From a5ad943584e91bfbd953dc373a7a313367c7e0ae Mon Sep 17 00:00:00 2001
From: vman <public@vaughnnugent.com>
Date: Thu, 15 Dec 2022 01:41:41 -0500
Subject: Mfa/login fixes

---
 .../Endpoints/Auth0.cs                             | 45 ++++++++++++----------
 .../Endpoints/DiscordOauth.cs                      | 30 +++++++++------
 .../Endpoints/GitHubOauth.cs                       | 37 ++++++++++--------
 3 files changed, 63 insertions(+), 49 deletions(-)

(limited to 'VNLib.Plugins.Essentials.SocialOauth/Endpoints')

diff --git a/VNLib.Plugins.Essentials.SocialOauth/Endpoints/Auth0.cs b/VNLib.Plugins.Essentials.SocialOauth/Endpoints/Auth0.cs
index 8518ea0..c7512b7 100644
--- a/VNLib.Plugins.Essentials.SocialOauth/Endpoints/Auth0.cs
+++ b/VNLib.Plugins.Essentials.SocialOauth/Endpoints/Auth0.cs
@@ -40,46 +40,51 @@ using VNLib.Plugins.Essentials.Accounts;
 using VNLib.Plugins.Extensions.Loading;
 using VNLib.Plugins.Extensions.Loading.Users;
 
-#nullable enable
-
 namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
 {
 
     [ConfigurationName("auth0")]
-    internal class Auth0 : SocialOauthBase
+    internal sealed class Auth0 : SocialOauthBase
     {
+
         protected override OauthClientConfig Config { get; }
 
 
-        private readonly Task<JsonDocument> RsaCertificate;
+        private readonly Task<JsonDocument> Auth0VerificationJwk;
 
-        public Auth0(PluginBase plugin, IReadOnlyDictionary<string, JsonElement> config)
+        public Auth0(PluginBase plugin, IReadOnlyDictionary<string, JsonElement> config) : base()
         {
-            //Get id/secret
-            Task<string?> secret = plugin.TryGetSecretAsync("auth0_client_secret");
-            Task<string?> clientId = plugin.TryGetSecretAsync("auth0_client_id");
+            string keyUrl = config["key_url"].GetString() ?? throw new KeyNotFoundException("Missing Auth0 'key_url' from config");
 
-            //Wait sync
-            Task.WaitAll(secret, clientId);
+            Uri keyUri = new(keyUrl);
+
+            //Get certificate on background thread
+            Auth0VerificationJwk = Task.Run(() => GetRsaCertificate(keyUri));
 
             Config = new("auth0", config)
             {
-                //get gh client secret and id
-                ClientID = clientId.Result ?? throw new KeyNotFoundException("Missing Auth0 client id from config or vault"),
-                ClientSecret = secret.Result ?? throw new KeyNotFoundException("Missing Auth0 client secret from config or vault"),
-
                 Passwords = plugin.GetPasswords(),
                 Users = plugin.GetUserManager(),
             };
 
-            string keyUrl = config["key_url"].GetString() ?? throw new KeyNotFoundException("Missing Auth0 'key_url' from config");
+            InitPathAndLog(Config.EndpointPath, plugin.Log);
 
-            Uri keyUri = new(keyUrl);
+            //Load secrets
+            _ = plugin.DeferTask(async () =>
+            {
+                //Get id/secret
+                Task<SecretResult?> secretTask = plugin.TryGetSecretAsync("auth0_client_secret");
+                Task<SecretResult?> clientIdTask = plugin.TryGetSecretAsync("auth0_client_id");
 
-            //Get certificate on background thread
-            RsaCertificate = Task.Run(() => GetRsaCertificate(keyUri));
+                await Task.WhenAll(secretTask, clientIdTask);
 
-            InitPathAndLog(Config.EndpointPath, plugin.Log);
+                using SecretResult? secret = await secretTask;
+                using SecretResult? clientId = await clientIdTask;
+
+                Config.ClientID = clientId?.Result.ToString() ?? throw new KeyNotFoundException("Missing Auth0 client id from config or vault");
+                Config.ClientSecret = secret?.Result.ToString() ?? throw new KeyNotFoundException("Missing the Auth0 client secret from config or vault");
+               
+            }, 100);
         }
 
 
@@ -154,7 +159,7 @@ namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
             using JsonWebToken jwt = JsonWebToken.Parse(clientAccess.IdToken);
 
             //Verify the token against the first signing key
-            if (!jwt.VerifyFromJwk(RsaCertificate.Result.RootElement.GetProperty("keys").EnumerateArray().First()))
+            if (!jwt.VerifyFromJwk(Auth0VerificationJwk.Result.RootElement.GetProperty("keys").EnumerateArray().First()))
             {
                 return EmptyLoginData;
             }
diff --git a/VNLib.Plugins.Essentials.SocialOauth/Endpoints/DiscordOauth.cs b/VNLib.Plugins.Essentials.SocialOauth/Endpoints/DiscordOauth.cs
index 6ee7683..d8b2394 100644
--- a/VNLib.Plugins.Essentials.SocialOauth/Endpoints/DiscordOauth.cs
+++ b/VNLib.Plugins.Essentials.SocialOauth/Endpoints/DiscordOauth.cs
@@ -39,7 +39,6 @@ using VNLib.Plugins.Essentials.Accounts;
 using VNLib.Plugins.Extensions.Loading;
 using VNLib.Plugins.Extensions.Loading.Users;
 
-#nullable enable
 
 namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
 {
@@ -50,26 +49,33 @@ namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
 
         public DiscordOauth(PluginBase plugin, IReadOnlyDictionary<string, JsonElement> config) : base()
         {
-            //Get id/secret
-            Task<string?> secret = plugin.TryGetSecretAsync("discord_client_secret");
-            Task<string?> clientId = plugin.TryGetSecretAsync("discord_client_id");
-
-            //Wait sync
-            Task.WaitAll(secret, clientId);
-
             Config = new("discord", config)
             {
-                //get gh client secret and id
-                ClientID = clientId.Result ?? throw new KeyNotFoundException("Missing Discord client id from config or vault"),
-                ClientSecret = secret.Result ?? throw new KeyNotFoundException("Missing the Discord client secret from config or vault"),
-
                 Passwords = plugin.GetPasswords(),
                 Users = plugin.GetUserManager(),
             };
 
             InitPathAndLog(Config.EndpointPath, plugin.Log);
+
+            //Load secrets
+            _ = plugin.DeferTask(async () =>
+            {
+                //Get id/secret
+                Task<SecretResult?> clientIdTask = plugin.TryGetSecretAsync("discord_client_id");
+                Task<SecretResult?> secretTask = plugin.TryGetSecretAsync("discord_client_secret");
+
+                await Task.WhenAll(secretTask, clientIdTask);
+
+                using SecretResult? secret = await secretTask;
+                using SecretResult? clientId = await clientIdTask;
+
+                Config.ClientID = clientId?.Result.ToString() ?? throw new KeyNotFoundException("Missing Discord client id from config or vault");
+                Config.ClientSecret = secret?.Result.ToString() ?? throw new KeyNotFoundException("Missing the Discord client secret from config or vault");
+
+            }, 100);
         }
 
+        
         private static string GetUserIdFromPlatform(string userName)
         {
             return ManagedHash.ComputeHash($"discord|{userName}", HashAlg.SHA1, HashEncodingMode.Hexadecimal);
diff --git a/VNLib.Plugins.Essentials.SocialOauth/Endpoints/GitHubOauth.cs b/VNLib.Plugins.Essentials.SocialOauth/Endpoints/GitHubOauth.cs
index 0b4fc0f..676f2bb 100644
--- a/VNLib.Plugins.Essentials.SocialOauth/Endpoints/GitHubOauth.cs
+++ b/VNLib.Plugins.Essentials.SocialOauth/Endpoints/GitHubOauth.cs
@@ -39,8 +39,6 @@ using VNLib.Plugins.Essentials.Accounts;
 using VNLib.Plugins.Extensions.Loading;
 using VNLib.Plugins.Extensions.Loading.Users;
 
-#nullable enable
-
 namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
 {
     [ConfigurationName("github")]
@@ -49,32 +47,38 @@ namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
         private const string GITHUB_V3_ACCEPT = "application/vnd.github.v3+json";
 
         private readonly string UserEmailUrl;
-
+       
         protected override OauthClientConfig Config { get; }
 
         public GitHubOauth(PluginBase plugin, IReadOnlyDictionary<string, JsonElement> config) : base()
         {
-            //Get id/secret
-            Task<string?> secret = plugin.TryGetSecretAsync("github_client_secret");
-            Task<string?> clientId = plugin.TryGetSecretAsync("github_client_id");
-
-            //Wait sync
-            Task.WaitAll(secret, clientId);
+            
+            UserEmailUrl = config["user_email_url"].GetString() ?? throw new KeyNotFoundException("Missing required key 'user_email_url' for github configuration");
 
-            Config = new(configName: "github", config)
+            Config = new("github", config)
             {
-                //get gh client secret and id
-                ClientID = clientId.Result ?? throw new KeyNotFoundException("Missing Github client id from config or vault"),
-                ClientSecret = secret.Result ?? throw new KeyNotFoundException("Missing Github client secret from config or vault"),
-
                 Passwords = plugin.GetPasswords(),
                 Users = plugin.GetUserManager(),
             };
 
+            InitPathAndLog(Config.EndpointPath, plugin.Log);
 
-            UserEmailUrl = config["user_email_url"].GetString() ?? throw new KeyNotFoundException("Missing required key 'user_email_url' for github configuration");
+            //Load secrets
+            _ = plugin.DeferTask(async () =>
+            {
+                //Get id/secret
+                Task<SecretResult?> clientIdTask = plugin.TryGetSecretAsync("github_client_id");
+                Task<SecretResult?> secretTask = plugin.TryGetSecretAsync("github_client_secret");
 
-            InitPathAndLog(Config.EndpointPath, plugin.Log);
+                await Task.WhenAll(secretTask, clientIdTask);
+
+                using SecretResult? secret = await secretTask;
+                using SecretResult? clientId = await clientIdTask;
+
+                Config.ClientID = clientId?.Result.ToString() ?? throw new KeyNotFoundException("Missing Github client id from config or vault");
+                Config.ClientSecret = secret?.Result.ToString() ?? throw new KeyNotFoundException("Missing the Github client secret from config or vault");
+
+            }, 100);
         }
 
         protected override void StaticClientPoolInitializer(RestClient client)
@@ -211,6 +215,5 @@ namespace VNLib.Plugins.Essentials.SocialOauth.Endpoints
             return accountData;
         }
 
-
     }
 }
\ No newline at end of file
-- 
cgit