feat(token): change the authentication token format from JWT to custom JSON, part 2

WE2-587

Signed-off-by: Mart Somermaa <[email protected]>

Author: Sõmermaa

.github/workflows/dotnet-build-linux.yml

@@ -0,0 +1,32 @@
+name: Dotnet Linux build
+
+on: [ push, pull_request ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v1
+        with:
+          dotnet-version: 5.0.x # SDK Version to use.
+          
+      - name: Cache Nuget packages      
+        uses: actions/cache@v2
+        with:
+          path: ~/.nuget/packages
+          # Look to see if there is a cache hit for the corresponding requirements file
+          key: ${{ runner.os }}-nuget-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: ${{ runner.os }}-nuget-${{ secrets.CACHE_VERSION }}
+          
+      - name: Install dependencies
+        run: dotnet restore src/WebEid.Security.sln
+        
+      - name: Build
+        run: dotnet build --configuration Release --no-restore src/WebEid.Security.sln
+
+      - name: Test
+        run: dotnet test --no-restore --verbosity normal src/WebEid.Security.sln

.github/workflows/dotnet-build.yml …ithub/workflows/dotnet-build-windows.yml.github/workflows/dotnet-build.yml renamed to .github/workflows/dotnet-build-windows.yml .github/workflows/dotnet-build.yml renamed to .github/workflows/dotnet-build-windows.yml

@@ -1,4 +1,4 @@
-name: Dotnet build
+name: Dotnet Windows build
 
 on: [ push, pull_request ]
 
@@ -27,8 +27,8 @@ jobs:
         with:
           path: ~/.nuget/packages
           # Look to see if there is a cache hit for the corresponding requirements file
-          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
-          restore-keys: ${{ runner.os }}-nuget
+          key: ${{ runner.os }}-nuget-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: ${{ runner.os }}-nuget-${{ secrets.CACHE_VERSION }}
 
       - name: Install dependencies
         run: dotnet restore src/WebEid.Security.sln

.github/workflows/sonarcloud-analysis.yml

@@ -17,14 +17,6 @@ jobs:
         with:
           dotnet-version: 5.0.x # SDK Version to use.
 
-      - name: Setup MSBuild
-        uses: microsoft/[email protected]
-        with:
-          vs-version: 16.10 # Visual Studio Version to use.
-
-      - name: Setup VSTest
-        uses: darenm/Setup-VSTest@v1
-
       - name: Set up JDK 11
         uses: actions/setup-java@v1
         with:
@@ -69,12 +61,10 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         shell: powershell
         run: |
-          .\.sonar\scanner\dotnet-sonarscanner begin /k:"web-eid_web-eid-authtoken-validation-dotnet" /o:"web-eid" /d:sonar.cs.opencover.reportsPaths="TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="TestResults/*.trx" /d:sonar.verbose=true /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
-          
-          msbuild src/WebEid.Security.sln /t:Build /p:Configuration=Release
+          .\.sonar\scanner\dotnet-sonarscanner begin /k:"web-eid_web-eid-authtoken-validation-dotnet" /o:"web-eid" /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx" /d:sonar.verbose=true /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
           
-          dotnet publish src/WebEid.Security.sln -c Release
+          dotnet build --configuration Release --no-restore src/WebEid.Security.sln
           
-          vstest.console.exe src/WebEid.Security.Tests/bin/Release/net5.0/publish/WebEID.Security.Tests.dll --logger:trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
+          dotnet test src/WebEid.Security.sln --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover --results-directory "TestResults"
 
           .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

.gitignore

@@ -361,3 +361,6 @@ MigrationBackup/
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
 /TestsResults
+
+# Vim
+*.swp

src/WebEid.Security.Tests/Cache/MemoryCache.cs

@@ -6,10 +6,7 @@ namespace WebEid.Security.Tests
 
     public class Logger : ILogger
     {
-        public Logger()
-        {
-            this.Logs = new List<string>();
-        }
+        public Logger() => this.Logs = new List<string>();
 
         public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func<TState, Exception, string> formatter)
         {

src/WebEid.Security.Tests/Cache/MemoryCacheTests.cs

@@ -0,0 +1,87 @@
+namespace WebEid.Security.Tests.Nonce
+{
+    using System;
+    using System.Security.Cryptography;
+    using NUnit.Framework;
+    using Challenge;
+
+    [TestFixture]
+    public class ChallengeNonceGeneratorTests
+    {
+        private IChallengeNonceStore store;
+        private TimeSpan ttl;
+
+        [SetUp]
+        protected void SetUp()
+        {
+            this.store = new InMemoryChallengeNonceStore();
+            this.ttl = TimeSpan.FromMinutes(5);
+        }
+
+        [Test]
+        public void NonceIsGeneratedAndStored()
+        {
+            using var rndGenerator = RandomNumberGenerator.Create();
+            var nonceGenerator = new ChallengeNonceGenerator(rndGenerator, this.store);
+
+            var nonce1 = nonceGenerator.GenerateAndStoreNonce(this.ttl);
+            var nonce2 = nonceGenerator.GenerateAndStoreNonce(this.ttl);
+
+            var nonce2FromStore = this.store.GetAndRemove();
+
+            // Validate that generated nonce was put into the store.
+            Assert.That(nonce2, Is.EqualTo(nonce2FromStore));
+
+            Assert.That(nonce1.Base64EncodedNonce.Length, Is.EqualTo(44));
+            Assert.That(nonce1.Base64EncodedNonce, Is.Not.EquivalentTo(nonce2.Base64EncodedNonce));
+
+            // It might be possible to add an entropy test by compressing the nonce bytes
+            // and verifying that the result is longer than for non-random strings.
+        }
+
+        [Test]
+        public void BuildNonceGeneratorWithoutRandomNumberGeneratorThrowsArgumentNullException() =>
+            Assert.Throws<ArgumentNullException>(() => new ChallengeNonceGenerator(null, null));
+
+        [Test]
+        public void BuildNonceGeneratorWithoutStoreThrowsArgumentNullException()
+        {
+            using var rndGenerator = RandomNumberGenerator.Create();
+            Assert.Throws<ArgumentNullException>(() =>
+                new ChallengeNonceGenerator(rndGenerator, null));
+        }
+
+        [Test]
+        public void BuildNonceGeneratorWithNegativeTtlThrowsArgumentOutOfRangeException()
+        {
+            using var rndGenerator = RandomNumberGenerator.Create();
+            var generator = new ChallengeNonceGenerator(rndGenerator, this.store);
+            Assert.Throws<ArgumentOutOfRangeException>(() =>
+                generator.GenerateAndStoreNonce(TimeSpan.FromMinutes(1).Negate()));
+        }
+
+        [Test]
+        public void BuildNonceGeneratorWithZeroTtlThrowsArgumentOutOfRangeException()
+        {
+            using var rndGenerator = RandomNumberGenerator.Create();
+            var generator = new ChallengeNonceGenerator(rndGenerator, this.store);
+            Assert.Throws<ArgumentOutOfRangeException>(() =>
+                generator.GenerateAndStoreNonce(TimeSpan.Zero));
+        }
+
+        [Test]
+        public void BuildNonceGeneratorWithRandomNumberGeneratorAndCacheDoesNotThrowException()
+        {
+            using var rndGenerator = RandomNumberGenerator.Create();
+            Assert.DoesNotThrow(() => new ChallengeNonceGenerator(rndGenerator, this.store));
+        }
+
+        [Test]
+        public void BuildNonceGeneratorWithRandomNumberGeneratorAndCacheAndPositiveTtlDoesNotThrowException()
+        {
+            using var rndGenerator = RandomNumberGenerator.Create();
+            var generator = new ChallengeNonceGenerator(rndGenerator, this.store);
+            Assert.DoesNotThrow(() => generator.GenerateAndStoreNonce(TimeSpan.FromMinutes(1)));
+        }
+    }
+}

src/WebEid.Security.Tests/Fakes/System.Runtime.fakes

@@ -0,0 +1,18 @@
+namespace WebEid.Security.Tests.Nonce
+{
+    using WebEid.Security.Challenge;
+
+    internal class InMemoryChallengeNonceStore : IChallengeNonceStore
+    {
+        private ChallengeNonce challengeNonce;
+
+        public ChallengeNonce GetAndRemoveImpl()
+        {
+            var result = this.challengeNonce;
+            this.challengeNonce = null;
+            return result;
+        }
+
+        public void Put(ChallengeNonce challengeNonce) => this.challengeNonce = challengeNonce;
+    }
+}