search

aspnet / Security

[Archived] Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore
Apache License 2.0
1.27k stars 600 forks source link

Update Facebook to v3.1 endpoints #1863

Closed Tratcher closed 5 years ago

Tratcher commented 5 years ago

92 Facebook has changed its API version from v2.12 to v3.1. It has also removed the public_profile scope, this permission is available by default. See https://developers.facebook.com/docs/graph-api/changelog/version3.0#login

None of the other providers have made any relevant API changes. I did add some doc links for next time.

HaoK commented 5 years ago

Looks fine, why is the VSTS CI failing tho?

Eilon commented 5 years ago

Looks like an actual test failure.

[xUnit.net 00:00:02.71]     Microsoft.AspNetCore.Authentication.DataHandler.SecureDataFormatTests.UnprotectWithDifferentPurposeFails [FAIL]
2018-09-25T21:03:41.7440980Z   Failed   Microsoft.AspNetCore.Authentication.DataHandler.SecureDataFormatTests.UnprotectWithDifferentPurposeFails
2018-09-25T21:03:41.9368708Z   Error Message:
2018-09-25T21:03:41.9374032Z    System.Security.Cryptography.CryptographicException : An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information.
2018-09-25T21:03:41.9765718Z   ---- System.IO.IOException : The process cannot access the file 'C:\Users\VssAdministrator\AppData\Local\ASP.NET\DataProtection-Keys\key-5f141910-c7c5-44f8-bd32-6de42809f0b3.xml' because it is being used by another process.
2018-09-25T21:03:41.9816898Z   Stack Trace:
2018-09-25T21:03:41.9820462Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(Byte[] plaintext)
2018-09-25T21:03:42.0056413Z      at Microsoft.AspNetCore.Authentication.SecureDataFormat`1.Protect(TData data, String purpose) in /_/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs:line 34
2018-09-25T21:03:42.0075689Z      at Microsoft.AspNetCore.Authentication.DataHandler.SecureDataFormatTests.UnprotectWithDifferentPurposeFails() in /_/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs:line 59
2018-09-25T21:03:42.0076034Z   ----- Inner Stack Trace -----
2018-09-25T21:03:42.0076238Z      at System.IO.FileStream.ValidateFileHandle(SafeFileHandle fileHandle)
2018-09-25T21:03:42.0076511Z      at System.IO.FileStream.CreateFileOpenHandle(FileMode mode, FileShare share, FileOptions options)
2018-09-25T21:03:42.0076781Z      at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
2018-09-25T21:03:42.0077110Z      at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
2018-09-25T21:03:42.0077325Z      at System.IO.File.OpenRead(String path)
2018-09-25T21:03:42.0077552Z      at Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository.ReadElementFromFile(String fullPath)
2018-09-25T21:03:42.0077850Z      at Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository.GetAllElementsCore()+MoveNext()
2018-09-25T21:03:42.0078090Z      at System.Collections.Generic.List`1.AddEnumerable(IEnumerable`1 enumerable)
2018-09-25T21:03:42.0078342Z      at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
2018-09-25T21:03:42.0078568Z      at Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository.GetAllElements()
2018-09-25T21:03:42.0078837Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys()
2018-09-25T21:03:42.0079645Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
2018-09-25T21:03:42.0080388Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
2018-09-25T21:03:42.0080768Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow)
2018-09-25T21:03:42.0081035Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRing()
2018-09-25T21:03:42.0081338Z      at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(Byte[] plaintext)
2018-09-25T21:03:43.5391931Z   [xUnit.net 00:00:04.68]     Microsoft.AspNetCore.Authentication.Cookies.CookieTests.ChallengeDoesNotSet401OnUnauthorized [SKIP]
Eilon commented 5 years ago

@natemcmaster is this the same as the Data Protection failure we were seeing be flaky on 2.1?

natemcmaster commented 5 years ago

Same cause: the tests rely on global machine state. This is always a bad thing for tests. The fix is to change the test project to persist dataprotection keys to a temporary directory. https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-2.1&tabs=aspnetcore2x#persistkeystofilesystem

Eilon commented 5 years ago

Thanks @natemcmaster .

@Tratcher - do we need to do the thing Nate suggested?

Tratcher commented 5 years ago

I'm am dubious of that explanation. DataProtection was designed to be be shared between multiple instances of an application and should be handling concurrency issues like this. We've used it this way for years without issue, why the sudden regression?