Update repo with the latest-and-greatest GraphQL.NET/CI/Code Style (#254)

Author: sungam3r

.editorconfig

@@ -94,7 +94,7 @@ csharp_style_var_elsewhere = true:suggestion
 # C# code style settings - Expression-bodied members
 # https://docs.microsoft.com/en-us/visualstudio/ide/editorconfig-language-conventions?view=vs-2019#expression-bodied-members
 csharp_style_expression_bodied_methods = when_on_single_line:suggestion
-csharp_style_expression_bodied_constructors = false:suggestion
+csharp_style_expression_bodied_constructors = false:warning
 csharp_style_expression_bodied_operators = when_on_single_line:warning
 csharp_style_expression_bodied_properties = when_on_single_line:warning
 csharp_style_expression_bodied_indexers = when_on_single_line:warning
@@ -131,8 +131,8 @@ csharp_style_unused_value_assignment_preference = discard_variable:suggestion
 
 # C# code style - Index and range preferences
 # https://docs.microsoft.com/en-us/visualstudio/ide/editorconfig-language-conventions?view=vs-2019#index-and-range-preferences
-csharp_style_prefer_index_operator = true:warning
-csharp_style_prefer_range_operator = true:warning
+csharp_style_prefer_index_operator = true:suggestion
+csharp_style_prefer_range_operator = true:suggestion
 
 # C# code style - Miscellaneous preferences
 # https://docs.microsoft.com/en-us/visualstudio/ide/editorconfig-language-conventions?view=vs-2019#miscellaneous-preferences
@@ -196,6 +196,9 @@ csharp_space_between_square_brackets = false
 csharp_preserve_single_line_blocks = true
 csharp_preserve_single_line_statements = false
 
+# C# formatting settings - Namespace options
+csharp_style_namespace_declarations = file_scoped:suggestion
+
 ########## name all private fields using camelCase with underscore prefix ##########
 # https://docs.microsoft.com/en-us/visualstudio/ide/editorconfig-naming-conventions?view=vs-2019
 # dotnet_naming_rule.<namingRuleTitle>.symbols = <symbolTitle>
@@ -258,4 +261,25 @@ dotnet_naming_style.end_in_async_style.required_suffix = Async
 dotnet_naming_rule.async_methods_end_in_async.severity = warning
 
 # Remove unnecessary import https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005
-dotnet_diagnostic.IDE0005.severity = warning
+dotnet_diagnostic.IDE0005.severity = error
+
+# Enforce formatting https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/formatting-rules#rule-id-ide0055-fix-formatting
+dotnet_diagnostic.IDE0055.severity = error
+
+# https://github.com/JosefPihrt/Roslynator/blob/master/docs/analyzers/RCS0060.md
+dotnet_diagnostic.RCS0060.severity = warning
+roslynator_blank_line_after_file_scoped_namespace_declaration = true
+
+# https://github.com/JosefPihrt/Roslynator/blob/main/docs/analyzers/RCS1080.md
+dotnet_diagnostic.RCS1080.severity = warning
+
+# ConfigureAwait https://github.com/JosefPihrt/Roslynator/blob/master/docs/analyzers/RCS1090.md
+dotnet_diagnostic.RCS1090.severity = warning
+roslynator_configure_await = true
+
+# https://github.com/JosefPihrt/Roslynator/blob/master/docs/analyzers/RCS1102.md
+# TODO: NullabilityInfo issue in Patching.cs in internal class SR
+dotnet_diagnostic.RCS1102.severity = suggestion
+
+# https://github.com/JosefPihrt/Roslynator/blob/master/docs/analyzers/RCS1194.md
+dotnet_diagnostic.RCS1194.severity = suggestion

.github/dependabot.yml

@@ -1,5 +1,7 @@
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
 version: 2
 updates:
+
 - package-ecosystem: "nuget"
   directory: "/"
   schedule:

.github/labeler.yml

@@ -6,6 +6,7 @@ CI:
   - .github/workflows/**/*
   - .github/dependabot.yml
   - .github/labeler.yml
+  - .github/codecov.yml
 
 code style:
   - .editorconfig

.github/workflows/build.yml

@@ -9,6 +9,7 @@ on:
       - develop
     paths:
       - src/**
+      - .github/workflows/**
 
 env:
   DOTNET_NOLOGO: true
@@ -19,10 +20,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Setup .NET Core SDK
+      - name: Setup .NET SDK
         uses: actions/setup-dotnet@v3
         with:
-          dotnet-version: "6.0.x"
+          dotnet-version: "7.0.x"
           source-url: https://nuget.pkg.github.com/graphql-dotnet/index.json
         env:
           NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/codeql-analysis.yml

@@ -16,10 +16,10 @@ jobs:
     - name: Checkout source
       uses: actions/checkout@v3
 
-    - name: Setup .NET Core SDK
+    - name: Setup .NET SDK
       uses: actions/setup-dotnet@v3
       with:
-        dotnet-version: "6.0.x"
+        dotnet-version: "7.0.x"
         source-url: https://nuget.pkg.github.com/graphql-dotnet/index.json
       env:
         NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -32,10 +32,11 @@ jobs:
 
     - name: Install dependencies
       working-directory: src
-      run: dotnet restore -p:GraphQLTestVersion=5.1.1
+      run: dotnet restore
 
-    - name: Build solution
-      working-directory: src
+    - name: Build CodeQL solution
+      # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#reduce-the-amount-of-code-being-analyzed-in-a-single-workflow
+      working-directory: codeql
       run: dotnet build --no-restore
 
     - name: Perform CodeQL Analysis

.github/workflows/format.yml

@@ -0,0 +1,35 @@
+name: Check formatting
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+    paths:
+      - src/**
+      - .github/workflows/**
+
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+      - name: Setup .NET SDK
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: 7.0.x
+          source-url: https://nuget.pkg.github.com/graphql-dotnet/index.json
+        env:
+          NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Install dependencies
+        working-directory: src
+        run: dotnet restore
+      - name: Check formatting
+        working-directory: src
+        run: |
+          dotnet format --no-restore --verify-no-changes --severity warn || (echo "Run 'dotnet format' to fix issues" && exit 1)

.github/workflows/publish.yml

@@ -27,10 +27,10 @@ jobs:
           version="${github_ref:10}"
           echo version=$version
           echo "version=$version" >> $GITHUB_ENV
-      - name: Setup .NET Core SDK
+      - name: Setup .NET SDK
         uses: actions/setup-dotnet@v3
         with:
-          dotnet-version: "6.0.x"
+          dotnet-version: "7.0.x"
           source-url: https://api.nuget.org/v3/index.json
         env:
           NUGET_AUTH_TOKEN: ${{secrets.NUGET_AUTH_TOKEN}}
@@ -48,7 +48,7 @@ jobs:
         with:
           name: Nuget packages
           path: |
-            out/*
+            src/out/*
       - name: Publish Nuget packages to Nuget registry
         working-directory: src
         run: dotnet nuget push "out/*" -k ${{secrets.NUGET_AUTH_TOKEN}}

.github/workflows/test.yml

@@ -23,53 +23,60 @@ env:
 
 jobs:
   test:
-    runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os:
-          - ubuntu-latest
-          - windows-latest
+        os: [ubuntu-latest, windows-latest]
         graphqlversion:
-          - 5.1.1
-          - 5.2.0
+          - 7.0.0
+          - 7.1.1
+          - 7.2.2
+    name: ${{ matrix.os }}/${{ matrix.graphqlversion }}
+    runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout source
         uses: actions/checkout@v3
-      - name: Setup .NET Core SDKs
+      - name: Setup .NET SDKs
         uses: actions/setup-dotnet@v3
         with:
           dotnet-version: |
             3.1.x
             5.0.x
             6.0.x
+            7.0.x
           source-url: https://nuget.pkg.github.com/graphql-dotnet/index.json
         env:
           NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-      - name: Disable MSVS Nuget Source # see https://github.com/graphql-dotnet/graphql-dotnet/issues/2422
-        if: ${{ startsWith(matrix.os, 'windows') }}
-        run: dotnet nuget disable source 'Microsoft Visual Studio Offline Packages'
       - name: Install dependencies with GraphQL version ${{ matrix.graphqlversion }}
         working-directory: src
         run: dotnet restore -p:GraphQLTestVersion=${{ matrix.graphqlversion }}
-      - name: Check formatting
-        if: ${{ startsWith(matrix.os, 'ubuntu') }}
-        working-directory: src
-        run: |
-          dotnet format --no-restore --verify-no-changes --severity warn || (echo "Run 'dotnet format' to fix issues" && exit 1)
       - name: Build solution [Release]
+        if: ${{ startsWith(matrix.os, 'ubuntu') }}
         working-directory: src
         run: dotnet build --no-restore -c Release -p:GraphQLTestVersion=${{ matrix.graphqlversion }}
       - name: Build solution [Debug]
         working-directory: src
-        run: dotnet build --no-restore -p:GraphQLTestVersion=${{ matrix.graphqlversion }}
-      - name: Test solution [Debug]
+        run: dotnet build --no-restore -c Debug -p:GraphQLTestVersion=${{ matrix.graphqlversion }}
+      - name: Test solution [Debug] with code coverage
+        if: ${{ startsWith(matrix.os, 'ubuntu') }}
+        working-directory: src
+        run: >
+          dotnet test
+          --no-restore
+          --no-build
+          --collect "XPlat Code Coverage"
+          --results-directory .coverage
+          --
+          DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
+          DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Exclude=[BasicSample]*,[Harness]*
+      - name: Test solution [Debug] without code coverage
+        if: ${{ startsWith(matrix.os, 'windows') }}
         working-directory: src
-        run: dotnet test --no-restore --no-build -p:CollectCoverage=true
+        run: dotnet test --no-restore --no-build
       - name: Upload coverage to codecov
         if: ${{ startsWith(matrix.os, 'ubuntu') }}
-        uses: codecov/codecov-action@v3.1.1
+        uses: codecov/codecov-action@v3
         with:
-          files: .coverage/GraphQL.Authorization.Tests/coverage.net5.opencover.xml
+          files: 'src/.coverage/**/coverage.opencover.xml'
 
   buildcheck:
     needs:

.gitignore

@@ -8,3 +8,5 @@
 
 [Oo]bj/
 [Bb]in/
+
+*.received.txt

README.md

@@ -1,22 +1,18 @@
 # GraphQL Authorization
 
-[![Join the chat at https://gitter.im/graphql-dotnet/graphql-dotnet](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/graphql-dotnet/graphql-dotnet?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-
-[![Run code tests](https://github.com/graphql-dotnet/authorization/actions/workflows/test.yml/badge.svg)](https://github.com/graphql-dotnet/authorization/actions/workflows/test.yml)
-[![Build artifacts](https://github.com/graphql-dotnet/authorization/actions/workflows/build.yml/badge.svg)](https://github.com/graphql-dotnet/authorization/actions/workflows/build.yml)
-[![Publish release](https://github.com/graphql-dotnet/authorization/actions/workflows/publish.yml/badge.svg)](https://github.com/graphql-dotnet/authorization/actions/workflows/publish.yml)
-[![CodeQL analysis](https://github.com/graphql-dotnet/authorization/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/graphql-dotnet/authorization/actions/workflows/codeql-analysis.yml)
-
+[![License](https://img.shields.io/github/license/graphql-dotnet/authorization)](LICENSE.md)
 [![codecov](https://codecov.io/gh/graphql-dotnet/authorization/branch/master/graph/badge.svg?token=TODO)](https://codecov.io/gh/graphql-dotnet/authorization)
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/graphql-dotnet/authorization.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/graphql-dotnet/authorization/alerts/)
-[![Language grade: C#](https://img.shields.io/lgtm/grade/csharp/g/graphql-dotnet/authorization.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/graphql-dotnet/authorization/context:csharp)
+[![Nuget](https://img.shields.io/nuget/dt/GraphQL.Authorization)](https://www.nuget.org/packages/GraphQL.Authorization)
+[![Nuget](https://img.shields.io/nuget/v/GraphQL.Authorization)](https://www.nuget.org/packages/GraphQL.Authorization)
+[![GitHub Release Date](https://img.shields.io/github/release-date/graphql-dotnet/authorization?label=released)](https://github.com/graphql-dotnet/authorization/releases)
+[![GitHub commits since latest release (by date)](https://img.shields.io/github/commits-since/graphql-dotnet/authorization/latest?label=new+commits)](https://github.com/graphql-dotnet/authorization/commits/master)
+![Size](https://img.shields.io/github/repo-size/graphql-dotnet/authorization)
 
+[![GitHub contributors](https://img.shields.io/github/contributors/graphql-dotnet/authorization)](https://github.com/graphql-dotnet/authorization/graphs/contributors)
 ![Activity](https://img.shields.io/github/commit-activity/w/graphql-dotnet/authorization)
 ![Activity](https://img.shields.io/github/commit-activity/m/graphql-dotnet/authorization)
 ![Activity](https://img.shields.io/github/commit-activity/y/graphql-dotnet/authorization)
 
-![Size](https://img.shields.io/github/repo-size/graphql-dotnet/authorization)
-
 A toolset for authorizing access to graph types for [GraphQL.NET](https://github.com/graphql-dotnet/graphql-dotnet).
 
 Provides the following packages:
@@ -30,47 +26,61 @@ Note that GitHub requires authentication to consume the feed. See [here](https:/
 
 # Usage
 
-- Register the authorization classes in your DI container - `IAuthorizationEvaluator`, `AuthorizationSettings`, and the `AuthorizationValidationRule`.
-- Provide a custom `UserContext` class that implements `IProvideClaimsPrincipal`.
+- Register the authorization classes in your DI container - call `AddAuthorization` on the provided `IGraphQLBuilder` inside `AddGraphQL` extension method.
+- Provide the `ClaimsPrincipal` through `ExecutionOptions.User`.
 - Add policies to the `AuthorizationSettings`.
-- Apply a policy to a GraphType or Field (both implement `IProvideMetadata`):
-  - using `AuthorizeWith(string policy)` extension method
-  - or with `GraphQLAuthorize` attribute if using Schema + Handler syntax.
+- Apply a policy to a GraphType or Field - both implement `IProvideMetadata`:
+  - using `AuthorizeWithPolicy(string policy)` extension method
+  - or with `AuthorizeAttribute` attribute if using Schema + Handler syntax.
 - The `AuthorizationValidationRule` will run and verify the policies based on the registered policies.
 - You can write your own `IAuthorizationRequirement`.
 
+# Limitations
+
+`@skip` and `@include` directives are ignored; all selected fields of the selected operation will
+be checked for authentication requirements, including referenced fragments. (Other operations
+in the same document will correctly be skipped.)
+
+This authorization framework only supports policy-based authorization. It does not support role-based authorization, or the
+`[AllowAnonymous]` attribute/extension, or the `[Authorize]` attribute/extension indicating authorization is required
+but without specifying a policy. It also does not integrate with ASP.NET Core's authorization framework.
+
+The [GraphQL.Server](https://www.github.com/graphql-dotnet/server) repository contains an authorization rule which has the above
+missing features, intended for use with ASP.NET Core. It may also be tailored with custom authentication code if desired, rather than
+relying on ASP.NET Core's authentication framework.
+
 # Examples
 
 1. Fully functional basic [Console sample](src/BasicSample/Program.cs).
 
 2. Fully functional [ASP.NET Core sample](src/Harness/Program.cs).
 
-3. GraphType first syntax - use `AuthorizeWith` extension method on `IGraphType` or `IFieldType`.
+3. GraphType first syntax - use `AuthorizeWithPolicy` extension method on `IGraphType` or `IFieldType`.
 
 ```csharp
 public class MyType : ObjectGraphType
 {
     public MyType()
     {
-        this.AuthorizeWith("AdminPolicy");
-        Field<StringGraphType>("name").AuthorizeWith("SomePolicy");
+        this.AuthorizeWithPolicy("AdminPolicy");
+        Field<StringGraphType>("name").AuthorizeWithPolicy("SomePolicy");
     }
 }
 ```
 
-4. Schema first syntax - use `GraphQLAuthorize` attribute on type, method or property.
+4. Schema first syntax - use `AuthorizeAttribute` attribute on type, method or property.
 
 ```csharp
-[GraphQLAuthorize("MyPolicy")]
+[Authorize("MyPolicy")]
 public class MutationType
 {
-    [GraphQLAuthorize("AnotherPolicy")]
+    [Authorize("AnotherPolicy")]
     public async Task<string> CreateSomething(MyInput input)
     {
         return await SomeMethodAsync(input);
     }
 
-    [GraphQLAuthorize("SuperPolicy")]
+    [Authorize("SuperPolicy")]
     public string SomeProperty => Guid.NewGuid().ToString();
 }
 ```