Add nullability to Identity / Identity.UI (#40167)

Contributes to #5680

Author: pranavkm

src/Identity/Core/src/DataProtectorTokenProvider.cs

@@ -89,7 +89,7 @@ public virtual async Task<string> GenerateAsync(string purpose, UserManager<TUse
             writer.Write(DateTimeOffset.UtcNow);
             writer.Write(userId);
             writer.Write(purpose ?? "");
-            string stamp = null;
+            string? stamp = null;
             if (manager.SupportsUserSecurityStamp)
             {
                 stamp = await manager.GetSecurityStampAsync(user);

src/Identity/Core/src/ExternalLoginInfo.cs

@@ -33,10 +33,10 @@ public ExternalLoginInfo(ClaimsPrincipal principal, string loginProvider, string
     /// <summary>
     /// The <see cref="AuthenticationToken"/>s associated with this login.
     /// </summary>
-    public IEnumerable<AuthenticationToken> AuthenticationTokens { get; set; }
+    public IEnumerable<AuthenticationToken>? AuthenticationTokens { get; set; }
 
     /// <summary>
     /// The <see cref="Authentication.AuthenticationProperties"/> associated with this login.
     /// </summary>
-    public AuthenticationProperties AuthenticationProperties { get; set; }
+    public AuthenticationProperties? AuthenticationProperties { get; set; }
 }

src/Identity/Core/src/IdentityCookiesBuilder.cs

@@ -14,20 +14,20 @@ public class IdentityCookiesBuilder
     /// <summary>
     /// Used to configure the application cookie.
     /// </summary>
-    public OptionsBuilder<CookieAuthenticationOptions> ApplicationCookie { get; set; }
+    public OptionsBuilder<CookieAuthenticationOptions>? ApplicationCookie { get; set; }
 
     /// <summary>
     /// Used to configure the external cookie.
     /// </summary>
-    public OptionsBuilder<CookieAuthenticationOptions> ExternalCookie { get; set; }
+    public OptionsBuilder<CookieAuthenticationOptions>? ExternalCookie { get; set; }
 
     /// <summary>
     /// Used to configure the two factor remember me cookie.
     /// </summary>
-    public OptionsBuilder<CookieAuthenticationOptions> TwoFactorRememberMeCookie { get; set; }
+    public OptionsBuilder<CookieAuthenticationOptions>? TwoFactorRememberMeCookie { get; set; }
 
     /// <summary>
     /// Used to configure the two factor user id cookie.
     /// </summary>
-    public OptionsBuilder<CookieAuthenticationOptions> TwoFactorUserIdCookie { get; set; }
+    public OptionsBuilder<CookieAuthenticationOptions>? TwoFactorUserIdCookie { get; set; }
 }

src/Identity/Core/src/IdentityServiceCollectionExtensions.cs

@@ -24,7 +24,7 @@ public static IdentityBuilder AddIdentity<TUser, TRole>(
         this IServiceCollection services)
         where TUser : class
         where TRole : class
-        => services.AddIdentity<TUser, TRole>(setupAction: null);
+        => services.AddIdentity<TUser, TRole>(setupAction: null!);
 
     /// <summary>
     /// Adds and configures the identity system for the specified User and Role types.

src/Identity/Core/src/LoggingExtensions.cs

@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+#nullable disable
+
 namespace Microsoft.Extensions.Logging;
 
 internal static class LoggingExtensions

src/Identity/Core/src/Microsoft.AspNetCore.Identity.csproj

@@ -7,7 +7,6 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;identity;membership</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>disable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Identity/Core/src/PublicAPI.Unshipped.txt

@@ -13,10 +13,10 @@ public class SecurityStampRefreshingPrincipalContext
     /// <summary>
     /// The principal contained in the current cookie.
     /// </summary>
-    public ClaimsPrincipal CurrentPrincipal { get; set; }
+    public ClaimsPrincipal? CurrentPrincipal { get; set; }
 
     /// <summary>
     /// The new principal which should replace the current.
     /// </summary>
-    public ClaimsPrincipal NewPrincipal { get; set; }
+    public ClaimsPrincipal? NewPrincipal { get; set; }
 }

src/Identity/Core/src/SecurityStampRefreshingPrincipalContext.cs

@@ -36,7 +36,7 @@ public SecurityStampValidator(IOptions<SecurityStampValidatorOptions> options, S
         SignInManager = signInManager;
         Options = options.Value;
         Clock = clock;
-        Logger = logger.CreateLogger(this.GetType().FullName);
+        Logger = logger.CreateLogger(GetType());
     }
 
     /// <summary>
@@ -102,7 +102,7 @@ protected virtual async Task SecurityStampVerified(TUser user, CookieValidatePri
     /// </summary>
     /// <param name="principal">The principal to verify.</param>
     /// <returns>The verified user or null if verification fails.</returns>
-    protected virtual Task<TUser> VerifySecurityStamp(ClaimsPrincipal principal)
+    protected virtual Task<TUser?> VerifySecurityStamp(ClaimsPrincipal? principal)
         => SignInManager.ValidateSecurityStampAsync(principal);
 
     /// <summary>

src/Identity/Core/src/SecurityStampValidator.cs

@@ -19,5 +19,5 @@ public class SecurityStampValidatorOptions
     /// <summary>
     /// Invoked when the default security stamp validator replaces the user's ClaimsPrincipal in the cookie.
     /// </summary>
-    public Func<SecurityStampRefreshingPrincipalContext, Task> OnRefreshingPrincipal { get; set; }
+    public Func<SecurityStampRefreshingPrincipalContext, Task>? OnRefreshingPrincipal { get; set; }
 }

src/Identity/Core/src/SecurityStampValidatorOptions.cs

@@ -61,9 +61,9 @@ public SignInManager(UserManager<TUser> userManager,
     }
 
     private readonly IHttpContextAccessor _contextAccessor;
-    private HttpContext _context;
     private readonly IAuthenticationSchemeProvider _schemes;
     private readonly IUserConfirmation<TUser> _confirmation;
+    private HttpContext? _context;
 
     /// <summary>
     /// Gets the <see cref="ILogger"/> used to log messages from the manager.
@@ -196,7 +196,7 @@ public virtual async Task RefreshSignInAsync(TUser user)
     /// <param name="authenticationMethod">Name of the method used to authenticate the user.</param>
     /// <returns>The task object representing the asynchronous operation.</returns>
     [SuppressMessage("ApiDesign", "RS0026:Do not add multiple public overloads with optional parameters", Justification = "Required for backwards compatibility")]
-    public virtual Task SignInAsync(TUser user, bool isPersistent, string authenticationMethod = null)
+    public virtual Task SignInAsync(TUser user, bool isPersistent, string? authenticationMethod = null)
         => SignInAsync(user, new AuthenticationProperties { IsPersistent = isPersistent }, authenticationMethod);
 
     /// <summary>
@@ -207,7 +207,7 @@ public virtual Task SignInAsync(TUser user, bool isPersistent, string authentica
     /// <param name="authenticationMethod">Name of the method used to authenticate the user.</param>
     /// <returns>The task object representing the asynchronous operation.</returns>
     [SuppressMessage("ApiDesign", "RS0026:Do not add multiple public overloads with optional parameters", Justification = "Required for backwards compatibility")]
-    public virtual Task SignInAsync(TUser user, AuthenticationProperties authenticationProperties, string authenticationMethod = null)
+    public virtual Task SignInAsync(TUser user, AuthenticationProperties authenticationProperties, string? authenticationMethod = null)
     {
         IList<Claim> additionalClaims = Array.Empty<Claim>();
         if (authenticationMethod != null)
@@ -235,7 +235,7 @@ public virtual Task SignInWithClaimsAsync(TUser user, bool isPersistent, IEnumer
     /// <param name="authenticationProperties">Properties applied to the login and authentication cookie.</param>
     /// <param name="additionalClaims">Additional claims that will be stored in the cookie.</param>
     /// <returns>The task object representing the asynchronous operation.</returns>
-    public virtual async Task SignInWithClaimsAsync(TUser user, AuthenticationProperties authenticationProperties, IEnumerable<Claim> additionalClaims)
+    public virtual async Task SignInWithClaimsAsync(TUser user, AuthenticationProperties? authenticationProperties, IEnumerable<Claim> additionalClaims)
     {
         var userPrincipal = await CreateUserPrincipalAsync(user);
         foreach (var claim in additionalClaims)
@@ -264,7 +264,7 @@ public virtual async Task SignOutAsync()
     /// <param name="principal">The principal whose stamp should be validated.</param>
     /// <returns>The task object representing the asynchronous operation. The task will contain the <typeparamref name="TUser"/>
     /// if the stamp matches the persisted value, otherwise it will return null.</returns>
-    public virtual async Task<TUser> ValidateSecurityStampAsync(ClaimsPrincipal principal)
+    public virtual async Task<TUser?> ValidateSecurityStampAsync(ClaimsPrincipal? principal)
     {
         if (principal == null)
         {
@@ -287,7 +287,7 @@ public virtual async Task<TUser> ValidateSecurityStampAsync(ClaimsPrincipal prin
     /// <param name="principal">The principal whose stamp should be validated.</param>
     /// <returns>The task object representing the asynchronous operation. The task will contain the <typeparamref name="TUser"/>
     /// if the stamp matches the persisted value, otherwise it will return null.</returns>
-    public virtual async Task<TUser> ValidateTwoFactorSecurityStampAsync(ClaimsPrincipal principal)
+    public virtual async Task<TUser?> ValidateTwoFactorSecurityStampAsync(ClaimsPrincipal? principal)
     {
         if (principal == null || principal.Identity?.Name == null)
         {
@@ -309,7 +309,7 @@ public virtual async Task<TUser> ValidateTwoFactorSecurityStampAsync(ClaimsPrinc
     /// <param name="user">The user whose stamp should be validated.</param>
     /// <param name="securityStamp">The expected security stamp value.</param>
     /// <returns>The result of the validation.</returns>
-    public virtual async Task<bool> ValidateSecurityStampAsync(TUser user, string securityStamp)
+    public virtual async Task<bool> ValidateSecurityStampAsync(TUser? user, string? securityStamp)
         => user != null &&
         // Only validate the security stamp if the store supports it
         (!UserManager.SupportsUserSecurityStamp || securityStamp == await UserManager.GetSecurityStampAsync(user));
@@ -585,15 +585,15 @@ public virtual async Task<SignInResult> TwoFactorSignInAsync(string provider, st
     /// </summary>
     /// <returns>The task object representing the asynchronous operation containing the <typeparamref name="TUser"/>
     /// for the sign-in attempt.</returns>
-    public virtual async Task<TUser> GetTwoFactorAuthenticationUserAsync()
+    public virtual async Task<TUser?> GetTwoFactorAuthenticationUserAsync()
     {
         var info = await RetrieveTwoFactorInfoAsync();
         if (info == null)
         {
             return null;
         }
 
-        return await UserManager.FindByIdAsync(info.UserId);
+        return await UserManager.FindByIdAsync(info.UserId!);
     }
 
     /// <summary>
@@ -648,7 +648,7 @@ public virtual async Task<IEnumerable<AuthenticationScheme>> GetExternalAuthenti
     /// <param name="expectedXsrf">Flag indication whether a Cross Site Request Forgery token was expected in the current request.</param>
     /// <returns>The task object representing the asynchronous operation containing the <see name="ExternalLoginInfo"/>
     /// for the sign-in attempt.</returns>
-    public virtual async Task<ExternalLoginInfo> GetExternalLoginInfoAsync(string expectedXsrf = null)
+    public virtual async Task<ExternalLoginInfo?> GetExternalLoginInfoAsync(string? expectedXsrf = null)
     {
         var auth = await Context.AuthenticateAsync(IdentityConstants.ExternalScheme);
         var items = auth?.Properties?.Items;
@@ -681,7 +681,7 @@ public virtual async Task<ExternalLoginInfo> GetExternalLoginInfoAsync(string ex
                                     ?? provider;
         return new ExternalLoginInfo(auth.Principal, provider, providerKey, providerDisplayName)
         {
-            AuthenticationTokens = auth.Properties.GetTokens(),
+            AuthenticationTokens = auth.Properties?.GetTokens(),
             AuthenticationProperties = auth.Properties
         };
     }
@@ -726,7 +726,7 @@ public virtual async Task<IdentityResult> UpdateExternalAuthenticationTokensAsyn
     /// <param name="redirectUrl">The external login URL users should be redirected to during the login flow.</param>
     /// <param name="userId">The current user's identifier, which will be used to provide CSRF protection.</param>
     /// <returns>A configured <see cref="AuthenticationProperties"/>.</returns>
-    public virtual AuthenticationProperties ConfigureExternalAuthenticationProperties(string provider, string redirectUrl, string userId = null)
+    public virtual AuthenticationProperties ConfigureExternalAuthenticationProperties(string? provider, string? redirectUrl, string? userId = null)
     {
         var properties = new AuthenticationProperties { RedirectUri = redirectUrl };
         properties.Items[LoginProviderKey] = provider;
@@ -743,7 +743,7 @@ public virtual AuthenticationProperties ConfigureExternalAuthenticationPropertie
     /// <param name="userId">The user whose is logging in via 2fa.</param>
     /// <param name="loginProvider">The 2fa provider.</param>
     /// <returns>A <see cref="ClaimsPrincipal"/> containing the user 2fa information.</returns>
-    internal static ClaimsPrincipal StoreTwoFactorInfo(string userId, string loginProvider)
+    internal static ClaimsPrincipal StoreTwoFactorInfo(string userId, string? loginProvider)
     {
         var identity = new ClaimsIdentity(IdentityConstants.TwoFactorUserIdScheme);
         identity.AddClaim(new Claim(ClaimTypes.Name, userId));
@@ -781,7 +781,7 @@ await UserManager.GetTwoFactorEnabledAsync(user) &&
     /// <param name="loginProvider">The login provider to use. Default is null</param>
     /// <param name="bypassTwoFactor">Flag indicating whether to bypass two factor authentication. Default is false</param>
     /// <returns>Returns a <see cref="SignInResult"/></returns>
-    protected virtual async Task<SignInResult> SignInOrTwoFactorAsync(TUser user, bool isPersistent, string loginProvider = null, bool bypassTwoFactor = false)
+    protected virtual async Task<SignInResult> SignInOrTwoFactorAsync(TUser user, bool isPersistent, string? loginProvider = null, bool bypassTwoFactor = false)
     {
         if (!bypassTwoFactor && await IsTfaEnabled(user))
         {
@@ -809,7 +809,7 @@ protected virtual async Task<SignInResult> SignInOrTwoFactorAsync(TUser user, bo
         return SignInResult.Success;
     }
 
-    private async Task<TwoFactorAuthenticationInfo> RetrieveTwoFactorInfoAsync()
+    private async Task<TwoFactorAuthenticationInfo?> RetrieveTwoFactorInfoAsync()
     {
         var result = await Context.AuthenticateAsync(IdentityConstants.TwoFactorUserIdScheme);
         if (result?.Principal != null)
@@ -849,7 +849,7 @@ protected virtual Task<SignInResult> LockedOut(TUser user)
     /// </summary>
     /// <param name="user">The user</param>
     /// <returns>Null if the user should be allowed to sign in, otherwise the SignInResult why they should be denied.</returns>
-    protected virtual async Task<SignInResult> PreSignInCheck(TUser user)
+    protected virtual async Task<SignInResult?> PreSignInCheck(TUser user)
     {
         if (!await CanSignInAsync(user))
         {
@@ -876,9 +876,9 @@ protected virtual Task ResetLockout(TUser user)
         return Task.CompletedTask;
     }
 
-    internal class TwoFactorAuthenticationInfo
+    internal sealed class TwoFactorAuthenticationInfo
     {
-        public string UserId { get; set; }
-        public string LoginProvider { get; set; }
+        public string? UserId { get; set; }
+        public string? LoginProvider { get; set; }
     }
 }

src/Identity/Core/src/SignInManager.cs

@@ -30,7 +30,7 @@ public TwoFactorSecurityStampValidator(IOptions<SecurityStampValidatorOptions> o
     /// </summary>
     /// <param name="principal">The principal to verify.</param>
     /// <returns>The verified user or null if verification fails.</returns>
-    protected override Task<TUser> VerifySecurityStamp(ClaimsPrincipal principal)
+    protected override Task<TUser?> VerifySecurityStamp(ClaimsPrincipal? principal)
         => SignInManager.ValidateTwoFactorSecurityStampAsync(principal);
 
     /// <summary>

src/Identity/Core/src/TwoFactorSecurityStampValidator.cs

@@ -895,7 +895,7 @@ virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetAuthenticationTokenA
 virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetEmailAsync(TUser! user, string? email) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
 virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetLockoutEnabledAsync(TUser! user, bool enabled) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
 virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetLockoutEndDateAsync(TUser! user, System.DateTimeOffset? lockoutEnd) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
-virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetPhoneNumberAsync(TUser! user, string! phoneNumber) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
+virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetPhoneNumberAsync(TUser! user, string? phoneNumber) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
 virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetTwoFactorEnabledAsync(TUser! user, bool enabled) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
 virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.SetUserNameAsync(TUser! user, string? userName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!
 virtual Microsoft.AspNetCore.Identity.UserManager<TUser>.UpdateAsync(TUser! user) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Identity.IdentityResult!>!

src/Identity/Extensions.Core/src/PublicAPI.Unshipped.txt

@@ -1591,7 +1591,7 @@ public virtual async Task<IdentityResult> ChangeEmailAsync(TUser user, string ne
     /// The <see cref="Task"/> that represents the asynchronous operation, containing the <see cref="IdentityResult"/>
     /// of the operation.
     /// </returns>
-    public virtual async Task<IdentityResult> SetPhoneNumberAsync(TUser user, string phoneNumber)
+    public virtual async Task<IdentityResult> SetPhoneNumberAsync(TUser user, string? phoneNumber)
     {
         ThrowIfDisposed();
         var store = GetPhoneNumberStore();

src/Identity/Extensions.Core/src/UserManager.cs

@@ -22,7 +22,7 @@ public abstract class ConfirmEmailModel : PageModel
     ///     directly from your code. This API may change or be removed in future releases.
     /// </summary>
     [TempData]
-    public string StatusMessage { get; set; }
+    public string? StatusMessage { get; set; }
 
     /// <summary>
     ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used

src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmail.cshtml.cs

@@ -22,7 +22,7 @@ public abstract class ConfirmEmailChangeModel : PageModel
     ///     directly from your code. This API may change or be removed in future releases.
     /// </summary>
     [TempData]
-    public string StatusMessage { get; set; }
+    public string? StatusMessage { get; set; }
 
     /// <summary>
     ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used