From a13d18ad4a55114727d9152d3a44aa5fa9dc7f52 Mon Sep 17 00:00:00 2001
From: Mattia <mattia.salvetti3@gmail.com>
Date: Fri, 20 Dec 2024 10:28:06 +0100
Subject: [PATCH 1/3] Fixes issue #17233. In
 OpenIdValidationSettingsDisplayDriver, if authority is provided, tenant is
 not required

---
 .../Drivers/OpenIdValidationSettingsDisplayDriver.cs         | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
index b0fc7e8ecdc..74cdc82cfbd 100644
--- a/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
+++ b/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
@@ -72,7 +72,10 @@ public override async Task<IDisplayResult> UpdateAsync(OpenIdValidationSettings
 
         if (string.IsNullOrWhiteSpace(model.Tenant))
         {
-            context.Updater.ModelState.AddModelError(Prefix, nameof(model.Tenant), S["tenant is a required value"]);
+            if (string.IsNullOrWhiteSpace(model.Authority))
+            {
+                context.Updater.ModelState.AddModelError(Prefix, nameof(model.Tenant), S["A tenant or authority value is required."]);
+            }
         }
         else if (!_shellHost.TryGetShellContext(model.Tenant, out var shellContext) || !shellContext.Settings.IsRunning())
         {

From d64eb52771027e18aed2b0860b748afda48b5384 Mon Sep 17 00:00:00 2001
From: Mattia <mattia.salvetti3@gmail.com>
Date: Fri, 20 Dec 2024 16:21:02 +0100
Subject: [PATCH 2/3] Changed IsNullOrWhiteSpace to IsNullOrEmpty in
 OpenIdValidationSettingsDisplayDriver.cs

---
 .../Drivers/OpenIdValidationSettingsDisplayDriver.cs          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
index 74cdc82cfbd..d803eac22ec 100644
--- a/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
+++ b/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
@@ -70,9 +70,9 @@ public override async Task<IDisplayResult> UpdateAsync(OpenIdValidationSettings
         settings.DisableTokenTypeValidation = model.DisableTokenTypeValidation;
         settings.Tenant = model.Tenant;
 
-        if (string.IsNullOrWhiteSpace(model.Tenant))
+        if (string.IsNullOrEmpty(model.Tenant))
         {
-            if (string.IsNullOrWhiteSpace(model.Authority))
+            if (string.IsNullOrEmpty(model.Authority))
             {
                 context.Updater.ModelState.AddModelError(Prefix, nameof(model.Tenant), S["A tenant or authority value is required."]);
             }

From 87dc2280500f8d60e30749f6ba2db0e56a086826 Mon Sep 17 00:00:00 2001
From: Mike Alhayek <mike@crestapps.com>
Date: Fri, 20 Dec 2024 12:57:02 -0800
Subject: [PATCH 3/3] better validation

---
 .../OpenIdValidationSettingsDisplayDriver.cs   | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
index d803eac22ec..3e25b2520a1 100644
--- a/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
+++ b/src/OrchardCore.Modules/OrchardCore.OpenId/Drivers/OpenIdValidationSettingsDisplayDriver.cs
@@ -64,22 +64,22 @@ public override async Task<IDisplayResult> UpdateAsync(OpenIdValidationSettings
 
         await context.Updater.TryUpdateModelAsync(model, Prefix);
 
-        settings.Authority = !string.IsNullOrEmpty(model.Authority) ? new Uri(model.Authority, UriKind.Absolute) : null;
+        var hasAuthority = !string.IsNullOrEmpty(model.Authority);
+
+        settings.Authority = hasAuthority ? new Uri(model.Authority, UriKind.Absolute) : null;
         settings.MetadataAddress = !string.IsNullOrEmpty(model.MetadataAddress) ? new Uri(model.MetadataAddress, UriKind.Absolute) : null;
         settings.Audience = model.Audience?.Trim();
         settings.DisableTokenTypeValidation = model.DisableTokenTypeValidation;
         settings.Tenant = model.Tenant;
 
-        if (string.IsNullOrEmpty(model.Tenant))
-        {
-            if (string.IsNullOrEmpty(model.Authority))
-            {
-                context.Updater.ModelState.AddModelError(Prefix, nameof(model.Tenant), S["A tenant or authority value is required."]);
-            }
-        }
-        else if (!_shellHost.TryGetShellContext(model.Tenant, out var shellContext) || !shellContext.Settings.IsRunning())
+        if (!string.IsNullOrEmpty(model.Tenant) && 
+        (!_shellHost.TryGetShellContext(model.Tenant, out var shellContext) || !shellContext.Settings.IsRunning()))
         {
             context.Updater.ModelState.AddModelError(Prefix, nameof(model.Tenant), S["Invalid tenant value."]);
+        } 
+        else if (!hasAuthority)
+        {
+            context.Updater.ModelState.AddModelError(Prefix, nameof(model.Authority), S["A tenant or authority value is required."]);
         }
 
         return await EditAsync(settings, context);