[#108127818] Fixed issues with token id that does not match incoming account id

src/ResourceManager/Common/Commands.ScenarioTests.ResourceManager.Common/Mocks/MockClientFactory.cs

@@ -189,7 +189,7 @@ public void AddUserAgent(string productName)
 
         /// <summary>
         /// This class exists to allow adding an additional reference to the httpClient to prevent the client 
-        /// from being disposed.  Should not be used execpt in this mocked context.
+        /// from being disposed.  Should not be used except in this mocked context.
         /// </summary>
         class PassThroughDelegatingHandler : DelegatingHandler
         {

src/ResourceManager/Profile/Commands.Profile.Test/AzureRMProfileTests.cs

@@ -21,6 +21,8 @@
 using System.Collections.Generic;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Microsoft.WindowsAzure.Commands.Common;
+using Moq;
 
 namespace Microsoft.Azure.Commands.ResourceManager.Common.Test
 {
@@ -32,6 +34,7 @@ public class AzureRMProfileTests
         private static string DefaultSubscriptionName = "Contoso Subscription";
         private static string DefaultDomain = "contoso.com";
         private static Guid DefaultTenant = Guid.NewGuid();
+        private static AzureContext Context;
 
         private static RMProfileClient SetupTestEnvironment(List<string> tenants, params List<string>[] subscriptionLists)
         {
@@ -45,7 +48,7 @@ private static RMProfileClient SetupTestEnvironment(List<string> tenants, params
             }, true);
             mock.MoqClients = true;
             AzureSession.ClientFactory = mock;
-            var context = new AzureContext(new AzureSubscription()
+            Context = new AzureContext(new AzureSubscription()
                 {
                     Account = DefaultAccount,
                     Environment = EnvironmentName.AzureCloud,
@@ -56,10 +59,64 @@ private static RMProfileClient SetupTestEnvironment(List<string> tenants, params
                 AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud],
                 new AzureTenant() { Domain = DefaultDomain, Id = DefaultTenant });
             var profile = new AzureRMProfile();
-            profile.Context = context;
+            profile.Context = Context;
             return new RMProfileClient(profile);
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TokenIdAndAccountIdMismatch()
+        {
+            var tenants = new List<string> { Guid.NewGuid().ToString(), DefaultTenant.ToString() };
+            var secondsubscriptionInTheFirstTenant = Guid.NewGuid().ToString();
+            var firstList = new List<string> { DefaultSubscription.ToString(), secondsubscriptionInTheFirstTenant };
+            var secondList = new List<string> { Guid.NewGuid().ToString() };
+            var thirdList = new List<string> { DefaultSubscription.ToString(), secondsubscriptionInTheFirstTenant };
+            var fourthList = new List<string> { DefaultSubscription.ToString(), secondsubscriptionInTheFirstTenant };
+            var client = SetupTestEnvironment(tenants, firstList, secondList, thirdList, fourthList);
+
+            var tokens = new Queue<MockAccessToken>();
+            tokens.Enqueue(new MockAccessToken
+            {
+                UserId = "[email protected]",
+                LoginType = LoginType.OrgId,
+                AccessToken = "bbb"
+            });
+            tokens.Enqueue(new MockAccessToken
+            {
+                UserId = "[email protected]",
+                LoginType = LoginType.OrgId,
+                AccessToken = "bbb",
+                TenantId = tenants.First()
+            });
+            tokens.Enqueue(new MockAccessToken
+            {
+                UserId = "[email protected]",
+                LoginType = LoginType.OrgId,
+                AccessToken = "bbb",
+                TenantId = tenants.Last()
+            });
+
+            ((MockTokenAuthenticationFactory)AzureSession.AuthenticationFactory).TokenProvider = (account, environment, tenant) => 
+                {
+                    var token = tokens.Dequeue();
+                    account.Id = token.UserId;
+                    return token;
+                };
+
+            var azureRmProfile = client.Login(
+                Context.Account,
+                Context.Environment,
+                null,
+                secondsubscriptionInTheFirstTenant,
+                null,
+                null);
+
+            var tenantsInAccount = azureRmProfile.Context.Account.GetPropertyAsArray( AzureAccount.Property.Tenants);
+            Assert.Equal(1, tenantsInAccount.Length);
+            Assert.Equal(tenants.First(), tenantsInAccount[0]);
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void MultipleTenantsAndSubscriptionsSucceed()

src/ResourceManager/Profile/Commands.Profile.Test/ProfileController.cs

@@ -120,7 +120,6 @@ private void SetupManagementClients()
             helper.SetupManagementClients(SubscriptionClient);
         }
 
-
         private SubscriptionClient GetSubscriptionClient()
         {
             return TestBase.GetServiceClient<SubscriptionClient>(this.csmTestFactory);

src/ResourceManager/Profile/Commands.Profile/Models/RMProfileClient.cs

@@ -77,6 +77,7 @@ public AzureRMProfile Login(
             {
                 var tenants = ListAccountTenants(account, environment, password, promptBehavior).Select(s => s.Id.ToString()).ToArray();
                 account.SetProperty(AzureAccount.Property.Tenants, null);
+                string accountId = null;
 
                 for (int i = 0; i < tenants.Count(); i++)
                 {
@@ -90,7 +91,26 @@ public AzureRMProfile Login(
                     try
                     {
                         token = AcquireAccessToken(account, environment, tenant, password, ShowDialog.Auto);
-                        account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant);
+
+                        if (accountId == null)
+                        {
+                            accountId = account.Id;
+                            account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant);
+                        }
+                        else if (accountId.Equals(account.Id, StringComparison.OrdinalIgnoreCase))
+                        {
+                            account.SetOrAppendProperty(AzureAccount.Property.Tenants, tenant);
+                        }
+                        else
+                        {   // if account ID is different from the first tenant account id we need to ignore current tenant
+                            WriteWarningMessage(string.Format(
+                                Microsoft.Azure.Commands.Profile.Properties.Resources.AccountIdMismatch, 
+                                account.Id, 
+                                tenant, 
+                                accountId));
+                            account.Id = accountId;
+                            token = null;
+                        }
                     }
                     catch
                     {

src/ResourceManager/Profile/Commands.Profile/Properties/Resources.resx

@@ -120,6 +120,9 @@
   <data name="AccessTokenRequiresAccount" xml:space="preserve">
     <value>AccountId must be provided to use an AccessToken credential.</value>
   </data>
+  <data name="AccountIdMismatch" xml:space="preserve">
+    <value>Account ID '{0}' for tenant '{1}' does not match home Account ID '{2}'</value>
+  </data>
   <data name="AccountIdRequired" xml:space="preserve">
     <value>Access token credentials must provide the AccountId parameter.</value>
   </data>