Merge commit '4105cffc4aef4664164c724536c089662e1f4079'

Author: Vincent Wilms

CHANGELOG.md

@@ -1,3 +1,7 @@
+## v2.0.0-beta.53 - 2025-11-26
+- Fixed [#260: Accept license" causes error?](#260);
+- Fixed [#260: Accept license" causes error?](#260);
+
 ## v2.0.0-beta.52 - 2025-03-05
 - Fix security issues #244 and #247
 

src/Nexus/Core/NexusIdentityProviderExtensions.cs

@@ -127,11 +127,12 @@ public static WebApplication UseNexusIdentityProvider(
                 .LastOrDefault();
 
             authorization ??= await authorizationManager.CreateAsync(
-                    principal: principal,
-                    subject: subject,
-                    client: (await applicationManager.GetIdAsync(client))!,
-                    type: AuthorizationTypes.Permanent,
-                    scopes: principal.GetScopes());
+                principal: principal,
+                subject: subject,
+                client: (await applicationManager.GetIdAsync(client))!,
+                type: AuthorizationTypes.Permanent,
+                scopes: principal.GetScopes()
+            );
 
             principal.SetAuthorizationId(await authorizationManager.GetIdAsync(authorization));
 

src/Nexus/Core/PersonalAccessTokenAuthenticationHandler.cs

@@ -105,7 +105,7 @@ protected async override Task<AuthenticateResult> HandleAuthenticateAsync()
                     var userIdParts = userId.Split('@', count: 2);
                     var scheme = userIdParts.Length == 2 ? userIdParts[1] : default;
 
-                    AuthUtilities.AddEnabledCatalogPatternClaim(principal, scheme, _securityOptions);
+                    AuthUtilities.SetEnabledCatalogPatternClaim(principal, scheme, _securityOptions);
                 }
             }
         }

src/Nexus/Services/CatalogManager.cs

@@ -155,7 +155,7 @@ public async Task<CatalogContainer[]> GetCatalogContainersAsync(
                 var userIdParts = user.Id.Split('@', count: 2);
                 var scheme = userIdParts.Length == 2 ? userIdParts[1] : default;
 
-                AuthUtilities.AddEnabledCatalogPatternClaim(owner, scheme, _securityOptions);
+                AuthUtilities.SetEnabledCatalogPatternClaim(owner, scheme, _securityOptions);
 
                 /* For each pipeline */
                 foreach (var (pipelineId, pipeline) in pipelines)

src/Nexus/Services/CustomCookieAuthenticationEvents.cs

@@ -24,7 +24,7 @@ public override Task ValidatePrincipal(CookieValidatePrincipalContext context)
         if (scheme is null)
             context.RejectPrincipal();
 
-        AuthUtilities.AddEnabledCatalogPatternClaim(context.Principal, scheme, _securityOptions);
+        AuthUtilities.SetEnabledCatalogPatternClaim(context.Principal, scheme, _securityOptions);
 
         return base.ValidatePrincipal(context);
     }

src/Nexus/Utilities/AuthUtilities.cs

@@ -13,10 +13,20 @@ namespace Nexus.Utilities;
 
 internal static class AuthUtilities
 {
-    public static void AddEnabledCatalogPatternClaim(ClaimsPrincipal principal, string? scheme, SecurityOptions options)
+    public static void SetEnabledCatalogPatternClaim(ClaimsPrincipal principal, string? scheme, SecurityOptions options)
     {
         var environmentName = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
 
+        // Do not store the EnabledCatalogsPattern claim in the cookie: it’s tied to the
+        // sign-in scheme and should be inherited by the user, not persisted. When a user
+        // accepts a catalog license, they are re-signed in to refresh the cookie. Since 
+        // the claim has previously been added to the User, it becomes part of the cookie. 
+        // On the next visit, the EnabledCatalogsPattern claim is added again, resulting 
+        // in multiple entries of the same claim. This breaks 
+        // user.GetClaim("EnabledCatalogsPattern"), which correctly expects a single claim
+        // of a given type. To avoid this we remove all existing instances of the claim.
+        principal.RemoveClaims(NexusClaimsConstants.ENABLED_CATALOGS_PATTERN_CLAIM);
+
         if (scheme is null)
         {
             principal.AddClaim(

src/extensibility/python-extensibility/nexus_extensibility/_extensibility_data_source.py

@@ -219,15 +219,15 @@ class SimpleDataSource(Generic[T], IDataSource[T], ABC):
     A simple implementation of a data source.
     """
 
-    Context: DataSourceContext[T]
+    context: DataSourceContext[T]
     """Gets the data source context. This property is not accessible from within class constructors as it will bet set later."""
 
-    Logger: ILogger
+    logger: ILogger
     """Gets the data logger. This property is not accessible from within class constructors as it will bet set later."""
 
-    async def set_context(self, context: DataSourceContext, logger: ILogger):
-        self.Context = context
-        self.Logger = logger
+    async def set_context(self, context: DataSourceContext[T], logger: ILogger):
+        self.context = context
+        self.logger = logger
 
     @abstractmethod
     def get_catalog_registrations(self, path: str) -> Awaitable[list[CatalogRegistration]]:

version.json

@@ -1,4 +1,4 @@
 {
     "version": "2.0.0",
-    "suffix": "beta.52"
+    "suffix": "beta.53"
 }