diff --git a/application/account-management/Core/Configuration.cs b/application/account-management/Core/Configuration.cs index 4dfd2b52a..f627000c9 100644 --- a/application/account-management/Core/Configuration.cs +++ b/application/account-management/Core/Configuration.cs @@ -1,6 +1,9 @@ +using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using PlatformPlatform.AccountManagement.Database; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; using PlatformPlatform.AccountManagement.Features.Users.Shared; using PlatformPlatform.AccountManagement.Integrations.Gravatar; using PlatformPlatform.SharedKernel.Configuration; @@ -30,6 +33,17 @@ public static IServiceCollection AddAccountManagementServices(this IServiceColle return services .AddSharedServices(Assembly) - .AddScoped(); + .AddScoped() + .AddAuthentication(); + } + + + private static IServiceCollection AddAuthentication(this IServiceCollection services) + { + return services + .AddScoped, PasswordHasher>() + .AddScoped() + .AddScoped() + .AddScoped(); } } diff --git a/application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs b/application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs index e8a712893..80cfe615a 100644 --- a/application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs +++ b/application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs @@ -1,12 +1,12 @@ using JetBrains.Annotations; using Mapster; using PlatformPlatform.AccountManagement.Features.Authentication.Domain; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands; using PlatformPlatform.AccountManagement.Features.Users.Domain; using PlatformPlatform.AccountManagement.Features.Users.Shared; using PlatformPlatform.AccountManagement.Integrations.Gravatar; using PlatformPlatform.SharedKernel.Authentication; -using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Telemetry; diff --git a/application/account-management/Core/Features/Authentication/Commands/Logout.cs b/application/account-management/Core/Features/Authentication/Commands/Logout.cs index 7f663d69b..7ac57c029 100644 --- a/application/account-management/Core/Features/Authentication/Commands/Logout.cs +++ b/application/account-management/Core/Features/Authentication/Commands/Logout.cs @@ -1,5 +1,5 @@ using JetBrains.Annotations; -using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Telemetry; diff --git a/application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs b/application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs index 3b21c8742..025224ca3 100644 --- a/application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs +++ b/application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs @@ -3,9 +3,9 @@ using JetBrains.Annotations; using Mapster; using Microsoft.AspNetCore.Http; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; using PlatformPlatform.AccountManagement.Features.Users.Domain; using PlatformPlatform.SharedKernel.Authentication; -using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Domain; using PlatformPlatform.SharedKernel.Telemetry; diff --git a/application/account-management/Core/Features/Authentication/Domain/AuthenticationTokenHttpKeys.cs b/application/account-management/Core/Features/Authentication/Domain/AuthenticationTokenHttpKeys.cs new file mode 100644 index 000000000..578c853f6 --- /dev/null +++ b/application/account-management/Core/Features/Authentication/Domain/AuthenticationTokenHttpKeys.cs @@ -0,0 +1,19 @@ +namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain; + +public static class AuthenticationTokenHttpKeys +{ + public const string RefreshTokenHttpHeaderKey = "x-refresh-token"; + + public const string AccessTokenHttpHeaderKey = "x-access-token"; + + public const string AntiforgeryTokenHttpHeaderKey = "x-xsrf-token"; + + public const string RefreshAuthenticationTokensHeaderKey = "x-refresh-authentication-tokens-required"; + + // __Host prefix ensures the cookie is sent only to the host, requires Secure, HTTPS, Path=/ and no Domain specified + public const string RefreshTokenCookieName = "__Host_Refresh_Token"; + + public const string AccessTokenCookieName = "__Host_Access_Token"; + + public const string AntiforgeryTokenCookieName = "__Host_Xsrf_Token"; +} diff --git a/application/shared-kernel/SharedKernel/Authentication/OneTimePasswordHelper.cs b/application/account-management/Core/Features/Authentication/Domain/OneTimePasswordHelper.cs similarity index 88% rename from application/shared-kernel/SharedKernel/Authentication/OneTimePasswordHelper.cs rename to application/account-management/Core/Features/Authentication/Domain/OneTimePasswordHelper.cs index 3d31b5eae..4cfa24d75 100644 --- a/application/shared-kernel/SharedKernel/Authentication/OneTimePasswordHelper.cs +++ b/application/account-management/Core/Features/Authentication/Domain/OneTimePasswordHelper.cs @@ -2,9 +2,9 @@ using System.Text; using Microsoft.AspNetCore.Identity; -namespace PlatformPlatform.SharedKernel.Authentication; +namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain; -public class OneTimePasswordHelper(IPasswordHasher passwordHasher) +public sealed class OneTimePasswordHelper(IPasswordHasher passwordHasher) { public static string GenerateOneTimePassword(int length) { diff --git a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs b/application/account-management/Core/Features/Authentication/Domain/TokenGeneration/AuthenticationTokenService.cs similarity index 90% rename from application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs rename to application/account-management/Core/Features/Authentication/Domain/TokenGeneration/AuthenticationTokenService.cs index 8911efc1e..956b3a0f3 100644 --- a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs +++ b/application/account-management/Core/Features/Authentication/Domain/TokenGeneration/AuthenticationTokenService.cs @@ -1,6 +1,8 @@ using Microsoft.AspNetCore.Http; +using PlatformPlatform.SharedKernel.Authentication; +using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; -namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration; +namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; public sealed class AuthenticationTokenService( RefreshTokenGenerator refreshTokenGenerator, diff --git a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs b/application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenGenerator.cs similarity index 90% rename from application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs rename to application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenGenerator.cs index 5cbf9fec2..ad1ea5e66 100644 --- a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs +++ b/application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenGenerator.cs @@ -1,9 +1,11 @@ using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using Microsoft.IdentityModel.Tokens; +using PlatformPlatform.SharedKernel.Authentication; +using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; using PlatformPlatform.SharedKernel.Authentication.TokenSigning; -namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration; +namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; public sealed class RefreshTokenGenerator(ITokenSigningClient tokenSigningClient) { diff --git a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenId.cs b/application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenId.cs similarity index 73% rename from application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenId.cs rename to application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenId.cs index 9a03e8e6c..7ef881c03 100644 --- a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenId.cs +++ b/application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenId.cs @@ -1,6 +1,7 @@ +using JetBrains.Annotations; using PlatformPlatform.SharedKernel.StronglyTypedIds; -namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration; +namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; [PublicAPI] [IdPrefix("rt")] diff --git a/application/account-management/Core/Features/EmailConfirmations/Commands/CompleteEmailConfirmation.cs b/application/account-management/Core/Features/EmailConfirmations/Commands/CompleteEmailConfirmation.cs index 636bbc159..3d1d20290 100644 --- a/application/account-management/Core/Features/EmailConfirmations/Commands/CompleteEmailConfirmation.cs +++ b/application/account-management/Core/Features/EmailConfirmations/Commands/CompleteEmailConfirmation.cs @@ -1,6 +1,6 @@ using JetBrains.Annotations; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain; -using PlatformPlatform.SharedKernel.Authentication; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Telemetry; diff --git a/application/account-management/Core/Features/EmailConfirmations/Commands/ResendEmailConfirmationCode.cs b/application/account-management/Core/Features/EmailConfirmations/Commands/ResendEmailConfirmationCode.cs index 02684c4ac..ae4ca6353 100644 --- a/application/account-management/Core/Features/EmailConfirmations/Commands/ResendEmailConfirmationCode.cs +++ b/application/account-management/Core/Features/EmailConfirmations/Commands/ResendEmailConfirmationCode.cs @@ -1,7 +1,7 @@ using JetBrains.Annotations; using Microsoft.AspNetCore.Identity; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain; -using PlatformPlatform.SharedKernel.Authentication; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Integrations.Email; using PlatformPlatform.SharedKernel.Telemetry; diff --git a/application/account-management/Core/Features/EmailConfirmations/Commands/StartEmailConfirmation.cs b/application/account-management/Core/Features/EmailConfirmations/Commands/StartEmailConfirmation.cs index 7c1f8abcd..01e30bc18 100644 --- a/application/account-management/Core/Features/EmailConfirmations/Commands/StartEmailConfirmation.cs +++ b/application/account-management/Core/Features/EmailConfirmations/Commands/StartEmailConfirmation.cs @@ -1,8 +1,8 @@ using FluentValidation; using JetBrains.Annotations; using Microsoft.AspNetCore.Identity; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain; -using PlatformPlatform.SharedKernel.Authentication; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Integrations.Email; using PlatformPlatform.SharedKernel.Validation; diff --git a/application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs b/application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs index 697039e56..cb6849377 100644 --- a/application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs +++ b/application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs @@ -1,11 +1,11 @@ using JetBrains.Annotations; using Mapster; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain; using PlatformPlatform.AccountManagement.Features.Tenants.Commands; using PlatformPlatform.AccountManagement.Features.Users.Domain; using PlatformPlatform.SharedKernel.Authentication; -using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; using PlatformPlatform.SharedKernel.Cqrs; using PlatformPlatform.SharedKernel.Telemetry; diff --git a/application/account-management/Tests/Signups/StartSignupTests.cs b/application/account-management/Tests/Signups/StartSignupTests.cs index 4a246f28e..eab4839f8 100644 --- a/application/account-management/Tests/Signups/StartSignupTests.cs +++ b/application/account-management/Tests/Signups/StartSignupTests.cs @@ -4,9 +4,9 @@ using Microsoft.AspNetCore.Identity; using NSubstitute; using PlatformPlatform.AccountManagement.Database; +using PlatformPlatform.AccountManagement.Features.Authentication.Domain; using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain; using PlatformPlatform.AccountManagement.Features.Signups.Commands; -using PlatformPlatform.SharedKernel.Authentication; using PlatformPlatform.SharedKernel.Tests; using PlatformPlatform.SharedKernel.Tests.Persistence; using PlatformPlatform.SharedKernel.Validation; diff --git a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/SecurityTokenDescriptorExtensions.cs b/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/SecurityTokenDescriptorExtensions.cs index b7a936d69..b8d6fcdbb 100644 --- a/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/SecurityTokenDescriptorExtensions.cs +++ b/application/shared-kernel/SharedKernel/Authentication/TokenGeneration/SecurityTokenDescriptorExtensions.cs @@ -3,9 +3,9 @@ namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration; -internal static class SecurityTokenDescriptorExtensions +public static class SecurityTokenDescriptorExtensions { - internal static string GenerateToken( + public static string GenerateToken( this SecurityTokenDescriptor tokenDescriptor, DateTimeOffset expires, string issuer, diff --git a/application/shared-kernel/SharedKernel/Configuration/SharedDependencyConfiguration.cs b/application/shared-kernel/SharedKernel/Configuration/SharedDependencyConfiguration.cs index 8f07faf25..cfebb82de 100644 --- a/application/shared-kernel/SharedKernel/Configuration/SharedDependencyConfiguration.cs +++ b/application/shared-kernel/SharedKernel/Configuration/SharedDependencyConfiguration.cs @@ -4,11 +4,9 @@ using Azure.Security.KeyVault.Secrets; using FluentValidation; using Microsoft.AspNetCore.Http.Json; -using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Diagnostics.HealthChecks; -using PlatformPlatform.SharedKernel.Authentication; using PlatformPlatform.SharedKernel.Authentication.TokenGeneration; using PlatformPlatform.SharedKernel.Authentication.TokenSigning; using PlatformPlatform.SharedKernel.DomainEvents; @@ -73,11 +71,7 @@ public static ITokenSigningClient GetTokenSigningService() private static IServiceCollection AddAuthentication(this IServiceCollection services) { return services - .AddScoped, PasswordHasher>() - .AddScoped() - .AddScoped() - .AddScoped() - .AddScoped(); + .AddScoped(); } private static IServiceCollection AddDefaultJsonSerializerOptions(this IServiceCollection services)