2.24.0 Initial

Author: vbilopav

NpgsqlRest/Auth/AuthHandler.cs

@@ -89,4 +89,18 @@ public class NpgsqlRestAuthenticationOptions
     /// This is used to verify the password from the password parameter when login endpoint returns a hash of the password (see HashColumnName).
     /// </summary>
     public string PasswordParameterNameContains { get; set; } = "pass";
+
+    /// <summary>
+    /// Default password hasher object. Inject custom password hasher object to add default password hasher.
+    /// </summary>
+    public IPasswordHasher? PasswordHasher { get; set; } = new PasswordHasher();
+
+    /// <summary>
+    /// Command that is executed when the password verification fails. There are three text parameters:
+    ///     - scheme: authentication scheme used for the login (if exists)
+    ///     - user_name: user id used for the login (if exists)
+    ///     - user_id: user id used for the login (if exists)
+    /// Please use PostgreSQL parameter placeholders for the parameters ($1, $2, $3).
+    /// </summary>
+    public string? PasswordVerificationFailedCommand { get; set; } = null;
 }

NpgsqlRest/Auth/NpgsqlRestAuthenticationOptions.cs

@@ -0,0 +1,14 @@
+using System.Text.RegularExpressions;
+
+namespace NpgsqlRest.Auth;
+
+public partial class PostgreSqlParameterCounter
+{
+    [GeneratedRegex(@"\$\d+")]
+    public static partial Regex PostgreSqlParameterPattern();
+
+    public static int CountParameters(string sql)
+    {
+        return PostgreSqlParameterPattern().Matches(sql).Count;
+    }
+}

NpgsqlRest/Auth/PostgreSqlParameterCounter.cs

@@ -178,4 +178,7 @@ public static partial class Log
 
     [LoggerMessage(Level = LogLevel.Information, Message = "{description} has set to use multiple UPLOAD HANDLERES {handlers} by the comment annotation.")]
     public static partial void CommentUploadHandlers(this ILogger logger, string description, string[]? handlers);
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "Login endpoint {endpoint} failed to locate the password parameter in parameter collection {parameters}. Password parameter is the first that contains \"{contains}\" text in parameter name.")]
+    public static partial void CantFindPasswordParameter(this ILogger logger, string endpoint, string?[]? parameters, string contains);
 }

NpgsqlRest/Log.cs

@@ -29,10 +29,10 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageReadmeFile>README.MD</PackageReadmeFile>
     <DocumentationFile>bin\$(Configuration)\$(AssemblyName).xml</DocumentationFile>
-    <Version>2.23.0</Version>
-    <AssemblyVersion>2.23.0</AssemblyVersion>
-    <FileVersion>2.23.0</FileVersion>
-    <PackageVersion>2.23.0</PackageVersion>
+    <Version>2.24.0</Version>
+    <AssemblyVersion>2.24.0</AssemblyVersion>
+    <FileVersion>2.24.0</FileVersion>
+    <PackageVersion>2.24.0</PackageVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(GITHUB_ACTIONS)' == 'true'">

NpgsqlRest/NpgsqlRest.csproj

@@ -311,7 +311,7 @@ public async Task InvokeAsync(HttpContext context)
                         }
                         else
                         {
-                            parameter.Value = options.PasswordHasher?.HashPassword(hashValueQueryDict) as object ?? DBNull.Value;
+                            parameter.Value = options.AuthenticationOptions.PasswordHasher?.HashPassword(hashValueQueryDict) as object ?? DBNull.Value;
                         }
                     }
                     if (parameter.UploadMetadata is true)
@@ -749,7 +749,7 @@ await options.ValidateParametersAsync(new ParameterValidationValues(
                         }
                         else
                         {
-                            parameter.Value = options.PasswordHasher?.HashPassword(hashValueBodyDict) as object ?? DBNull.Value;
+                            parameter.Value = options.AuthenticationOptions.PasswordHasher?.HashPassword(hashValueBodyDict) as object ?? DBNull.Value;
                         }
                     }
                     if (parameter.UploadMetadata is true)

NpgsqlRest/NpgsqlRestMiddleware.cs

@@ -316,11 +316,6 @@ public NpgsqlRestOptions(NpgsqlDataSource dataSource)
     /// </summary>
     public IResponseParser? DefaultResponseParser { get; set; }
 
-    /// <summary>
-    /// Default password hasher object. Inject custom password hasher object to add default password hasher.
-    /// </summary>
-    public IPasswordHasher PasswordHasher { get; set; } = new PasswordHasher();
-
     /// <summary>
     /// Default upload handler options. 
     /// Set this option to null to disable upload handlers or use this to modify upload handler options.

NpgsqlRest/NpgsqlRestOptions.cs

@@ -12,6 +12,7 @@
 using static NpgsqlRestClient.Config;
 using static NpgsqlRestClient.Builder;
 using static NpgsqlRest.Auth.ClaimsDictionary;
+using NpgsqlRest.Auth;
 
 namespace NpgsqlRestClient;
 
@@ -41,8 +42,8 @@ public static class ExternalAuthConfig
     public static string ClientAnaliticsIpKey { get; private set; } = default!;
 
     private static readonly Dictionary<string, ExternalAuthClientConfig> DefaultClientConfigs = 
-        new Dictionary<string, ExternalAuthClientConfig>
-    {
+        new()
+        {
         { "google", new ExternalAuthClientConfig
             {
                 AuthUrl = "https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id={0}&redirect_uri={1}&scope=openid profile email&state={2}",
@@ -190,7 +191,7 @@ public static void Configure(WebApplication app, NpgsqlRestOptions options, Post
                     string code = (node["code"]?.ToString()) ??
                         throw new ArgumentException("code retrieved from the external provider is null");
 
-                    await ProcessAsync(code, body, config, context, options);
+                    await ProcessAsync(code, config, context, options);
                     return;
                 }
                 catch (Exception e)
@@ -216,15 +217,14 @@ private static void PrepareResponse(string contentType, HttpContext context)
         context.Response.Headers.Expires = "0";
     }
 
-    private static readonly HttpClient _httpClient = new();
+    private static HttpClient? _httpClient = null;
     private static readonly string _agent = $"{Guid.NewGuid().ToString()[..8]}";
 
     private const string browserSessionStateKey = "__external_state";
     private const string browserSessionParamsKey = "__external_params";
 
     private static async Task ProcessAsync(
         string code,
-        string body,
         ExternalAuthClientConfig config, 
         HttpContext context, 
         NpgsqlRestOptions options)
@@ -233,6 +233,8 @@ private static async Task ProcessAsync(
         string? name;
         string token;
 
+        _httpClient ??= new();
+
         using var requestTokenMessage = new HttpRequestMessage(HttpMethod.Post, config.TokenUrl);
         requestTokenMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(Application.Json));
         requestTokenMessage.Content = new FormUrlEncodedContent(new Dictionary<string, string>
@@ -273,6 +275,7 @@ private static async Task ProcessAsync(
         infoRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
         using var infoResponse = await _httpClient.SendAsync(infoRequest);
         var infoContent = await infoResponse.Content.ReadAsStringAsync();
+        JsonNode infoNode;
         if (!infoResponse.IsSuccessStatusCode)
         {
             throw new HttpRequestException($"Info endpoint {config.InfoUrl} returned {infoResponse.StatusCode} with following content: {infoContent}");
@@ -284,18 +287,18 @@ private static async Task ProcessAsync(
 
         try
         {
-            JsonNode node = JsonNode.Parse(infoContent) ??
+            infoNode = JsonNode.Parse(infoContent) ??
                 throw new ArgumentException("info json node is null");
 
             // Email parsing
-            email = node["email"]?.ToString() ?? // Google, GitHub, Facebook, Microsoft
-                    node["userPrincipalName"]?.ToString() ?? // Microsoft (organizational accounts)
-                    node?["elements"]?[0]?["handle~"]?["emailAddress"]?.ToString(); // LinkedIn
+            email = infoNode["email"]?.ToString() ?? // Google, GitHub, Facebook, Microsoft
+                    infoNode["userPrincipalName"]?.ToString() ?? // Microsoft (organizational accounts)
+                    infoNode?["elements"]?[0]?["handle~"]?["emailAddress"]?.ToString(); // LinkedIn
 
 #pragma warning disable CS8602 // Dereference of a possibly null reference.
-            name = node["localizedLastName"] is not null ?
-                $"{node["localizedFirstName"]} {node["localizedLastName"]}".Trim() : // linkedin format
-                node["name"]?.ToString(); // normal format
+            name = infoNode["localizedLastName"] is not null ?
+                $"{infoNode["localizedFirstName"]} {infoNode["localizedLastName"]}".Trim() : // linkedin format
+                infoNode["name"]?.ToString(); // normal format
 #pragma warning restore CS8602 // Dereference of a possibly null reference.
         }
         catch (Exception e)
@@ -323,6 +326,7 @@ private static async Task ProcessAsync(
             {
                 JsonNode node = JsonNode.Parse(emailContent) ??
                     throw new ArgumentException("email json node is null");
+                infoNode["emailRequest"] = node;
 
                 email = node["email"]?.ToString() ??
                     node?["elements"]?[0]?["handle~"]?["emailAddress"]?.ToString(); // linkedin format
@@ -351,8 +355,8 @@ private static async Task ProcessAsync(
         await connection.OpenAsync();
         using var command = connection.CreateCommand();
         command.CommandText = ExternalAuthConfig.LoginCommand;
-        var paramCount = command.CommandText[command.CommandText.IndexOf(Consts.OpenParenthesis)..].Split(Consts.Comma).Length;
 
+        var paramCount = PostgreSqlParameterCounter.CountParameters(command.CommandText);
         if (paramCount >= 1) command.Parameters.Add(new NpgsqlParameter()
         {
             Value = config.ExternalType,
@@ -368,9 +372,11 @@ private static async Task ProcessAsync(
             Value = name is not null ? name : DBNull.Value,
             NpgsqlDbType = NpgsqlTypes.NpgsqlDbType.Text
         });
+        //emailContent
+        
         if (paramCount >= 4) command.Parameters.Add(new NpgsqlParameter()
         {
-            Value = body is not null ? body : DBNull.Value,
+            Value = infoNode is not null ? infoContent.ToString() : DBNull.Value,
             NpgsqlDbType = NpgsqlTypes.NpgsqlDbType.Json
         });
         if (paramCount >= 5)

NpgsqlRestClient/ExternalAuth.cs

@@ -8,7 +8,7 @@
     <InvariantGlobalization>true</InvariantGlobalization>
     <NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile>
     <PublishAot>true</PublishAot>
-    <Version>2.18.0</Version>
+    <Version>2.19.0</Version>
   </PropertyGroup>
 
   <ItemGroup>
@@ -22,5 +22,9 @@
     <ProjectReference Include="..\plugins\NpgsqlRest.HttpFiles\NpgsqlRest.HttpFiles.csproj" />
     <ProjectReference Include="..\plugins\NpgsqlRest.TsClient\NpgsqlRest.TsClient.csproj" />
   </ItemGroup>
+  
+  <ItemGroup>
+    <Folder Include="wwwroot\" />
+  </ItemGroup>
 
 </Project>

NpgsqlRestClient/NpgsqlRestClient.csproj

@@ -37,7 +37,7 @@
 Configure(app, () =>
 {
     sw.Stop();
-    var message = GetConfigStr("StartupMessage", Cfg);
+    var message = GetConfigStr("StartupMessage", Cfg) ?? "Started in {0}, listening on {1}, version {2}";
     if (string.IsNullOrEmpty(message) is false)
     {
         Logger?.Information(message,
@@ -115,7 +115,8 @@
 
     AuthenticationOptions = new()
     {
-        DefaultAuthenticationType = GetConfigStr("DefaultAuthenticationType", AuthCfg)
+        DefaultAuthenticationType = GetConfigStr("DefaultAuthenticationType", AuthCfg) ?? GetConfigStr("ApplicationName", Cfg),
+        PasswordVerificationFailedCommand = GetConfigStr("PasswordVerificationFailedCommand", AuthCfg),
     },
 
     EndpointCreateHandlers = CreateCodeGenHandlers(connectionString),

NpgsqlRestClient/Program.cs

@@ -1,5 +1,5 @@
 /*
-  2.18.0.0
+  2.19.0.0
 */
 {
   //
@@ -224,8 +224,14 @@
       // 
       "ReturnToPathQueryStringKey": "return_to",
       //
-      // Login command to execute after the external auth process is completed.
-      // The first parameter is the email returned from the provider, the second parameter is the name returned from the provider and third parameter is the collection of the parameters that will include original query string.
+      // Login command to execute after the external auth process is completed. Parameters:
+      //   - external login provider (if param exists)
+      //   - external login email (if param exists)
+      //   - external login name (if param exists)
+      //   - external login json data received (if param exists)
+      //   - client browser analytics json data (if param exists)
+      // Please use PostgreSQL parameter placeholders for the parameters ($1, $2, $3).
+      //
       // The command uses the same rules as the login enabled routine. 
       // See: https://vb-consulting.github.io/npgsqlrest/login-endpoints and https://vb-consulting.github.io/npgsqlrest/login-endpoints/#external-logins
       //
@@ -238,7 +244,9 @@
       // Client IP address that will be added to the client analytics data under this JSON key.
       //
       "ClientAnaliticsIpKey": "ip",
-
+      //
+      // External providers
+      //
       "Google": {
         //
         // visit https://console.cloud.google.com/apis/ to configure your google app and get your client id and client secret
@@ -648,6 +656,16 @@
       //
       "DefaultAuthenticationType": null,
       //
+      // Command that is executed when the password verification fails. There are three text parameters:
+      //     - scheme: authentication scheme used for the login (if exists)
+      //     - user_name: user id used for the login (if exists)
+      //     - user_id: user id used for the login (if exists)
+      // Please use PostgreSQL parameter placeholders for the parameters ($1, $2, $3).
+      //
+      // See https://vb-consulting.github.io/npgsqlrest/options/#authenticationoptionsdefaultauthenticationtype
+      //
+      "PasswordVerificationFailedCommand": null,
+      //
       // Name of the PostgreSQL text parameter that will be used to pass the authenticated user id to the PostgreSQL routine (function  or query) automatically (supplied values are rewritten).
       //
       "UserIdParameterName": null,

NpgsqlRestClient/appsettings.json

@@ -1,3 +1,5 @@
+using Npgsql;
+
 namespace NpgsqlRestTests;
 
 public static partial class Database
@@ -42,6 +44,16 @@ language sql as $$
         $$;
         comment on function password_protected_login2(text) is 'login';
         
+        create table failed_logins(scheme text, user_id text, user_name text);
+
+        create procedure failed_login(
+            _scheme text,
+            _user_id text,
+            _user_name text
+        )
+        language sql as $$
+        insert into failed_logins(scheme, user_id, user_name) values (_scheme, _user_id, _user_name);
+        $$;
         """);
     }
 }
@@ -94,5 +106,15 @@ public async Task Test_password_protected_login1_wrong_password()
         using var content = new StringContent($"{{\"pass\": \"{password}\", \"hashed\": \"{hashed}\"}}", Encoding.UTF8, "application/json");
         using var login = await client.PostAsync(requestUri: "/api/password-protected-login1/", content);
         login.StatusCode.Should().Be(HttpStatusCode.NotFound);
+
+        using var connection = Database.CreateConnection();
+        await connection.OpenAsync();
+        using var command = new NpgsqlCommand("select * from failed_logins", connection);
+        using var reader = await command.ExecuteReaderAsync();
+        (await reader.ReadAsync()).Should().BeTrue(); // there is a record
+
+        reader.IsDBNull(0).Should().Be(true);
+        reader.GetString(1).Should().Be("passwordprotected"); // username
+        reader.GetString(2).Should().Be("999"); // user id
     }
 }

NpgsqlRestTests/AuthTests/AuthPasswordLoginTests.cs

@@ -160,7 +160,6 @@ public async Task Test_post_hashed_in_new_parameter1_3()
         response.Should().Be("");
     }
 
-
     [Fact]
     public async Task Test_post_hashed_parameter1()
     {

NpgsqlRestTests/AuthTests/HashedParameterTests.cs

@@ -1,4 +1,4 @@
-namespace NpgsqlRestTests;
+namespace NpgsqlRestTests.AuthTests;
 
 public class PasswordHasherTests
 {

NpgsqlRestTests/AuthTests/PasswordHasherTests.cs

@@ -116,7 +116,12 @@ public static void Main()
             CustomRequestHeaders = new()
             {
                 { "custom-header1", "custom-header1-value" }
-            }
+            },
+
+            AuthenticationOptions = new()
+            {
+                PasswordVerificationFailedCommand = "call failed_login($1,$2,$3)"
+            },
         });
         app.Run();
     }