Fix up user-jwts interactions (#42125)

captainsafia · DamianEdwards · BrennanConroy · web-flow · commit b0a348c790bc · 2022-06-16T14:36:44.000-07:00
* Fix up user-jwts interactions

* Address feedback

* Apply suggestions from code review

Co-authored-by: Damian Edwards &lt;damian@damianedwards.com&gt;

* Apply suggestions from code review

Co-authored-by: Damian Edwards &lt;damian@damianedwards.com&gt;

* Update src/Tools/dotnet-user-jwts/src/Commands/CreateCommand.cs

Co-authored-by: Damian Edwards &lt;damian@damianedwards.com&gt;

* Apply suggestions from code review

Co-authored-by: Brennan &lt;brecon@microsoft.com&gt;

* Warn on invalid expires on argument combo

Co-authored-by: Damian Edwards &lt;damian@damianedwards.com&gt;
Co-authored-by: Brennan &lt;brecon@microsoft.com&gt;
diff --git a/src/Tools/dotnet-user-jwts/src/Commands/CreateCommand.cs b/src/Tools/dotnet-user-jwts/src/Commands/CreateCommand.cs
@@ -3,6 +3,7 @@
 
 using System.Globalization;
 using System.Linq;
+using System.Text;
 using Microsoft.Extensions.CommandLineUtils;
 using Microsoft.Extensions.Tools.Internal;
 
@@ -11,7 +12,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer.Tools;
 internal sealed class CreateCommand
 {
     private static readonly string[] _dateTimeFormats = new[] {
-        "yyyy-MM-dd", "yyyy-MM-dd HH:mm", "yyyy/MM/dd", "yyyy/MM/dd HH:mm" };
+        "yyyy-MM-dd", "yyyy-MM-dd HH:mm", "yyyy/MM/dd", "yyyy/MM/dd HH:mm", "yyyy-MM-ddTHH:mm:ss.fffffffzzz"  };
     private static readonly string[] _timeSpanFormats = new[] {
         @"d\dh\hm\ms\s", @"d\dh\hm\m", @"d\dh\h", @"d\d",
         @"h\hm\ms\s", @"h\hm\m", @"h\h",
@@ -32,7 +33,7 @@ public static void Register(ProjectCommandLineApplication app)
                 );
 
             var nameOption = cmd.Option(
-                "--name",
+                "-n|--name",
                 Resources.CreateCommand_NameOption_Description,
                 CommandOptionType.SingleValue);
 
@@ -80,20 +81,20 @@ public static void Register(ProjectCommandLineApplication app)
 
             cmd.OnExecute(() =>
             {
-                var (options, isValid) = ValidateArguments(
+                var (options, isValid, optionsString) = ValidateArguments(
                     cmd.Reporter, cmd.ProjectOption, schemeNameOption, nameOption, audienceOption, issuerOption, notBeforeOption, expiresOnOption, validForOption, rolesOption, scopesOption, claimsOption);
 
                 if (!isValid)
                 {
                     return 1;
                 }
 
-                return Execute(cmd.Reporter, cmd.ProjectOption.Value(), options);
+                return Execute(cmd.Reporter, cmd.ProjectOption.Value(), options, optionsString);
             });
         });
     }
 
-    private static (JwtCreatorOptions, bool) ValidateArguments(
+    private static (JwtCreatorOptions, bool, string) ValidateArguments(
         IReporter reporter,
         CommandOption projectOption,
         CommandOption schemeNameOption,
@@ -109,16 +110,22 @@ private static (JwtCreatorOptions, bool) ValidateArguments(
     {
         var isValid = true;
         var project = DevJwtCliHelpers.GetProject(projectOption.Value());
+
         var scheme = schemeNameOption.HasValue() ? schemeNameOption.Value() : "Bearer";
+        var optionsString = schemeNameOption.HasValue() ? $"{Resources.JwtPrint_Scheme}: {scheme}{Environment.NewLine}" : string.Empty;
+
         var name = nameOption.HasValue() ? nameOption.Value() : Environment.UserName;
+        optionsString += $"{Resources.JwtPrint_Name}: {name}{Environment.NewLine}";
 
         var audience = audienceOption.HasValue() ? audienceOption.Values : DevJwtCliHelpers.GetAudienceCandidatesFromLaunchSettings(project).ToList();
+        optionsString += audienceOption.HasValue() ? $"{Resources.JwtPrint_Audiences}: {audience}{Environment.NewLine}" : string.Empty;
         if (audience is null)
         {
             reporter.Error(Resources.CreateCommand_NoAudience_Error);
             isValid = false;
         }
         var issuer = issuerOption.HasValue() ? issuerOption.Value() : DevJwtsDefaults.Issuer;
+        optionsString += issuerOption.HasValue() ? $"{Resources.JwtPrint_Issuer}: {issuer}{Environment.NewLine}" : string.Empty;
 
         var notBefore = DateTime.UtcNow;
         if (notBeforeOption.HasValue())
@@ -128,6 +135,7 @@ private static (JwtCreatorOptions, bool) ValidateArguments(
                 reporter.Error(Resources.FormatCreateCommand_InvalidDate_Error("--not-before"));
                 isValid = false;
             }
+            optionsString += $"{Resources.JwtPrint_NotBefore}: {notBefore:O}{Environment.NewLine}";
         }
 
         var expiresOn = notBefore.AddMonths(3);
@@ -138,6 +146,17 @@ private static (JwtCreatorOptions, bool) ValidateArguments(
                 reporter.Error(Resources.FormatCreateCommand_InvalidDate_Error("--expires-on"));
                 isValid = false;
             }
+
+            if (validForOption.HasValue())
+            {
+                reporter.Error(Resources.CreateCommand_InvalidExpiresOn_Error);
+                isValid = false;
+            }
+            else
+            {
+                optionsString += $"{Resources.JwtPrint_ExpiresOn}: {expiresOn:O}{Environment.NewLine}";
+            }
+
         }
 
         if (validForOption.HasValue())
@@ -147,10 +166,23 @@ private static (JwtCreatorOptions, bool) ValidateArguments(
                 reporter.Error(Resources.FormatCreateCommand_InvalidPeriod_Error("--valid-for"));
             }
             expiresOn = notBefore.Add(validForValue);
+
+            if (expiresOnOption.HasValue())
+            {
+                reporter.Error(Resources.CreateCommand_InvalidExpiresOn_Error);
+                isValid = false;
+            }
+            else
+            {
+                optionsString += $"{Resources.JwtPrint_ExpiresOn}: {expiresOn:O}{Environment.NewLine}";
+            }
         }
 
         var roles = rolesOption.HasValue() ? rolesOption.Values : new List<string>();
+        optionsString += rolesOption.HasValue() ? $"{Resources.JwtPrint_Roles}: [{string.Join(", ", roles)}]{Environment.NewLine}" : string.Empty;
+
         var scopes = scopesOption.HasValue() ? scopesOption.Values : new List<string>();
+        optionsString += scopesOption.HasValue() ? $"{Resources.JwtPrint_Scopes}: {string.Join(", ", scopes)}{Environment.NewLine}" : string.Empty;
 
         var claims = new Dictionary<string, string>();
         if (claimsOption.HasValue())
@@ -160,9 +192,13 @@ private static (JwtCreatorOptions, bool) ValidateArguments(
                 reporter.Error(Resources.CreateCommand_InvalidClaims_Error);
                 isValid = false;
             }
+            optionsString += $"{Resources.JwtPrint_CustomClaims}: [{string.Join(", ", claims.Select(kvp => $"{kvp.Key}={kvp.Value}"))}]{Environment.NewLine}";
         }
 
-        return (new JwtCreatorOptions(scheme, name, audience, issuer, notBefore, expiresOn, roles, scopes, claims), isValid);
+        return (
+            new JwtCreatorOptions(scheme, name, audience, issuer, notBefore, expiresOn, roles, scopes, claims),
+            isValid,
+            optionsString);
 
         static bool ParseDate(string datetime, out DateTime parsedDateTime) =>
             DateTime.TryParseExact(datetime, _dateTimeFormats, CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal, out parsedDateTime);
@@ -171,7 +207,8 @@ static bool ParseDate(string datetime, out DateTime parsedDateTime) =>
     private static int Execute(
         IReporter reporter,
         string projectPath,
-        JwtCreatorOptions options)
+        JwtCreatorOptions options,
+        string optionsString)
     {
         if (!DevJwtCliHelpers.GetProjectAndSecretsId(projectPath, reporter, out var project, out var userSecretsId))
         {
@@ -196,6 +233,8 @@ private static int Execute(
         settingsToWrite.Save(appsettingsFilePath);
 
         reporter.Output(Resources.FormatCreateCommand_Confirmed(jwtToken.Id));
+        reporter.Output(optionsString);
+        reporter.Output($"{Resources.JwtPrint_Token}: {jwt.Token}");
 
         return 0;
     }
diff --git a/src/Tools/dotnet-user-jwts/src/Commands/ListCommand.cs b/src/Tools/dotnet-user-jwts/src/Commands/ListCommand.cs
@@ -42,11 +42,11 @@ private static int Execute(IReporter reporter, string projectPath, bool showToke
         if (jwtStore.Jwts is { Count: > 0 } jwts)
         {
             var table = new ConsoleTable(reporter);
-            table.AddColumns("Id", "Scheme Name", "Audience", "Issued", "Expires");
+            table.AddColumns(Resources.JwtPrint_Id, Resources.JwtPrint_Scheme, Resources.JwtPrint_Audiences, Resources.JwtPrint_IssuedOn, Resources.JwtPrint_ExpiresOn);
 
             if (showTokens)
             {
-                table.AddColumns("Encoded Token");
+                table.AddColumns(Resources.JwtPrint_Token);
             }
 
             foreach (var jwtRow in jwts)
diff --git a/src/Tools/dotnet-user-jwts/src/Commands/PrintCommand.cs b/src/Tools/dotnet-user-jwts/src/Commands/PrintCommand.cs
@@ -15,11 +15,7 @@ public static void Register(ProjectCommandLineApplication app)
             cmd.Description = Resources.PrintCommand_Description;
 
             var idArgument = cmd.Argument("[id]", Resources.PrintCommand_IdArgument_Description);
-
-            var showFullOption = cmd.Option(
-                "--show-full",
-                Resources.PrintCommand_ShowFullOption_Description,
-                CommandOptionType.NoValue);
+            var showAllOption = cmd.Option("--show-all", Resources.PrintCommand_ShowAllOption_Description, CommandOptionType.NoValue);
 
             cmd.HelpOption("-h|--help");
 
@@ -30,12 +26,16 @@ public static void Register(ProjectCommandLineApplication app)
                     cmd.ShowHelp();
                     return 0;
                 }
-                return Execute(cmd.Reporter, cmd.ProjectOption.Value(), idArgument.Value, showFullOption.HasValue());
+                return Execute(
+                    cmd.Reporter,
+                    cmd.ProjectOption.Value(),
+                    idArgument.Value,
+                    showAllOption.HasValue());
             });
         });
     }
 
-    private static int Execute(IReporter reporter, string projectPath, string id, bool showFull)
+    private static int Execute(IReporter reporter, string projectPath, string id, bool showAll)
     {
         if (!DevJwtCliHelpers.GetProjectAndSecretsId(projectPath, reporter, out var _, out var userSecretsId))
         {
@@ -50,13 +50,8 @@ private static int Execute(IReporter reporter, string projectPath, string id, bo
         }
 
         reporter.Output(Resources.FormatPrintCommand_Confirmed(id));
-        JwtSecurityToken fullToken;
-
-        if (showFull)
-        {
-            fullToken = JwtIssuer.Extract(jwt.Token);
-            DevJwtCliHelpers.PrintJwt(reporter, jwt, fullToken);
-        }
+        JwtSecurityToken fullToken = JwtIssuer.Extract(jwt.Token);
+        DevJwtCliHelpers.PrintJwt(reporter, jwt, showAll, fullToken);
 
         return 0;
     }
diff --git a/src/Tools/dotnet-user-jwts/src/Helpers/DevJwtCliHelpers.cs b/src/Tools/dotnet-user-jwts/src/Helpers/DevJwtCliHelpers.cs
@@ -7,6 +7,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Configuration.UserSecrets;
 using Microsoft.Extensions.Tools.Internal;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer.Tools;
 
@@ -145,16 +146,48 @@ public static string[] GetAudienceCandidatesFromLaunchSettings(string project)
         return null;
     }
 
-    public static void PrintJwt(IReporter reporter, Jwt jwt, JwtSecurityToken fullToken = null)
+    public static void PrintJwt(IReporter reporter, Jwt jwt, bool showAll, JwtSecurityToken fullToken = null)
     {
-        reporter.Output(JsonSerializer.Serialize(jwt, new JsonSerializerOptions { WriteIndented = true }));
+        reporter.Output($"{Resources.JwtPrint_Id}: {jwt.Id}");
+        reporter.Output($"{Resources.JwtPrint_Name}: {jwt.Name}");
+        reporter.Output($"{Resources.JwtPrint_Scheme}: {jwt.Scheme}");
+        reporter.Output($"{Resources.JwtPrint_Audiences}: {jwt.Audience}");
+        reporter.Output($"{Resources.JwtPrint_NotBefore}: {jwt.NotBefore:O}");
+        reporter.Output($"{Resources.JwtPrint_ExpiresOn}: {jwt.Expires:O}");
+        reporter.Output($"{Resources.JwtPrint_IssuedOn}: {jwt.Issued:O}");
+
+        if (!jwt.Scopes.IsNullOrEmpty() || showAll)
+        {
+            var scopesValue = jwt.Scopes.IsNullOrEmpty()
+                ? "none"
+                : string.Join(", ", jwt.Scopes);
+            reporter.Output($"{Resources.JwtPrint_Scopes}: {scopesValue}");
+        }
+        
+        if (!jwt.Roles.IsNullOrEmpty() || showAll)
+        {
+            var rolesValue = jwt.Roles.IsNullOrEmpty()
+                ? "none"
+                : String.Join(", ", jwt.Roles);
+            reporter.Output($"{Resources.JwtPrint_Roles}: [{rolesValue}]");
+        }
 
-        if (fullToken is not null)
+        if (!jwt.CustomClaims.IsNullOrEmpty() || showAll)
         {
-            reporter.Output($"Token Header: {fullToken.Header.SerializeToJson()}");
-            reporter.Output($"Token Payload: {fullToken.Payload.SerializeToJson()}");
+            var customClaimsValue = jwt.CustomClaims.IsNullOrEmpty()
+                ? "none"
+                : string.Join(", ", jwt.CustomClaims.Select(kvp => $"{kvp.Key}={kvp.Value}"));
+            reporter.Output($"{Resources.JwtPrint_CustomClaims}: [{customClaimsValue}]");
         }
-        reporter.Output($"Compact Token: {jwt.Token}");
+
+        if (showAll)
+        {
+            reporter.Output($"{Resources.JwtPrint_TokenHeader}: {fullToken.Header.SerializeToJson()}");
+            reporter.Output($"{Resources.JwtPrint_TokenPayload}: {fullToken.Payload.SerializeToJson()}");
+        }
+
+        var tokenValueFieldName = showAll ? Resources.JwtPrint_CompactToken : Resources.JwtPrint_Token;
+        reporter.Output($"{tokenValueFieldName}: {jwt.Token}");
     }
 
     public static bool TryParseClaims(List<string> input, out Dictionary<string, string> claims)
diff --git a/src/Tools/dotnet-user-jwts/src/Helpers/Jwt.cs b/src/Tools/dotnet-user-jwts/src/Helpers/Jwt.cs
@@ -24,7 +24,7 @@ public static Jwt Create(
         IEnumerable<string> roles = null,
         IDictionary<string, string> customClaims = null)
     {
-        return new Jwt(token.Id, scheme, token.Subject, token.Audiences.FirstOrDefault(), token.ValidFrom, token.ValidTo, token.IssuedAt, encodedToken)
+        return new Jwt(token.Id, scheme, token.Subject, string.Join(", ", token.Audiences), token.ValidFrom, token.ValidTo, token.IssuedAt, encodedToken)
         {
             Scopes = scopes,
             Roles = roles,
diff --git a/src/Tools/dotnet-user-jwts/src/Program.cs b/src/Tools/dotnet-user-jwts/src/Program.cs
@@ -51,6 +51,11 @@ public void Run(string[] args)
         {
             userJwts.Execute(args);
         }
+        catch (CommandParsingException parsingException)
+        {
+            _reporter.Error(parsingException.Message);
+            userJwts.ShowHelp();
+        }
         catch (Exception ex)
         {
             _reporter.Error(ex.Message);
diff --git a/src/Tools/dotnet-user-jwts/src/Resources.resx b/src/Tools/dotnet-user-jwts/src/Resources.resx
diff --git a/src/Tools/dotnet-user-jwts/test/UserJwtsTests.cs b/src/Tools/dotnet-user-jwts/test/UserJwtsTests.cs

Original file line number	Diff line number	Diff line change
`@@ -42,11 +42,11 @@ private static int Execute(IReporter reporter, string projectPath, bool showToke`
`42`	`42`	`if (jwtStore.Jwts is { Count: > 0 } jwts)`
`43`	`43`	`{`
`44`	`44`	`var table = new ConsoleTable(reporter);`
`45`		`- table.AddColumns("Id", "Scheme Name", "Audience", "Issued", "Expires");`
	`45`	`+ table.AddColumns(Resources.JwtPrint_Id, Resources.JwtPrint_Scheme, Resources.JwtPrint_Audiences, Resources.JwtPrint_IssuedOn, Resources.JwtPrint_ExpiresOn);`
`46`	`46`
`47`	`47`	`if (showTokens)`
`48`	`48`	`{`
`49`		`- table.AddColumns("Encoded Token");`
	`49`	`+ table.AddColumns(Resources.JwtPrint_Token);`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`foreach (var jwtRow in jwts)`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public static Jwt Create(`
`24`	`24`	`IEnumerable<string> roles = null,`
`25`	`25`	`IDictionary<string, string> customClaims = null)`
`26`	`26`	`{`
`27`		`- return new Jwt(token.Id, scheme, token.Subject, token.Audiences.FirstOrDefault(), token.ValidFrom, token.ValidTo, token.IssuedAt, encodedToken)`
	`27`	`+ return new Jwt(token.Id, scheme, token.Subject, string.Join(", ", token.Audiences), token.ValidFrom, token.ValidTo, token.IssuedAt, encodedToken)`
`28`	`28`	`{`
`29`	`29`	`Scopes = scopes,`
`30`	`30`	`Roles = roles,`
Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,11 @@ public void Run(string[] args)`
`51`	`51`	`{`
`52`	`52`	`userJwts.Execute(args);`
`53`	`53`	`}`
	`54`	`+ catch (CommandParsingException parsingException)`
	`55`	`+ {`
	`56`	`+ _reporter.Error(parsingException.Message);`
	`57`	`+ userJwts.ShowHelp();`
	`58`	`+ }`
`54`	`59`	`catch (Exception ex)`
`55`	`60`	`{`
`56`	`61`	`_reporter.Error(ex.Message);`