Restructure security concerns

.vscode/settings.json

@@ -1,7 +1,7 @@
 {
     "rest-client.environmentVariables": {
         "$shared": {
-            "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiTGlvciIsImZhbWlseV9uYW1lIjoiRGFnYW4iLCJlbWFpbCI6Imxpb3JAZGFnYW4uY29tIiwiaWQiOiJhYWU5M2JmNS05ZTNjLTQ3YjMtYWFjZS0zMDM0NjUzYjZiYjIiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbiIsInBlcm1pc3Npb25zIjpbInNldDpyZW1pbmRlciIsImdldDpyZW1pbmRlciIsImRpc21pc3M6cmVtaW5kZXIiLCJkZWxldGU6cmVtaW5kZXIiLCJjcmVhdGU6c3Vic2NyaXB0aW9uIiwiZGVsZXRlOnN1YnNjcmlwdGlvbiIsImdldDpzdWJzY3JpcHRpb24iXSwiZXhwIjoxNzAzNjA2Njk3LCJpc3MiOiJSZW1pbmRlclNlcnZpY2UiLCJhdWQiOiJSZW1pbmRlclNlcnZpY2UifQ.YhGGMluj3C0n-_UNR_Xs57lJejZde2uGf_3wgWD0eXE",
+            "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiTGlvciIsImZhbWlseV9uYW1lIjoiRGFnYW4iLCJlbWFpbCI6Imxpb3JAZGFnYW4uY29tIiwiaWQiOiJhYWU5M2JmNS05ZTNjLTQ3YjMtYWFjZS0zMDM0NjUzYjZiYjIiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbiIsInBlcm1pc3Npb25zIjpbInNldDpyZW1pbmRlciIsImdldDpyZW1pbmRlciIsImRpc21pc3M6cmVtaW5kZXIiLCJkZWxldGU6cmVtaW5kZXIiLCJjcmVhdGU6c3Vic2NyaXB0aW9uIiwiZGVsZXRlOnN1YnNjcmlwdGlvbiIsImdldDpzdWJzY3JpcHRpb24iXSwiZXhwIjoxNzAzNzY0ODA4LCJpc3MiOiJSZW1pbmRlclNlcnZpY2UiLCJhdWQiOiJSZW1pbmRlclNlcnZpY2UifQ.hY4F9MC3jDF-xieCnGtmYrnf1--crcnlmHSAE4_3z2I",
             "userId": "aae93bf5-9e3c-47b3-aace-3034653b6bb2",
             "subscriptionId": "c8ee11f0-d4bb-4b43-a448-d511924b520e",
             "reminderId": "08233bb1-ce29-49e2-b346-5f8b7cf61593"

src/CleanArchitecture.Infrastructure/DependencyInjection.cs

@@ -3,14 +3,13 @@
 
 using CleanArchitecture.Application.Common.Interfaces;
 using CleanArchitecture.Infrastructure.Common;
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
-using CleanArchitecture.Infrastructure.Configuration;
 using CleanArchitecture.Infrastructure.Reminders.BackgroundServices;
 using CleanArchitecture.Infrastructure.Reminders.Persistence;
 using CleanArchitecture.Infrastructure.Security;
 using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 using CleanArchitecture.Infrastructure.Security.PolicyEnforcer;
 using CleanArchitecture.Infrastructure.Security.TokenGenerator;
+using CleanArchitecture.Infrastructure.Security.TokenValidation;
 using CleanArchitecture.Infrastructure.Services;
 using CleanArchitecture.Infrastructure.Users.Persistence;
 
@@ -29,7 +28,7 @@ public static IServiceCollection AddInfrastructure(this IServiceCollection servi
             .AddHttpContextAccessor()
             .AddServices()
             .AddBackgroundServices(configuration)
-            .AddAuthentication()
+            .AddAuthentication(configuration)
             .AddAuthorization()
             .AddPersistence();
 
@@ -50,6 +49,8 @@ private static IServiceCollection AddEmailNotifications(
         EmailSettings emailSettings = new();
         configuration.Bind(EmailSettings.Section, emailSettings);
 
+        Console.WriteLine($"Enable email notifications: {emailSettings.EnableEmailNotifications}");
+
         if (!emailSettings.EnableEmailNotifications)
         {
             return services;
@@ -96,16 +97,15 @@ private static IServiceCollection AddAuthorization(this IServiceCollection servi
         return services;
     }
 
-    private static IServiceCollection AddAuthentication(this IServiceCollection services)
+    private static IServiceCollection AddAuthentication(this IServiceCollection services, IConfiguration configuration)
     {
-        services.AddOptions<JwtSettings>()
-            .BindConfiguration(JwtSettings.Section);
+        services.Configure<JwtSettings>(configuration.GetSection(JwtSettings.Section));
 
         services.AddSingleton<IJwtTokenGenerator, JwtTokenGenerator>();
 
-        services.ConfigureOptions<JwtBearerOptionsSetup>();
-
-        services.AddAuthentication(defaultScheme: JwtBearerDefaults.AuthenticationScheme)
+        services
+            .ConfigureOptions<JwtBearerTokenValidationConfiguration>()
+            .AddAuthentication(defaultScheme: JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer();
 
         return services;

src/CleanArchitecture.Infrastructure/Common/Security/AuthorizationService.cs → src/CleanArchitecture.Infrastructure/Security/AuthorizationService.cs

@@ -1,6 +1,6 @@
 using CleanArchitecture.Application.Common.Interfaces;
 using CleanArchitecture.Application.Common.Security.Request;
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 using CleanArchitecture.Infrastructure.Security.PolicyEnforcer;
 
 using ErrorOr;

src/CleanArchitecture.Infrastructure/Common/Security/CurrentUserProvider/CurrentUser.cs → src/CleanArchitecture.Infrastructure/Security/CurrentUserProvider/CurrentUser.cs

@@ -1,4 +1,4 @@
-namespace CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+namespace CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 
 public record CurrentUser(
     Guid Id,

src/CleanArchitecture.Infrastructure/Common/Security/CurrentUserProvider/CurrentUserProvider.cs → src/CleanArchitecture.Infrastructure/Security/CurrentUserProvider/CurrentUserProvider.cs

@@ -1,8 +1,6 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
-
 using Microsoft.AspNetCore.Http;
 
 using Throw;

src/CleanArchitecture.Infrastructure/Security/CurrentUserProvider/ICurrentUserProvider.cs

@@ -0,0 +1,6 @@
+namespace CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
+
+public interface ICurrentUserProvider
+{
+    CurrentUser GetCurrentUser();
+}

src/CleanArchitecture.Infrastructure/Common/Security/PolicyEnforcer/IPolicyEnforcer.cs → src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/IPolicyEnforcer.cs

@@ -1,5 +1,5 @@
 using CleanArchitecture.Application.Common.Security.Request;
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 
 using ErrorOr;
 

src/CleanArchitecture.Infrastructure/Common/Security/PolicyEnforcer/PolicyEnforcer.cs → src/CleanArchitecture.Infrastructure/Security/PolicyEnforcer/PolicyEnforcer.cs

@@ -1,7 +1,7 @@
 using CleanArchitecture.Application.Common.Security.Policies;
 using CleanArchitecture.Application.Common.Security.Request;
 using CleanArchitecture.Application.Common.Security.Roles;
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 
 using ErrorOr;
 

src/CleanArchitecture.Infrastructure/Configuration/JwtBearerOptionsSetup.cs → src/CleanArchitecture.Infrastructure/Security/TokenValidation/JwtBearerTokenValidationConfiguration.cs

@@ -1,32 +1,32 @@
-using System.Text;
-
-using CleanArchitecture.Infrastructure.Security.TokenGenerator;
-
-using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
-
-namespace CleanArchitecture.Infrastructure.Configuration;
-
-public sealed class JwtBearerOptionsSetup(IOptions<JwtSettings> jwtSettings)
-    : IConfigureNamedOptions<JwtBearerOptions>
-{
-    private readonly JwtSettings _jwtSettings = jwtSettings.Value;
-
-    public void Configure(string? name, JwtBearerOptions options) => Configure(options);
-
-    public void Configure(JwtBearerOptions options)
-    {
-        options.TokenValidationParameters = new TokenValidationParameters
-        {
-            ValidateIssuer = true,
-            ValidateAudience = true,
-            ValidateLifetime = true,
-            ValidateIssuerSigningKey = true,
-            ValidIssuer = _jwtSettings.Issuer,
-            ValidAudience = _jwtSettings.Audience,
-            IssuerSigningKey = new SymmetricSecurityKey(
-                Encoding.UTF8.GetBytes(_jwtSettings.Secret)),
-        };
-    }
-}
+using System.Text;
+
+using CleanArchitecture.Infrastructure.Security.TokenGenerator;
+
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+
+namespace CleanArchitecture.Infrastructure.Security.TokenValidation;
+
+public sealed class JwtBearerTokenValidationConfiguration(IOptions<JwtSettings> jwtSettings)
+    : IConfigureNamedOptions<JwtBearerOptions>
+{
+    private readonly JwtSettings _jwtSettings = jwtSettings.Value;
+
+    public void Configure(string? name, JwtBearerOptions options) => Configure(options);
+
+    public void Configure(JwtBearerOptions options)
+    {
+        options.TokenValidationParameters = new TokenValidationParameters
+        {
+            ValidateIssuer = true,
+            ValidateAudience = true,
+            ValidateLifetime = true,
+            ValidateIssuerSigningKey = true,
+            ValidIssuer = _jwtSettings.Issuer,
+            ValidAudience = _jwtSettings.Audience,
+            IssuerSigningKey = new SymmetricSecurityKey(
+                Encoding.UTF8.GetBytes(_jwtSettings.Secret)),
+        };
+    }
+}

tests/CleanArchitecture.Application.SubcutaneousTests/Common/WebAppFactory.cs

@@ -1,6 +1,6 @@
 using CleanArchitecture.Api;
 using CleanArchitecture.Infrastructure.Common;
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Testing;
@@ -48,11 +48,11 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
             services
                 .RemoveAll<DbContextOptions<AppDbContext>>()
                 .AddDbContext<AppDbContext>((sp, options) => options.UseSqlite(TestDatabase.Connection));
-
-            builder.ConfigureAppConfiguration((context, conf) => conf.AddInMemoryCollection(new Dictionary<string, string?>
-            {
-                { "EmailSettings:EnableEmailNotifications", "false" },
-            }));
         });
+
+        builder.ConfigureAppConfiguration((context, conf) => conf.AddInMemoryCollection(new Dictionary<string, string?>
+        {
+            { "EmailSettings:EnableEmailNotifications", "false" },
+        }));
     }
 }

tests/TestCommon/Security/CurrentUserFactory.cs

@@ -1,4 +1,4 @@
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 
 using TestCommon.TestConstants;
 

tests/TestCommon/Security/TestCurrentUserProvider.cs

@@ -1,4 +1,4 @@
-using CleanArchitecture.Infrastructure.Common.Security.CurrentUserProvider;
+using CleanArchitecture.Infrastructure.Security.CurrentUserProvider;
 
 namespace TestCommon.Security;