Foxnouns.NET/Foxnouns.Backend/Services/Auth/AuthService.cs

using System.Security.Cryptography;
using Foxnouns.Backend.Controllers.Authentication;
using Foxnouns.Backend.Database;
using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Utils;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using NodaTime;

namespace Foxnouns.Backend.Services.Auth;

public class AuthService(
    IClock clock,
    ILogger logger,
    DatabaseContext db,
    ISnowflakeGenerator snowflakeGenerator,
    UserRendererService userRenderer
)
{
    private readonly ILogger _logger = logger.ForContext<AuthService>();
    private readonly PasswordHasher<User> _passwordHasher = new();

    /// <summary>
    /// Creates a new user with the given email address and password.
    /// This method does <i>not</i> save the resulting user, the caller must still call <see cref="M:Microsoft.EntityFrameworkCore.DbContext.SaveChanges" />.
    /// </summary>
    public async Task<User> CreateUserWithPasswordAsync(
        string username,
        string email,
        string password,
        CancellationToken ct = default
    )
    {
        var user = new User
        {
            Id = snowflakeGenerator.GenerateSnowflake(),
            Username = username,
            AuthMethods =
            {
                new AuthMethod
                {
                    Id = snowflakeGenerator.GenerateSnowflake(),
                    AuthType = AuthType.Email,
                    RemoteId = email,
                },
            },
            LastActive = clock.GetCurrentInstant(),
            Sid = null!,
        };

        db.Add(user);
        user.Password = await Task.Run(() => _passwordHasher.HashPassword(user, password), ct);

        return user;
    }

    /// <summary>
    /// Creates a new user with the given username and remote authentication method.
    /// To create a user with email authentication, use <see cref="CreateUserWithPasswordAsync" />
    /// This method does <i>not</i> save the resulting user, the caller must still call <see cref="M:Microsoft.EntityFrameworkCore.DbContext.SaveChanges" />.
    /// </summary>
    public async Task<User> CreateUserWithRemoteAuthAsync(
        string username,
        AuthType authType,
        string remoteId,
        string remoteUsername,
        FediverseApplication? instance = null,
        CancellationToken ct = default
    )
    {
        AssertValidAuthType(authType, instance);

        if (await db.Users.AnyAsync(u => u.Username == username, ct))
            throw new ApiError.BadRequest("Username is already taken", "username", username);

        var user = new User
        {
            Id = snowflakeGenerator.GenerateSnowflake(),
            Username = username,
            AuthMethods =
            {
                new AuthMethod
                {
                    Id = snowflakeGenerator.GenerateSnowflake(),
                    AuthType = authType,
                    RemoteId = remoteId,
                    RemoteUsername = remoteUsername,
                    FediverseApplication = instance,
                },
            },
            LastActive = clock.GetCurrentInstant(),
            Sid = null!,
        };

        db.Add(user);
        return user;
    }

    /// <summary>
    /// Authenticates a user with email and password.
    /// </summary>
    /// <param name="email">The user's email address</param>
    /// <param name="password">The user's password, in plain text</param>
    /// <param name="ct">Cancellation token</param>
    /// <returns>A tuple of the authenticated user and whether multi-factor authentication is required</returns>
    /// <exception cref="ApiError.NotFound">Thrown if the email address is not associated with any user
    /// or if the password is incorrect</exception>
    public async Task<(User, EmailAuthenticationResult)> AuthenticateUserAsync(
        string email,
        string password,
        CancellationToken ct = default
    )
    {
        var user = await db.Users.FirstOrDefaultAsync(
            u => u.AuthMethods.Any(a => a.AuthType == AuthType.Email && a.RemoteId == email),
            ct
        );
        if (user == null)
            throw new ApiError.NotFound(
                "No user with that email address found, or password is incorrect",
                ErrorCode.UserNotFound
            );

        var pwResult = await Task.Run(
            () => _passwordHasher.VerifyHashedPassword(user, user.Password!, password),
            ct
        );
        if (pwResult == PasswordVerificationResult.Failed) // TODO: this seems to fail on some valid passwords?
            throw new ApiError.NotFound(
                "No user with that email address found, or password is incorrect",
                ErrorCode.UserNotFound
            );
        if (pwResult == PasswordVerificationResult.SuccessRehashNeeded)
        {
            user.Password = await Task.Run(() => _passwordHasher.HashPassword(user, password), ct);
            await db.SaveChangesAsync(ct);
        }

        return (user, EmailAuthenticationResult.AuthSuccessful);
    }

    public enum EmailAuthenticationResult
    {
        AuthSuccessful,
        MfaRequired,
    }

    /// <summary>
    /// Validates a user's password outside an authentication context, for when a password is required for changing
    /// a setting, such as adding a new email address or changing passwords.
    /// </summary>
    public async Task<bool> ValidatePasswordAsync(
        User user,
        string password,
        CancellationToken ct = default
    )
    {
        if (user.Password == null)
        {
            throw new FoxnounsError("Password for user supplied to ValidatePasswordAsync was null");
        }

        var pwResult = await Task.Run(
            () => _passwordHasher.VerifyHashedPassword(user, user.Password!, password),
            ct
        );
        return pwResult
            is PasswordVerificationResult.SuccessRehashNeeded
                or PasswordVerificationResult.Success;
    }

    /// <summary>
    /// Sets or updates a password for the given user. This method does <i>not</i> save the updated password automatically.
    /// </summary>
    public async Task SetUserPasswordAsync(
        User user,
        string password,
        CancellationToken ct = default
    )
    {
        user.Password = await Task.Run(() => _passwordHasher.HashPassword(user, password), ct);
        db.Update(user);
    }

    /// <summary>
    /// Authenticates a user with a remote authentication provider.
    /// </summary>
    /// <param name="authType">The remote authentication provider type</param>
    /// <param name="remoteId">The remote user ID</param>
    /// <param name="instance">The Fediverse instance, if authType is Fediverse.
    /// Will throw an exception if passed with another authType.</param>
    /// <param name="ct">Cancellation token.</param>
    /// <returns>A user object, or null if the remote account isn't linked to any user.</returns>
    /// <exception cref="FoxnounsError">Thrown if <c>instance</c> is passed when not required,
    /// or not passed when required</exception>
    public async Task<User?> AuthenticateUserAsync(
        AuthType authType,
        string remoteId,
        FediverseApplication? instance = null,
        CancellationToken ct = default
    )
    {
        AssertValidAuthType(authType, instance);

        return await db.Users.FirstOrDefaultAsync(
            u =>
                u.AuthMethods.Any(a =>
                    a.AuthType == authType
                    && a.RemoteId == remoteId
                    && a.FediverseApplication == instance
                ),
            ct
        );
    }

    public async Task<AuthMethod> AddAuthMethodAsync(
        Snowflake userId,
        AuthType authType,
        string remoteId,
        string? remoteUsername = null,
        FediverseApplication? app = null,
        CancellationToken ct = default
    )
    {
        AssertValidAuthType(authType, app);

        // This is already checked when
        var currentCount = await db
            .AuthMethods.Where(m => m.UserId == userId && m.AuthType == authType)
            .CountAsync(ct);
        if (currentCount >= AuthUtils.MaxAuthMethodsPerType)
            throw new ApiError.BadRequest(
                "Too many linked accounts of this type, maximum of 3 per account."
            );

        var authMethod = new AuthMethod
        {
            Id = snowflakeGenerator.GenerateSnowflake(),
            AuthType = authType,
            RemoteId = remoteId,
            FediverseApplicationId = app?.Id,
            RemoteUsername = remoteUsername,
            UserId = userId,
        };

        db.Add(authMethod);
        await db.SaveChangesAsync(ct);
        return authMethod;
    }

    public (string, Token) GenerateToken(
        User user,
        Application application,
        string[] scopes,
        Instant expires
    )
    {
        if (!AuthUtils.ValidateScopes(application, scopes))
            throw new ApiError.BadRequest(
                "Invalid scopes requested for this token",
                "scopes",
                scopes
            );

        var (token, hash) = GenerateToken();
        return (
            token,
            new Token
            {
                Id = snowflakeGenerator.GenerateSnowflake(),
                Hash = hash,
                Application = application,
                User = user,
                ExpiresAt = expires,
                Scopes = scopes,
            }
        );
    }

    /// <summary>
    /// Generates a token for the given user and adds it to the database, returning a fully formed auth response for the user.
    /// This method is always called at the end of an endpoint method, so the resulting token
    /// (and user, if this is a registration request) is also saved to the database.
    /// </summary>
    public async Task<CallbackResponse> GenerateUserTokenAsync(
        User user,
        CancellationToken ct = default
    )
    {
        var frontendApp = await db.GetFrontendApplicationAsync(ct);

        var (tokenStr, token) = GenerateToken(
            user,
            frontendApp,
            ["*"],
            clock.GetCurrentInstant() + Duration.FromDays(365)
        );
        db.Add(token);

        _logger.Debug("Generated token {TokenId} for {UserId}", user.Id, token.Id);

        await db.SaveChangesAsync(ct);

        return new CallbackResponse(
            HasAccount: true,
            Ticket: null,
            RemoteUsername: null,
            User: await userRenderer.RenderUserAsync(
                user,
                selfUser: user,
                renderMembers: false,
                ct: ct
            ),
            Token: tokenStr,
            ExpiresAt: token.ExpiresAt
        );
    }

    private static (string, byte[]) GenerateToken()
    {
        var token = AuthUtils.RandomToken();
        var hash = SHA512.HashData(Convert.FromBase64String(token));

        return (token, hash);
    }

    private static void AssertValidAuthType(AuthType authType, FediverseApplication? instance)
    {
        if (authType == AuthType.Fediverse && instance == null)
            throw new FoxnounsError("Fediverse authentication requires an instance.");
        if (authType != AuthType.Fediverse && instance != null)
            throw new FoxnounsError("Non-Fediverse authentication does not require an instance.");
    }
}
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`using System.Security.Cryptography;`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`using Foxnouns.Backend.Controllers.Authentication;`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`using Foxnouns.Backend.Database;`
			`using Foxnouns.Backend.Database.Models;`
			`using Foxnouns.Backend.Utils;`
			`using Microsoft.AspNetCore.Identity;`
feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`using Microsoft.EntityFrameworkCore;`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`using NodaTime;`

feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`namespace Foxnouns.Backend.Services.Auth;`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`public class AuthService(`
			`IClock clock,`
			`ILogger logger,`
			`DatabaseContext db,`
			`ISnowflakeGenerator snowflakeGenerator,`
			`UserRendererService userRenderer`
			`)`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`{`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`private readonly ILogger _logger = logger.ForContext<AuthService>();`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`private readonly PasswordHasher<User> _passwordHasher = new();`

			`/// <summary>`
			`/// Creates a new user with the given email address and password.`
			`/// This method does <i>not</i> save the resulting user, the caller must still call <see cref="M:Microsoft.EntityFrameworkCore.DbContext.SaveChanges" />.`
			`/// </summary>`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public async Task<User> CreateUserWithPasswordAsync(`
			`string username,`
			`string email,`
			`string password,`
			`CancellationToken ct = default`
			`)`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`{`
			`var user = new User`
			`{`
			`Id = snowflakeGenerator.GenerateSnowflake(),`
			`Username = username,`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`AuthMethods =`
			`{`
			`new AuthMethod`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`{`
			`Id = snowflakeGenerator.GenerateSnowflake(),`
			`AuthType = AuthType.Email,`
			`RemoteId = email,`
			`},`
feat: add deleted user columns in database 2024-07-13 03:09:00 +02:00			`},`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`LastActive = clock.GetCurrentInstant(),`
fix: explicitly set sids to null so the find free sid functions actually trigger 2024-11-24 15:39:44 +01:00			`Sid = null!,`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`};`

			`db.Add(user);`
feat(backend): email registration 2024-09-10 02:39:07 +02:00			`user.Password = await Task.Run(() => _passwordHasher.HashPassword(user, password), ct);`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00
			`return user;`
			`}`
too many things to list (notably, user avatar update) 2024-07-08 19:03:04 +02:00
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`/// <summary>`
			`/// Creates a new user with the given username and remote authentication method.`
			`/// To create a user with email authentication, use <see cref="CreateUserWithPasswordAsync" />`
			`/// This method does <i>not</i> save the resulting user, the caller must still call <see cref="M:Microsoft.EntityFrameworkCore.DbContext.SaveChanges" />.`
			`/// </summary>`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public async Task<User> CreateUserWithRemoteAuthAsync(`
			`string username,`
			`AuthType authType,`
			`string remoteId,`
			`string remoteUsername,`
			`FediverseApplication? instance = null,`
			`CancellationToken ct = default`
			`)`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`{`
			`AssertValidAuthType(authType, instance);`
too many things to list (notably, user avatar update) 2024-07-08 19:03:04 +02:00
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`if (await db.Users.AnyAsync(u => u.Username == username, ct))`
feat(backend): improve bad request errors 2024-07-14 16:44:41 +02:00			`throw new ApiError.BadRequest("Username is already taken", "username", username);`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00
			`var user = new User`
			`{`
			`Id = snowflakeGenerator.GenerateSnowflake(),`
			`Username = username,`
			`AuthMethods =`
			`{`
			`new AuthMethod`
			`{`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`Id = snowflakeGenerator.GenerateSnowflake(),`
			`AuthType = authType,`
			`RemoteId = remoteId,`
			`RemoteUsername = remoteUsername,`
			`FediverseApplication = instance,`
			`},`
feat: add deleted user columns in database 2024-07-13 03:09:00 +02:00			`},`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`LastActive = clock.GetCurrentInstant(),`
fix: explicitly set sids to null so the find free sid functions actually trigger 2024-11-24 15:39:44 +01:00			`Sid = null!,`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`};`

			`db.Add(user);`
			`return user;`
			`}`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`/// <summary>`
			`/// Authenticates a user with email and password.`
			`/// </summary>`
			`/// <param name="email">The user's email address</param>`
			`/// <param name="password">The user's password, in plain text</param>`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`/// <param name="ct">Cancellation token</param>`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`/// <returns>A tuple of the authenticated user and whether multi-factor authentication is required</returns>`
			`/// <exception cref="ApiError.NotFound">Thrown if the email address is not associated with any user`
			`/// or if the password is incorrect</exception>`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public async Task<(User, EmailAuthenticationResult)> AuthenticateUserAsync(`
			`string email,`
			`string password,`
			`CancellationToken ct = default`
			`)`
feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`{`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`var user = await db.Users.FirstOrDefaultAsync(`
			`u => u.AuthMethods.Any(a => a.AuthType == AuthType.Email && a.RemoteId == email),`
			`ct`
			`);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`if (user == null)`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`throw new ApiError.NotFound(`
			`"No user with that email address found, or password is incorrect",`
			`ErrorCode.UserNotFound`
			`);`

			`var pwResult = await Task.Run(`
			`() => _passwordHasher.VerifyHashedPassword(user, user.Password!, password),`
			`ct`
			`);`
feat(frontend): working email login 2024-09-10 21:24:40 +02:00			`if (pwResult == PasswordVerificationResult.Failed) // TODO: this seems to fail on some valid passwords?`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`throw new ApiError.NotFound(`
			`"No user with that email address found, or password is incorrect",`
			`ErrorCode.UserNotFound`
			`);`
feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`if (pwResult == PasswordVerificationResult.SuccessRehashNeeded)`
			`{`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`user.Password = await Task.Run(() => _passwordHasher.HashPassword(user, password), ct);`
			`await db.SaveChangesAsync(ct);`
feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`}`

feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`return (user, EmailAuthenticationResult.AuthSuccessful);`
			`}`

feat(frontend): add, list email 2024-10-02 02:46:39 +02:00			`public enum EmailAuthenticationResult`
			`{`
			`AuthSuccessful,`
			`MfaRequired,`
			`}`

feat(backend): add add email address endpoint 2024-10-02 00:52:49 +02:00			`/// <summary>`
			`/// Validates a user's password outside an authentication context, for when a password is required for changing`
			`/// a setting, such as adding a new email address or changing passwords.`
			`/// </summary>`
			`public async Task<bool> ValidatePasswordAsync(`
			`User user,`
			`string password,`
			`CancellationToken ct = default`
			`)`
			`{`
			`if (user.Password == null)`
			`{`
			`throw new FoxnounsError("Password for user supplied to ValidatePasswordAsync was null");`
			`}`

			`var pwResult = await Task.Run(`
			`() => _passwordHasher.VerifyHashedPassword(user, user.Password!, password),`
			`ct`
			`);`
			`return pwResult`
			`is PasswordVerificationResult.SuccessRehashNeeded`
			`or PasswordVerificationResult.Success;`
			`}`

feat(frontend): add, list email 2024-10-02 02:46:39 +02:00			`/// <summary>`
			`/// Sets or updates a password for the given user. This method does <i>not</i> save the updated password automatically.`
			`/// </summary>`
			`public async Task SetUserPasswordAsync(`
			`User user,`
			`string password,`
			`CancellationToken ct = default`
			`)`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`{`
feat(frontend): add, list email 2024-10-02 02:46:39 +02:00			`user.Password = await Task.Run(() => _passwordHasher.HashPassword(user, password), ct);`
			`db.Update(user);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`}`

			`/// <summary>`
			`/// Authenticates a user with a remote authentication provider.`
			`/// </summary>`
			`/// <param name="authType">The remote authentication provider type</param>`
			`/// <param name="remoteId">The remote user ID</param>`
			`/// <param name="instance">The Fediverse instance, if authType is Fediverse.`
			`/// Will throw an exception if passed with another authType.</param>`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`/// <param name="ct">Cancellation token.</param>`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`/// <returns>A user object, or null if the remote account isn't linked to any user.</returns>`
			`/// <exception cref="FoxnounsError">Thrown if <c>instance</c> is passed when not required,`
			`/// or not passed when required</exception>`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public async Task<User?> AuthenticateUserAsync(`
			`AuthType authType,`
			`string remoteId,`
			`FediverseApplication? instance = null,`
			`CancellationToken ct = default`
			`)`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`{`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`AssertValidAuthType(authType, instance);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`return await db.Users.FirstOrDefaultAsync(`
			`u =>`
			`u.AuthMethods.Any(a =>`
			`a.AuthType == authType`
			`&& a.RemoteId == remoteId`
			`&& a.FediverseApplication == instance`
			`),`
			`ct`
			`);`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`}`

chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public async Task<AuthMethod> AddAuthMethodAsync(`
			`Snowflake userId,`
			`AuthType authType,`
			`string remoteId,`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`string? remoteUsername = null,`
feat: link fediverse account to existing user 2024-12-04 01:48:52 +01:00			`FediverseApplication? app = null,`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`CancellationToken ct = default`
			`)`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`{`
feat: link fediverse account to existing user 2024-12-04 01:48:52 +01:00			`AssertValidAuthType(authType, app);`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00
feat(frontend): discord registration/login/linking also moves the registration form found on the mastodon callback page into a component so we're not repeating the same code for every auth method 2024-11-28 21:35:55 +01:00			`// This is already checked when`
			`var currentCount = await db`
			`.AuthMethods.Where(m => m.UserId == userId && m.AuthType == authType)`
			`.CountAsync(ct);`
			`if (currentCount >= AuthUtils.MaxAuthMethodsPerType)`
			`throw new ApiError.BadRequest(`
			`"Too many linked accounts of this type, maximum of 3 per account."`
			`);`

start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`var authMethod = new AuthMethod`
			`{`
			`Id = snowflakeGenerator.GenerateSnowflake(),`
			`AuthType = authType,`
			`RemoteId = remoteId,`
feat: link fediverse account to existing user 2024-12-04 01:48:52 +01:00			`FediverseApplicationId = app?.Id,`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`RemoteUsername = remoteUsername,`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`UserId = userId,`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`};`

			`db.Add(authMethod);`
			`await db.SaveChangesAsync(ct);`
			`return authMethod;`
feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`}`

chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public (string, Token) GenerateToken(`
			`User user,`
			`Application application,`
			`string[] scopes,`
			`Instant expires`
			`)`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`{`
too many things to list (notably, user avatar update) 2024-07-08 19:03:04 +02:00			`if (!AuthUtils.ValidateScopes(application, scopes))`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`throw new ApiError.BadRequest(`
			`"Invalid scopes requested for this token",`
			`"scopes",`
			`scopes`
			`);`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00
			`var (token, hash) = GenerateToken();`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`return (`
			`token,`
			`new Token`
			`{`
			`Id = snowflakeGenerator.GenerateSnowflake(),`
			`Hash = hash,`
			`Application = application,`
			`User = user,`
			`ExpiresAt = expires,`
			`Scopes = scopes,`
			`}`
			`);`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`}`

feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`/// <summary>`
			`/// Generates a token for the given user and adds it to the database, returning a fully formed auth response for the user.`
			`/// This method is always called at the end of an endpoint method, so the resulting token`
			`/// (and user, if this is a registration request) is also saved to the database.`
			`/// </summary>`
			`public async Task<CallbackResponse> GenerateUserTokenAsync(`
			`User user,`
			`CancellationToken ct = default`
			`)`
			`{`
			`var frontendApp = await db.GetFrontendApplicationAsync(ct);`

			`var (tokenStr, token) = GenerateToken(`
			`user,`
			`frontendApp,`
			`["*"],`
			`clock.GetCurrentInstant() + Duration.FromDays(365)`
			`);`
			`db.Add(token);`

			`_logger.Debug("Generated token {TokenId} for {UserId}", user.Id, token.Id);`

			`await db.SaveChangesAsync(ct);`

			`return new CallbackResponse(`
			`HasAccount: true,`
			`Ticket: null,`
			`RemoteUsername: null,`
			`User: await userRenderer.RenderUserAsync(`
			`user,`
			`selfUser: user,`
			`renderMembers: false,`
			`ct: ct`
			`),`
			`Token: tokenStr,`
			`ExpiresAt: token.ExpiresAt`
			`);`
			`}`

feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`private static (string, byte[]) GenerateToken()`
			`{`
feat(backend): add member GET endpoints, POST /users/@me/members endpoint 2024-07-13 19:38:40 +02:00			`var token = AuthUtils.RandomToken();`
feat: add debug registration endpoint, fix snowflake serialization 2024-06-04 17:38:59 +02:00			`var hash = SHA512.HashData(Convert.FromBase64String(token));`

			`return (token, hash);`
			`}`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00
			`private static void AssertValidAuthType(AuthType authType, FediverseApplication? instance)`
			`{`
			`if (authType == AuthType.Fediverse && instance == null)`
			`throw new FoxnounsError("Fediverse authentication requires an instance.");`
			`if (authType != AuthType.Fediverse && instance != null)`
			`throw new FoxnounsError("Non-Fediverse authentication does not require an instance.");`
			`}`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`}`