[user-jwts] Read and generate secrets ID with SecretsManager (dotnet#42006)

* [user-jwts] Read secrets ID from SecretsManager and generate missing secrets
* Address feedback from review
* Add shared localizations strings for secrets
* Update localization and address feedback

Author: captainsafia

src/Tools/dotnet-user-secrets/src/Internal/MsBuildProjectFinder.cs renamed to src/Tools/Shared/SecretsHelpers/MsBuildProjectFinder.cs

@@ -1,13 +1,10 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System;
-using System.IO;
 using System.Linq;
+using Microsoft.AspNetCore.Tools;
 using Microsoft.Extensions.Tools.Internal;
 
-namespace Microsoft.Extensions.SecretManager.Tools.Internal;
-
 internal sealed class MsBuildProjectFinder
 {
     private readonly string _directory;
@@ -36,20 +33,20 @@ public string FindMsBuildProject(string project)
 
             if (projects.Count > 1)
             {
-                throw new FileNotFoundException(Resources.FormatError_MultipleProjectsFound(projectPath));
+                throw new FileNotFoundException(SecretsHelpersResources.FormatError_MultipleProjectsFound(projectPath));
             }
 
             if (projects.Count == 0)
             {
-                throw new FileNotFoundException(Resources.FormatError_NoProjectsFound(projectPath));
+                throw new FileNotFoundException(SecretsHelpersResources.FormatError_NoProjectsFound(projectPath));
             }
 
             return projects[0];
         }
 
         if (!File.Exists(projectPath))
         {
-            throw new FileNotFoundException(Resources.FormatError_ProjectPath_NotFound(projectPath));
+            throw new FileNotFoundException(SecretsHelpersResources.FormatError_ProjectPath_NotFound(projectPath));
         }
 
         return projectPath;

src/Tools/dotnet-user-secrets/src/Internal/ProjectIdResolver.cs renamed to src/Tools/Shared/SecretsHelpers/ProjectIdResolver.cs

@@ -6,16 +6,15 @@
 using System.IO;
 using System.Linq;
 using System.Text;
+using Microsoft.AspNetCore.Tools;
 using Microsoft.Extensions.CommandLineUtils;
 using Microsoft.Extensions.Tools.Internal;
 
-namespace Microsoft.Extensions.SecretManager.Tools.Internal;
-
 /// <summary>
 /// This API supports infrastructure and is not intended to be used
 /// directly from your code. This API may change or be removed in future releases.
 /// </summary>
-public class ProjectIdResolver
+internal sealed class ProjectIdResolver
 {
     private const string DefaultConfig = "Debug";
     private readonly IReporter _reporter;
@@ -32,9 +31,18 @@ public ProjectIdResolver(IReporter reporter, string workingDirectory)
     public string Resolve(string project, string configuration)
     {
         var finder = new MsBuildProjectFinder(_workingDirectory);
-        var projectFile = finder.FindMsBuildProject(project);
+        string projectFile;
+        try
+        {
+            projectFile = finder.FindMsBuildProject(project);
+        }
+        catch (Exception ex)
+        {
+            _reporter.Error(ex.Message);
+            return null;
+        }
 
-        _reporter.Verbose(Resources.FormatMessage_Project_File_Path(projectFile));
+        _reporter.Verbose(SecretsHelpersResources.FormatMessage_Project_File_Path(projectFile));
 
         configuration = !string.IsNullOrEmpty(configuration)
             ? configuration
@@ -98,18 +106,20 @@ public string Resolve(string project, string configuration)
                 _reporter.Verbose(outputBuilder.ToString());
                 _reporter.Verbose(errorBuilder.ToString());
                 _reporter.Error($"Exit code: {process.ExitCode}");
-                throw new InvalidOperationException(Resources.FormatError_ProjectFailedToLoad(projectFile));
+                _reporter.Error(SecretsHelpersResources.FormatError_ProjectFailedToLoad(projectFile));
+                return null;
             }
 
             if (!File.Exists(outputFile))
             {
-                throw new InvalidOperationException(Resources.FormatError_ProjectMissingId(projectFile));
+                _reporter.Error(SecretsHelpersResources.FormatError_ProjectMissingId(projectFile));
+                return null;
             }
 
             var id = File.ReadAllText(outputFile)?.Trim();
             if (string.IsNullOrEmpty(id))
             {
-                throw new InvalidOperationException(Resources.FormatError_ProjectMissingId(projectFile));
+                _reporter.Error(SecretsHelpersResources.FormatError_ProjectMissingId(projectFile));
             }
             return id;
 

src/Tools/Shared/SecretsHelpers/SecretsHelpersResources.resx

@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Error_InvalidSecretsId" xml:space="preserve">
+    <value>The UserSecretsId '{userSecretsId}' cannot contain any characters that cannot be used in a file path.</value>
+  </data>
+  <data name="Error_MultipleProjectsFound" xml:space="preserve">
+    <value>Multiple MSBuild project files found in '{projectPath}'. Specify which to use with the --project option.</value>
+  </data>
+  <data name="Error_NoProjectsFound" xml:space="preserve">
+    <value>Could not find a MSBuild project file in '{projectPath}'. Specify which project to use with the --project option.</value>
+  </data>
+  <data name="Error_ProjectFailedToLoad" xml:space="preserve">
+    <value>Could not load the MSBuild project '{project}'.</value>
+  </data>
+  <data name="Error_ProjectMissingId" xml:space="preserve">
+    <value>Could not find the global property 'UserSecretsId' in MSBuild project '{project}'. Ensure this property is set in the project or use the '--id' command line option.</value>
+  </data>
+  <data name="Error_ProjectPath_NotFound" xml:space="preserve">
+    <value>The project file '{0}' does not exist.</value>
+  </data>
+  <data name="Message_ProjectAlreadyInitialized" xml:space="preserve">
+    <value>The MSBuild project '{project}' has already been initialized with a UserSecretsId.</value>
+  </data>
+  <data name="Message_Project_File_Path" xml:space="preserve">
+    <value>Project file path {project}.</value>
+  </data>
+  <data name="Message_SetUserSecretsIdForProject" xml:space="preserve">
+    <value>Set UserSecretsId to '{userSecretsId}' for MSBuild project '{project}'.</value>
+  </data>
+</root>

src/Tools/Shared/SecretsHelpers/UserSecretsCreator.cs

@@ -0,0 +1,84 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Linq;
+using System.Xml;
+using System.Xml.Linq;
+using System.Xml.XPath;
+using Microsoft.AspNetCore.Tools;
+using Microsoft.Extensions.Tools.Internal;
+
+internal static class UserSecretsCreator
+{
+    public static string CreateUserSecretsId(IReporter reporter, string project, string workingDirectory, string overrideId = null)
+    {
+        var projectPath = ResolveProjectPath(project, workingDirectory);
+
+        // Load the project file as XML
+        var projectDocument = XDocument.Load(projectPath, LoadOptions.PreserveWhitespace);
+
+        // Accept the `--id` CLI option to the main app
+        string newSecretsId = string.IsNullOrWhiteSpace(overrideId)
+            ? Guid.NewGuid().ToString()
+            : overrideId;
+
+        // Confirm secret ID does not contain invalid characters
+        if (Path.GetInvalidPathChars().Any(newSecretsId.Contains))
+        {
+            throw new ArgumentException(SecretsHelpersResources.FormatError_InvalidSecretsId(newSecretsId));
+        }
+
+        var existingUserSecretsId = projectDocument.XPathSelectElements("//UserSecretsId").FirstOrDefault();
+
+        // Check if a UserSecretsId is already set
+        if (existingUserSecretsId is not null)
+        {
+            // Only set the UserSecretsId if the user specified an explicit value
+            if (string.IsNullOrWhiteSpace(overrideId))
+            {
+                reporter.Output(SecretsHelpersResources.FormatMessage_ProjectAlreadyInitialized(projectPath));
+                return existingUserSecretsId.Value;
+            }
+
+            existingUserSecretsId.SetValue(newSecretsId);
+        }
+        else
+        {
+            // Find the first non-conditional PropertyGroup
+            var propertyGroup = projectDocument.Root.DescendantNodes()
+                .FirstOrDefault(node => node is XElement el
+                    && el.Name == "PropertyGroup"
+                    && el.Attributes().All(attr =>
+                        attr.Name != "Condition")) as XElement;
+
+            // No valid property group, create a new one
+            if (propertyGroup == null)
+            {
+                propertyGroup = new XElement("PropertyGroup");
+                projectDocument.Root.AddFirst(propertyGroup);
+            }
+
+            // Add UserSecretsId element
+            propertyGroup.Add("  ");
+            propertyGroup.Add(new XElement("UserSecretsId", newSecretsId));
+            propertyGroup.Add($"{Environment.NewLine}  ");
+        }
+
+        var settings = new XmlWriterSettings
+        {
+            OmitXmlDeclaration = true,
+        };
+
+        using var xw = XmlWriter.Create(projectPath, settings);
+        projectDocument.Save(xw);
+
+        reporter.Output(SecretsHelpersResources.FormatMessage_SetUserSecretsIdForProject(newSecretsId, projectPath));
+        return newSecretsId;
+    }
+
+    private static string ResolveProjectPath(string name, string path)
+    {
+        var finder = new MsBuildProjectFinder(path);
+        return finder.FindMsBuildProject(name);
+    }
+}

src/Tools/dotnet-user-secrets/src/assets/SecretManager.targets renamed to src/Tools/Shared/SecretsHelpers/assets/SecretManager.targets

@@ -4,8 +4,6 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Text.Json;
-using System.Xml.Linq;
-using System.Xml.XPath;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.UserSecrets;
 using Microsoft.Extensions.Tools.Internal;
@@ -14,17 +12,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer.Tools;
 
 internal static class DevJwtCliHelpers
 {
-    public static string GetUserSecretsId(string projectFilePath)
+    public static string GetOrSetUserSecretsId(IReporter reporter, string projectFilePath)
     {
-        var projectDocument = XDocument.Load(projectFilePath, LoadOptions.PreserveWhitespace);
-        var existingUserSecretsId = projectDocument.XPathSelectElements("//UserSecretsId").FirstOrDefault();
-
-        if (existingUserSecretsId == null)
+        var resolver = new ProjectIdResolver(reporter, projectFilePath);
+        var id = resolver.Resolve(projectFilePath, configuration: null);
+        if (string.IsNullOrEmpty(id))
         {
-            return null;
+            return UserSecretsCreator.CreateUserSecretsId(reporter, projectFilePath, projectFilePath);
         }
-
-        return existingUserSecretsId.Value;
+        return id;
     }
 
     public static string GetProject(string projectPath = null)
@@ -54,7 +50,7 @@ public static bool GetProjectAndSecretsId(string projectPath, IReporter reporter
             return false;
         }
 
-        userSecretsId = GetUserSecretsId(project);
+        userSecretsId = GetOrSetUserSecretsId(reporter, project);
         if (userSecretsId == null)
         {
             reporter.Error($"Project does not contain a user secrets ID.");
@@ -85,6 +81,7 @@ public static byte[] CreateSigningKeyMaterial(string userSecretsId, bool reset =
         // Create signing material and save to user secrets
         var newKeyMaterial = System.Security.Cryptography.RandomNumberGenerator.GetBytes(DevJwtsDefaults.SigningKeyLength);
         var secretsFilePath = PathHelper.GetSecretsPathFromSecretsId(userSecretsId);
+        Directory.CreateDirectory(Path.GetDirectoryName(secretsFilePath));
 
         IDictionary<string, string> secrets = null;
         if (File.Exists(secretsFilePath))