Merging internal commits for release/8.0 #60879
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…g user Since this is a patch, instead of throwing an exception in cases where we wouldn't before like we do in the PR to `main`, we instead log an error and fail to refresh the cookie if RefreshSignInAsync is called with a TUser that does not have the same user ID as the currently authenticated user. While this does not make it *as* obvious to developers that something has gone wrong, error logs are still pretty visible, and stale cookies are something web developers have to account for regardless. The big upside to not throwing in the patch is that we do not have to react to it in the email change confirmation flow to account for the possibility of RefreshSignInAsync throwing. ---- #### AI description (iteration 1) #### PR Classification Bug fix #### PR Summary This pull request disables the `RefreshSignInAsync` method if it is called with the wrong user, ensuring proper user authentication handling. - `src/Identity/Core/src/SignInManager.cs`: Added checks to disable `RefreshSignInAsync` if the user is not authenticated or if the authenticated user ID does not match the provided user ID. - `src/Identity/test/Identity.Test/SignInManagerTest.cs`: Added tests to verify that `RefreshSignInAsync` logs errors and does not proceed if the user is not authenticated or if authenticated with a different user.
…ng/internal/dotnet-runtime This pull request updates the following dependencies [marker]: <> (Begin:83131e87-e80d-4d5b-f426-08dbd53b3319) ## From https://dev.azure.com/dnceng/internal/_git/dotnet-runtime - **Subscription**: 83131e87-e80d-4d5b-f426-08dbd53b3319 - **Build**: 20250211.10 - **Date Produced**: February 12, 2025 3:38:00 AM UTC - **Commit**: d8ee7c837b53a52795d374c694ff2c72b62bcef0 - **Branch**: refs/heads/internal/release/8.0 [DependencyUpdate]: <> (Begin) - **Updates**: - **Microsoft.Extensions.HostFactoryResolver.Sources**: [from 8.0.13-servicing.25066.9 to 8.0.14-servicing.25111.10][1] - **Microsoft.Extensions.Logging.Abstractions**: [from 8.0.3 to 8.0.3][1] - **Microsoft.Internal.Runtime.AspNetCore.Transport**: [from 8.0.13-servicing.25066.9 to 8.0.14-servicing.25111.10][1] - **Microsoft.NET.Runtime.MonoAOTCompiler.Task**: [from 8.0.13 to 8.0.14][1] - **Microsoft.NET.Runtime.WebAssembly.Sdk**: [from 8.0.13 to 8.0.14][1] - **Microsoft.NETCore.App.Ref**: [from 8.0.13 to 8.0.14][1] - **Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm**: [from 8.0.13 to 8.0.14][1] - **Microsoft.NETCore.App.Runtime.win-x64**: [from 8.0.13 to 8.0.14][1] - **Microsoft.NETCore.BrowserDebugHost.Transport**: [from 8.0.13-servicing.25066.9 to 8.0.14-servicing.25111.10][1] - **Microsoft.NETCore.Platforms**: [from 8.0.13-servicing.25066.9 to 8.0.14-servicing.25111.10][1] - **Microsoft.SourceBuild.Intermediate.runtime.linux-x64**: [from 8.0.13-servicing.25066.9 to 8.0.14-servicing.25111.10][1] [1]: https://dev.azure.com/dnceng/internal/_git/dotnet-runtime/branches?baseVersion=GCeba546b0f0d448e0176a2222548fd7a2fbf464c0&targetVersion=GCd8ee7c837b53a52795d374c694ff2c72b62bcef0&_a=files [DependencyUpdate]: <> (End) [marker]: <> (End:83131e87-e80d-4d5b-f426-08dbd53b3319)
…ng/internal/dotnet-efcore This pull request updates the following dependencies [marker]: <> (Begin:e179a2a7-bc5d-4498-2467-08dbd53ba9ce) ## From https://dev.azure.com/dnceng/internal/_git/dotnet-efcore - **Subscription**: e179a2a7-bc5d-4498-2467-08dbd53ba9ce - **Build**: 20250211.8 - **Date Produced**: February 12, 2025 6:00:43 AM UTC - **Commit**: 8e4c8005250a2a911b146c13c1e1cc9814397387 - **Branch**: refs/heads/internal/release/8.0 [DependencyUpdate]: <> (Begin) - **Updates**: - **dotnet-ef**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Design**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.InMemory**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Relational**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Sqlite**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.SqlServer**: [from 8.0.13 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Tools**: [from 8.0.13 to 8.0.14][1] [1]: https://dev.azure.com/dnceng/internal/_git/dotnet-efcore/branches?baseVersion=GC1bdfaaeddf567214d363aa2396fd4874abf204cc&targetVersion=GC8e4c8005250a2a911b146c13c1e1cc9814397387&_a=files [DependencyUpdate]: <> (End) [marker]: <> (End:e179a2a7-bc5d-4498-2467-08dbd53ba9ce)
Fixes merge conflicts ---- #### AI description (iteration 1) #### PR Classification Version update for package dependencies. #### PR Summary This pull request updates the version of various packages from 8.0.12 to 8.0.13. - `eng/Baseline.xml`: Updated package versions from 8.0.12 to 8.0.13 for multiple packages including `Microsoft.AspNetCore`, `Microsoft.Extensions`, and `Microsoft.JSInterop`. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…otnet-runtime build 20250211.18 Microsoft.Extensions.HostFactoryResolver.Sources , Microsoft.Extensions.Logging.Abstractions , Microsoft.Internal.Runtime.AspNetCore.Transport , Microsoft.NET.Runtime.MonoAOTCompiler.Task , Microsoft.NET.Runtime.WebAssembly.Sdk , Microsoft.NETCore.App.Ref , Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm , Microsoft.NETCore.App.Runtime.win-x64 , Microsoft.NETCore.BrowserDebugHost.Transport , Microsoft.NETCore.Platforms , Microsoft.SourceBuild.Intermediate.runtime.linux-x64 From Version 8.0.14-servicing.25111.10 -> To Version 8.0.14-servicing.25111.18
…ng/internal/dotnet-runtime This pull request updates the following dependencies [marker]: <> (Begin:83131e87-e80d-4d5b-f426-08dbd53b3319) ## From https://dev.azure.com/dnceng/internal/_git/dotnet-runtime - **Subscription**: 83131e87-e80d-4d5b-f426-08dbd53b3319 - **Build**: 20250211.18 - **Date Produced**: February 12, 2025 8:48:20 AM UTC - **Commit**: 1584e493603cfc4e9b36b77d6d4afe97de6363f9 - **Branch**: refs/heads/internal/release/8.0 [DependencyUpdate]: <> (Begin) - **Updates**: - **Microsoft.Extensions.HostFactoryResolver.Sources**: [from 8.0.14-servicing.25111.10 to 8.0.14-servicing.25111.18][1] - **Microsoft.Extensions.Logging.Abstractions**: [from 8.0.3 to 8.0.3][1] - **Microsoft.Internal.Runtime.AspNetCore.Transport**: [from 8.0.14-servicing.25111.10 to 8.0.14-servicing.25111.18][1] - **Microsoft.NET.Runtime.MonoAOTCompiler.Task**: [from 8.0.14 to 8.0.14][1] - **Microsoft.NET.Runtime.WebAssembly.Sdk**: [from 8.0.14 to 8.0.14][1] - **Microsoft.NETCore.App.Ref**: [from 8.0.14 to 8.0.14][1] - **Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm**: [from 8.0.14 to 8.0.14][1] - **Microsoft.NETCore.App.Runtime.win-x64**: [from 8.0.14 to 8.0.14][1] - **Microsoft.NETCore.BrowserDebugHost.Transport**: [from 8.0.14-servicing.25111.10 to 8.0.14-servicing.25111.18][1] - **Microsoft.NETCore.Platforms**: [from 8.0.14-servicing.25111.10 to 8.0.14-servicing.25111.18][1] - **Microsoft.SourceBuild.Intermediate.runtime.linux-x64**: [from 8.0.14-servicing.25111.10 to 8.0.14-servicing.25111.18][1] [1]: https://dev.azure.com/dnceng/internal/_git/dotnet-runtime/branches?baseVersion=GCd8ee7c837b53a52795d374c694ff2c72b62bcef0&targetVersion=GC1584e493603cfc4e9b36b77d6d4afe97de6363f9&_a=files [DependencyUpdate]: <> (End) [marker]: <> (End:83131e87-e80d-4d5b-f426-08dbd53b3319)
…otnet-efcore build 20250212.6 dotnet-ef , Microsoft.EntityFrameworkCore , Microsoft.EntityFrameworkCore.Design , Microsoft.EntityFrameworkCore.InMemory , Microsoft.EntityFrameworkCore.Relational , Microsoft.EntityFrameworkCore.Sqlite , Microsoft.EntityFrameworkCore.SqlServer , Microsoft.EntityFrameworkCore.Tools From Version 8.0.14 -> To Version 8.0.14
…ng/internal/dotnet-efcore This pull request updates the following dependencies [marker]: <> (Begin:e179a2a7-bc5d-4498-2467-08dbd53ba9ce) ## From https://dev.azure.com/dnceng/internal/_git/dotnet-efcore - **Subscription**: e179a2a7-bc5d-4498-2467-08dbd53ba9ce - **Build**: 20250212.6 - **Date Produced**: February 13, 2025 1:10:52 AM UTC - **Commit**: d00955545e8afc997726aead9b0e6103b1ceade6 - **Branch**: refs/heads/internal/release/8.0 [DependencyUpdate]: <> (Begin) - **Updates**: - **dotnet-ef**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Design**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.InMemory**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Relational**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Sqlite**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.SqlServer**: [from 8.0.14 to 8.0.14][1] - **Microsoft.EntityFrameworkCore.Tools**: [from 8.0.14 to 8.0.14][1] [1]: https://dev.azure.com/dnceng/internal/_git/dotnet-efcore/branches?baseVersion=GC8e4c8005250a2a911b146c13c1e1cc9814397387&targetVersion=GCd00955545e8afc997726aead9b0e6103b1ceade6&_a=files [DependencyUpdate]: <> (End) [marker]: <> (End:e179a2a7-bc5d-4498-2467-08dbd53ba9ce)
…-merge-8.0-2025-03-11-1244
ghost
added
the
area-infrastructure
There was a problem hiding this comment.
Pull Request Overview
This PR merges internal commits to support the release of version 8.0 by refining the sign-in behavior and adding tests for extra scenarios.
- Updated the CanResignIn method signature and test setups by removing obsolete pragma warnings and clarifying the authentication scheme.
- Added two new tests to validate that RefreshSignInAsync correctly logs an error and performs no sign in when the authentication state is invalid or associated with a different user.
- Refactored RefreshSignInAsync in SignInManager to check for authentication success and user consistency before updating claims.
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/Identity/test/Identity.Test/SignInManagerTest.cs | Updated test method signature and added tests ensuring proper behavior/logging in RefreshSignInAsync scenarios. |
| src/Identity/Core/src/SignInManager.cs | Reordered checks in RefreshSignInAsync to improve authentication validation logic. |
Comments suppressed due to low confidence (3)
src/Identity/test/Identity.Test/SignInManagerTest.cs:602
- [nitpick] Consider defining a constant for the 'authscheme' string to minimize repetition and avoid magic strings in your test setups.
var id = new ClaimsIdentity("authscheme");
src/Identity/test/Identity.Test/SignInManagerTest.cs:655
- [nitpick] Consider extracting the error message into a constant and referencing it in both the SignInManager implementation and tests to reduce brittleness when updating the message.
Assert.Contains("RefreshSignInAsync prevented because the user is not currently authenticated. Use SignInAsync instead for initial sign in.", logger.LogMessages);
src/Identity/Core/src/SignInManager.cs:180
- [nitpick] Since the preceding check ensures auth.Succeeded and a valid principal, the null propagation operators here are redundant and can be removed for clarity.
var authenticationMethod = auth?.Principal?.FindFirst(ClaimTypes.AuthenticationMethod);
wtgodbe
approved these changes
Mar 11, 2025
1 task
1 task
This was referenced Jul 21, 2025
This was referenced Aug 18, 2025
Open
Open
Open
Open
Open
Open
deps: Bump Microsoft.AspNetCore.Mvc.Testing from 8.0.8 to 8.0.19
Third-Opinion/ThirdOpinion.Common#7
Open
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.