Support JWT authentication, including multi-steps authentication

.github/workflows/CodeQuality.yml

@@ -28,7 +28,7 @@ jobs:
       - name: Setup .NET Core
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: '8.0.x'
+          dotnet-version: '9.0.x'
 
       - name: add Github nuget feed
         run: dotnet nuget add source https://nuget.pkg.github.com/STARIONGROUP/index.json -n StarionGithubFeed -u STARIONGROUP -p ${{ secrets.PACKAGE_TOKEN }} --store-password-in-clear-text

.github/workflows/codeql.yml

@@ -31,7 +31,7 @@ jobs:
     - name: Setup .NET Core
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 8.0.x
+        dotnet-version: 9.0.x
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/nuget-reference-check.yml

@@ -20,7 +20,7 @@ jobs:
     - name: Setup .NET Environment
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 8.0.x
+        dotnet-version: 9.0.x
 
     - name: add Starion GitHub nuget feed
       run: dotnet nuget add source https://nuget.pkg.github.com/STARIONGROUP/index.json -n StarionGithubFeed -u STARIONGROUP -p ${{ secrets.PACKAGE_TOKEN }} --store-password-in-clear-text

COMET.Web.Common.Test/COMET.Web.Common.Test.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-      <TargetFramework>net8.0</TargetFramework>
+      <TargetFramework>net9.0</TargetFramework>
       <LangVersion>Latest</LangVersion>
       <ImplicitUsings>enable</ImplicitUsings>
       <Title>CDP4 WEB Common Test</Title>
@@ -29,14 +29,14 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="bunit.web" Version="1.36.0" />
-    <PackageReference Include="DevExpress.Blazor" Version="23.2.9" />
+    <PackageReference Include="bunit.web" Version="1.38.5" />
+    <PackageReference Include="DevExpress.Blazor" Version="23.2.11" />
     <PackageReference Include="Moq" Version="4.20.72" />
   </ItemGroup>
 
     <ItemGroup Label="override transitive vulnerable dependency">
-        <PackageReference Include="System.Text.Json" Version="8.0.5" />
-        <PackageReference Include="System.Formats.Asn1" Version="8.0.1" />
+        <PackageReference Include="System.Text.Json" Version="9.0.2" />
+        <PackageReference Include="System.Formats.Asn1" Version="9.0.2" />
     </ItemGroup>
 
     <ItemGroup>

COMET.Web.Common.Tests/COMET.Web.Common.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net8.0</TargetFramework>
+        <TargetFramework>net9.0</TargetFramework>
         <LangVersion>latest</LangVersion>
         <Description>Unit tests for the COMET Web Common Library</Description>
         <Company>Starion Group S.A.</Company>
@@ -46,25 +46,25 @@
     </ItemGroup>
 
     <ItemGroup>
-        <PackageReference Include="bunit" Version="1.36.0" />
+        <PackageReference Include="bunit" Version="1.38.5" />
         <PackageReference Include="DotNetSeleniumExtras.WaitHelpers" Version="3.11.0" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.13.0" />
         <PackageReference Include="Moq" Version="4.20.72" />
-        <PackageReference Include="NUnit" Version="4.2.2" />
-        <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
-        <PackageReference Include="coverlet.collector" Version="6.0.2">
+        <PackageReference Include="NUnit" Version="4.3.2" />
+        <PackageReference Include="NUnit3TestAdapter" Version="5.0.0" />
+        <PackageReference Include="coverlet.collector" Version="6.0.4">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="coverlet.msbuild" Version="6.0.2">
+        <PackageReference Include="coverlet.msbuild" Version="6.0.4">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="RichardSzalay.MockHttp" Version="7.0.0" />
     </ItemGroup>
 
     <ItemGroup Label="override transitive vulnerable dependency">
-        <PackageReference Include="System.Text.Json" Version="8.0.5" />
+        <PackageReference Include="System.Text.Json" Version="9.0.2" />
     </ItemGroup>
 
     <ItemGroup>

COMET.Web.Common.Tests/Components/LoginTestFixture.cs

@@ -27,6 +27,10 @@ namespace COMET.Web.Common.Tests.Components
 {
     using Bunit;
 
+    using CDP4Dal.DAL;
+
+    using CDP4DalCommon.Authentication;
+
     using COMET.Web.Common.Components;
     using COMET.Web.Common.Model.Configuration;
     using COMET.Web.Common.Model.DTO;
@@ -35,8 +39,11 @@ namespace COMET.Web.Common.Tests.Components
     using COMET.Web.Common.Test.Helpers;
     using COMET.Web.Common.ViewModels.Components;
 
+    using DevExpress.Blazor;
+
     using FluentResults;
 
+    using Microsoft.AspNetCore.Components;
     using Microsoft.AspNetCore.Components.Forms;
     using Microsoft.AspNetCore.Components.Web;
     using Microsoft.Extensions.DependencyInjection;
@@ -50,27 +57,29 @@ namespace COMET.Web.Common.Tests.Components
     [TestFixture]
     public class LoginTestFixture
     {
-        private ILoginViewModel viewModel;
+        private LoginViewModel viewModel;
         private TestContext context;
         private Mock<IAuthenticationService> authenticationService;
         private Mock<IConfigurationService> serverConnectionService;
+        private ServerConfiguration serverConfiguration;
 
         [SetUp]
         public void Setup()
         {
             this.authenticationService = new Mock<IAuthenticationService>();
             this.serverConnectionService = new Mock<IConfigurationService>();
 
-            var serverConfiguration = new ServerConfiguration
+            this.serverConfiguration = new ServerConfiguration
             {
                 ServerAddress = "http://localhost.com",
                 FullTrustConfiguration = new FullTrustConfiguration()
             };
 
-            this.serverConnectionService.Setup(x => x.ServerConfiguration).Returns(serverConfiguration);
+            this.serverConnectionService.Setup(x => x.ServerConfiguration).Returns(this.serverConfiguration);
             this.context = new TestContext();
             this.viewModel = new LoginViewModel(this.authenticationService.Object, this.serverConnectionService.Object);
-            this.context.Services.AddSingleton(this.viewModel);
+            this.context.Services.AddSingleton<ILoginViewModel>(this.viewModel);
+            this.context.Services.AddSingleton(this.authenticationService.Object);
             this.context.ConfigureDevExpressBlazor();
         }
 
@@ -189,5 +198,76 @@ public async Task VerifyPerformLogin()
             await renderer.InvokeAsync(editForm.Instance.OnValidSubmit.InvokeAsync);
             Assert.That(renderer.Instance.ErrorMessages, Is.Empty);
         }
+
+        [Test]
+        public async Task VerifyMultipleAuthenticationSchemeFlowWithInternalToken()
+        {
+            this.serverConfiguration.ServerAddress = null;
+            this.serverConfiguration.AllowMultipleStepsAuthentication = true;
+
+            var renderer = this.context.RenderComponent<Login>();
+            var editForm = renderer.FindComponent<EditForm>();
+
+            Assert.That(renderer.FindComponents<DxTextBox>(), Has.Count.EqualTo(1));
+
+            const string sourceAddress = "http://localhost:5000"; 
+            this.viewModel.AuthenticationDto.SourceAddress = sourceAddress;
+
+            var authenticationSchemeResponse = new AuthenticationSchemeResponse()
+            {
+                Schemes = [AuthenticationSchemeKind.LocalJwtBearer, AuthenticationSchemeKind.Basic]
+            };
+
+            this.authenticationService.Setup(x => x.RequestAvailableAuthenticationSchemeAsync(sourceAddress, false))
+                .ReturnsAsync(Result.Ok(authenticationSchemeResponse));
+
+            await renderer.InvokeAsync(editForm.Instance.OnValidSubmit.InvokeAsync);
+            Assert.That(renderer.FindComponents<DxTextBox>(), Has.Count.EqualTo(2));
+
+            this.viewModel.AuthenticationDto.UserName = "admin";
+            this.viewModel.AuthenticationDto.Password = "pass";
+
+            this.authenticationService.Setup(x => x.LoginAsync(AuthenticationSchemeKind.LocalJwtBearer, It.IsAny<AuthenticationInformation>()))
+                .ReturnsAsync(Result.Ok);
+
+            await renderer.InvokeAsync(editForm.Instance.OnValidSubmit.InvokeAsync);
+
+            Assert.Multiple(() =>
+            {
+                Assert.That(this.viewModel.AuthenticationResult, Is.Not.Null);
+                Assert.That(this.viewModel.AuthenticationResult.IsSuccess, Is.True);
+            });
+        }
+
+        [Test]
+        public async Task VerifyMultipleAuthenticationSchemeFlowWithExternalToken()
+        {
+            this.serverConfiguration.ServerAddress = null;
+            this.serverConfiguration.AllowMultipleStepsAuthentication = true;
+
+            var renderer = this.context.RenderComponent<Login>();
+            var editForm = renderer.FindComponent<EditForm>();
+
+            Assert.That(renderer.FindComponents<DxTextBox>(), Has.Count.EqualTo(1));
+
+            const string sourceAddress = "http://localhost:5000"; 
+            this.viewModel.AuthenticationDto.SourceAddress = sourceAddress;
+
+            var authenticationSchemeResponse = new AuthenticationSchemeResponse()
+            {
+                Schemes = [AuthenticationSchemeKind.ExternalJwtBearer],
+                Authority = "http://localhost:8080/realms/MyRealm",
+                ClientId = "client"
+            };
+
+            this.authenticationService.Setup(x => x.RequestAvailableAuthenticationSchemeAsync(sourceAddress, false))
+                .ReturnsAsync(Result.Ok(authenticationSchemeResponse));
+
+            await renderer.InvokeAsync(editForm.Instance.OnValidSubmit.InvokeAsync);
+            Assert.That(renderer.FindComponents<DxTextBox>(), Has.Count.EqualTo(0));
+
+            var navigationManager = this.context.Services.GetService<NavigationManager>();
+            Assert.That(navigationManager.Uri.StartsWith(authenticationSchemeResponse.Authority), Is.True);
+        }
     }
 }

COMET.Web.Common.Tests/Extensions/ServiceCollectionExtensionsTestFixture.cs

@@ -27,11 +27,14 @@ namespace COMET.Web.Common.Tests.Extensions
 {
     using System.Reflection;
 
+    using Blazored.SessionStorage;
+
     using COMET.Web.Common.Extensions;
     using COMET.Web.Common.Services.SessionManagement;
 
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.DependencyInjection;
+    using Microsoft.JSInterop;
 
     using Moq;
 
@@ -49,6 +52,8 @@ public void VerifyServerRegistration()
             serviceCollection.AddScoped(_ => new HttpClient());
             serviceCollection.AddLogging();
             serviceCollection.RegisterCdp4CometCommonServices(globalOptions: _ => { });
+            serviceCollection.AddBlazoredSessionStorage();
+            serviceCollection.AddSingleton(new Mock<IJSRuntime>().Object);
             var serviceProvider = serviceCollection.BuildServiceProvider();
 
             foreach (var service in serviceCollection.Where(x => x.ServiceType.Assembly == Assembly.GetAssembly(typeof(ISessionService))))
@@ -64,6 +69,8 @@ public void VerifyWebAssemblyRegistration()
             serviceCollection.AddScoped(_ => new HttpClient());
             serviceCollection.AddLogging();
             serviceCollection.RegisterCdp4CometCommonServices(false,globalOptions: _ => { });
+            serviceCollection.AddBlazoredSessionStorage();
+            serviceCollection.AddSingleton(new Mock<IJSRuntime>().Object);
             var serviceProvider = serviceCollection.BuildServiceProvider();
 
             foreach (var service in serviceCollection.Where(x => x.ServiceType.Assembly == Assembly.GetAssembly(typeof(ISessionService))))