Provider security patches; CPM; bump core to 0.6.1#1
Merged
StuartMeeks merged 1 commit intomainfrom May 3, 2026
Merged
Conversation
…o 0.6.1 Adobe 0.2.0 -> 0.2.1, Airtable 0.2.0 -> 0.2.1, SoftwareOne 0.3.0 -> 0.3.1. Security: - Reject plain http for credential-bearing endpoints. The Adobe and SoftwareOne collectors and authentication services now require https for the IMS URL, the Adobe API base URL, and the SoftwareOne API base URL. http is accepted only for loopback hosts so local mock servers and proxies still work during development. The same check runs in the auth services on every call, so a hand-edited keystore that downgrades a stored credential to http is rejected before any request is sent. Closes the specific risk that the SoftwareOne collector ships the API token in the URL query (eq(token,'...')) -- over plain http that token would otherwise traverse the network in cleartext and land in any intermediate access log. - Sanitise response bodies before they reach exception messages. The SoftwareOne lookup and the Adobe IMS exchange now truncate error bodies to 512 chars; the SoftwareOne path additionally redacts the literal token value from the body. Defends against a misbehaving upstream proxy that echoes the request URL (which carries the token in the query) into an error page that would otherwise reach exception aggregators and log files. Changed: - Register the IAuthenticationService<TCredential, TToken> interface mapping in all three providers' ServiceCollectionExtensions. The registration forwards to the same singleton as the concrete type so existing consumers depending on the concrete are unaffected. - Bump core library reference from [0.5.0,1.0.0) to [0.6.1,1.0.0). The 0.6.x line of the core package added ICredentialManager.GetCredentialByIdAsync(string, string); the test FakeCredentialManager doubles implement it as NotSupportedException to match the existing "fail loudly on accidental reliance" pattern. Repo housekeeping: - Centralise package management in /Directory.Packages.props with CentralPackageVersionOverrideEnabled=false so per-project version pins fail the build instead of silently overriding the central pin. Every csproj's <PackageReference> now omits its Version attribute and resolves through the central manifest. - Stop auto-packing on every build. The csprojs previously set GeneratePackageOnBuild=true with a hardcoded Windows-only PackageOutputPath (C:\nuget-local\). Both properties are removed; CI now invokes dotnet pack explicitly per provider. Tests: 119 -> 155 (Adobe 60, Airtable 36, SoftwareOne 59), all green.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
httpfor credential-bearing endpoints (https-only, with loopback as the documented exception, enforced both in the collector prompts and at runtime in the auth services). Error-body sanitisation truncates IMS/Marketplace error responses to 512 chars, and the SoftwareOne path additionally redacts the literal token value before it lands in any exception/log.IAuthenticationService<TCredential, TToken>alongside the concrete service so consumers depending on the abstraction can resolve it (forwards to the same singleton — purely additive).Directory.Packages.props(CentralPackageVersionOverrideEnabled=false), bumped the core library reference to[0.6.1, 1.0.0), removed the per-csprojGeneratePackageOnBuild=trueand hardcodedC:\nuget-local\output path. CI now runsdotnet packexplicitly per provider.Versions: Adobe
0.2.0 → 0.2.1, Airtable0.2.0 → 0.2.1, SoftwareOne0.3.0 → 0.3.1. Test count: 119 → 155.Test plan
dotnet test --configuration Releasepasses locally on Linux (verified before opening this PR — Adobe 60, Airtable 36, SoftwareOne 59).dotnet pack src/NextIteration.SpectreConsole.Auth.Providers.<Adobe|Airtable|SoftwareOne> --configuration Release --no-build --output /tmp/xproduces a.nupkgand matching.snupkgfor each provider with the bumped versions.Directory.Packages.propsresolves:dotnet restore --forcesucceeds with noNU1008(CPM-violation) warnings.accounts addfor Adobe, Airtable, SoftwareOne in a consumer app — including a deliberatehttp://example.com/base URL to verify the collector now rejects it.