[release/8.0-preview7] Add more MapIdentityApi endpoints (#49559)

Backport of #49498 to release/8.0-preview7 /cc @halter73 # Add more MapIdentityApi endpoints ## Description This adds the following new endpoints: - GET /confirmEmail - POST /resendConfirmationEmail - POST /resetPassword - GET /account/2fa - POST /account/2fa - GET /account/info - POST /account/info Additionally, the existing /login endpoint now accepts 2fa codes and 2fa recovery codes as part of the request body. These can be queried and regenerated from /account/2fa. The /login endpoint now also gives limited failure reasons in the form of application/problem+json instead of empty 401 responses with details such as "LockedOut", "RequiresTwoFactor", "NotAllowed" (usually because lack of email confirmation), and the generic "Failed" statuses. Fixes #47232 (lockout support) Fixes #47231 (reset password support) Fixes #47230 (2fa support) Fixes #47229 (change username and password) Fixes #49404 (Removes AddIdentityBearerToken which is no longer needed) ## Customer Impact This makes the MapIdentityApi API introduced in preview4 more usable. See https://devblogs.microsoft.com/dotnet/asp-net-core-updates-in-dotnet-8-preview-4/#auth where we promised the following. > In addition to user registration and login, the identity API endpoints will support features like two-factor authentication and email verification in upcoming previews. You can find a list of planned features in the issues labeled [feature-token-identity](https://github.com/dotnet/aspnetcore/issues?q=is%3Aopen+label%3Afeature-token-identity+sort%3Aupdated-desc) on the ASP.NET Core GitHub repository. This PR adds all of these features, and it's important to make this available to customers as soon as possible, so we have time to react to any feedback. It appears customers are [excited to give it a go.](https://www.reddit.com/r/programming/comments/13jxcsx/aspnet_core_updates_in_net_8_preview_4_net_blog/jki0p3g/) ## Regression? - [ ] Yes - [x] No ## Risk - [ ] High - [ ] Medium - [x] Low This is primarily new API with minimal changes to SignInManager that should have no impact unless used by the new MapIdentityApi endpoints. ## Verification - [x] Manual (required) - [x] Automated ## Packaging changes reviewed? - [ ] Yes - [ ] No - [x] N/A
dotnet · Jul 21, 2023 · 0c0bc01 · 0c0bc01
1 parent 2922b05
commit 0c0bc01
Show file tree

Hide file tree

Showing 34 changed files with 1,811 additions and 219 deletions.
diff --git a/src/Http/Routing/src/EndpointNameMetadata.cs b/src/Http/Routing/src/EndpointNameMetadata.cs
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Shared;
 
@@ -13,6 +14,7 @@ namespace Microsoft.AspNetCore.Routing;
 /// Endpoint names must be unique within an application, and can be used to unambiguously
 /// identify a desired endpoint for URI generation using <see cref="LinkGenerator"/>.
 /// </remarks>
+[DebuggerDisplay("{ToString(),nq}")]
 public class EndpointNameMetadata : IEndpointNameMetadata
 {
     /// <summary>

diff --git a/src/Identity/Core/src/DTO/AuthenticatorKeyResponse.cs b/src/Identity/Core/src/DTO/AuthenticatorKeyResponse.cs
@@ -0,0 +1,13 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Identity.DTO;
+
+internal sealed class TwoFactorResponse
+{
+    public required string SharedKey { get; init; }
+    public required int RecoveryCodesLeft { get; init; }
+    public string[]? RecoveryCodes { get; init; }
+    public required bool IsTwoFactorEnabled { get; init; }
+    public required bool IsMachineRemembered { get; init; }
+}
diff --git a/src/Identity/Core/src/DTO/IdentityEndpointsJsonSerializerContext.cs b/src/Identity/Core/src/DTO/IdentityEndpointsJsonSerializerContext.cs
@@ -7,6 +7,13 @@ namespace Microsoft.AspNetCore.Identity.DTO;
 
 [JsonSerializable(typeof(RegisterRequest))]
 [JsonSerializable(typeof(LoginRequest))]
+[JsonSerializable(typeof(RefreshRequest))]
+[JsonSerializable(typeof(ResetPasswordRequest))]
+[JsonSerializable(typeof(ResendEmailRequest))]
+[JsonSerializable(typeof(InfoRequest))]
+[JsonSerializable(typeof(InfoResponse))]
+[JsonSerializable(typeof(TwoFactorRequest))]
+[JsonSerializable(typeof(TwoFactorResponse))]
 internal sealed partial class IdentityEndpointsJsonSerializerContext : JsonSerializerContext
 {
 }
diff --git a/src/Identity/Core/src/DTO/InfoRequest.cs b/src/Identity/Core/src/DTO/InfoRequest.cs
@@ -0,0 +1,12 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Identity.DTO;
+
+internal sealed class InfoRequest
+{
+    public string? NewUsername { get; init; }
+    public string? NewEmail { get; init; }
+    public string? NewPassword { get; init; }
+    public string? OldPassword { get; init; }
+}
diff --git a/src/Identity/Core/src/DTO/InfoResponse.cs b/src/Identity/Core/src/DTO/InfoResponse.cs
@@ -0,0 +1,11 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Identity.DTO;
+
+internal sealed class InfoResponse
+{
+    public required string Username { get; init; }
+    public required string Email { get; init; }
+    public required IDictionary<string, string> Claims { get; init; }
+}
diff --git a/src/Identity/Core/src/DTO/LoginRequest.cs b/src/Identity/Core/src/DTO/LoginRequest.cs
@@ -7,4 +7,6 @@ internal sealed class LoginRequest
 {
     public required string Username { get; init; }
     public required string Password { get; init; }
+    public string? TwoFactorCode { get; init; }
+    public string? TwoFactorRecoveryCode { get; init; }
 }
diff --git a/src/Identity/Core/src/DTO/RegisterRequest.cs b/src/Identity/Core/src/DTO/RegisterRequest.cs
@@ -7,4 +7,5 @@ internal sealed class RegisterRequest
 {
     public required string Username { get; init; }
     public required string Password { get; init; }
+    public required string Email { get; init; }
 }
diff --git a/src/Identity/Core/src/DTO/ResendEmailRequest.cs b/src/Identity/Core/src/DTO/ResendEmailRequest.cs
@@ -0,0 +1,9 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Identity.DTO;
+
+internal sealed class ResendEmailRequest
+{
+    public required string Email { get; init; }
+}
diff --git a/src/Identity/Core/src/DTO/ResetPasswordRequest.cs b/src/Identity/Core/src/DTO/ResetPasswordRequest.cs
@@ -0,0 +1,11 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Identity.DTO;
+
+internal sealed class ResetPasswordRequest
+{
+    public required string Email { get; init; }
+    public string? ResetCode { get; init; }
+    public string? NewPassword { get; init; }
+}
diff --git a/src/Identity/Core/src/DTO/TwoFactorRequest.cs b/src/Identity/Core/src/DTO/TwoFactorRequest.cs
@@ -0,0 +1,14 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Identity.DTO;
+
+internal sealed class TwoFactorRequest
+{
+    public bool? Enable { get; init; }
+    public string? TwoFactorCode { get; init; }
+
+    public bool ResetSharedKey { get; init; }
+    public bool ResetRecoveryCodes { get; init; }
+    public bool ForgetMachine { get; init; }
+}