start (actual) email auth, add CancellationToken to most async methods

2024-09-09 14:37:59 +02:00 · 2024-09-09 14:37:59 +02:00 · 344a0071e5
commit 344a0071e5
parent acc54a55bc
22 changed files with 325 additions and 152 deletions
--- a/Foxnouns.Backend/Controllers/Authentication/AuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/AuthController.cs
@ -13,13 +13,13 @@ public class AuthController(Config config, KeyCacheService keyCacheSvc, ILogger

    [HttpPost("urls")]
    [ProducesResponseType<UrlsResponse>(StatusCodes.Status200OK)]
-    public async Task<IActionResult> UrlsAsync()
+    public async Task<IActionResult> UrlsAsync(CancellationToken ct = default)
    {
        _logger.Debug("Generating auth URLs for Discord: {Discord}, Google: {Google}, Tumblr: {Tumblr}",
            config.DiscordAuth.Enabled,
            config.GoogleAuth.Enabled,
            config.TumblrAuth.Enabled);
-        var state = HttpUtility.UrlEncode(await keyCacheSvc.GenerateAuthStateAsync());
+        var state = HttpUtility.UrlEncode(await keyCacheSvc.GenerateAuthStateAsync(ct));
        string? discord = null;
        if (config.DiscordAuth is { ClientId: not null, ClientSecret: not null })
            discord =
--- a/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
@ -27,31 +27,31 @@ public class DiscordAuthController(
    // leaving it here for documentation purposes
    [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
    [ProducesResponseType<AuthController.CallbackResponse>(StatusCodes.Status200OK)]
-    public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req)
+    public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req, CancellationToken ct = default)
    {
        CheckRequirements();
-        await keyCacheSvc.ValidateAuthStateAsync(req.State);
+        await keyCacheSvc.ValidateAuthStateAsync(req.State, ct);

-        var remoteUser = await remoteAuthSvc.RequestDiscordTokenAsync(req.Code, req.State);
-        var user = await authSvc.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id);
-        if (user != null) return Ok(await GenerateUserTokenAsync(user));
+        var remoteUser = await remoteAuthSvc.RequestDiscordTokenAsync(req.Code, req.State, ct);
+        var user = await authSvc.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id, ct: ct);
+        if (user != null) return Ok(await GenerateUserTokenAsync(user,ct));

        _logger.Debug("Discord user {Username} ({Id}) authenticated with no local account", remoteUser.Username,
            remoteUser.Id);

        var ticket = AuthUtils.RandomToken();
-        await keyCacheSvc.SetKeyAsync($"discord:{ticket}", remoteUser, Duration.FromMinutes(20));
+        await keyCacheSvc.SetKeyAsync($"discord:{ticket}", remoteUser, Duration.FromMinutes(20), ct);

        return Ok(new AuthController.CallbackResponse(false, ticket, remoteUser.Username));
    }

    [HttpPost("register")]
    [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
-    public async Task<IActionResult> RegisterAsync([FromBody] AuthController.OauthRegisterRequest req)
+    public async Task<IActionResult> RegisterAsync([FromBody] AuthController.OauthRegisterRequest req, CancellationToken ct = default)
    {
-        var remoteUser = await keyCacheSvc.GetKeyAsync<RemoteAuthService.RemoteUser>($"discord:{req.Ticket}");
+        var remoteUser = await keyCacheSvc.GetKeyAsync<RemoteAuthService.RemoteUser>($"discord:{req.Ticket}",ct:ct);
        if (remoteUser == null) throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
-        if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id))
+        if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id, ct))
        {
            _logger.Error("Discord user {Id} has valid ticket but is already linked to an existing account",
                remoteUser.Id);
@ -59,14 +59,14 @@ public class DiscordAuthController(
        }

        var user = await authSvc.CreateUserWithRemoteAuthAsync(req.Username, AuthType.Discord, remoteUser.Id,
-            remoteUser.Username);
+            remoteUser.Username, ct: ct);

-        return Ok(await GenerateUserTokenAsync(user));
+        return Ok(await GenerateUserTokenAsync(user, ct));
    }

-    private async Task<AuthController.AuthResponse> GenerateUserTokenAsync(User user)
+    private async Task<AuthController.AuthResponse> GenerateUserTokenAsync(User user, CancellationToken ct = default)
    {
-        var frontendApp = await db.GetFrontendApplicationAsync();
+        var frontendApp = await db.GetFrontendApplicationAsync(ct);
        _logger.Debug("Logging user {Id} in with Discord", user.Id);

        var (tokenStr, token) =
@ -75,10 +75,10 @@ public class DiscordAuthController(

        _logger.Debug("Generated token {TokenId} for {UserId}", user.Id, token.Id);

-        await db.SaveChangesAsync();
+        await db.SaveChangesAsync(ct);

        return new AuthController.AuthResponse(
-            await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false),
+            await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false, ct: ct),
            tokenStr,
            token.ExpiresAt
        );
--- a/Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs
@ -1,6 +1,10 @@
 using Foxnouns.Backend.Database;
+using Foxnouns.Backend.Database.Models;
+using Foxnouns.Backend.Extensions;
 using Foxnouns.Backend.Services;
+using Foxnouns.Backend.Utils;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 using NodaTime;

 namespace Foxnouns.Backend.Controllers.Authentication;
@ -9,21 +13,56 @@ namespace Foxnouns.Backend.Controllers.Authentication;
 public class EmailAuthController(
    DatabaseContext db,
    AuthService authSvc,
+    MailService mailSvc,
+    KeyCacheService keyCacheSvc,
    UserRendererService userRendererSvc,
    IClock clock,
    ILogger logger) : ApiControllerBase
 {
    private readonly ILogger _logger = logger.ForContext<EmailAuthController>();

+    [HttpPost("register")]
+    public async Task<IActionResult> RegisterAsync([FromBody] RegisterRequest req, CancellationToken ct = default)
+    {
+        if (!req.Email.Contains('@')) throw new ApiError.BadRequest("Email is invalid", "email", req.Email);
+
+        var state = await keyCacheSvc.GenerateRegisterEmailStateAsync(req.Email, userId: null, ct);
+        if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Email && a.RemoteId == req.Email, ct))
+            return NoContent();
+
+        mailSvc.QueueAccountCreationEmail(req.Email, state);
+        return NoContent();
+    }
+
+    [HttpPost("callback")]
+    public async Task<IActionResult> CallbackAsync([FromBody] CallbackRequest req, CancellationToken ct = default)
+    {
+        var state = await keyCacheSvc.GetRegisterEmailStateAsync(req.State, ct);
+        if (state == null) throw new ApiError.BadRequest("Invalid state", "state", req.State);
+
+        if (state.ExistingUserId != null)
+        {
+            var authMethod =
+                await authSvc.AddAuthMethodAsync(state.ExistingUserId.Value, AuthType.Email, state.Email, ct: ct);
+            _logger.Debug("Added email auth {AuthId} for user {UserId}", authMethod.Id, state.ExistingUserId);
+            return NoContent();
+        }
+
+        var ticket = AuthUtils.RandomToken();
+        await keyCacheSvc.SetKeyAsync($"email:{ticket}", state.Email, Duration.FromMinutes(20));
+
+        return Ok(new AuthController.CallbackResponse(false, ticket, state.Email));
+    }
+
    [HttpPost("login")]
    [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
-    public async Task<IActionResult> LoginAsync([FromBody] LoginRequest req)
+    public async Task<IActionResult> LoginAsync([FromBody] LoginRequest req, CancellationToken ct = default)
    {
-        var (user, authenticationResult) = await authSvc.AuthenticateUserAsync(req.Email, req.Password);
+        var (user, authenticationResult) = await authSvc.AuthenticateUserAsync(req.Email, req.Password, ct);
        if (authenticationResult == AuthService.EmailAuthenticationResult.MfaRequired)
            throw new NotImplementedException("MFA is not implemented yet");

-        var frontendApp = await db.GetFrontendApplicationAsync();
+        var frontendApp = await db.GetFrontendApplicationAsync(ct);

        _logger.Debug("Logging user {Id} in with email and password", user.Id);

@ -33,14 +72,18 @@ public class EmailAuthController(

        _logger.Debug("Generated token {TokenId} for {UserId}", token.Id, user.Id);

-        await db.SaveChangesAsync();
+        await db.SaveChangesAsync(ct);

        return Ok(new AuthController.AuthResponse(
-            await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false),
+            await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false, ct: ct),
            tokenStr,
            token.ExpiresAt
        ));
    }

    public record LoginRequest(string Email, string Password);
+
+    public record RegisterRequest(string Email);
+
+    public record CallbackRequest(string State);
 }