Update to dotnet-9, modernize ependencies: AngularJS-1.8.3, gulp, others

.github/workflows/codeql-analysis.yml

@@ -30,7 +30,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v4

.github/workflows/dotnet-core.yml

@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Setup .NET Core
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 3.1.301
+        dotnet-version: 9.0.x
     - name: Install dependencies
       run: dotnet restore
     - name: Build
@@ -27,8 +27,8 @@ jobs:
       run: |
         cd src/IdentityManager2
         dotnet pack -c Release -o publish --no-build 
-    - name: Publish
-      uses: actions/upload-artifact@master
-      with:
-        name: IdentityManager2
-        path: src/IdentityManager2/publish
+#    - name: Publish
+#      uses: actions/upload-artifact@master
+#      with:
+#        name: IdentityManager2
+#        path: src/IdentityManager2/publish

src/Hosts/Hosts.CookieAuthentication/Hosts.CookieAuthentication.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>

src/Hosts/Hosts.IdentityServerAuthentication/Controllers/LoginController.cs

@@ -3,10 +3,10 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Duende.IdentityServer;
+using Duende.IdentityServer.Services;
 using Hosts.Shared.InMemory;
 using IdentityManager2;
-using IdentityServer4;
-using IdentityServer4.Services;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;

src/Hosts/Hosts.IdentityServerAuthentication/Hosts.IdentityServerAuthentication.csproj

@@ -1,11 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="IdentityServer4" Version="3.1.0" />
+    <PackageReference Include="Duende.IdentityServer" Version="7.4.4" />
   </ItemGroup>
 
   <ItemGroup>

src/Hosts/Hosts.IdentityServerAuthentication/Startup.cs

@@ -2,10 +2,10 @@
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
+using Duende.IdentityServer.Models;
+using Duende.IdentityServer.Test;
 using Hosts.Shared.InMemory;
 using IdentityManager2.Configuration;
-using IdentityServer4.Models;
-using IdentityServer4.Test;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 

src/Hosts/Hosts.LosthostAuthentication/Hosts.LosthostAuthentication.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>

src/Hosts/Hosts.Shared/Hosts.Shared.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>

src/IdentityManager2/Api/Controllers/MetaController.cs

@@ -1,5 +1,6 @@
-using System;
+using System;
 using System.Collections.Generic;
+using System.Text.Json.Serialization;
 using System.Threading.Tasks;
 using IdentityManager2.Api.Models;
 using IdentityManager2.Core.Metadata;
@@ -37,9 +38,9 @@ private async Task<IdentityManagerMetadata> GetMetadataAsync()
         public async Task<IActionResult> Get()
         {
             var meta = await GetMetadataAsync();
-            var data = new Dictionary<string, object> {{"currentUser", new {username = User.Identity.Name}}};
-            
-            var links = new Dictionary<string, object> {["users"] = Url.Link("GetUsers", null)};
+            var data = new Dictionary<string, object> { { "currentUser", new AnonymousUserName{ username = User.Identity.Name } } };
+
+            var links = new Dictionary<string, object> { ["users"] = Url.Link("GetUsers", null) };
 
             if (meta.RoleMetadata.SupportsListing)
             {
@@ -54,7 +55,7 @@ public async Task<IActionResult> Get()
                 links["createRole"] = new CreateRoleLink(Url, meta.RoleMetadata);
             }
 
-            return Ok(new
+            return Ok(new MetaResult
             {
                 Data = data,
                 Links = links

src/IdentityManager2/Api/Controllers/PageController.cs

@@ -32,8 +32,11 @@ public async Task<IActionResult> Index()
                 Model = JsonSerializer.Serialize(new PageModelParams
                 {
                     PathBase = Request.PathBase,
-                    ShowLoginButton = !authResult.Succeeded
-                })
+                    ShowLoginButton = !authResult.Succeeded,
+                    TitleNavBarLinkTarget = this.config.TitleNavBarLinkTarget,
+                    LoginPath = this.config.SecurityConfiguration.LoginPath,
+                    LogoutPath = this.config.SecurityConfiguration.LogoutPath
+                }, PageModelParams_Context.Default.PageModelParams)
             });
         }
 

src/IdentityManager2/Api/Controllers/RolesController.cs

@@ -1,6 +1,7 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.Json;
 using System.Threading.Tasks;
 using IdentityManager2.Api.Models;
 using IdentityManager2.Core;
@@ -15,7 +16,7 @@ namespace IdentityManager2.Api.Controllers
 {
     [Route(IdentityManagerConstants.RoleRoutePrefix)]
     [Authorize(IdentityManagerConstants.IdMgrAuthPolicy)]
-    [ResponseCache(NoStore=true, Location=ResponseCacheLocation.None)]
+    [ResponseCache(NoStore = true, Location = ResponseCacheLocation.None)]
     public class RolesController : Controller
     {
         private readonly IIdentityManagerService service;
@@ -67,7 +68,8 @@ public async Task<IActionResult> GetRolesAsync(string filter = null, int start =
 
         // POST 
         [HttpPost, Route("", Name = IdentityManagerConstants.RouteNames.CreateRole)]
-        public async Task<IActionResult> CreateRoleAsync([FromBody]PropertyValue[] properties)
+		[ValidateAntiForgeryToken]
+        public async Task<IActionResult> CreateRoleAsync([FromBody] PropertyValue[] properties)
         {
             var meta = await GetMetadataAsync();
             if (!meta.RoleMetadata.SupportsCreate)
@@ -87,12 +89,12 @@ public async Task<IActionResult> CreateRoleAsync([FromBody]PropertyValue[] prope
                 var result = await service.CreateRoleAsync(properties);
                 if (result.IsSuccess)
                 {
-                    var url = Url.Link(IdentityManagerConstants.RouteNames.GetRole, new { subject = result.Result.Subject });
+                    var url = Url.Link(IdentityManagerConstants.RouteNames.GetRole, new AnonymousSubject { subject = result.Result.Subject });
 
-                    var resource = new
+                    var resource = new AnonymousCreatedRole
                     {
-                        Data = new { subject = result.Result.Subject },
-                        Links = new { detail = url }
+                        Data = new AnonymousSubject { subject = result.Result.Subject },
+                        Links = new AnonymousDetail { detail = url }
                     };
                     return Created(url, resource);
                 }
@@ -108,7 +110,7 @@ public async Task<IActionResult> GetRoleAsync(string subject)
         {
             if (IsNullOrWhiteSpace(subject))
             {
-                ModelState["subject.String"].Errors.Clear();
+                ModelState["subject.String"]?.Errors.Clear();
                 ModelState.AddModelError("", Messages.SubjectRequired);
             }
 
@@ -133,14 +135,13 @@ public async Task<IActionResult> GetRoleAsync(string subject)
                 }
 
                 var response = Ok(new RoleDetailResource(result.Result, Url, meta.RoleMetadata));
-
-
                 return response;
             }
             return BadRequest(result.ToError());
         }
 
         [HttpDelete, Route("{subject}", Name = IdentityManagerConstants.RouteNames.DeleteRole)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> DeleteRoleAsync(string subject)
         {
             var meta = await GetMetadataAsync();
@@ -164,11 +165,12 @@ public async Task<IActionResult> DeleteRoleAsync(string subject)
         }
 
         [HttpPut, Route("{subject}/properties/{type}", Name = IdentityManagerConstants.RouteNames.UpdateRoleProperty)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> SetPropertyAsync(string subject, string type)
         {
             if (IsNullOrWhiteSpace(subject))
             {
-                ModelState["subject.String"].Errors.Clear();
+                ModelState["subject.String"]?.Errors.Clear();
                 ModelState.AddModelError("", Messages.SubjectRequired);
             }
 

src/IdentityManager2/Api/Controllers/UsersController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.Json;
 using System.Threading.Tasks;
 using IdentityManager2.Api.Models;
 using IdentityManager2.Core;
@@ -25,7 +26,7 @@ public UsersController(IIdentityManagerService service)
         {
             this.service = service ?? throw new ArgumentNullException(nameof(service));
         }
-        
+
         public async Task<IdentityManagerMetadata> GetMetadataAsync()
         {
             if (metadata == null)
@@ -54,6 +55,7 @@ public async Task<IActionResult> GetUsersAsync(string filter = null, int start =
         }
 
         [HttpPost("", Name = IdentityManagerConstants.RouteNames.CreateUser)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> CreateUserAsync([FromBody] PropertyValue[] properties)
         {
             var meta = await GetMetadataAsync();
@@ -74,17 +76,19 @@ public async Task<IActionResult> CreateUserAsync([FromBody] PropertyValue[] prop
                 var result = await service.CreateUserAsync(properties);
                 if (result.IsSuccess)
                 {
-                    var url = Url.Link(IdentityManagerConstants.RouteNames.GetUser, new {subject = result.Result.Subject});
-                    var resource = new
+                    var url = Url.Link(IdentityManagerConstants.RouteNames.GetUser, new AnonymousSubject { subject = result.Result.Subject });
+                    var resource = new AnonymousCreatedUser
                     {
-                        Data = new {subject = result.Result.Subject},
-                        Links = new {detail = url}
+                        Data = new AnonymousSubject { subject = result.Result.Subject },
+                        Links = new AnonymousDetail { detail = url }
                     };
 
                     return Created(url, resource);
                 }
 
-                ModelState.AddModelError("", result.ToString());
+                ModelState.AddModelError("errors", result.Errors.Aggregate((workingSentence, next) => workingSentence + " " + next));
+                if (result.Errors.Count > 0)
+                    return BadRequest(ModelState);
             }
 
             return BadRequest(400);
@@ -95,7 +99,7 @@ public async Task<IActionResult> GetUserAsync(string subject)
         {
             if (IsNullOrWhiteSpace(subject))
             {
-                ModelState["subject.String"].Errors.Clear();
+                ModelState["subject.String"]?.Errors.Clear();
                 ModelState.AddModelError("", Messages.SubjectRequired);
             }
 
@@ -132,6 +136,7 @@ public async Task<IActionResult> GetUserAsync(string subject)
         }
 
         [HttpDelete, Route("{subject}", Name = IdentityManagerConstants.RouteNames.DeleteUser)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> DeleteUserAsync(string subject)
         {
             var meta = await GetMetadataAsync();
@@ -142,7 +147,7 @@ public async Task<IActionResult> DeleteUserAsync(string subject)
 
             if (IsNullOrWhiteSpace(subject))
             {
-                ModelState["subject.String"].Errors.Clear();
+                ModelState["subject.String"]?.Errors.Clear();
                 ModelState.AddModelError("", Messages.SubjectRequired);
             }
 
@@ -161,11 +166,12 @@ public async Task<IActionResult> DeleteUserAsync(string subject)
         }
 
         [HttpPut, Route("{subject}/properties/{type}", Name = IdentityManagerConstants.RouteNames.UpdateUserProperty)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> SetPropertyAsync(string subject, string type)
         {
             if (IsNullOrWhiteSpace(subject))
             {
-                ModelState["subject.String"].Errors.Clear();
+                ModelState["subject.String"]?.Errors.Clear();
                 ModelState.AddModelError("", Messages.SubjectRequired);
             }
 
@@ -191,6 +197,7 @@ public async Task<IActionResult> SetPropertyAsync(string subject, string type)
         }
 
         [HttpPost, Route("{subject}/claims", Name = IdentityManagerConstants.RouteNames.AddClaim)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> AddClaimAsync(string subject, [FromBody] ClaimValue model)
         {
             var meta = await GetMetadataAsync();
@@ -201,7 +208,7 @@ public async Task<IActionResult> AddClaimAsync(string subject, [FromBody] ClaimV
 
             if (IsNullOrWhiteSpace(subject))
             {
-                ModelState["subject.String"].Errors.Clear();
+                ModelState["subject.String"]?.Errors.Clear();
                 ModelState.AddModelError("", Messages.SubjectRequired);
             }
 
@@ -221,11 +228,12 @@ public async Task<IActionResult> AddClaimAsync(string subject, [FromBody] ClaimV
 
                 ModelState.AddErrors(result);
             }
-            
+
             return BadRequest(ModelState.ToError());
         }
 
         [HttpDelete, Route("{subject}/claims/{type}/{value}", Name = IdentityManagerConstants.RouteNames.RemoveClaim)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> RemoveClaimAsync(string subject, string type, string value)
         {
             type = type.FromBase64UrlEncoded();
@@ -254,6 +262,7 @@ public async Task<IActionResult> RemoveClaimAsync(string subject, string type, s
         }
 
         [HttpPost, Route("{subject}/roles/{role}", Name = IdentityManagerConstants.RouteNames.AddRole)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> AddRoleAsync(string subject, string role)
         {
             var meta = await GetMetadataAsync();
@@ -279,6 +288,7 @@ public async Task<IActionResult> AddRoleAsync(string subject, string role)
         }
 
         [HttpDelete, Route("{subject}/roles/{role}", Name = IdentityManagerConstants.RouteNames.RemoveRole)]
+		[ValidateAntiForgeryToken]
         public async Task<IActionResult> RemoveRoleAsync(string subject, string role)
         {
             var meta = await GetMetadataAsync();