 
 		return apps?.Where( app => app.AppName == "amazon_aws" ).ToArray()
 				?? throw new BmxException( "Error retrieving AWS accounts from Okta." );
-
 	}
 
 	async Task<string> IOktaApi.GetPageAsync( string samlLoginUrl ) {
diff --git a/src/D2L.Bmx/OktaAuthenticator.cs b/src/D2L.Bmx/OktaAuthenticator.cs
index 8d2cee80..0abd199c 100644
--- a/src/D2L.Bmx/OktaAuthenticator.cs
+++ b/src/D2L.Bmx/OktaAuthenticator.cs
@@ -86,7 +86,7 @@ bool ignoreCache
 			return new AuthenticatedOktaApi( Org: org, User: user, Api: oktaApi );
 		}
 
-		throw new BmxException( $"Okta authentication failed using username {user} in org {org}" );
+		throw new BmxException( "Okta authentication failed" );
 	}
 
 	private bool TryAuthenticateFromCache(
diff --git a/src/D2L.Bmx/ParameterDescriptions.cs b/src/D2L.Bmx/ParameterDescriptions.cs
index 8a6f08bf..7a35acb0 100644
--- a/src/D2L.Bmx/ParameterDescriptions.cs
+++ b/src/D2L.Bmx/ParameterDescriptions.cs
@@ -3,7 +3,7 @@ namespace D2L.Bmx;
 internal static class ParameterDescriptions {
 	public const string Org = "Okta org short name or domain name";
 	public const string User = "Okta username";
-	public const string Password = "Okta password for username {0} in org {1}";
+	public const string Password = "Okta password for username '{0}' in org '{1}'";
 	public const string Account = "AWS account name";
 	public const string Role = "AWS role name";
 	public const string Duration = "AWS session duration in minutes";

From 2a6ac25c7d67d9bb7e0978beedd27cd65e8f3af5 Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 14:33:23 -0400
Subject: [PATCH 3/8] wording

---
 src/D2L.Bmx/Okta/OktaApi.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/D2L.Bmx/Okta/OktaApi.cs b/src/D2L.Bmx/Okta/OktaApi.cs
index 858f812a..e63d187d 100644
--- a/src/D2L.Bmx/Okta/OktaApi.cs
+++ b/src/D2L.Bmx/Okta/OktaApi.cs
@@ -87,7 +87,7 @@ await resp.Content.ReadAsStreamAsync(),
 			);
 		}
 		throw new BmxException(
-			$"Okta authentication for user '{username}' and org '{organization}' failed."
+			$"Okta authentication for user '{username}' in org '{organization}' failed."
 				+ " Check if org, user and password is correct" );
 	}
 

From b6dc31e3cc3aa7b9658969706dcc78fbd65abee8 Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 14:35:44 -0400
Subject: [PATCH 4/8] oxford comma

---
 src/D2L.Bmx/Okta/OktaApi.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/D2L.Bmx/Okta/OktaApi.cs b/src/D2L.Bmx/Okta/OktaApi.cs
index e63d187d..2def4ee6 100644
--- a/src/D2L.Bmx/Okta/OktaApi.cs
+++ b/src/D2L.Bmx/Okta/OktaApi.cs
@@ -88,7 +88,7 @@ await resp.Content.ReadAsStreamAsync(),
 		}
 		throw new BmxException(
 			$"Okta authentication for user '{username}' in org '{organization}' failed."
-				+ " Check if org, user and password is correct" );
+				+ " Check if org, user, and password is correct" );
 	}
 
 	async Task IOktaApi.IssueMfaChallengeAsync( string stateToken, string factorId ) {

From f70e398e8a7e02a4f9fffc1552472cdf7c1fe183 Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 15:03:46 -0400
Subject: [PATCH 5/8] org is nullable

---
 src/D2L.Bmx/Okta/OktaApi.cs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/D2L.Bmx/Okta/OktaApi.cs b/src/D2L.Bmx/Okta/OktaApi.cs
index 2def4ee6..afd80a21 100644
--- a/src/D2L.Bmx/Okta/OktaApi.cs
+++ b/src/D2L.Bmx/Okta/OktaApi.cs
@@ -23,7 +23,7 @@ Task<AuthenticateResponse> VerifyMfaChallengeResponseAsync(
 internal class OktaApi : IOktaApi {
 	private readonly CookieContainer _cookieContainer;
 	private readonly HttpClient _httpClient;
-	private string organization = string.Empty;
+	private string? _organization;
 
 	public OktaApi() {
 		_cookieContainer = new CookieContainer();
@@ -34,7 +34,7 @@ public OktaApi() {
 	}
 
 	void IOktaApi.SetOrganization( string organization ) {
-		this.organization = organization;
+		_organization = organization;
 		if( !organization.Contains( '.' ) ) {
 			_httpClient.BaseAddress = new Uri( $"https://{organization}.okta.com/api/v1/" );
 		} else {
@@ -86,9 +86,11 @@ await resp.Content.ReadAsStreamAsync(),
 				authnResponse.Embedded.Factors
 			);
 		}
+
+		string org = _organization is not null ? _organization : "unknown";
 		throw new BmxException(
-			$"Okta authentication for user '{username}' in org '{organization}' failed."
-				+ " Check if org, user, and password is correct" );
+			$"Okta authentication for user '{username}' in org '{org}'"
+				 + "failed. Check if org, user, and password is correct" );
 	}
 
 	async Task IOktaApi.IssueMfaChallengeAsync( string stateToken, string factorId ) {

From b35807f09f1e2b0590f2d9f64e816e20b3e67963 Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 15:04:16 -0400
Subject: [PATCH 6/8] reformat data

---
 src/D2L.Bmx/ConsolePrompter.cs       | 5 +++--
 src/D2L.Bmx/ParameterDescriptions.cs | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/D2L.Bmx/ConsolePrompter.cs b/src/D2L.Bmx/ConsolePrompter.cs
index 60ddf0cf..019b1862 100644
--- a/src/D2L.Bmx/ConsolePrompter.cs
+++ b/src/D2L.Bmx/ConsolePrompter.cs
@@ -84,8 +84,9 @@ Input to BMX is redirected. Password input may be displayed on screen!
 			readKey = () => (char)_stdinReader.Read();
 		}
 
-		string passwordPrompt = string.Format( ParameterDescriptions.Password, user, org );
-		Console.Error.Write( $"{passwordPrompt}: " );
+		Console.Error.WriteLine( $"{ParameterDescriptions.Org}: {org}" );
+		Console.Error.WriteLine( $"{ParameterDescriptions.User}: {user}" );
+		Console.Error.Write( $"{ParameterDescriptions.Password}: " );
 
 		string? originalTerminalSettings = null;
 		try {
diff --git a/src/D2L.Bmx/ParameterDescriptions.cs b/src/D2L.Bmx/ParameterDescriptions.cs
index 7a35acb0..726df5e5 100644
--- a/src/D2L.Bmx/ParameterDescriptions.cs
+++ b/src/D2L.Bmx/ParameterDescriptions.cs
@@ -3,7 +3,7 @@ namespace D2L.Bmx;
 internal static class ParameterDescriptions {
 	public const string Org = "Okta org short name or domain name";
 	public const string User = "Okta username";
-	public const string Password = "Okta password for username '{0}' in org '{1}'";
+	public const string Password = "Okta password";
 	public const string Account = "AWS account name";
 	public const string Role = "AWS role name";
 	public const string Duration = "AWS session duration in minutes";

From ea567408d7c5163235b68d8408f25545039d6f8b Mon Sep 17 00:00:00 2001
From: Liam Gordon <liam.gordon@d2l.com>
Date: Wed, 12 Jun 2024 15:06:54 -0400
Subject: [PATCH 7/8] remove extra space

---
 src/D2L.Bmx/Okta/OktaApi.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/D2L.Bmx/Okta/OktaApi.cs b/src/D2L.Bmx/Okta/OktaApi.cs
index afd80a21..e5992ad6 100644
--- a/src/D2L.Bmx/Okta/OktaApi.cs
+++ b/src/D2L.Bmx/Okta/OktaApi.cs
@@ -90,7 +90,7 @@ await resp.Content.ReadAsStreamAsync(),
 		string org = _organization is not null ? _organization : "unknown";
 		throw new BmxException(
 			$"Okta authentication for user '{username}' in org '{org}'"
-				 + "failed. Check if org, user, and password is correct" );
+				+ "failed. Check if org, user, and password is correct" );
 	}
 
 	async Task IOktaApi.IssueMfaChallengeAsync( string stateToken, string factorId ) {

From 40017d7e444d54586b77a0df37429cab384f0105 Mon Sep 17 00:00:00 2001
From: gord5500 <90227099+gord5500@users.noreply.github.com>
Date: Thu, 13 Jun 2024 11:32:23 -0400
Subject: [PATCH 8/8] Update src/D2L.Bmx/Okta/OktaApi.cs

Co-authored-by: Chenfeng Bao <chenfeng.bao@d2l.com>
---
 src/D2L.Bmx/Okta/OktaApi.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/D2L.Bmx/Okta/OktaApi.cs b/src/D2L.Bmx/Okta/OktaApi.cs
index e5992ad6..7a4f09f7 100644
--- a/src/D2L.Bmx/Okta/OktaApi.cs
+++ b/src/D2L.Bmx/Okta/OktaApi.cs
@@ -87,7 +87,7 @@ await resp.Content.ReadAsStreamAsync(),
 			);
 		}
 
-		string org = _organization is not null ? _organization : "unknown";
+		string org = _organization ?? "unknown";
 		throw new BmxException(
 			$"Okta authentication for user '{username}' in org '{org}'"
 				+ "failed. Check if org, user, and password is correct" );