oauth: add an OAuth2 client implementation

Add an OAuth2 client implementation that supports the authorization code
grant, and the device authorization grant (device code) flows.

Author: mjcheetham

src/shared/GitHub.Tests/GitHubRestApiTests.cs

@@ -6,6 +6,7 @@
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.Git.CredentialManager;
 using Microsoft.Git.CredentialManager.Tests.Objects;
@@ -380,7 +381,7 @@ public async Task GitHubRestApi_AcquireTokenAsync_UnknownResponse_ReturnsFailure
 
         private static void AssertBasicAuth(HttpRequestMessage request, string userName, string password)
         {
-            string expectedBasicValue = new GitCredential(userName, password).ToBase64String();
+            string expectedBasicValue = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{userName}:{password}"));
 
             AuthenticationHeaderValue authHeader = request.Headers.Authorization;
             Assert.NotNull(authHeader);

src/shared/GitHub/GitHubRestApi.cs

@@ -46,8 +46,6 @@ public async Task<AuthenticationResult> AcquireTokenAsync(Uri targetUri, string
             EnsureArgument.AbsoluteUri(targetUri, nameof(targetUri));
             EnsureArgument.NotNull(scopes, nameof(scopes));
 
-            string base64Cred = new GitCredential(username, password).ToBase64String();
-
             Uri requestUri = GetAuthenticationRequestUri(targetUri);
 
             _context.Trace.WriteLine($"HTTP: POST {requestUri}");
@@ -56,7 +54,7 @@ public async Task<AuthenticationResult> AcquireTokenAsync(Uri targetUri, string
             {
                 // Set the request content as well as auth and 2FA headers
                 request.Content = content;
-                request.Headers.Authorization = new AuthenticationHeaderValue(Constants.Http.WwwAuthenticateBasicScheme, base64Cred);
+                request.AddBasicAuthenticationHeader(username, password);
                 if (!string.IsNullOrWhiteSpace(authenticationCode))
                 {
                     request.Headers.Add(GitHubConstants.GitHubOptHeader, authenticationCode);

src/shared/Microsoft.Git.CredentialManager.Tests/GitCredentialTests.cs

@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System.Net.Http;
+using Xunit;
+
+namespace Microsoft.Git.CredentialManager.Tests
+{
+    public class HttpRequestExtensionsTests
+    {
+        [Fact]
+        public void HttpRequestExtensions_AddBasicAuthenticationHeader_ComplexUserPass_ReturnsCorrectString()
+        {
+            const string expected = "aGVsbG8tbXlfbmFtZSBpczpqb2huLmRvZTp0aGlzIWlzQVA0U1NXMFJEOiB3aXRoPyBfbG90cyBvZi8gY2hhcnM=";
+            const string testUserName = "hello-my_name is:john.doe";
+            const string testPassword = "this!isAP4SSW0RD: with? _lots of/ chars";
+
+            TestAddBasicAuthenticationHeader(testUserName, testPassword, expected);
+        }
+
+        [Fact]
+        public void HttpRequestExtensions_AddBasicAuthenticationHeader_EmptyUserName_ReturnsCorrectString()
+        {
+            const string expected = "OmxldG1laW4xMjM=";
+            const string testUserName = "";
+            const string testPassword = "letmein123";
+
+            TestAddBasicAuthenticationHeader(testUserName, testPassword, expected);
+        }
+
+        [Fact]
+        public void HttpRequestExtensions_AddBasicAuthenticationHeader_EmptyPassword_ReturnsCorrectString()
+        {
+            const string expected = "am9obi5kb2U6";
+            const string testUserName = "john.doe";
+            const string testPassword = "";
+
+            TestAddBasicAuthenticationHeader(testUserName, testPassword, expected);
+        }
+
+        [Fact]
+        public void HttpRequestExtensions_AddBasicAuthenticationHeader_EmptyCredential_ReturnsCorrectString()
+        {
+            const string expected = "Og==";
+            const string testUserName = "";
+            const string testPassword = "";
+
+            TestAddBasicAuthenticationHeader(testUserName, testPassword, expected);
+        }
+
+        private static void TestAddBasicAuthenticationHeader(string userName, string password, string expectedParameterValue)
+        {
+            var message = new HttpRequestMessage();
+            message.AddBasicAuthenticationHeader(userName, password);
+
+            var authHeader = message.Headers.Authorization;
+            Assert.NotNull(authHeader);
+            Assert.Equal(Constants.Http.WwwAuthenticateBasicScheme, authHeader.Scheme);
+            Assert.Equal(expectedParameterValue, authHeader.Parameter);
+        }
+    }
+}

src/shared/Microsoft.Git.CredentialManager.Tests/HttpRequestExtensionsTests.cs

@@ -1,13 +1,33 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using Xunit;
 
 namespace Microsoft.Git.CredentialManager.Tests
 {
     public class UriExtensionsTests
     {
+        [Fact]
+        public void UriExtensions_GetQueryParameters()
+        {
+            var uri = new Uri("https://example.com/foo/bar?q1=value1&q2=value%20with%20spaces&key%20with%20spaces=value3");
+
+            IDictionary<string, string> result = uri.GetQueryParameters();
+
+            Assert.Equal(3, result.Count);
+
+            Assert.True(result.TryGetValue("q1", out string value1));
+            Assert.Equal("value1", value1);
+
+            Assert.True(result.TryGetValue("q2", out string value2));
+            Assert.Equal("value with spaces", value2);
+
+            Assert.True(result.TryGetValue("key with spaces", out string value3));
+            Assert.Equal("value3", value3);
+        }
+
         [Theory]
         [InlineData("http://com")]
         [InlineData("http://example.com",

src/shared/Microsoft.Git.CredentialManager.Tests/UriExtensionsTests.cs

@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System.Net;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Git.CredentialManager.Authentication.OAuth
+{
+    public static class HttpListenerExtensions
+    {
+        public static async Task WriteResponseAsync(this HttpListenerResponse response, string responseText)
+        {
+            byte[] responseData = Encoding.UTF8.GetBytes(responseText);
+            response.ContentLength64 = responseData.Length;
+            await response.OutputStream.WriteAsync(responseData, 0, responseData.Length);
+        }
+    }
+}

src/shared/Microsoft.Git.CredentialManager/Authentication/OAuth/HttpListenerExtensions.cs

@@ -0,0 +1,14 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using System.Net;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace Microsoft.Git.CredentialManager.Authentication.OAuth
+{
+    public interface IOAuth2WebBrowser
+    {
+        Task<Uri> GetAuthenticationCodeAsync(Uri authorizationUri, Uri redirectUri, CancellationToken ct);
+    }
+}

src/shared/Microsoft.Git.CredentialManager/Authentication/OAuth/IOAuth2WebBrowser.cs

@@ -0,0 +1,35 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using Newtonsoft.Json;
+
+namespace Microsoft.Git.CredentialManager.Authentication.OAuth.Json
+{
+    public class DeviceAuthorizationEndpointResponseJson
+    {
+        [JsonProperty("device_code", Required = Required.Always)]
+        public string DeviceCode { get; set; }
+
+        [JsonProperty("user_code", Required = Required.Always)]
+        public string UserCode { get; set; }
+
+        [JsonProperty("verification_uri", Required = Required.Always)]
+        public Uri VerificationUri { get; set; }
+
+        [JsonProperty("expires_in")]
+        [JsonConverter(typeof(TimeSpanSecondsConverter))]
+        public TimeSpan? ExpiresIn { get; set; }
+
+        [JsonProperty("interval")]
+        [JsonConverter(typeof(TimeSpanSecondsConverter))]
+        public TimeSpan? PollingInterval { get; set; }
+
+        public OAuth2DeviceCodeResult ToResult()
+        {
+            return new OAuth2DeviceCodeResult(DeviceCode, UserCode, VerificationUri, PollingInterval)
+            {
+                ExpiresIn = ExpiresIn
+            };
+        }
+    }
+}

src/shared/Microsoft.Git.CredentialManager/Authentication/OAuth/Json/DeviceAuthorizationEndpointResponseJson.cs

@@ -0,0 +1,37 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using System.Text;
+using Newtonsoft.Json;
+
+namespace Microsoft.Git.CredentialManager.Authentication.OAuth.Json
+{
+    public class ErrorResponseJson
+    {
+        [JsonProperty("error", Required = Required.Always)]
+        public string Error { get; set; }
+
+        [JsonProperty("error_description")]
+        public string Description { get; set; }
+
+        [JsonProperty("error_uri")]
+        public Uri Uri { get; set; }
+
+        public OAuth2Exception ToException(Exception innerException = null)
+        {
+            var message = new StringBuilder(Error);
+
+            if (!string.IsNullOrEmpty(Description))
+            {
+                message.AppendFormat(": {0}", Description);
+            }
+
+            if (Uri != null)
+            {
+                message.AppendFormat(" [{0}]", Uri);
+            }
+
+            return new OAuth2Exception(message.ToString(), innerException) {HelpLink = Uri?.ToString()};
+        }
+    }
+}

src/shared/Microsoft.Git.CredentialManager/Authentication/OAuth/Json/ErrorResponseJson.cs

@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using Newtonsoft.Json;
+
+namespace Microsoft.Git.CredentialManager.Authentication.OAuth.Json
+{
+    public class TimeSpanSecondsConverter : JsonConverter<TimeSpan?>
+    {
+        public override void WriteJson(JsonWriter writer, TimeSpan? value, JsonSerializer serializer)
+        {
+            if (value.HasValue)
+            {
+                writer.WriteValue(value.Value.TotalSeconds);
+            }
+        }
+
+        public override TimeSpan? ReadJson(JsonReader reader, Type objectType, TimeSpan? existingValue, bool hasExistingValue, JsonSerializer serializer)
+        {
+            string valueString = reader.Value?.ToString();
+            if (valueString != null)
+            {
+                if (int.TryParse(valueString, out int valueInt))
+                {
+                    return TimeSpan.FromSeconds(valueInt);
+                }
+            }
+
+            return null;
+        }
+    }
+}