Merge pull request #72 from mdsol/develop

Release of v5.1.1

Author: bvillanueva-mdsol

.gitignore

@@ -6,6 +6,7 @@
 *.user
 *.userosscache
 *.sln.docstates
+.vscode/
 
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs
@@ -139,7 +140,7 @@ publish/
 *.[Pp]ublish.xml
 *.azurePubxml
 
-# TODO: Un-comment the next line if you do not want to checkin 
+# TODO: Un-comment the next line if you do not want to checkin
 # your web deploy settings because they may include unencrypted
 # passwords
 #*.pubxml

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changes in Medidata.MAuth
 
+## v5.1.1
+- **[Core]** Fixed an issue with internal caching for the utility extension `Authenticate()` method.
+
+## v5.1.0
+- **[Core]** Added multi-target for .NET 5 to support synchronus HttpClient requests.
+- **[Core]** Updated MAuthSigningHandler to sign synchronus requests.
+- **[Core]** Updated MAuthAuthenticator to create and reuse a single HttpClient instead of creating a new one for each MAuthRequestRetrier.
+- **[Core]** Updated MAuthAuthenticator to limit the calls to the cache item factory method to a single thread per key not already in the cache.
+
+## v5.0.1
+- **[Core]** Inflate private key upon set in options classes.
+
 ## v5.0.0
  - **[Core]** Added normalization of Uri AbsolutePath.
  - **[Core]** Added unescape step in query_string encoding to remove `double encoding`.
@@ -45,7 +57,7 @@ provided options.
 - **[Core]** Removed constraint for the application uuids to be only version 4. Now the MAuth header validation won't throw error if the provided uuid is not version 4.
 
 ## v3.0.0
-- **[All]** **Breaking** - Changed the HTTP status code response in case of any errors (including authentication and validation errors) from Forbidden (403) to Unauthorized (401).  
+- **[All]** **Breaking** - Changed the HTTP status code response in case of any errors (including authentication and validation errors) from Forbidden (403) to Unauthorized (401).
 `HideExceptionsAndReturnForbidden` property of MAuth option class has also been renamed to `HideExceptionsAndReturnUnauthorized`.
 
 ## v2.4.1
@@ -86,7 +98,7 @@ downloads and referencing from NuGet
 ## v2.0.0
 - **[Core]** The `MAuthSigningHandler` is accepting an `MAuthSigningOptions` instance instead of
 an `MAuthOptions` instance (which in turn set to be an abstract class)
-- [**Owin]** The OWIN middleware infrastructure provided request body stream gets replaced 
+- [**Owin]** The OWIN middleware infrastructure provided request body stream gets replaced
 with a `MemoryStream` in cases when the original body stream is not seekable.
 
 ## v1.0.0

Directory.Build.props

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<Project>
+  <Import Project="version.props"/>
+
+  <PropertyGroup>
+    <LangVersion>latest</LangVersion>
+    <Nullable>disable</Nullable>
+    <NoPackageAnalysis>true</NoPackageAnalysis>
+    <Copyright>Copyright © Medidata Solutions, Inc. $([System.DateTime]::Now.Year)</Copyright>
+    <Authors>Medidata Solutions</Authors>
+    <RepositoryType>git</RepositoryType>
+    <RepositoryUrl>https://github.com/mdsol/mauth-client-dotnet</RepositoryUrl>
+    <PublishRepositoryUrl>true</PublishRepositoryUrl>
+    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <Company>Medidata Solutions, Inc.</Company>
+    <PackageProjectUrl>https://github.com/mdsol/mauth-client-dotnet</PackageProjectUrl>
+    <PackageLicenseUrl>https://github.com/mdsol/mauth-client-dotnet/blob/master/LICENSE.md</PackageLicenseUrl>
+    <PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
+    <Product>Medidata Platform</Product>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <EmbedUntrackedSources>true</EmbedUntrackedSources>
+    <AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.pdb</AllowedOutputExtensionsInPackageBuildOutputFolder>
+    <IncludeSourceRevisionInInformationalVersion>true</IncludeSourceRevisionInInformationalVersion>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
+  </ItemGroup>
+</Project>

README.md

@@ -124,10 +124,11 @@ public async Task<HttpResponseMessage> SignAndSendRequest(HttpRequestMessage req
     }
 }
 ```
-The `SignVersions` parameter can be used to specify which protocol version to sign outgoing requests. Like as:  
-`SignVersions = MAuthVersion.MWS`: signs with `MWS` protocol only.  
-`SignVersions = MAuthVersion.MWS | MAuthVersion.MWSV2` : signs with both `MWS` and `MWSV2` protocol.  
-If not supplied, it sign by `MWS` protocol by default.
+
+The `SignVersions` parameter can be used to specify which protocol version to sign outgoing requests with:
+- `SignVersions = MAuthVersion.MWS`: signs with the `MWS` protocol only.
+- `SignVersions = MAuthVersion.MWS | MAuthVersion.MWSV2` : signs with both the `MWS` and the `MWSV2` protocol.
+If not supplied, it signs with the `MWS` protocol by default.
 
 Signing with `MWSV2` protocol supports query string.
 
@@ -323,30 +324,30 @@ for authenticating the incoming requests.
 
 ##### What Cryptographic provider is used for the encryption/decryption?
 
-In the latest version of 4.0.0, we are using the available dotnet security [System.Security.Cryptography] which works 
-for both **.NET Framework 4.6.1** and **.NET Standard 2.0** in case of V2 protocol. However, for the continue support 
-of V1 protcol, we are still maintaining the BouncyCastle library as mentioned below.
+In the latest version of 4.0.0, we are using the available dotnet security [System.Security.Cryptography](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=dotnet-plat-ext-3.1)
+which works for both **.NET Framework 4.6.1** and **.NET Standard 2.0** when using the V2 protocol.
+However, to also support the V1 protcol, we are still maintaining the BouncyCastle library as mentioned below.
 
 On the .NET Framework side (WebAPI, Owin, Core) we are using the latest version (as of date 1.81) of the
 [BouncyCastle](https://github.com/bcgit/bc-csharp) library; on the .NET Standard side (Core, AspNetCore) we are using
 the portable fork of the [BouncyCastle](https://github.com/onovotny/BouncyCastle-PCL) library.
 
 ##### What are the major changes in the 5.0.0 version?
-In this version we have removed the property `DisableV1` from `MAuthSigningOptions`. Instead, we have added new option as 
-`SignVersions` in `MAuthSigningOptions` which takes enumeration values of MAuth protcol versions `MWS` and/ or `MWSV2` protocol. 
-If this option is not provided, then it will sign in by `MWS` protocol as default. 
+In this version we have removed the property `DisableV1` from `MAuthSigningOptions`. Instead, we have added new option as
+`SignVersions` in `MAuthSigningOptions` which takes enumeration values of MAuth protcol versions `MWS` and/ or `MWSV2` protocol.
+If this option is not provided, then it will sign in by `MWS` protocol as default.
 
 ##### What are the major changes in the 4.0.0 version?
 
 In this version we have added support for V2 protocol which uses `MCC-Authentication` as MAuthHeader and  `MCC-Time` as
 MAuthTimeHeader. And, this V2 protocol supports for signing and authenticating url with query string parameters.
 For Signing, we added two new options in `MAuthSigningOptions`: `MAuthVersion` which is mandatory and takes enumeration
  value of `MAuthVersion.MWSV2` for V2 protocol or `MAuthVersion.MWS` for continue of using V1 protocol.
-Another option `DisableV1` is `false` by default if not provided. But, it is needed to provide as `true` when the client 
+Another option `DisableV1` is `false` by default if not provided. But, it is needed to provide as `true` when the client
 need to sign on by no more supporting V1 protocol.
 
-Also while authentication, the logic defaults to check for V2 protcol header `MWSV2` and if fails then only fallback to 
-check for V1 protocol header for `MWS`. Also, `MAuthOptionsBase` includes new option as `DisableV1` which is `false` by 
+Also while authentication, the logic defaults to check for V2 protcol header `MWSV2` and if fails then only fallback to
+check for V1 protocol header for `MWS`. Also, `MAuthOptionsBase` includes new option as `DisableV1` which is `false` by
 default and need to be passed as `true` if the authenticating client no longer wants to support V1 protocol.
 
 ##### What are the major changes in the 2.0.0 version?

appveyor.yml

@@ -1,7 +1,7 @@
 version: '{build}'
 pull_requests:
   do_not_increment_build_number: true
-image: Visual Studio 2017
+image: Visual Studio 2019
 init:
   - git config --global core.autocrlf true
 nuget:

build/common.props

@@ -1,8 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
-  <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <Description>This package contains an ASP.NET Core middleware to validate signed http requests with the Medidata MAuth protocol. The middleware communicates with an MAuth server in order to confirm the validity of the request authentication header. Include this package in your ASP.NET Core web api if you want to authenticate the api requests signed with the MAuth protocol.</Description>
     <AssemblyTitle>Medidata.MAuth.AspNetCore</AssemblyTitle>
     <AssemblyName>Medidata.MAuth.AspNetCore</AssemblyName>

src/Medidata.MAuth.AspNetCore/Medidata.MAuth.AspNetCore.csproj

@@ -0,0 +1,24 @@
+using System;
+using System.Runtime.CompilerServices;
+using System.Threading.Tasks;
+
+namespace Medidata.MAuth.Core
+{
+    internal class AsyncLazy<T> : Lazy<Task<T>>
+    {
+        public AsyncLazy(Func<T> valueFactory)
+            : base(() => Task.Factory.StartNew(valueFactory))
+        {
+        }
+
+        public AsyncLazy(Func<Task<T>> taskFactory)
+            : base(() => Task.Factory.StartNew(() => taskFactory()).Unwrap())
+        {
+        }
+
+        public TaskAwaiter<T> GetAwaiter() => Value.GetAwaiter();
+
+        public ConfiguredTaskAwaitable<T> ConfigureAwait(bool continueOnCapturedContext)
+            => Value.ConfigureAwait(continueOnCapturedContext);
+    }
+}

src/Medidata.MAuth.Core/AsyncLazy.cs

@@ -0,0 +1,49 @@
+using System;
+using Microsoft.Extensions.Caching.Memory;
+
+namespace Medidata.MAuth.Core
+{
+    /// <summary>
+    /// Caching-related extension methods.
+    /// </summary>
+    public static class CacheExtensions
+    {
+        /// <summary>
+        /// Get or create an item in the cache.  If the specified key does not exist, the factory method will be executed to
+        /// create a new item, and that item will be inserted into the cache with that key.  Locking is based on the cache
+        /// key, to prevent multiple concurrent factory methods from executing for a single key, but allow multiple concurrent
+        /// factory methods to execute for different keys.
+        /// </summary>
+        /// <param name="cache">The memory cache.</param>
+        /// <param name="key">The cache key.</param>
+        /// <param name="factory">The factory method to create a new item if the key does not exist in the cache.</param>
+        /// <typeparam name="TItem">The cached item type.</typeparam>
+        /// <returns>The item that was retrieved from the cache or created.</returns>
+        public static TItem GetOrCreateWithLock<TItem>(
+            this IMemoryCache cache,
+            object key,
+            Func<ICacheEntry, TItem> factory)
+        {
+            if (cache.TryGetValue(key, out TItem item))
+            {
+                return item;
+            }
+
+            var lockStr = string.Intern("mutex_" + key.GetHashCode());
+
+            lock (lockStr)
+            {
+                if (cache.TryGetValue(key, out item))
+                {
+                    return item;
+                }
+
+                ICacheEntry entry = cache.CreateEntry(key);
+                item = factory(entry);
+                entry.SetValue(item);
+                entry.Dispose();
+                return item;
+            }
+        }
+    }
+}

src/Medidata.MAuth.Core/CacheExtensions.cs

@@ -0,0 +1,31 @@
+using System;
+using System.IO;
+using System.Net.Http;
+using System.Threading.Tasks;
+
+namespace Medidata.MAuth.Core
+{
+    internal static class HttpRequestMessageExtensions
+    {
+        public async static Task<byte[]> GetRequestContentAsBytesAsync(this HttpRequestMessage request)
+        {
+            return request.Content is null
+                    ? Array.Empty<byte>()
+                    : await request.Content.ReadAsByteArrayAsync().ConfigureAwait(false);
+        }
+
+#if NET5_0
+        public static byte[] GetRequestContentAsBytes(this HttpRequestMessage request)
+        {
+            using (var memoryStream = new MemoryStream())
+            {
+                if (request.Content != null)
+                {
+                    request.Content.ReadAsStream().CopyTo(memoryStream);
+                }
+                return memoryStream.ToArray();
+            }
+        }
+#endif
+    }
+}