[release/2.3] Merge from internal #60878
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…h wrong user Since this is a patch, instead of throwing an exception in cases where we wouldn't before like we do in the PR to main, we instead log an error and fail to refresh the cookie if RefreshSignInAsync is called with a TUser that does not have the same user ID as the currently authenticated user. While this does not make it *as* obvious to developers that something has gone wrong, error logs are still pretty visible, and stale cookies are something web developers have to account for regardless.
dotnet-issue-labeler
bot
added
the
area-infrastructure
|
Hey @dotnet/aspnet-build, looks like this PR is something you want to take a look at. |
There was a problem hiding this comment.
Pull Request Overview
This PR merges changes from the internal release/2.3 branch with updates focused on sign-in behavior and test coverage for the sign-in workflow.
- Updated the resignation flows to rely on an explicit parameter list without suppressing warnings.
- Added two new tests to verify proper error logging and no-op behavior in RefreshSignInAsync when sign-in conditions are not met.
- Revised RefreshSignInAsync in the core to handle unauthenticated and mismatched user cases with early returns after error logging.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/Identity/test/Identity.Test/SignInManagerTest.cs | Updated test methods for resigning sign in, including improved ClaimsIdentity usage and additional tests for error cases. |
| src/Identity/Core/src/SignInManager.cs | Modified RefreshSignInAsync to log errors and exit early if sign-in preconditions are not satisfied. |
Comments suppressed due to low confidence (2)
src/Identity/test/Identity.Test/SignInManagerTest.cs:558
- [nitpick] Consider replacing the hard-coded 'authscheme' string with a constant or configuration value to improve consistency and reduce duplication.
var id = new ClaimsIdentity("authscheme");
src/Identity/test/Identity.Test/SignInManagerTest.cs:634
- [nitpick] The literal 'different' is used to simulate a mismatched user ID; consider using a more descriptive constant or variable name for clarity.
manager.Setup(m => m.GetUserId(claimsPrincipal)).Returns("different");
halter73
approved these changes
Mar 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Should be merge-committed, not squashed