Add DataProtection to the AuthenticationManager to store user and password in secure way

#95

Author: ziagham

src/FlowCtl.Infrastructure/Extensions/ServiceCollectionExtensions.cs

@@ -15,6 +15,7 @@ public static class ServiceCollectionExtensions
 {
     public static IServiceCollection AddInfrastructure(this IServiceCollection services)
     {
+        services.AddDataProtection();
         services
                 .AddSingleton(new GitHubClient(new ProductHeaderValue("flowsynx")))
                 .AddSingleton<IGitHubReleaseManager, GitHubReleaseManager>()

src/FlowCtl.Infrastructure/FlowCtl.Infrastructure.csproj

@@ -17,7 +17,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="9.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Abstractions" Version="9.0.4" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.4" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="Octokit" Version="14.0.0" />
     <PackageReference Include="SharpCompress" Version="0.39.0" />

src/FlowCtl.Infrastructure/Services/Authentication/AuthenticationManager.cs

@@ -1,5 +1,6 @@
 using FlowCtl.Core.Serialization;
 using FlowCtl.Core.Services.Authentication;
+using Microsoft.AspNetCore.DataProtection;
 
 namespace FlowCtl.Infrastructure.Services.Authentication;
 
@@ -8,27 +9,32 @@ public class AuthenticationManager : IAuthenticationManager
     private const string ConfigPath = "config.json";
     private readonly IJsonSerializer _jsonSerializer;
     private readonly IJsonDeserializer _jsonDeserializer;
+    private readonly IDataProtector _protector;
 
-    public AuthenticationManager(IJsonSerializer jsonSerializer, IJsonDeserializer jsonDeserializer)
+    public AuthenticationManager(
+        IJsonSerializer jsonSerializer,
+        IJsonDeserializer jsonDeserializer,
+        IDataProtectionProvider dataProtectionProvider)
     {
         _jsonSerializer = jsonSerializer;
         _jsonDeserializer = jsonDeserializer;
+        _protector = dataProtectionProvider.CreateProtector("AuthenticationManager.Protector");
     }
 
     public bool IsLoggedIn => File.Exists(ConfigPath) && Load() is { } data && (
         data.Type == AuthenticationType.Basic || data.Expiry is null || data.Expiry > DateTime.UtcNow
     );
 
-    public bool IsBasicAuthenticationUsed => File.Exists(ConfigPath) && Load() is { } data && 
+    public bool IsBasicAuthenticationUsed => File.Exists(ConfigPath) && Load() is { } data &&
         data.Type == AuthenticationType.Basic;
 
     public AuthenticationData LoginBasic(string username, string password)
     {
         var data = new AuthenticationData
         {
             Type = AuthenticationType.Basic,
-            Username = username,
-            Password = password
+            Username = _protector.Protect(username),
+            Password = _protector.Protect(password) // Encrypt password
         };
         Save(data);
         return data;
@@ -39,7 +45,7 @@ public AuthenticationData LoginBearer(string token)
         var data = new AuthenticationData
         {
             Type = AuthenticationType.Bearer,
-            AccessToken = token,
+            AccessToken = _protector.Protect(token), // Encrypt token
             Expiry = DateTime.UtcNow.AddHours(1)
         };
         Save(data);
@@ -48,7 +54,21 @@ public AuthenticationData LoginBearer(string token)
 
     public AuthenticationData? GetData()
     {
-        return Load();
+        var data = Load();
+
+        if (data != null)
+        {
+            if (data.Username != null)
+                data.Username = _protector.Unprotect(data.Username);
+
+            if (data?.Type == AuthenticationType.Basic && data.Password != null)
+                data.Password = _protector.Unprotect(data.Password);
+            
+            if (data?.Type == AuthenticationType.Bearer && data.AccessToken != null)
+                data.AccessToken = _protector.Unprotect(data.AccessToken);
+        }
+
+        return data;
     }
 
     public void Logout()
@@ -66,4 +86,70 @@ private void Save(AuthenticationData data)
     {
         File.WriteAllText(ConfigPath, _jsonSerializer.Serialize(data));
     }
-}
+}
+
+
+//public class AuthenticationManager : IAuthenticationManager
+//{
+//    private const string ConfigPath = "config.json";
+//    private readonly IJsonSerializer _jsonSerializer;
+//    private readonly IJsonDeserializer _jsonDeserializer;
+
+//    public AuthenticationManager(IJsonSerializer jsonSerializer, IJsonDeserializer jsonDeserializer)
+//    {
+//        _jsonSerializer = jsonSerializer;
+//        _jsonDeserializer = jsonDeserializer;
+//    }
+
+//    public bool IsLoggedIn => File.Exists(ConfigPath) && Load() is { } data && (
+//        data.Type == AuthenticationType.Basic || data.Expiry is null || data.Expiry > DateTime.UtcNow
+//    );
+
+//    public bool IsBasicAuthenticationUsed => File.Exists(ConfigPath) && Load() is { } data && 
+//        data.Type == AuthenticationType.Basic;
+
+//    public AuthenticationData LoginBasic(string username, string password)
+//    {
+//        var data = new AuthenticationData
+//        {
+//            Type = AuthenticationType.Basic,
+//            Username = username,
+//            Password = password
+//        };
+//        Save(data);
+//        return data;
+//    }
+
+//    public AuthenticationData LoginBearer(string token)
+//    {
+//        var data = new AuthenticationData
+//        {
+//            Type = AuthenticationType.Bearer,
+//            AccessToken = token,
+//            Expiry = DateTime.UtcNow.AddHours(1)
+//        };
+//        Save(data);
+//        return data;
+//    }
+
+//    public AuthenticationData? GetData()
+//    {
+//        return Load();
+//    }
+
+//    public void Logout()
+//    {
+//        if (File.Exists(ConfigPath)) File.Delete(ConfigPath);
+//    }
+
+//    private AuthenticationData? Load()
+//    {
+//        if (!File.Exists(ConfigPath)) return null;
+//        return _jsonDeserializer.Deserialize<AuthenticationData>(File.ReadAllText(ConfigPath));
+//    }
+
+//    private void Save(AuthenticationData data)
+//    {
+//        File.WriteAllText(ConfigPath, _jsonSerializer.Serialize(data));
+//    }
+//}