Allow setting SASToken as SecretText in Storage Service Authorization (…

…#1061) #### Summary  Currently you can set SASToken only as Text. Adding an overload with a SecretText parameter allowes to secure the value from isolated storage to Auth Codeunit. #### Work Item(s)  Fixes #895 Fixes [AB#524632](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/524632) --------- Co-authored-by: Christoph Blank <[email protected]>
microsoft · May 24, 2024 · 9c9a045 · 9c9a045
1 parent 562fc40
commit 9c9a045
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 10 deletions.
diff --git a/...on/App/Azure Storage Services Authorization/src/ReadySAS/StorServAuthReadySAS.Codeunit.al b/...on/App/Azure Storage Services Authorization/src/ReadySAS/StorServAuthReadySAS.Codeunit.al
@@ -29,28 +29,36 @@ codeunit 9088 "Stor. Serv. Auth. Ready SAS" implements "Storage Service Authoriz
 
         if QueryText <> '' then
             QueryText += '&';
-        QueryText += GetSharedAccessSignature();
+        QueryText += GetSharedAccessSignature().Unwrap();
         UriBuilder.SetQuery(QueryText);
 
         UriBuilder.GetUri(Uri);
 
-        HttpRequestMessage.SetRequestUri(Uri.GetAbsoluteUri());
+        HttpRequestMessage.SetSecretRequestUri(Uri.GetAbsoluteUri());
     end;
 
-    [NonDebuggable]
-    procedure GetSharedAccessSignature(): Text
+    procedure GetSharedAccessSignature(): SecretText
     begin
         exit(SharedAccessSignature);
     end;
 
     [NonDebuggable]
     procedure SetSharedAccessSignature(NewSharedAccessSignature: Text)
     begin
-        SharedAccessSignature := NewSharedAccessSignature;
-        if SharedAccessSignature.StartsWith('?') then
-            SharedAccessSignature := DelChr(SharedAccessSignature, '<', '?');
+        SetSharedAccessSignature(NewSharedAccessSignature);
+    end;
+
+    [NonDebuggable]
+    procedure SetSharedAccessSignature(NewSharedAccessSignature: SecretText)
+    var
+        UnsecureSharedAccessSignature: Text;
+    begin
+        UnsecureSharedAccessSignature := NewSharedAccessSignature.Unwrap();
+        if UnsecureSharedAccessSignature.StartsWith('?') then
+            UnsecureSharedAccessSignature := DelChr(UnsecureSharedAccessSignature, '<', '?');
+        SharedAccessSignature := UnsecureSharedAccessSignature;
     end;
 
     var
-        SharedAccessSignature: Text;
+        SharedAccessSignature: SecretText;
 }
diff --git a/...tem Application/App/Azure Storage Services Authorization/src/StorServAuthImpl.Codeunit.al b/...tem Application/App/Azure Storage Services Authorization/src/StorServAuthImpl.Codeunit.al
@@ -49,8 +49,7 @@ codeunit 9063 "Stor. Serv. Auth. Impl."
         exit(StorServAuthSharedKey);
     end;
 
-    [NonDebuggable]
-    procedure ReadySAS(SASToken: Text): Interface "Storage Service Authorization"
+    procedure ReadySAS(SASToken: SecretText): Interface "Storage Service Authorization"
     var
         StorServAuthReadySAS: Codeunit "Stor. Serv. Auth. Ready SAS";
     begin

diff --git a/...tion/App/Azure Storage Services Authorization/src/StorageServiceAuthorization.Codeunit.al b/...tion/App/Azure Storage Services Authorization/src/StorageServiceAuthorization.Codeunit.al
@@ -154,19 +154,36 @@ codeunit 9062 "Storage Service Authorization"
         exit(StorServAuthImpl.SharedKey(SharedKey, ApiVersion));
     end;
 
+#if not CLEAN25
     /// <summary>
     /// Uses a pre-generated account SAS (Shared Access Signature) for authorizing HTTP request to Azure Storage Services.
     /// see: https://go.microsoft.com/fwlink/?linkid=2210398
     /// </summary>
     /// <param name="SASToken">A pre-generated SAS token.</param>
     /// <returns>An account SAS authorization.</returns>
+    [Obsolete('Use UseReadySAS with SecretText data type for SASToken.', '25.0')]
     [NonDebuggable]
     procedure UseReadySAS(SASToken: Text): Interface "Storage Service Authorization"
     var
         StorServAuthImpl: Codeunit "Stor. Serv. Auth. Impl.";
     begin
         exit(StorServAuthImpl.ReadySAS(SASToken));
     end;
+#endif
+
+    /// <summary>
+    /// Uses a pre-generated account SAS (Shared Access Signature) for authorizing HTTP request to Azure Storage Services.
+    /// see: https://go.microsoft.com/fwlink/?linkid=2210398
+    /// </summary>
+    /// <param name="SASToken">A pre-generated SAS token.</param>
+    /// <returns>An account SAS authorization.</returns>
+    [NonDebuggable]
+    procedure UseReadySAS(SASToken: SecretText): Interface "Storage Service Authorization"
+    var
+        StorServAuthImpl: Codeunit "Stor. Serv. Auth. Impl.";
+    begin
+        exit(StorServAuthImpl.ReadySAS(SASToken));
+    end;
 
     /// <summary>
     /// Get the default Storage Service API Version.