Skip to content

Commit

Permalink
[deps]: Update nuget minor (#765)
Browse files Browse the repository at this point in the history
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jonas Hendrickx <[email protected]>
  • Loading branch information
renovate[bot] and jonashendrickx authored Dec 20, 2024
1 parent 6b13f92 commit 74e1db4
Show file tree
Hide file tree
Showing 19 changed files with 92 additions and 117 deletions.
4 changes: 2 additions & 2 deletions Api.dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# ** Build

FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-bookworm-slim AS build
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0-bookworm-slim AS build

# Expose the target architecture set by the `docker build --platform` option, so that
# we can build the assembly for the correct platform.
Expand All @@ -27,7 +27,7 @@ RUN dotnet publish src/Api/ \
# ** Run

# Use `runtime-deps` instead of `runtime` because we have a self-contained assembly
FROM --platform=$TARGETPLATFORM mcr.microsoft.com/dotnet/runtime-deps:8.0 AS run
FROM --platform=$TARGETPLATFORM mcr.microsoft.com/dotnet/runtime-deps:9.0 AS run

LABEL org.opencontainers.image.title="Passwordless API Test Server"
LABEL org.opencontainers.image.description="Docker image of the Passwordless API, intended solely for development and integration testing purposes."
Expand Down
2 changes: 1 addition & 1 deletion global.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"sdk": {
"version": "9.0.0",
"version": "9.0.101",
"rollForward": "latestFeature"
}
}
4 changes: 2 additions & 2 deletions self-host/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
###############################################
# Build stage #
###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-bookworm-slim AS build
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0-bookworm-slim AS build

# Docker buildx supplies the value for this arg
ARG TARGETPLATFORM
Expand Down Expand Up @@ -59,7 +59,7 @@ RUN . /tmp/rid.txt && dotnet publish -c release -o /app/Api --no-restore --no-se
###############################################
# App stage #
###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim
FROM mcr.microsoft.com/dotnet/aspnet:9.0-bookworm-slim
ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden"
LABEL com.bitwarden.project="passwordless"
Expand Down
3 changes: 2 additions & 1 deletion src/AdminConsole/AdminConsole.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Azure.Extensions.AspNetCore.DataProtection.Keys" Version="1.2.4" />
<PackageReference Include="Azure.Extensions.AspNetCore.DataProtection.Keys" Version="1.3.0" />
<PackageReference Include="Azure.Identity" Version="1.13.1" />
<PackageReference Include="Datadog.Trace" Version="3.2.0" />
<PackageReference Include="Humanizer.Core" Version="2.14.1" />
Expand Down Expand Up @@ -69,6 +69,7 @@
</Target>

<Target Name="Run NPM Build" AfterTargets="PostBuildEvent">
<Exec Command="npm ci" />
<Exec Command="npm run build" />

<!-- Passwordless.dev Javascript Client -->
Expand Down
2 changes: 1 addition & 1 deletion src/AdminConsole/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"main": "index.js",
"scripts": {
"tw:watch": "tailwindcss -i ./Styles/tailwind.css -o ./wwwroot/css/tailwind.css --watch",
"build": "tailwindcss -i ./Styles/tailwind.css -o ./wwwroot/css/tailwind.css"
"build": "npx tailwindcss -i ./Styles/tailwind.css -o ./wwwroot/css/tailwind.css"
},
"keywords": [],
"author": "",
Expand Down
2 changes: 1 addition & 1 deletion src/Api/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);

builder.Services.AddEndpointsApiExplorer();
builder.Services.AddOpenApi();
builder.Services.AddPasswordlessOpenApi();

if (builder.Configuration.IsSelfHosted())
{
Expand Down
10 changes: 5 additions & 5 deletions src/Common/Common.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,20 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Fido2" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2" Version="4.0.0-beta.16" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.16" />
<PackageReference Include="HtmlSanitizer" Version="8.2.871-beta" />
<PackageReference Include="MailKit" Version="4.8.0" />
<PackageReference Include="MailKit" Version="4.9.0" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.0" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="9.0.0" />
<PackageReference Include="Serilog.AspNetCore" Version="8.0.3" />
<PackageReference Include="Serilog.Enrichers.Environment" Version="3.0.1" />
<PackageReference Include="Serilog.Expressions" Version="5.0.0" />
<PackageReference Include="Serilog.Sinks.Datadog.Logs" Version="0.5.3" />
<PackageReference Include="Serilog.Sinks.Datadog.Logs" Version="0.5.4" />
<PackageReference Include="Serilog.Sinks.Seq" Version="8.0.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />
<PackageReference Include="System.Configuration.ConfigurationManager" Version="9.0.0" />
<PackageReference Include="AWSSDK.SimpleEmailV2" Version="3.7.404.3" />
<PackageReference Include="AWSSDK.SimpleEmailV2" Version="3.7.406.5" />
<PackageReference Include="SendGrid" Version="9.29.3" />
</ItemGroup>

Expand Down
25 changes: 14 additions & 11 deletions src/Service/Fido2Service.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System.Collections.Immutable;
using System.Buffers.Text;
using System.Collections.Immutable;
using System.Diagnostics;
using System.Security.Cryptography;
using System.Text;
Expand Down Expand Up @@ -142,15 +143,19 @@ public async Task<SessionResponse<CredentialCreateOptions>> RegisterBeginAsync(F

var attestation = token.Attestation.ToEnum<AttestationConveyancePreference>();

var options = fido2.RequestNewCredential(
user,
keyIds,
authenticatorSelection,
attestation,
new AuthenticationExtensionsClientInputs
var requestNewCredentialParameters = new RequestNewCredentialParams
{
User = user,
AttestationPreference = attestation,
AuthenticatorSelection = authenticatorSelection,
ExcludeCredentials = keyIds,
Extensions = new AuthenticationExtensionsClientInputs
{
CredProps = true
});
}
};

var options = fido2.RequestNewCredential(requestNewCredentialParameters);

options.Hints = token.Hints;

Expand Down Expand Up @@ -381,20 +386,18 @@ public async Task<TokenResponse> SignInCompleteAsync(SignInCompleteDTO request,
var credential = await _storage.GetCredential(request.Response.Id);
if (credential == null)
{
throw new UnknownCredentialException(Base64Url.Encode(request.Response.Id));
throw new UnknownCredentialException(Base64Url.EncodeToString(request.Response.Id));
}

// Create callback to check if userhandle owns the credentialId
IsUserHandleOwnerOfCredentialIdAsync callback = (args, _) => Task.FromResult(credential.UserHandle.SequenceEqual(args.UserHandle));

// Make the assertion
var storedCredentials = (await _storage.GetCredentialsByUserIdAsync(request.Session)).Select(c => c.PublicKey).ToList();
var makeAssertionParams = new MakeAssertionParams
{
AssertionResponse = request.Response,
OriginalOptions = authenticationSessionConfiguration.Options,
StoredPublicKey = credential.PublicKey,
StoredDevicePublicKeys = storedCredentials,
StoredSignatureCounter = credential.SignatureCounter,
IsUserHandleOwnerOfCredentialIdCallback = callback
};
Expand Down
10 changes: 5 additions & 5 deletions src/Service/Service.csproj
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
<Project Sdk="Microsoft.NET.Sdk">

<ItemGroup>
<PackageReference Include="Fido2" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2.AspNet" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.14" />
<PackageReference Include="Fido2" Version="4.0.0-beta.16" />
<PackageReference Include="Fido2.AspNet" Version="4.0.0-beta.16" />
<PackageReference Include="Fido2.Models" Version="4.0.0-beta.16" />
<PackageReference Include="Humanizer.Core" Version="2.14.1" />
<PackageReference Include="MessagePack" Version="2.5.187" />
<PackageReference Include="MessagePackAnalyzer" Version="2.5.187">
<PackageReference Include="MessagePack" Version="2.5.192" />
<PackageReference Include="MessagePackAnalyzer" Version="2.5.192">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
Expand Down
4 changes: 3 additions & 1 deletion src/Service/Storage/Ef/EfTenantStorage.cs
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,9 @@ await db.AppFeatures.ExecuteUpdateAsync(x => x
existing => features.EnableMagicLinks ?? existing.IsMagicLinksEnabled
)
.SetProperty(f => f.EventLoggingRetentionPeriod,
existing => features.EventLoggingRetentionPeriod ?? existing.EventLoggingRetentionPeriod
existing => features.EventLoggingRetentionPeriod.HasValue
? features.EventLoggingRetentionPeriod.Value
: existing.EventLoggingRetentionPeriod
)
);

Expand Down
8 changes: 4 additions & 4 deletions src/Service/TokenService.cs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
using System.Security.Cryptography;
using System.Buffers.Text;
using System.Security.Cryptography;
using System.Text;
using Fido2NetLib;
using MessagePack;
using MessagePack.Resolvers;
using Microsoft.Extensions.Configuration;
Expand Down Expand Up @@ -80,7 +80,7 @@ public async Task<T> DecodeTokenAsync<T>(string token, string prefix, bool contr
MacEnvelope envelope;
try
{
var envelopeBytes = Base64Url.Decode(token);
var envelopeBytes = Base64Url.DecodeFromChars(token);
envelope = MessagePackSerializer.Deserialize<MacEnvelope>(envelopeBytes);
}
// Can happen if the token starts with the right prefix, but is otherwise syntactically incorrect
Expand Down Expand Up @@ -160,7 +160,7 @@ public async Task<string> EncodeTokenAsync<T>(T token, string prefix, bool contr

var envelope = new MacEnvelope { Mac = mac, Token = msgpack, KeyId = keyId };
var envelopeBinary = MessagePackSerializer.Serialize(envelope);
var envelopeBinaryB64 = Base64Url.Encode(envelopeBinary);
var envelopeBinaryB64 = Base64Url.EncodeToString(envelopeBinary);

if (!string.IsNullOrEmpty(prefix))
{
Expand Down
4 changes: 2 additions & 2 deletions tests/AdminConsole.Tests/AdminConsole.Tests.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

<ItemGroup>
<PackageReference Include="AutoFixture" Version="4.18.1" />
<PackageReference Include="bunit" Version="1.34.0" />
<PackageReference Include="bunit" Version="1.37.7" />
<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="9.0.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
<PackageReference Include="Moq" Version="4.20.72" />
<PackageReference Include="xunit" Version="2.9.2"/>
<PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
Expand Down
8 changes: 4 additions & 4 deletions tests/Api.IntegrationTests/Api.IntegrationTests.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
<ItemGroup>
<PackageReference Include="Bogus" Version="35.6.1"/>
<PackageReference Include="FluentAssertions" Version="7.0.0"/>
<PackageReference Include="MartinCostello.Logging.XUnit" Version="0.4.0" />
<PackageReference Include="MartinCostello.Logging.XUnit" Version="0.5.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.0"/>
<PackageReference Include="Microsoft.Extensions.TimeProvider.Testing" Version="9.0.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1"/>
<PackageReference Include="Selenium.WebDriver" Version="4.26.1"/>
<PackageReference Include="Testcontainers.MsSql" Version="4.0.0"/>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0"/>
<PackageReference Include="Selenium.WebDriver" Version="4.27.0"/>
<PackageReference Include="Testcontainers.MsSql" Version="4.1.0"/>
<PackageReference Include="xunit" Version="2.9.2"/>
<PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
Expand Down
58 changes: 18 additions & 40 deletions tests/Api.IntegrationTests/AuthorizationTests.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
using System.Net;
using System.Net.Http.Json;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Routing.Patterns;
using Microsoft.Extensions.DependencyInjection;
Expand Down Expand Up @@ -79,17 +81,11 @@ public async Task ValidateThatMissingApiSecretThrowsAsync()
using var response = await client.GetAsync("/credentials/list?userId=1");

// Assert
var body = await response.Content.ReadAsStringAsync();
var actual = await response.Content.ReadFromJsonAsync<ProblemDetails>();
Assert.Equal("https://docs.passwordless.dev/guide/errors.html#ApiSecret", actual?.Type);
Assert.Equal("A valid 'ApiSecret' header is required.", actual?.Title);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);

AssertHelper.AssertEqualJson("""
{
"type": "https://docs.passwordless.dev/guide/errors.html#ApiSecret",
"title": "A valid 'ApiSecret' header is required.",
"status": 401,
"detail": "A valid 'ApiSecret' header is required."
}
""", body);
Assert.Equal("A valid 'ApiSecret' header is required.", actual?.Detail);
}

[Fact]
Expand All @@ -110,17 +106,11 @@ public async Task ValidateThatInvalidApiSecretThrowsAsync()
using var response = await client.GetAsync("/credentials/list?userId=1");

// Assert
var body = await response.Content.ReadAsStringAsync();
var actual = await response.Content.ReadFromJsonAsync<ProblemDetails>();
Assert.Equal("https://docs.passwordless.dev/guide/errors.html#ApiSecret", actual?.Type);
Assert.Equal("A valid 'ApiSecret' header is required.", actual?.Title);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);

AssertHelper.AssertEqualJson("""
{
"type": "https://docs.passwordless.dev/guide/errors.html#ApiSecret",
"title": "A valid 'ApiSecret' header is required.",
"status": 401,
"detail": "The value of your 'ApiSecret' is not valid."
}
""", body);
Assert.Equal("The value of your 'ApiSecret' is not valid.", actual?.Detail);
}

[Theory]
Expand Down Expand Up @@ -155,17 +145,11 @@ public async Task ApiSecretGivesHelpfulAdviceAsync(string input, string details)
using var response = await client.SendAsync(request);

// Assert
var body = await response.Content.ReadAsStringAsync();
var actual = await response.Content.ReadFromJsonAsync<ProblemDetails>();
Assert.Equal("https://docs.passwordless.dev/guide/errors.html#ApiSecret", actual?.Type);
Assert.Equal("A valid 'ApiSecret' header is required.", actual?.Title);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);

AssertHelper.AssertEqualJson($$"""
{
"type": "https://docs.passwordless.dev/guide/errors.html#ApiSecret",
"title": "A valid 'ApiSecret' header is required.",
"status": 401,
"detail": "{{details}}"
}
""", body);
Assert.Equal(details, actual?.Detail);
}

[Theory]
Expand Down Expand Up @@ -201,17 +185,11 @@ public async Task ApiPublicGivesHelpfulAdviceAsync(string input, string details)
using var response = await client.SendAsync(request);

// Assert
var body = await response.Content.ReadAsStringAsync();
var actual = await response.Content.ReadFromJsonAsync<ProblemDetails>();
Assert.Equal("https://docs.passwordless.dev/guide/errors.html#ApiKey", actual?.Type);
Assert.Equal("A valid 'ApiKey' header is required.", actual?.Title);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);

AssertHelper.AssertEqualJson($$"""
{
"type": "https://docs.passwordless.dev/guide/errors.html#ApiKey",
"title": "A valid 'ApiKey' header is required.",
"status": 401,
"detail": "{{details}}"
}
""", body);
Assert.Equal(details, actual?.Detail);
}

private static string? CreateRoute(RoutePattern pattern)
Expand Down
Loading

0 comments on commit 74e1db4

Please sign in to comment.