Fixed Interlock ordering

Author: HP712

src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs

@@ -212,7 +212,7 @@ public virtual async Task<T> GetConfigurationAsync(CancellationToken cancel)
             }
             else
             {
-                if (Interlocked.CompareExchange(ref _configurationRetrieverState, ConfigurationRetrieverIdle, ConfigurationRetrieverRunning) != ConfigurationRetrieverRunning)
+                if (Interlocked.CompareExchange(ref _configurationRetrieverState, ConfigurationRetrieverRunning, ConfigurationRetrieverIdle) == ConfigurationRetrieverIdle)
                 {
                     _ = Task.Run(UpdateCurrentConfiguration, CancellationToken.None);
                 }
@@ -302,8 +302,9 @@ public override async Task<BaseConfiguration> GetBaseConfigurationAsync(Cancella
         }
 
         /// <summary>
-        /// Requests that then next call to <see cref="GetConfigurationAsync()"/> obtain new configuration.
-        /// <para>If it is a first force refresh or the last refresh was greater than <see cref="BaseConfigurationManager.RefreshInterval"/> then the next call to <see cref="GetConfigurationAsync()"/> will retrieve new configuration.</para>
+        /// Triggers updating metadata when:
+        /// <para>1. Called the first time.</para>
+        /// <para>2. The time between when this method was called and DateTimeOffset.Now is greater than <see cref="BaseConfigurationManager.RefreshInterval"/>.</para>
         /// <para>If <see cref="BaseConfigurationManager.RefreshInterval"/> == <see cref="TimeSpan.MaxValue"/> then this method does nothing.</para>
         /// </summary>
         public override void RequestRefresh()
@@ -313,10 +314,10 @@ public override void RequestRefresh()
             if (now >= DateTimeUtil.Add(_lastRequestRefresh.UtcDateTime, RefreshInterval) || _isFirstRefreshRequest)
             {
                 _isFirstRefreshRequest = false;
-                _lastRequestRefresh = now;
-                if (Interlocked.CompareExchange(ref _configurationRetrieverState, ConfigurationRetrieverIdle, ConfigurationRetrieverRunning) != ConfigurationRetrieverRunning)
+                if (Interlocked.CompareExchange(ref _configurationRetrieverState, ConfigurationRetrieverRunning, ConfigurationRetrieverIdle) == ConfigurationRetrieverIdle)
                 {
                     _ = Task.Run(UpdateCurrentConfiguration, CancellationToken.None);
+                    _lastRequestRefresh = now;
                 }
             }
         }

test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTests.cs

@@ -26,7 +26,7 @@ public class ConfigurationManagerTests
     {
         /// <summary>
         /// This test reaches out the the internet to fetch the OpenIdConnectConfiguration from the specified metadata address.
-        /// There is no validaiton of the configuration. The validation is done in the OpenIdConnectConfigurationSerializationTests.Deserialize
+        /// There is no validation of the configuration. The validation is done in the OpenIdConnectConfigurationSerializationTests.Deserialize
         /// against values obtained 2/2/2024
         /// </summary>
         /// <param name="theoryData"></param>
@@ -209,6 +209,94 @@ public async Task FetchMetadataFailureTest()
             TestUtilities.AssertFailIfErrors(context);
         }
 
+        [Fact]
+        public async Task VerifyInterlockGuardForRequestRefresh()
+        {
+            ManualResetEvent waitEvent = new ManualResetEvent(false);
+            ManualResetEvent signalEvent = new ManualResetEvent(false);
+            InMemoryDocumentRetriever inMemoryDocumentRetriever = InMemoryDocumentRetrieverWithEvents(waitEvent, signalEvent);
+
+            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
+                    "AADCommonV1Json",
+                    new OpenIdConnectConfigurationRetriever(),
+                    inMemoryDocumentRetriever);
+
+            // populate the configurationManager with AADCommonV1Config
+            TestUtilities.SetField(configurationManager, "_currentConfiguration", OpenIdConfigData.AADCommonV1Config);
+
+            // InMemoryDocumentRetrieverWithEvents will block until waitEvent.Set() is called.
+            // The first RequestRefresh will not have finished before the next RequestRefresh() is called.
+            // The guard '_lastRequestRefresh' will not block as we set it to DateTimeOffset.MinValue.
+            // Interlocked guard will block.
+            // Configuration should be AADCommonV1Config
+            signalEvent.Reset();
+            configurationManager.RequestRefresh();
+
+            // InMemoryDocumentRetrieverWithEvents will signal when it is OK to change the MetadataAddress
+            // otherwise, it may be the case that the MetadataAddress is changed before the previous Task has finished.
+            signalEvent.WaitOne();
+
+            // AADCommonV1Json would have been passed to the the previous retriever, which is blocked on an event.
+            configurationManager.MetadataAddress = "AADCommonV2Json";
+            TestUtilities.SetField(configurationManager, "_lastRequestRefresh", DateTimeOffset.MinValue);
+            configurationManager.RequestRefresh();
+
+            // Set the event to release the lock and let the previous retriever finish.
+            waitEvent.Set();
+
+            // Configuration should be AADCommonV1Config
+            var configuration = await configurationManager.GetConfigurationAsync();
+            Assert.True(configuration.Issuer.Equals(OpenIdConfigData.AADCommonV1Config.Issuer),
+                    $"configuration.Issuer from configurationManager was not as expected," +
+                    $"configuration.Issuer: '{configuration.Issuer}' != expected '{OpenIdConfigData.AADCommonV1Config.Issuer}'.");
+        }
+
+        [Fact]
+        public async Task VerifyInterlockGuardForGetConfigurationAsync()
+        {
+            ManualResetEvent waitEvent = new ManualResetEvent(false);
+            ManualResetEvent signalEvent = new ManualResetEvent(false);
+
+            InMemoryDocumentRetriever inMemoryDocumentRetriever = InMemoryDocumentRetrieverWithEvents(waitEvent, signalEvent);
+            waitEvent.Set();
+
+            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
+                    "AADCommonV1Json",
+                    new OpenIdConnectConfigurationRetriever(),
+                    inMemoryDocumentRetriever);
+
+            OpenIdConnectConfiguration configuration = await configurationManager.GetConfigurationAsync();
+
+            // InMemoryDocumentRetrieverWithEvents will block until waitEvent.Set() is called.
+            // The GetConfigurationAsync to update config will not have finished before the next GetConfigurationAsync() is called.
+            // The guard '_syncAfter' will not block as we set it to DateTimeOffset.MinValue.
+            // Interlocked guard should block.
+            // Configuration should be AADCommonV1Config
+
+            waitEvent.Reset();
+            signalEvent.Reset();
+
+            TestUtilities.SetField(configurationManager, "_syncAfter", DateTimeOffset.MinValue);
+            await configurationManager.GetConfigurationAsync(CancellationToken.None);
+
+            // InMemoryDocumentRetrieverWithEvents will signal when it is OK to change the MetadataAddress
+            // otherwise, it may be the case that the MetadataAddress is changed before the previous Task has finished.
+            signalEvent.WaitOne();
+
+            // AADCommonV1Json would have been passed to the the previous retriever, which is blocked on an event.
+            configurationManager.MetadataAddress = "AADCommonV2Json";
+            await configurationManager.GetConfigurationAsync(CancellationToken.None);
+
+            // Set the event to release the lock and let the previous retriever finish.
+            waitEvent.Set();
+
+            // Configuration should be AADCommonV1Config
+            configuration = await configurationManager.GetConfigurationAsync();
+            Assert.True(configuration.Issuer.Equals(OpenIdConfigData.AADCommonV1Config.Issuer),
+                    $"configuration.Issuer from configurationManager was not as expected," +
+                    $" configuration.Issuer: '{configuration.Issuer}' != expected: '{OpenIdConfigData.AADCommonV1Config.Issuer}'.");
+        }
+
         [Fact]
         public async Task BootstrapRefreshIntervalTest()
         {
@@ -814,6 +902,20 @@ public static TheoryData<ConfigurationManagerTheoryData<OpenIdConnectConfigurati
                 { "https://login.microsoftonline.com/common/discovery/v2.0/keys", OpenIdConfigData.AADCommonV2JwksString }
             });
 
+        private static InMemoryDocumentRetriever InMemoryDocumentRetrieverWithEvents(ManualResetEvent waitEvent, ManualResetEvent signalEvent)
+        {
+            return new InMemoryDocumentRetriever(
+                new Dictionary<string, string>
+                {
+                    { "AADCommonV1Json", OpenIdConfigData.AADCommonV1Json },
+                    { "https://login.microsoftonline.com/common/discovery/keys", OpenIdConfigData.AADCommonV1JwksString },
+                    { "AADCommonV2Json", OpenIdConfigData.AADCommonV2Json },
+                    { "https://login.microsoftonline.com/common/discovery/v2.0/keys", OpenIdConfigData.AADCommonV2JwksString }
+                },
+                waitEvent,
+                signalEvent);
+        }
+
         public class ConfigurationManagerTheoryData<T> : TheoryDataBase where T : class
         {
             public ConfigurationManager<T> ConfigurationManager { get; set; }

test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/OpenIdConnectProtocolValidatorTests.cs

@@ -12,11 +12,8 @@
 using System.Threading.Tasks;
 using Microsoft.IdentityModel.TestUtils;
 using Microsoft.IdentityModel.Tokens;
-using Newtonsoft.Json;
 using Xunit;
 
-#pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant
-
 namespace Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests
 {
     /// <summary>
@@ -1813,5 +1810,3 @@ protected override void OnEventWritten(EventWrittenEventArgs eventData)
         }
     }
 }
-
-#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant

test/Microsoft.IdentityModel.TestUtils/InMemoryDocumentRetriever.cs

@@ -14,16 +14,25 @@ namespace Microsoft.IdentityModel.TestUtils
     /// </summary>
     public class InMemoryDocumentRetriever : IDocumentRetriever
     {
-        private readonly IDictionary<string, string> _configurations;
+        private readonly Dictionary<string, string> _configurations;
+        private ManualResetEvent _waitEvent;
+        private ManualResetEvent _signalEvent;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="FileDocumentRetriever"/> class.
         /// </summary>
-        public InMemoryDocumentRetriever(IDictionary<string, string> configuration)
+        public InMemoryDocumentRetriever(Dictionary<string, string> configuration)
         {
             _configurations = configuration;
         }
 
+        public InMemoryDocumentRetriever(Dictionary<string, string> configuration, ManualResetEvent waitEvent, ManualResetEvent signalEvent)
+        {
+            _configurations = configuration;
+            _waitEvent = waitEvent;
+            _signalEvent = signalEvent;
+        }
+
         /// <summary>
         /// Returns the document passed in constructor in dictionary./>
         /// </summary>
@@ -32,6 +41,16 @@ public InMemoryDocumentRetriever(IDictionary<string, string> configuration)
         /// <returns>UTF8 decoding of bytes in the file.</returns>
         public async Task<string> GetDocumentAsync(string address, CancellationToken cancel)
         {
+            // Some tests change the Metadata address on ConfigurationManger to test different scenarios.
+            // This event is used to let the test know that the GetDocumentAsync method has been called, and the test can now change the Metadata address.
+            if (_signalEvent != null)
+                _signalEvent.Set();
+
+            // This event lets the caller control when metadata can be returned.
+            // Useful when testing delays.
+            if (_waitEvent != null)
+                _waitEvent.WaitOne();
+
             return await Task.FromResult(_configurations[address]).ConfigureAwait(false);
         }
     }