Merge branch 'main' of https://github.com/bvdcode/EasyExtensions

Author: bvdcode

Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs

@@ -129,13 +129,7 @@ public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto?
             var roles = await GetUserRolesAsync(userId.Value);
             string accessToken = CreateAccessToken(userId.Value, roles);
             await SaveAndRevokeRefreshTokenAsync(userId.Value, request.RefreshToken, newRefreshToken, AuthType.Unknown);
-            Response.Cookies.Append(CookieRefreshTokenName, newRefreshToken, new()
-            {
-                Secure = true,
-                HttpOnly = true,
-                SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict,
-                Expires = DateTimeOffset.UtcNow.Add(GetCookieExpirationTime()),
-            });
+            AddRefreshTokenToCookie(newRefreshToken);
             return Ok(new TokenPairResponseDto
             {
                 AccessToken = accessToken,
@@ -159,7 +153,7 @@ public async Task<IActionResult> Login([FromBody] LoginRequestDto request)
             Guid? userId = await FindUserByUsernameAsync(request.Username);
             if (!userId.HasValue || userId == Guid.Empty)
             {
-                await OnUserLoggingInAsync(userId.Value, AuthType.Credentials, AuthRejectionType.UserNotFound);
+                await OnUserLoggingInAsync(userId.GetValueOrDefault(), AuthType.Credentials, AuthRejectionType.UserNotFound);
                 return this.ApiUnauthorized("Invalid username or password");
             }
             bool canLogin = await CanUserLoginAsync(userId.Value);
@@ -185,13 +179,7 @@ public async Task<IActionResult> Login([FromBody] LoginRequestDto request)
             string refreshToken = StringHelpers.CreateRandomString(64);
             await SaveAndRevokeRefreshTokenAsync(userId.Value, string.Empty, refreshToken, AuthType.Credentials);
             await OnUserLoggingInAsync(userId.Value, AuthType.Credentials, AuthRejectionType.None);
-            Response.Cookies.Append(CookieRefreshTokenName, refreshToken, new()
-            {
-                Secure = true,
-                HttpOnly = true,
-                SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict,
-                Expires = DateTimeOffset.UtcNow.Add(GetCookieExpirationTime()),
-            });
+            AddRefreshTokenToCookie(refreshToken);
             return Ok(new TokenPairResponseDto
             {
                 AccessToken = accessToken,
@@ -241,13 +229,7 @@ public async Task<IActionResult> LoginWithGoogle([FromQuery] string token)
             string refreshToken = StringHelpers.CreateRandomString(64);
             await SaveAndRevokeRefreshTokenAsync(userId.Value, string.Empty, refreshToken, AuthType.Google);
             await OnUserLoggingInAsync(userId.Value, AuthType.Google, AuthRejectionType.None);
-            Response.Cookies.Append(CookieRefreshTokenName, refreshToken, new()
-            {
-                Secure = true,
-                HttpOnly = true,
-                SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict,
-                Expires = DateTimeOffset.UtcNow.Add(GetCookieExpirationTime()),
-            });
+            AddRefreshTokenToCookie(refreshToken);
             return Ok(new TokenPairResponseDto
             {
                 AccessToken = accessToken,
@@ -390,7 +372,18 @@ public virtual IEnumerable<KeyValuePair<string, string>> GetAdditionalTokenClaim
             return [];
         }
 
-        private string CreateAccessToken(Guid userId, IEnumerable<string> roles)
+        /// <summary>
+        /// Generates a JWT access token for the specified user, including their roles and any additional claims.
+        /// </summary>
+        /// <remarks>The generated token includes standard claims such as the subject identifier, as well
+        /// as any additional claims retrieved for the user. Roles are added as claims to support role-based
+        /// authorization scenarios.</remarks>
+        /// <param name="userId">The unique identifier of the user for whom the access token is being generated.</param>
+        /// <param name="roles">A collection of role names to be included as claims in the access token. Each role represents a permission
+        /// or group associated with the user.</param>
+        /// <returns>A string containing the generated JWT access token that can be used to authenticate the user in subsequent
+        /// requests.</returns>
+        internal protected string CreateAccessToken(Guid userId, IEnumerable<string> roles)
         {
             return _tokenProvider.CreateToken(cb =>
             {
@@ -406,5 +399,24 @@ private string CreateAccessToken(Guid userId, IEnumerable<string> roles)
                 return cb;
             });
         }
+
+        /// <summary>
+        /// Adds the specified refresh token to the HTTP response cookies to support secure session renewal.
+        /// </summary>
+        /// <remarks>The refresh token cookie is configured with security best practices: it is marked as
+        /// secure, HTTP-only, and uses a strict SameSite policy to help prevent cross-site request forgery (CSRF)
+        /// attacks. The cookie's expiration is determined by the application's configured refresh token
+        /// lifetime.</remarks>
+        /// <param name="refreshToken">The refresh token to be stored in the response cookie. Cannot be null or empty.</param>
+        internal protected void AddRefreshTokenToCookie(string refreshToken)
+        {
+            Response.Cookies.Append(CookieRefreshTokenName, refreshToken, new()
+            {
+                Secure = true,
+                HttpOnly = true,
+                SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict,
+                Expires = DateTimeOffset.UtcNow.Add(GetCookieExpirationTime()),
+            });
+        }
     }
 }

Sources/EasyExtensions.AspNetCore.Authorization/EasyExtensions.AspNetCore.Authorization.csproj

@@ -31,10 +31,10 @@
 		<None Include="..\..\LICENSE.md" Pack="true" PackagePath="LICENSE.md" />
 		<ProjectReference Include="..\EasyExtensions.AspNetCore\EasyExtensions.AspNetCore.csproj" />
 		<ProjectReference Include="..\EasyExtensions\EasyExtensions.csproj" />
-		<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="10.0.3" />
-		<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.3" />
-		<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.3" />
-		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.103" PrivateAssets="All" />
+		<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="10.0.4" />
+		<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.4" />
+		<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.4" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.104" PrivateAssets="All" />
 	</ItemGroup>
 
 </Project>

Sources/EasyExtensions.AspNetCore.Authorization/Extensions/ServiceCollectionExtensions.cs

@@ -21,11 +21,17 @@ namespace EasyExtensions.AspNetCore.Authorization.Extensions
     /// </summary>
     public static class ServiceCollectionExtensions
     {
+        /// <summary>
+        /// Represents the name of the parameter used to pass the access token.
+        /// </summary>
+        public const string AccessTokenParamName = "access_token";
+
         /// <summary>
         /// Adds JWT authentication resolving <see cref="IConfiguration"/> from DI.
         /// Reads settings from JwtSettings section or flat fallback Jwt[Key] configuration values (see <see cref="ConfigurationExtensions.GetJwtSettings"/>).
         /// </summary>
         /// <param name="services"><see cref="IServiceCollection"/> instance.</param>
+        /// <param name="useCookies">If <c>true</c>, JWT token will be read from cookies (if not found in query string).</param>
         /// <returns>Current <see cref="IServiceCollection"/> instance.</returns>
         /// <exception cref="KeyNotFoundException">When required JWT settings are missing.</exception>
         /// <remarks>
@@ -62,7 +68,7 @@ public static class ServiceCollectionExtensions
         ///   <item><description><c>RequireHttpsMetadata = false</c> (adjust in production if needed).</description></item>
         /// </list>
         /// </remarks>
-        public static IServiceCollection AddJwt(this IServiceCollection services)
+        public static IServiceCollection AddJwt(this IServiceCollection services, bool useCookies = false)
         {
             services.AddScoped<ITokenProvider, JwtTokenProvider>();
             services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
@@ -92,11 +98,19 @@ public static IServiceCollection AddJwt(this IServiceCollection services)
                     {
                         OnMessageReceived = context =>
                         {
-                            var accessToken = context.Request.Query["access_token"].ToString();
+                            var accessToken = context.Request.Query[AccessTokenParamName].ToString();
                             if (!string.IsNullOrEmpty(accessToken))
                             {
                                 context.Token = accessToken;
                             }
+                            else if (useCookies && string.IsNullOrWhiteSpace(context.Token))
+                            {
+                                string? cookieToken = context.Request.Cookies[AccessTokenParamName];
+                                if (!string.IsNullOrEmpty(cookieToken))
+                                {
+                                    context.Token = cookieToken;
+                                }
+                            }
                             return Task.CompletedTask;
                         }
                     };

Sources/EasyExtensions.AspNetCore.Sentry/EasyExtensions.AspNetCore.Sentry.csproj

@@ -32,7 +32,7 @@
 		<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
 		<PackageReference Include="Sentry.AspNetCore" Version="6.1.0" />
 		<ProjectReference Include="..\EasyExtensions.AspNetCore\EasyExtensions.AspNetCore.csproj" />
-		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.103" PrivateAssets="All" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.104" PrivateAssets="All" />
 	</ItemGroup>
 
 </Project>

Sources/EasyExtensions.AspNetCore.Stack/Builders/EasyStackOptions.cs

@@ -25,6 +25,11 @@ public class EasyStackOptions
         /// </summary>
         internal bool AuthorizationEnabled { get; set; }
 
+        /// <summary>
+        /// Gets or sets a value indicating whether to use secrets for configuration values.
+        /// </summary>
+        internal bool UseSecretVault { get; set; }
+
         /// <summary>
         /// Enables authorization for the current EasyStackOptions instance.
         /// </summary>
@@ -66,5 +71,17 @@ public EasyStackOptions WithPostgres<TDbContext>(bool useLazyLoadingProxies = fa
             };
             return this;
         }
+
+        /// <summary>
+        /// Configures whether sensitive information should be stored in the secret vault.
+        /// </summary>
+        /// <param name="useSecrets">A value indicating whether to enable the use of the secret vault. Set to <see langword="true"/> to use the
+        /// vault for sensitive information; otherwise, <see langword="false"/>.</param>
+        /// <returns>The current instance of <see cref="EasyStackOptions"/> to allow for method chaining.</returns>
+        public EasyStackOptions UseSecrets(bool useSecrets)
+        {
+            UseSecretVault = useSecrets;
+            return this;
+        }
     }
 }

Sources/EasyExtensions.AspNetCore.Stack/EasyExtensions.AspNetCore.Stack.csproj

@@ -34,8 +34,8 @@
 		<ProjectReference Include="..\EasyExtensions.EntityFrameworkCore.Npgsql\EasyExtensions.EntityFrameworkCore.Npgsql.csproj" />
 		<ProjectReference Include="..\EasyExtensions.EntityFrameworkCore\EasyExtensions.EntityFrameworkCore.csproj" />
 		<ProjectReference Include="..\EasyExtensions.Quartz\EasyExtensions.Quartz.csproj" />
-		<PackageReference Include="EasyVault" Version="1.0.10" />
-		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.103" PrivateAssets="All" />
+		<PackageReference Include="EasyVault" Version="1.0.11" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.104" PrivateAssets="All" />
 	</ItemGroup>
 
 </Project>

Sources/EasyExtensions.AspNetCore.Stack/Extensions/HostApplicationBuilderExtensions.cs

@@ -133,7 +133,7 @@ public static IHostApplicationBuilder AddEasyStack(
 
             // EasyVault - if URL presented in configuration
             bool isVaultPresented = !string.IsNullOrWhiteSpace(builder.Configuration[EasyVault.SDK.Extensions.ConfigurationExtensions.DefaultServerUrlKey]);
-            if (isVaultPresented)
+            if (isVaultPresented && options.UseSecretVault)
             {
                 EasyVault.SDK.Extensions.ConfigurationExtensions.AddSecrets(builder.Configuration);
                 logger.LogInformation("VaultApiUrl found in configuration, added EasyVault");

Sources/EasyExtensions.AspNetCore/EasyExtensions.AspNetCore.csproj

@@ -31,9 +31,9 @@
 		<None Include="..\..\LICENSE.md" Pack="true" PackagePath="LICENSE.md" />
 		<ProjectReference Include="..\EasyExtensions\EasyExtensions.csproj" />
 		<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.3.9" />
-		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.103" PrivateAssets="All" />
-		<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="10.0.3" />
-		<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.3" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.104" PrivateAssets="All" />
+		<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="10.0.4" />
+		<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.4" />
 	</ItemGroup>
 
 </Project>

Sources/EasyExtensions.Clients/EasyExtensions.Clients.csproj

@@ -30,8 +30,8 @@
 		<None Include="..\..\README.md" Pack="true" PackagePath="\" />
 		<None Include="packageIcon.png" Pack="true" PackagePath="\" />
 		<None Include="..\..\LICENSE.md" Pack="true" PackagePath="LICENSE.md" />
-		<PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="10.0.3" />
-		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.103" PrivateAssets="All" />
+		<PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="10.0.4" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="10.0.104" PrivateAssets="All" />
 	</ItemGroup>
 
 </Project>

Sources/EasyExtensions.Crypto.Tests/EasyExtensions.Crypto.Tests.csproj

@@ -10,13 +10,13 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="coverlet.collector" Version="6.0.4">
+		<PackageReference Include="coverlet.collector" Version="8.0.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
-		<PackageReference Include="NUnit" Version="4.4.0" />
-		<PackageReference Include="NUnit.Analyzers" Version="4.11.2">
+		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.3.0" />
+		<PackageReference Include="NUnit" Version="4.5.1" />
+		<PackageReference Include="NUnit.Analyzers" Version="4.12.0">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>