From e05e0f10e77291d8211e2a6e29e4c2a7fadcab6c Mon Sep 17 00:00:00 2001
From: Mathew Charles <mathewc@microsoft.com>
Date: Wed, 29 May 2024 15:17:09 -0700
Subject: [PATCH] Defaulting SwtAuthenticationEnabled to False

---
 .../Config/FunctionsHostingConfigOptions.cs               | 2 +-
 .../WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs        | 4 ++++
 .../Configuration/FunctionsHostingConfigOptionsTest.cs    | 8 ++++----
 .../Authentication/ArmAuthenticationHandlerTests.cs       | 6 ++++++
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/WebJobs.Script/Config/FunctionsHostingConfigOptions.cs b/src/WebJobs.Script/Config/FunctionsHostingConfigOptions.cs
index 9cef1f9c48..e967d703d1 100644
--- a/src/WebJobs.Script/Config/FunctionsHostingConfigOptions.cs
+++ b/src/WebJobs.Script/Config/FunctionsHostingConfigOptions.cs
@@ -66,7 +66,7 @@ internal bool SwtAuthenticationEnabled
         {
             get
             {
-                return GetFeatureAsBooleanOrDefault(ScriptConstants.HostingConfigSwtAuthenticationEnabled, true);
+                return GetFeatureAsBooleanOrDefault(ScriptConstants.HostingConfigSwtAuthenticationEnabled, false);
             }
 
             set
diff --git a/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs b/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs
index 11237f3403..e170646eec 100644
--- a/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs
+++ b/test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/SamplesEndToEndTests_CSharp.cs
@@ -1391,6 +1391,10 @@ public override void ConfigureWebHost(IServiceCollection services)
             {
                 base.ConfigureWebHost(services);
 
+                // SWT auth is disabled by default so we must enable to test
+                services.AddOptions<FunctionsHostingConfigOptions>()
+                    .Configure(o => o.SwtAuthenticationEnabled = true);
+
                 // The legacy http tests use sync IO so explicitly allow this
                 var environment = new TestEnvironment();
                 string testSiteName = "somewebsite";
diff --git a/test/WebJobs.Script.Tests/Configuration/FunctionsHostingConfigOptionsTest.cs b/test/WebJobs.Script.Tests/Configuration/FunctionsHostingConfigOptionsTest.cs
index 7e85f9b3a9..a011a37378 100644
--- a/test/WebJobs.Script.Tests/Configuration/FunctionsHostingConfigOptionsTest.cs
+++ b/test/WebJobs.Script.Tests/Configuration/FunctionsHostingConfigOptionsTest.cs
@@ -126,8 +126,8 @@ public void Property_Validation()
                 (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), "SwtAuthenticationEnabled=False", false),
                 (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), "SwtAuthenticationEnabled=True", true),
                 (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), "SwtAuthenticationEnabled=0", false),
-                (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), "SwtAuthenticationEnabled=unparseable", true), // default
-                (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), string.Empty, true), // default
+                (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), "SwtAuthenticationEnabled=unparseable", false), // default
+                (nameof(FunctionsHostingConfigOptions.SwtAuthenticationEnabled), string.Empty, false), // default
 
                 // Supports True/False/1/0
                 (nameof(FunctionsHostingConfigOptions.SwtIssuerEnabled), "SwtIssuerEnabled=False", false),
@@ -251,8 +251,8 @@ public void SwtAuthenticationEnabled_ReturnsExpectedValue()
         {
             FunctionsHostingConfigOptions options = new FunctionsHostingConfigOptions();
 
-            // defaults to true
-            Assert.True(options.SwtAuthenticationEnabled);
+            // defaults to false
+            Assert.False(options.SwtAuthenticationEnabled);
 
             // returns true when explicitly enabled
             options.Features[ScriptConstants.HostingConfigSwtAuthenticationEnabled] = "1";
diff --git a/test/WebJobs.Script.Tests/Security/Authentication/ArmAuthenticationHandlerTests.cs b/test/WebJobs.Script.Tests/Security/Authentication/ArmAuthenticationHandlerTests.cs
index 0531755e4e..390cbe8d53 100644
--- a/test/WebJobs.Script.Tests/Security/Authentication/ArmAuthenticationHandlerTests.cs
+++ b/test/WebJobs.Script.Tests/Security/Authentication/ArmAuthenticationHandlerTests.cs
@@ -7,6 +7,7 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Azure.WebJobs.Extensions.Http;
+using Microsoft.Azure.WebJobs.Script.Config;
 using Microsoft.Azure.WebJobs.Script.WebHost.Security;
 using Microsoft.Azure.WebJobs.Script.WebHost.Security.Authentication;
 using Microsoft.Extensions.DependencyInjection;
@@ -19,6 +20,11 @@ public class ArmAuthenticationHandlerTests
         private static DefaultHttpContext GetContext()
         {
             var services = new ServiceCollection().AddLogging();
+
+            // SWT auth is disabled by default so we must enable to test
+            services.AddOptions<FunctionsHostingConfigOptions>()
+                .Configure(o => o.SwtAuthenticationEnabled = true);
+
             services.AddAuthentication(o =>
             {
                 o.DefaultScheme = ArmAuthenticationDefaults.AuthenticationScheme;