Add All Required Projects

mckaragoz · mckaragoz · commit bd2e09a55956 · 2025-12-20T00:36:42.000+03:00
diff --git a/UltimateAuth.slnx b/UltimateAuth.slnx
@@ -7,6 +7,7 @@
   <Project Path="src/CodeBeam.UltimateAuth.Core/CodeBeam.UltimateAuth.Core.csproj" />
   <Project Path="src/CodeBeam.UltimateAuth.Server/CodeBeam.UltimateAuth.Server.csproj" Id="0a8cdd12-a8c4-4530-87e8-ae778c46322b" />
   <Project Path="src/CodeBeam.UltimateAuth.Users/CodeBeam.UltimateAuth.Server.Users.csproj" Id="30d5db36-6dc8-46f6-9139-8b6b3d6053d5" />
+  <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/CodeBeam.UltimateAuth.Credentials.InMemory.csproj" Id="62ee7b1d-46ce-4f2e-985d-1e794f891b8b" />
   <Project Path="src/security/CodeBeam.UltimateAuth.Security.Argon2/CodeBeam.UltimateAuth.Security.Argon2.csproj" Id="6abfb7a6-ea36-42db-a843-38054dd40fd8" />
   <Project Path="src/sessions/CodeBeam.UltimateAuth.Sessions.InMemory/CodeBeam.UltimateAuth.Sessions.InMemory.csproj" Id="fc9bfef0-8a89-4639-81ee-3f84f6e33816" />
   <Project Path="src/tokens/CodeBeam.UltimateAuth.Tokens.InMemory/CodeBeam.UltimateAuth.Tokens.InMemory.csproj" Id="8220884e-4958-4b49-8c69-56ce9d2b6c6f" />
diff --git a/src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserAuthenticator.cs b/src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserAuthenticator.cs
@@ -4,6 +4,6 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions
 {
     public interface IUserAuthenticator<TUserId>
     {
-        Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(string? tenantId, string identifier, string secret, CancellationToken cancellationToken = default);
+        Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(AuthenticationContext context, CancellationToken ct = default);
     }
 }
diff --git a/src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserIdConverter.cs b/src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserIdConverter.cs
@@ -5,6 +5,8 @@
     /// strongly typed values, string representations, and binary formats.
     /// Implementations enable consistent storage, token serialization,
     /// and multitenant key partitioning.
+    /// Returned string must be stable and culture-invariant.
+    /// Implementations must be deterministic and reversible.
     /// </summary>
     public interface IUserIdConverter<TUserId>
     {
diff --git a/src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserIdConverterResolver.cs b/src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserIdConverterResolver.cs
@@ -18,6 +18,6 @@ public interface IUserIdConverterResolver
         /// <exception cref="InvalidOperationException">
         /// Thrown if no converter has been registered for the requested user ID type.
         /// </exception>
-        IUserIdConverter<TUserId> GetConverter<TUserId>();
+        IUserIdConverter<TUserId> GetConverter<TUserId>(string? purpose = null);
     }
 }
diff --git a/src/CodeBeam.UltimateAuth.Core/Abstractions/Services/IUAuthUserService.cs b/src/CodeBeam.UltimateAuth.Core/Abstractions/Services/IUAuthUserService.cs
@@ -3,18 +3,13 @@
 namespace CodeBeam.UltimateAuth.Core.Abstractions
 {
     /// <summary>
-    /// Minimal user operations required for authentication.
-    /// Does NOT include role or permission management.
+    /// Defines the minimal user authentication contract expected by UltimateAuth.
+    /// This service does not manage sessions, tokens, or transport concerns.
     /// For user management, CodeBeam.UltimateAuth.Users package is recommended.
     /// </summary>
     public interface IUAuthUserService<TUserId>
     {
-        Task<TUserId> RegisterAsync(RegisterUserRequest request, CancellationToken cancellationToken = default);
-
-        Task DeleteAsync(TUserId userId, CancellationToken cancellationToken = default);
-
-        Task<bool> ValidateCredentialsAsync(ValidateCredentialsRequest request, CancellationToken cancellationToken = default);
-
         Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(string? tenantId, string identifier, string secret, CancellationToken cancellationToken = default);
+        Task<bool> ValidateCredentialsAsync(ValidateCredentialsRequest request, CancellationToken cancellationToken = default);
     }
 }
diff --git a/src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/IUAuthUserStore.cs b/src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/IUAuthUserStore.cs
@@ -12,17 +12,15 @@ public interface IUAuthUserStore<TUserId>
     {
         Task<IUser<TUserId>?> FindByIdAsync(string? tenantId, TUserId userId, CancellationToken token = default);
 
-        Task<UserRecord<TUserId>?> FindByUsernameAsync(string? tenantId,
-            string username,
-            CancellationToken ct = default);
+        Task<UserRecord<TUserId>?> FindByUsernameAsync(string? tenantId, string username, CancellationToken ct = default);
 
         /// <summary>
         /// Retrieves a user by a login credential such as username or email.
         /// Returns <c>null</c> if no matching user exists.
         /// </summary>
         /// <param name="login">The login value used to locate the user.</param>
         /// <returns>The user instance or <c>null</c> if not found.</returns>
-        Task<IUser<TUserId>?> FindByLoginAsync(string login);
+        Task<IUser<TUserId>?> FindByLoginAsync(string? tenantId, string login, CancellationToken token = default);
 
         /// <summary>
         /// Returns the password hash for the specified user, if the user participates
@@ -31,15 +29,15 @@ public interface IUAuthUserStore<TUserId>
         /// </summary>
         /// <param name="userId">The user identifier.</param>
         /// <returns>The password hash or <c>null</c>.</returns>
-        Task<string?> GetPasswordHashAsync(TUserId userId);
+        Task<string?> GetPasswordHashAsync(string? tenantId, TUserId userId, CancellationToken token = default);
 
         /// <summary>
         /// Updates the password hash for the specified user. This method is invoked by
         /// password management services and not by <see cref="IUAuthSessionService{TUserId}"/>.
         /// </summary>
         /// <param name="userId">The user identifier.</param>
         /// <param name="passwordHash">The new password hash value.</param>
-        Task SetPasswordHashAsync(TUserId userId, string passwordHash);
+        Task SetPasswordHashAsync(string? tenantId, TUserId userId, string passwordHash, CancellationToken token = default);
 
         /// <summary>
         /// Retrieves the security version associated with the user.
@@ -48,25 +46,13 @@ public interface IUAuthUserStore<TUserId>
         /// </summary>
         /// <param name="userId">The user identifier.</param>
         /// <returns>The current security version.</returns>
-        Task<long> GetSecurityVersionAsync(TUserId userId);
+        Task<long> GetSecurityVersionAsync(string? tenantId, TUserId userId, CancellationToken token = default);
 
         /// <summary>
         /// Increments the user's security version, invalidating all existing sessions.
         /// This is typically called after sensitive security events occur.
         /// </summary>
         /// <param name="userId">The user identifier.</param>
-        Task IncrementSecurityVersionAsync(TUserId userId);
-
-        Task<bool> ExistsByUsernameAsync(
-           string username,
-           CancellationToken ct = default);
-
-        Task CreateAsync(
-            UserRecord<TUserId> user,
-            CancellationToken ct = default);
-
-        Task DeleteAsync(
-            TUserId userId,
-            CancellationToken ct = default);
+        Task IncrementSecurityVersionAsync(string? tenantId, TUserId userId, CancellationToken token = default);
     }
 }
diff --git a/src/CodeBeam.UltimateAuth.Core/Contracts/Authority/AuthenticationContext.cs b/src/CodeBeam.UltimateAuth.Core/Contracts/Authority/AuthenticationContext.cs
@@ -0,0 +1,11 @@
+﻿namespace CodeBeam.UltimateAuth.Core.Contracts
+{
+    public sealed record AuthenticationContext
+    {
+        public string? TenantId { get; init; }
+        public string Identifier { get; init; } = default!;
+        public string Secret { get; init; } = default!;
+        public AuthOperation Operation { get; init; } // Login, Reauth, Validate
+        public DeviceContext? Device { get; init; }
+    }
+}
diff --git a/src/CodeBeam.UltimateAuth.Server/Services/UAuthUserService.cs b/src/CodeBeam.UltimateAuth.Server/Services/UAuthUserService.cs
@@ -1,89 +1,29 @@
 ﻿using CodeBeam.UltimateAuth.Core.Abstractions;
 using CodeBeam.UltimateAuth.Core.Contracts;
-using CodeBeam.UltimateAuth.Core.Infrastructure;
 
 namespace CodeBeam.UltimateAuth.Server.Users;
 
 internal sealed class UAuthUserService<TUserId> : IUAuthUserService<TUserId>
 {
-    private readonly IUAuthUserStore<TUserId> _userStore;
-    private readonly IUAuthPasswordHasher _passwordHasher;
-    private readonly IUserIdFactory<TUserId> _userIdFactory;
     private readonly IUserAuthenticator<TUserId> _authenticator;
 
-    public UAuthUserService(
-        IUAuthUserStore<TUserId> userStore,
-        IUAuthPasswordHasher passwordHasher,
-        IUserIdFactory<TUserId> userIdFactory,
-        IUserAuthenticator<TUserId> authenticator)
+    public UAuthUserService(IUserAuthenticator<TUserId> authenticator)
     {
-        _userStore = userStore;
-        _passwordHasher = passwordHasher;
-        _userIdFactory = userIdFactory;
         _authenticator = authenticator;
     }
 
-    public async Task<TUserId> RegisterAsync(
-    RegisterUserRequest request,
-    CancellationToken ct = default)
+    public async Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(string? tenantId, string identifier, string secret, CancellationToken ct = default)
     {
-        if (string.IsNullOrWhiteSpace(request.Identifier))
-            throw new ArgumentException("Username is required.");
-
-        if (string.IsNullOrWhiteSpace(request.Password))
-            throw new ArgumentException("Password is required.");
-
-        if (await _userStore.ExistsByUsernameAsync(request.Identifier, ct))
-            throw new InvalidOperationException("User already exists.");
-
-        var hash = _passwordHasher.Hash(request.Password);
-
-        var userId = _userIdFactory.Create();
-
-        await _userStore.CreateAsync(
-            new UserRecord<TUserId>
-            {
-                Id = userId,
-                Username = request.Identifier,
-                PasswordHash = hash,
-                CreatedAt = DateTimeOffset.UtcNow
-            },
-            ct);
-
-        return userId;
+        return await _authenticator.AuthenticateAsync(tenantId, identifier, secret, ct);
     }
 
-    public async Task<bool> ValidateCredentialsAsync(
-        ValidateCredentialsRequest request,
-        CancellationToken ct = default)
+    // This method must not issue sessions or tokens
+    public async Task<bool> ValidateCredentialsAsync(ValidateCredentialsRequest request, CancellationToken ct = default)
     {
-        var user = await _userStore.FindByUsernameAsync(request.TenantId, request.Identifier, ct);
-        if (user is null)
-            return false;
-
-        return _passwordHasher.Verify(
-            request.Password,
-            user.PasswordHash);
-    }
-
-    public async Task DeleteAsync(
-        TUserId userId,
-        CancellationToken ct = default)
-    {
-        await _userStore.DeleteAsync(userId, ct);
+        
+        var result = await _authenticator.AuthenticateAsync(request.TenantId, request.Identifier, request.Password, ct);
+        return result.Succeeded;
     }
 
-    public async Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(
-        string? tenantId,
-        string identifier,
-        string secret,
-        CancellationToken cancellationToken = default)
-    {
-        return await _authenticator.AuthenticateAsync(
-            tenantId,
-            identifier,
-            secret,
-            cancellationToken);
-    }
 }
 
diff --git a/src/CodeBeam.UltimateAuth.Users/Abstractions/IUAuthUserManagementService.cs b/src/CodeBeam.UltimateAuth.Users/Abstractions/IUAuthUserManagementService.cs
@@ -1,10 +1,16 @@
-﻿namespace CodeBeam.UltimateAuth.Server.Users
+﻿using CodeBeam.UltimateAuth.Server.Users.Contracts;
+
+namespace CodeBeam.UltimateAuth.Server.Users
 {
     /// <summary>
     /// Administrative user management operations.
     /// </summary>
     public interface IUAuthUserManagementService<TUserId>
     {
+        Task<TUserId> RegisterAsync(RegisterUserRequest request, CancellationToken cancellationToken = default);
+
+        Task DeleteAsync(TUserId userId, CancellationToken cancellationToken = default);
+
         Task<UserDto<TUserId>> GetByIdAsync(
             TUserId userId,
             CancellationToken ct = default);
@@ -24,5 +30,7 @@ Task ResetPasswordAsync(
             TUserId userId,
             ResetPasswordRequest request,
             CancellationToken ct = default);
+
+        // TODO: Change password, Update user info, etc.
     }
 }
diff --git a/src/CodeBeam.UltimateAuth.Users/Contracts/RegisterUserRequest.cs b/src/CodeBeam.UltimateAuth.Users/Contracts/RegisterUserRequest.cs
@@ -1,4 +1,4 @@
-﻿namespace CodeBeam.UltimateAuth.Core.Contracts
+﻿namespace CodeBeam.UltimateAuth.Server.Users.Contracts
 {
     /// <summary>
     /// Request to register a new user with credentials.
diff --git a/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/CodeBeam.UltimateAuth.Credentials.InMemory.csproj b/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/CodeBeam.UltimateAuth.Credentials.InMemory.csproj
@@ -0,0 +1,14 @@
+﻿<Project Sdk="Microsoft.NET.Sdk">
+
+	<PropertyGroup>
+		<TargetFrameworks>net8.0;net9.0;net10.0</TargetFrameworks>
+		<ImplicitUsings>enable</ImplicitUsings>
+		<Nullable>enable</Nullable>
+		<GenerateDocumentationFile>true</GenerateDocumentationFile>
+	</PropertyGroup>
+
+	<ItemGroup>
+	  <ProjectReference Include="..\..\CodeBeam.UltimateAuth.Core\CodeBeam.UltimateAuth.Core.csproj" />
+	</ItemGroup>
+
+</Project>
diff --git a/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/InMemoryCredentialUser.cs b/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/InMemoryCredentialUser.cs
@@ -0,0 +1,43 @@
+﻿using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Credentials.InMemory
+{
+    internal sealed class InMemoryCredentialUser : IUser<UserId>
+    {
+        public UserId UserId { get; init; }
+        public string Username { get; init; }
+
+        public string PasswordHash { get; private set; } = default!;
+
+        public long SecurityVersion { get; private set; }
+
+        public bool IsActive { get; init; } = true;
+
+        IReadOnlyDictionary<string, object>? IUser<UserId>.Claims => null;
+
+        public InMemoryCredentialUser(
+            UserId userId,
+            string username,
+            string passwordHash,
+            long securityVersion = 0,
+            bool isActive = true)
+        {
+            UserId = userId;
+            Username = username;
+            PasswordHash = passwordHash;
+            SecurityVersion = securityVersion;
+            IsActive = isActive;
+        }
+
+        internal void SetPasswordHash(string passwordHash)
+        {
+            PasswordHash = passwordHash;
+            SecurityVersion++;
+        }
+
+        internal void IncrementSecurityVersion()
+        {
+            SecurityVersion++;
+        }
+    }
+}
diff --git a/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/InMemoryCredentialsSeeder.cs b/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/InMemoryCredentialsSeeder.cs
@@ -0,0 +1,26 @@
+﻿using CodeBeam.UltimateAuth.Core.Abstractions;
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Credentials.InMemory
+{
+    internal static class InMemoryCredentialSeeder
+    {
+        public static IReadOnlyCollection<InMemoryCredentialUser> CreateDefaultUsers(
+            IUAuthPasswordHasher passwordHasher)
+        {
+            var adminUserId = UserId.New();
+
+            var passwordHash = passwordHasher.Hash("P@ssw0rd!");
+
+            var admin = new InMemoryCredentialUser(
+                userId: adminUserId,
+                username: "admin",
+                passwordHash: passwordHash,
+                securityVersion: 0,
+                isActive: true
+            );
+
+            return new[] { admin };
+        }
+    }
+}
diff --git a/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/InMemoryUserStore.cs b/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/InMemoryUserStore.cs
diff --git a/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/ServiceCollectionExtensions.cs b/src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/ServiceCollectionExtensions.cs

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,6 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions`
`4`	`4`	`{`
`5`	`5`	`public interface IUserAuthenticator<TUserId>`
`6`	`6`	`{`
`7`		`- Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(string? tenantId, string identifier, string secret, CancellationToken cancellationToken = default);`
	`7`	`+ Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(AuthenticationContext context, CancellationToken ct = default);`
`8`	`8`	`}`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@`
`5`	`5`	`/// strongly typed values, string representations, and binary formats.`
`6`	`6`	`/// Implementations enable consistent storage, token serialization,`
`7`	`7`	`/// and multitenant key partitioning.`
	`8`	`+ /// Returned string must be stable and culture-invariant.`
	`9`	`+ /// Implementations must be deterministic and reversible.`
`8`	`10`	`/// </summary>`
`9`	`11`	`public interface IUserIdConverter<TUserId>`
`10`	`12`	`{`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,6 @@ public interface IUserIdConverterResolver`
`18`	`18`	`/// <exception cref="InvalidOperationException">`
`19`	`19`	`/// Thrown if no converter has been registered for the requested user ID type.`
`20`	`20`	`/// </exception>`
`21`		`- IUserIdConverter<TUserId> GetConverter<TUserId>();`
	`21`	`+ IUserIdConverter<TUserId> GetConverter<TUserId>(string? purpose = null);`
`22`	`22`	`}`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,18 +3,13 @@`
`3`	`3`	`namespace CodeBeam.UltimateAuth.Core.Abstractions`
`4`	`4`	`{`
`5`	`5`	`/// <summary>`
`6`		`- /// Minimal user operations required for authentication.`
`7`		`- /// Does NOT include role or permission management.`
	`6`	`+ /// Defines the minimal user authentication contract expected by UltimateAuth.`
	`7`	`+ /// This service does not manage sessions, tokens, or transport concerns.`
`8`	`8`	`/// For user management, CodeBeam.UltimateAuth.Users package is recommended.`
`9`	`9`	`/// </summary>`
`10`	`10`	`public interface IUAuthUserService<TUserId>`
`11`	`11`	`{`
`12`		`- Task<TUserId> RegisterAsync(RegisterUserRequest request, CancellationToken cancellationToken = default);`
`13`		`-`
`14`		`- Task DeleteAsync(TUserId userId, CancellationToken cancellationToken = default);`
`15`		`-`
`16`		`- Task<bool> ValidateCredentialsAsync(ValidateCredentialsRequest request, CancellationToken cancellationToken = default);`
`17`		`-`
`18`	`12`	`Task<UserAuthenticationResult<TUserId>> AuthenticateAsync(string? tenantId, string identifier, string secret, CancellationToken cancellationToken = default);`
	`13`	`+ Task<bool> ValidateCredentialsAsync(ValidateCredentialsRequest request, CancellationToken cancellationToken = default);`
`19`	`14`	`}`
`20`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-namespace CodeBeam.UltimateAuth.Core.Contracts`
	`1`	`+namespace CodeBeam.UltimateAuth.Server.Users.Contracts`
`2`	`2`	`{`
`3`	`3`	`/// <summary>`
`4`	`4`	`/// Request to register a new user with credentials.`