Reshuffle NuGet packages to make it easier to consume them (#55)

* Reshuffle NuGet packages * Revert bad version ref * REFACTOR: (re)move ISecretProvider extension on ConfigurationBuil… (#58) * Reshuffle NuGet packages * Revert bad version ref * Remove empty project * Remove old project file Signed-off-by: Tom Kerkhove <kerkhove.tom@gmail.com>
arcus-azure · Aug 2, 2019 · c0facca · c0facca
1 parent c052624
commit c0facca
Show file tree

Hide file tree

Showing 26 changed files with 182 additions and 28 deletions.
diff --git a/src/Arcus.WebApi.All/Arcus.WebApi.All.csproj b/src/Arcus.WebApi.All/Arcus.WebApi.All.csproj
@@ -17,6 +17,10 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Arcus.WebApi.Logging\Arcus.WebApi.Logging.csproj" />
+    <ProjectReference Include="..\Arcus.WebApi.OpenApi.Extensions\Arcus.WebApi.OpenApi.Extensions.csproj" />
+    <ProjectReference Include="..\Arcus.WebApi.Security.Authentication\Arcus.WebApi.Security.Authentication.csproj" />
+    <ProjectReference Include="..\Arcus.WebApi.Security.Extensions\Arcus.WebApi.Security.Extensions.csproj" />
+    <ProjectReference Include="..\Arcus.WebApi.Security\Arcus.WebApi.Security.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Arcus.WebApi.OpenApi.Extensions/Arcus.WebApi.OpenApi.Extensions.csproj b/src/Arcus.WebApi.OpenApi.Extensions/Arcus.WebApi.OpenApi.Extensions.csproj
@@ -5,7 +5,7 @@
     <Authors>Arcus</Authors>
     <Company>Arcus</Company>
     <RepositoryType>Git</RepositoryType>
-    <PackageTags>Azure;WebAPI;App Services;Web App;Web;API</PackageTags>
+    <PackageTags>Azure;WebAPI;App Services;Web App;Web;API;Open API</PackageTags>
     <Description>Provides extensions that can be used when documenting an API using Swashbuckle.</Description>
     <Copyright>Copyright (c) Arcus</Copyright>
     <PackageLicenseUrl>https://github.com/arcus-azure/arcus.webapi/blob/master/LICENSE</PackageLicenseUrl>

diff --git a/src/Arcus.WebApi.Security.Authentication/Arcus.WebApi.Security.Authentication.csproj b/src/Arcus.WebApi.Security.Authentication/Arcus.WebApi.Security.Authentication.csproj
@@ -0,0 +1,27 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+      <TargetFramework>netstandard2.0</TargetFramework>
+      <Authors>Arcus</Authors>
+      <Company>Arcus</Company>
+      <RepositoryType>Git</RepositoryType>
+      <PackageTags>Azure;WebAPI;App Services;Web App;Web;API</PackageTags>
+      <Description>Provides capabilities to easily build secure Web APIs running in Azure.</Description>
+      <Copyright>Copyright (c) Arcus</Copyright>
+      <PackageLicenseUrl>https://github.com/arcus-azure/arcus.webapi/blob/master/LICENSE</PackageLicenseUrl>
+      <PackageProjectUrl>https://github.com/arcus-azure/arcus.webapi</PackageProjectUrl>
+      <RepositoryUrl>https://github.com/arcus-azure/arcus.webapi</RepositoryUrl>
+      <PackageIconUrl>https://raw.githubusercontent.com/arcus-azure/arcus/master/media/arcus.png</PackageIconUrl>
+      <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+      <GenerateDocumentationFile>true</GenerateDocumentationFile>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
+    <PackageReference Include="System.Web.Http" Version="4.0.0" />
+    <PackageReference Include="Guard.Net" Version="1.2.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.2.0" />
+    <PackageReference Include="Arcus.Security.Secrets.AzureKeyVault" Version="0.1.0" />
+  </ItemGroup>
+
+</Project>
diff --git a/...ion/CertificateAuthenticationAttribute.cs → ...tes/CertificateAuthenticationAttribute.cs b/...ion/CertificateAuthenticationAttribute.cs → ...tes/CertificateAuthenticationAttribute.cs
@@ -1,7 +1,7 @@
 using System;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Authentication filter to secure HTTP requests by allowing only certain values in the client certificate.

diff --git a/...cation/CertificateAuthenticationConfig.cs → ...icates/CertificateAuthenticationConfig.cs b/...cation/CertificateAuthenticationConfig.cs → ...icates/CertificateAuthenticationConfig.cs
@@ -3,11 +3,11 @@
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
-using Arcus.WebApi.Security.Authentication.Interfaces;
+using Arcus.WebApi.Security.Authentication.Certificates.Interfaces;
 using GuardNet;
 using Microsoft.Extensions.Logging;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Representation of the configurable validation requirements on a <see cref="X509Certificate2"/>.

diff --git a/...CertificateAuthenticationConfigBuilder.cs → ...CertificateAuthenticationConfigBuilder.cs b/...CertificateAuthenticationConfigBuilder.cs → ...CertificateAuthenticationConfigBuilder.cs
@@ -1,10 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Security.Cryptography.X509Certificates;
-using Arcus.WebApi.Security.Authentication.Interfaces;
+using Arcus.WebApi.Security.Authentication.Certificates.Interfaces;
 using GuardNet;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Builder to create <see cref="CertificateAuthenticationConfig"/> instances.

diff --git a/...cation/CertificateAuthenticationFilter.cs → ...icates/CertificateAuthenticationFilter.cs b/...cation/CertificateAuthenticationFilter.cs → ...icates/CertificateAuthenticationFilter.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using GuardNet;
@@ -10,7 +9,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Authentication filter to secure HTTP requests by allowing only certain values in the client certificate.

diff --git a/...ion/CertificateAuthenticationValidator.cs → ...tes/CertificateAuthenticationValidator.cs b/...ion/CertificateAuthenticationValidator.cs → ...tes/CertificateAuthenticationValidator.cs
@@ -8,7 +8,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Represents the model that handles the certificate authentication validation via validation requirements.

diff --git a/...cation/ConfigurationValidationLocation.cs → ...icates/ConfigurationValidationLocation.cs b/...cation/ConfigurationValidationLocation.cs → ...icates/ConfigurationValidationLocation.cs
@@ -2,12 +2,12 @@
 using System.Collections.Generic;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
-using Arcus.WebApi.Security.Authentication.Interfaces;
+using Arcus.WebApi.Security.Authentication.Certificates.Interfaces;
 using GuardNet;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 
-namespace Arcus.WebApi.Security.Authentication 
+namespace Arcus.WebApi.Security.Authentication.Certificates 
 {
     /// <summary>
     /// Certificate location implementation to retrieve the expected <see cref="X509Certificate2"/> value from an <see cref="IConfiguration"/>

diff --git a/....Security/Authentication/ConfiguredKey.cs → ...hentication/Certificates/ConfiguredKey.cs b/....Security/Authentication/ConfiguredKey.cs → ...hentication/Certificates/ConfiguredKey.cs
@@ -1,6 +1,6 @@
 using GuardNet;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Represents the configured key on the authentication mechanisms.

diff --git a/...uthentication/ExpectedCertificateValue.cs → .../Certificates/ExpectedCertificateValue.cs b/...uthentication/ExpectedCertificateValue.cs → .../Certificates/ExpectedCertificateValue.cs
@@ -1,6 +1,6 @@
 using GuardNet;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Represents a non-null expected certificate value to validate against the actual client certificate value.

diff --git a/...ion/Interfaces/IX509ValidationLocation.cs → ...tes/Interfaces/IX509ValidationLocation.cs b/...ion/Interfaces/IX509ValidationLocation.cs → ...tes/Interfaces/IX509ValidationLocation.cs
@@ -2,7 +2,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 
-namespace Arcus.WebApi.Security.Authentication.Interfaces 
+namespace Arcus.WebApi.Security.Authentication.Certificates.Interfaces 
 {
     /// <summary>
     /// Represents the function to retrieve expected values for a <see cref="X509Certificate2"/>.

diff --git a/...ation/SecretProviderValidationLocation.cs → ...cates/SecretProviderValidationLocation.cs b/...ation/SecretProviderValidationLocation.cs → ...cates/SecretProviderValidationLocation.cs
@@ -3,11 +3,11 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Arcus.Security.Secrets.Core.Interfaces;
-using Arcus.WebApi.Security.Authentication.Interfaces;
+using Arcus.WebApi.Security.Authentication.Certificates.Interfaces;
 using GuardNet;
 using Microsoft.Extensions.DependencyInjection;
 
-namespace Arcus.WebApi.Security.Authentication 
+namespace Arcus.WebApi.Security.Authentication.Certificates 
 {
     /// <summary>
     /// Certificate location implementation to retrieve the expected <see cref="X509Certificate2"/> value from an <see cref="ISecretProvider"/>

diff --git a/.../Authentication/X509ValidationLocation.cs → ...on/Certificates/X509ValidationLocation.cs b/.../Authentication/X509ValidationLocation.cs → ...on/Certificates/X509ValidationLocation.cs
@@ -2,7 +2,7 @@
 using Arcus.Security.Secrets.Core.Interfaces;
 using Microsoft.Extensions.Configuration;
 
-namespace Arcus.WebApi.Security.Authentication
+namespace Arcus.WebApi.Security.Authentication.Certificates
 {
     /// <summary>
     /// Represents the possibilities to retrieve the expected <see cref="X509Certificate2"/> values

diff --git a/...thentication/X509ValidationRequirement.cs → ...Certificates/X509ValidationRequirement.cs b/...thentication/X509ValidationRequirement.cs → ...Certificates/X509ValidationRequirement.cs
@@ -1,6 +1,6 @@
 using System.Security.Cryptography.X509Certificates;
 
-namespace Arcus.WebApi.Security.Authentication 
+namespace Arcus.WebApi.Security.Authentication.Certificates 
 {
     /// <summary>
     /// Represents which value of the client <see cref="X509Certificate2"/> should be validated in the <see cref="CertificateAuthenticationFilter"/>.

diff --git a/....WebApi.Security.Authentication/SharedAccessKey/SharedAccessKeyAuthenticationAttribute.cs b/....WebApi.Security.Authentication/SharedAccessKey/SharedAccessKeyAuthenticationAttribute.cs
@@ -0,0 +1,33 @@
+using System;
+using Arcus.Security.Secrets.Core.Interfaces;
+using GuardNet;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Arcus.WebApi.Security.Authentication.SharedAccessKey
+{
+    /// <summary>
+    /// Authentication filter to secure HTTP requests with shared access keys.
+    /// </summary>
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)] 
+    public class SharedAccessKeyAuthenticationAttribute : TypeFilterAttribute
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="SharedAccessKeyAuthenticationAttribute"/> class.
+        /// </summary>
+        /// <param name="secretName">The name of the request header which value must match the stored secret with the same name as the header.</param>
+        public SharedAccessKeyAuthenticationAttribute(string secretName) : this(secretName, secretName) { }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="SharedAccessKeyAuthenticationAttribute"/> class.
+        /// </summary>
+        /// <param name="headerName">The name of the request header which value must match the stored secret.</param>
+        /// <param name="secretName">The name of the secret that's being retrieved using the <see cref="ISecretProvider.Get"/> call.</param>
+        public SharedAccessKeyAuthenticationAttribute(string headerName, string secretName) : base(typeof(SharedAccessKeyAuthenticationFilter))
+        {
+            Guard.NotNullOrWhitespace(headerName, nameof(headerName), "Header name cannot be blank");
+            Guard.NotNullOrWhitespace(secretName, nameof(secretName), "Secret name cannot be blank");
+
+            Arguments = new object[] { headerName, secretName };
+        }
+    }
+}
diff --git a/...cus.WebApi.Security.Authentication/SharedAccessKey/SharedAccessKeyAuthenticationFilter.cs b/...cus.WebApi.Security.Authentication/SharedAccessKey/SharedAccessKeyAuthenticationFilter.cs
@@ -0,0 +1,85 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Arcus.Security.Secrets.Core.Exceptions;
+using Arcus.Security.Secrets.Core.Interfaces;
+using GuardNet;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Primitives;
+
+namespace Arcus.WebApi.Security.Authentication.SharedAccessKey 
+{
+    /// <summary>
+    /// Authentication filter to secure HTTP requests with shared access keys.
+    /// </summary>
+    /// <remarks>
+    ///     Please provide an <see cref="ISecretProvider"/> implementation in the configured services of the request.
+    /// </remarks>
+    public class SharedAccessKeyAuthenticationFilter : IAsyncAuthorizationFilter
+    {
+        private readonly string _headerName, _secretName;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="SharedAccessKeyAuthenticationFilter"/> class.
+        /// </summary>
+        /// <param name="headerName">The name of the request header which value must match the stored secret.</param>
+        /// <param name="secretName">The name of the secret that's being retrieved using the <see cref="ISecretProvider.Get"/> call.</param>
+        public SharedAccessKeyAuthenticationFilter(string headerName, string secretName)
+        {
+            Guard.NotNullOrWhitespace(headerName, nameof(headerName), "Header name cannot be blank");
+            Guard.NotNullOrWhitespace(secretName, nameof(secretName), "Secret name cannot be blank");
+
+            _headerName = headerName;
+            _secretName = secretName;
+        }
+
+        /// <summary>
+        /// Called early in the filter pipeline to confirm request is authorized.
+        /// </summary>
+        /// <param name="context">The <see cref="T:Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext" />.</param>
+        /// <returns>
+        /// A <see cref="T:System.Threading.Tasks.Task" /> that on completion indicates the filter has executed.
+        /// </returns>
+        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
+        {
+            Guard.NotNull(context, nameof(context));
+            Guard.NotNull(context.HttpContext, nameof(context.HttpContext));
+            Guard.For<ArgumentException>(() => context.HttpContext.Request == null, "Invalid action context given without any HTTP request");
+            Guard.For<ArgumentException>(() => context.HttpContext.Request.Headers == null, "Invalid action context given without any HTTP request headers");
+            Guard.For<ArgumentException>(() => context.HttpContext.RequestServices == null, "Invalid action context given without any HTTP request services");
+
+            if (context.HttpContext.Request.Headers
+                       .TryGetValue(_headerName, out StringValues requestSecretHeaders))
+            {
+                ISecretProvider userDefinedSecretProvider = 
+                    context.HttpContext.RequestServices.GetService<ICachedSecretProvider>()
+                    ?? context.HttpContext.RequestServices.GetService<ISecretProvider>();
+
+                if (userDefinedSecretProvider == null)
+                {
+                    throw new KeyNotFoundException(
+                        $"No configured {nameof(ICachedSecretProvider)} or {nameof(ISecretProvider)} implementation found in the request service container. "
+                        + "Please configure such an implementation (ex. in the Startup) of your application");
+                }
+
+                string foundSecret = await userDefinedSecretProvider.Get(_secretName);
+                if (foundSecret == null)
+                {
+                    throw new SecretNotFoundException(_secretName);
+                }
+
+                if (requestSecretHeaders.Any(headerValue => !String.Equals(headerValue, foundSecret)))
+                {
+                    context.Result = new UnauthorizedResult();
+                }
+            }
+            else
+            {
+                context.Result = new UnauthorizedResult();
+            }
+        }
+    }
+}
diff --git a/src/Arcus.WebApi.Security/Arcus.WebApi.Security.csproj b/src/Arcus.WebApi.Security/Arcus.WebApi.Security.csproj
@@ -17,10 +17,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Web.Http" Version="4.0.0" />
-    <PackageReference Include="Guard.Net" Version="1.2.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.2.0" />
-    <PackageReference Include="Arcus.Security.Secrets.AzureKeyVault" Version="0.1.0" />
+    <ProjectReference Include="..\Arcus.WebApi.Security.Authentication\Arcus.WebApi.Security.Authentication.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Arcus.WebApi.Security/Authentication/SharedAccessKeyAuthenticationAttribute.cs b/src/Arcus.WebApi.Security/Authentication/SharedAccessKeyAuthenticationAttribute.cs
@@ -1,13 +1,15 @@
 using System;
 using Arcus.Security.Secrets.Core.Interfaces;
 using GuardNet;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Arcus.WebApi.Security.Authentication
 {
     /// <summary>
     /// Authentication filter to secure HTTP requests with shared access keys.
     /// </summary>
+    [Obsolete("Feature is moved to our 'Arcus.WebApi.Security.Authentication' NuGet package, please use Arcus.WebApi.Security.Authentication.SharedAccessKey.SharedAccessKeyAuthenticationAttribute")]
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)] 
     public class SharedAccessKeyAuthenticationAttribute : TypeFilterAttribute
     {

diff --git a/src/Arcus.WebApi.Security/Authentication/SharedAccessKeyAuthenticationFilter.cs b/src/Arcus.WebApi.Security/Authentication/SharedAccessKeyAuthenticationFilter.cs
@@ -18,6 +18,7 @@ namespace Arcus.WebApi.Security.Authentication
     /// <remarks>
     ///     Please provide an <see cref="ISecretProvider"/> implementation in the configured services of the request.
     /// </remarks>
+    [Obsolete("Feature is moved to our 'Arcus.WebApi.Security.Authentication' NuGet package, please use Arcus.WebApi.Security.Authentication.SharedAccessKey.SharedAccessKeyAuthenticationFilter")]
     public class SharedAccessKeyAuthenticationFilter : IAsyncAuthorizationFilter
     {
         private readonly string _headerName, _secretName;

diff --git a/src/Arcus.WebApi.Unit/Arcus.WebApi.Unit.csproj b/src/Arcus.WebApi.Unit/Arcus.WebApi.Unit.csproj
@@ -25,6 +25,7 @@
     </ItemGroup>
     <ItemGroup>
       <ProjectReference Include="..\Arcus.WebApi.OpenApi.Extensions\Arcus.WebApi.OpenApi.Extensions.csproj" />
+      <ProjectReference Include="..\Arcus.WebApi.Security.Authentication\Arcus.WebApi.Security.Authentication.csproj" />
       <ProjectReference Include="..\Arcus.WebApi.Security\Arcus.WebApi.Security.csproj" />
     </ItemGroup>
 </Project>
diff --git a/src/Arcus.WebApi.Unit/Security/Authentication/CertificateAuthenticationAttributeTests.cs b/src/Arcus.WebApi.Unit/Security/Authentication/CertificateAuthenticationAttributeTests.cs
@@ -4,7 +4,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Arcus.Security.Secrets.Core.Interfaces;
-using Arcus.WebApi.Security.Authentication;
+using Arcus.WebApi.Security.Authentication.Certificates;
 using Arcus.WebApi.Unit.Hosting;
 using Arcus.WebApi.Unit.Security.Doubles;
 using Xunit;

diff --git a/src/Arcus.WebApi.Unit/Security/Authentication/CertificateAuthenticationFilterTests.cs b/src/Arcus.WebApi.Unit/Security/Authentication/CertificateAuthenticationFilterTests.cs
@@ -4,7 +4,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Arcus.Security.Secrets.Core.Interfaces;
-using Arcus.WebApi.Security.Authentication;
+using Arcus.WebApi.Security.Authentication.Certificates;
 using Arcus.WebApi.Unit.Hosting;
 using Arcus.WebApi.Unit.Security.Doubles;
 using Xunit;

diff --git a/src/Arcus.WebApi.Unit/Security/Authentication/CertificateAuthenticationOnMethodController.cs b/src/Arcus.WebApi.Unit/Security/Authentication/CertificateAuthenticationOnMethodController.cs
@@ -1,6 +1,6 @@
 using System.Net.Http;
 using System.Threading.Tasks;
-using Arcus.WebApi.Security.Authentication;
+using Arcus.WebApi.Security.Authentication.Certificates;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Arcus.WebApi.Unit.Security.Authentication

diff --git a/src/Arcus.WebApi.Unit/Security/Doubles/StubX509ValidationLocation.cs b/src/Arcus.WebApi.Unit/Security/Doubles/StubX509ValidationLocation.cs
@@ -1,7 +1,6 @@
 using System;
-using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
-using Arcus.WebApi.Security.Authentication.Interfaces;
+using Arcus.WebApi.Security.Authentication.Certificates.Interfaces;
 
 namespace Arcus.WebApi.Unit.Security.Doubles
 {