Merge pull request #1597 from DuendeSoftware/joe/host-updates

Build updates in preparation for .net 9

Directory.Build.targets

@@ -19,14 +19,14 @@
 
         <!--tests -->
         <PackageReference Update="FluentAssertions" Version="6.5.1"/>
-        <PackageReference Update="FluentAssertions.Web" Version="1.2.5"/>
+        <PackageReference Update="FluentAssertions.Web" Version="1.5.0"/>
         <PackageReference Update="Microsoft.NET.Test.Sdk" Version="17.8.0"/>
-        <PackageReference Update="xunit" Version="2.6.2"/>
+        <PackageReference Update="xunit" Version="2.9.0"/>
         <PackageReference Update="xunit.runner.visualstudio" Version="2.5.4" PrivateAssets="All"/>
 
         <!-- testing -->
         <PackageReference Update="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(FrameworkVersion)" />
-        <PackageReference Update="CsQuery.NETStandard" Version="1.3.6.1" />
+        <PackageReference Update="AngleSharp" Version="1.1.2" />
         <PackageReference Update="Microsoft.NET.Test.Sdk" Version="17.8.0" />
 
 
@@ -42,7 +42,7 @@
         <PackageReference Update="Microsoft.IdentityModel.JsonWebTokens" Version="$(WilsonVersion)"/>
         <PackageReference Update="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(WilsonVersion)"/>
         <PackageReference Update="System.IdentityModel.Tokens.Jwt" Version="$(WilsonVersion)"/>
-        <PackageReference Update="Serilog.AspNetCore" Version="8.0.0"/>
+        <PackageReference Update="Serilog.AspNetCore" Version="8.0.2"/>
 
         <!--microsoft asp.net core -->
         <PackageReference Update="Microsoft.AspNetCore.DataProtection.Abstractions" Version="$(FrameworkVersion)"/>
@@ -70,6 +70,17 @@
         <PackageReference Update="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
         <PackageReference Update="OpenTelemetry.Instrumentation.SqlClient" Version="1.8.0-beta.1" />
 
+        <!-- Transitive Dependencies -->
+        <!-- These packages are all transitive dependencies that would
+             otherwise resolve to a version with a security vulnerabilitiy. In future, we
+             would like to update Microsoft.Data.SqlClient and 
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies (assuming
+             that future versions of the intermediate dependencies that don't have this
+             problem exist someday). -->
+        <PackageReference Update="Azure.Identity" Version="1.11.4" />
+        <PackageReference Update="System.Formats.Asn1" Version="8.0.1" />
+        <PackageReference Update="Microsoft.Data.SqlClient" Version="5.1.6" />
+        <PackageReference Update="System.Text.Json" Version="8.0.4" />
     </ItemGroup>
 
     <Target Name="SetAssemblyVersion" AfterTargets="MinVer">

hosts/AspNetIdentity/Host.AspNetIdentity.csproj

@@ -23,6 +23,18 @@
         <PackageReference Include="OpenTelemetry.Instrumentation.SqlClient" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference
             Include="..\..\src\AspNetIdentity\Duende.IdentityServer.AspNetIdentity.csproj" />

hosts/Configuration/Host.Configuration.csproj

@@ -36,6 +36,18 @@
 
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\IdentityServer\Duende.IdentityServer.csproj" />
         <ProjectReference Include="..\..\src\Configuration\Duende.IdentityServer.Configuration.csproj" />

hosts/EntityFramework/Host.EntityFramework.csproj

@@ -22,6 +22,18 @@
         <PackageReference Include="OpenTelemetry.Instrumentation.SqlClient" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\Configuration\Duende.IdentityServer.Configuration.csproj" />
         <ProjectReference Include="..\..\src\Configuration.EntityFramework\Duende.IdentityServer.Configuration.EntityFramework.csproj" />

hosts/EntityFramework/Pages/Admin/Clients/ClientRepository.cs

@@ -24,7 +24,7 @@ public class CreateClientModel : ClientSummaryModel
     public string Secret { get; set; } = default!;
 }
 
-public class ClientModel : CreateClientModel, IValidatableObject
+public class EditClientModel : CreateClientModel, IValidatableObject
 {
     [Required]
     public string AllowedScopes { get; set; } = default!;
@@ -91,7 +91,7 @@ public async Task<IEnumerable<ClientSummaryModel>> GetAllAsync(string? filter =
         return await result.ToArrayAsync();
     }
 
-    public async Task<ClientModel?> GetByIdAsync(string id)
+    public async Task<EditClientModel?> GetByIdAsync(string id)
     {
         var client = await _context.Clients
             .Include(x => x.AllowedGrantTypes)
@@ -103,7 +103,7 @@ public async Task<IEnumerable<ClientSummaryModel>> GetAllAsync(string? filter =
 
         if (client == null) return null;
 
-        return new ClientModel
+        return new EditClientModel
         {
             ClientId = client.ClientId,
             Name = client.ClientName,
@@ -146,7 +146,7 @@ public async Task CreateAsync(CreateClientModel model)
         await _context.SaveChangesAsync();
     }
 
-    public async Task UpdateAsync(ClientModel model)
+    public async Task UpdateAsync(EditClientModel model)
     {
         ArgumentNullException.ThrowIfNull(model);
         var client = await _context.Clients

hosts/EntityFramework/Pages/Admin/Clients/Edit.cshtml.cs

@@ -19,7 +19,7 @@ public EditModel(ClientRepository repository)
     }
 
     [BindProperty]
-    public ClientModel InputModel { get; set; } = default!;
+    public EditClientModel InputModel { get; set; } = default!;
     [BindProperty]
     public string? Button { get; set; }
 

migrations/IdentityServerDb/IdentityServerDb.csproj

@@ -9,6 +9,19 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework.Storage\Duende.IdentityServer.EntityFramework.Storage.csproj" />
         <ProjectReference Include="..\..\src\IdentityServer\Duende.IdentityServer.csproj" />

test/Configuration.IntegrationTests/Configuration.IntegrationTests.csproj

@@ -23,9 +23,9 @@
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="FluentAssertions" />
-    <PackageReference Include="CsQuery.NETStandard" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" />
+    <PackageReference Include="AngleSharp" />
   </ItemGroup>
 </Project>

test/EntityFramework.IntegrationTests/EntityFramework.IntegrationTests.csproj

@@ -15,6 +15,20 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework\Duende.IdentityServer.EntityFramework.csproj" />
     </ItemGroup>

test/EntityFramework.Storage.IntegrationTests/EntityFramework.Storage.IntegrationTests.csproj

@@ -19,6 +19,19 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- The packages in this ItemGroup are all transitive dependencies that
+             would otherwise resolve to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.Data.SqlClient and
+             Microsoft.EntityFrameworkCore, and remove these explicit dependencies
+             (assuming that future versions of the intermediate dependencies that
+             don't have this problem exist someday). -->
+        <PackageReference Include="Azure.Identity" />
+        <PackageReference Include="System.Formats.Asn1" />
+        <PackageReference Include="Microsoft.Data.SqlClient" />
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework.Storage\Duende.IdentityServer.EntityFramework.Storage.csproj" />
         <ProjectReference Include="..\..\src\IdentityServer\Duende.IdentityServer.csproj" />

test/EntityFramework.Storage.UnitTests/EntityFramework.Storage.UnitTests.csproj

@@ -13,6 +13,15 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- This package is a transitive dependency that would otherwise resolve 
+             to a version with a security vulnerabilitiy. 
+             In future, we would like to update Microsoft.EntityFrameworkCore.Sqlite,
+             and remove this explicit dependency (assuming that future versions of 
+             the sqlite package that doesn't have this problem exist someday). -->
+        <PackageReference Include="System.Text.Json" />
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\..\src\EntityFramework.Storage\Duende.IdentityServer.EntityFramework.Storage.csproj" />
     </ItemGroup>

test/IdentityServer.IntegrationTests/IdentityServer.IntegrationTests.csproj

@@ -13,15 +13,18 @@
         <PackageReference Include="Microsoft.AspNetCore.TestHost" />
         <PackageReference Include="System.IdentityModel.Tokens.Jwt" />
         <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
-
-        <PackageReference Include="CsQuery.NETStandard" Version="1.3.6.1" />
-
+        <PackageReference Include="AngleSharp" />
         <PackageReference Include="xunit" />
         <PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
         <PackageReference Include="FluentAssertions" />
         <PackageReference Include="FluentAssertions.Web" />
     </ItemGroup>
 
+    <ItemGroup>
+        <PackageReference Include="System.Net.Http" Version="4.3.4" />
+        <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
+    </ItemGroup>
+
     <ItemGroup>
         <None Update="identityserver_testing.cer">
             <CopyToOutputDirectory>Always</CopyToOutputDirectory>

test/IdentityServer.IntegrationTests/TestFramework/TestBrowserClient.cs

@@ -2,7 +2,9 @@
 // See LICENSE in the project root for license information.
 
 
-using CsQuery;
+using AngleSharp.Dom;
+using AngleSharp.Html.Dom;
+using AngleSharp.Html.Parser;
 using FluentAssertions;
 using System;
 using System.Collections.Generic;
@@ -110,18 +112,17 @@ public async Task<HtmlForm> ReadFormAsync(HttpResponseMessage response, string s
     {
         response.StatusCode.Should().Be(HttpStatusCode.OK);
 
-        var htmlForm = new HtmlForm
-        {
-
-        };
+        var htmlForm = new HtmlForm();
 
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var form = dom.Find(selector ?? "form");
-        form.Length.Should().Be(1);
+        var parser = new HtmlParser();
+        var document = await parser.ParseDocumentAsync(html);
+
+        var form = document.QuerySelector(selector ?? "form") as IHtmlFormElement;
+        form.Should().NotBeNull();
 
-        var postUrl = form.Attr("action");
+        var postUrl = form.Action;
         if (!postUrl.StartsWith("http", StringComparison.OrdinalIgnoreCase))
         {
             if (postUrl.StartsWith("/"))
@@ -135,14 +136,13 @@ public async Task<HtmlForm> ReadFormAsync(HttpResponseMessage response, string s
         }
         htmlForm.Action = postUrl;
 
-
         var data = new Dictionary<string, string>();
 
-        var inputs = form.Find("input");
-        foreach (var input in inputs)
+        var inputs = form.QuerySelectorAll("input");
+        foreach (var input in inputs.OfType<IHtmlInputElement>())
         {
-            var name = input.GetAttribute("name");
-            var value = input.GetAttribute("value");
+            var name = input.Name;
+            var value = input.Value;
 
             if (!data.ContainsKey(name))
             {
@@ -158,17 +158,18 @@ public async Task<HtmlForm> ReadFormAsync(HttpResponseMessage response, string s
         return htmlForm;
     }
 
-
     public Task<string> ReadElementTextAsync(string selector)
     {
         return ReadElementTextAsync(LastResponse, selector);
     }
+
     public async Task<string> ReadElementTextAsync(HttpResponseMessage response, string selector)
     {
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelector(selector);
         return element.Text();
     }
 
@@ -180,9 +181,10 @@ public async Task<string> ReadElementAttributeAsync(HttpResponseMessage response
     {
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
-        return element.Attr(attribute);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelector(selector);
+        return element.GetAttribute(attribute);
     }
 
     public Task AssertExistsAsync(string selector)
@@ -196,8 +198,9 @@ public async Task AssertExistsAsync(HttpResponseMessage response, string selecto
 
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelectorAll(selector);
         element.Length.Should().BeGreaterThan(0);
     }
 
@@ -211,8 +214,9 @@ public async Task AssertNotExistsAsync(HttpResponseMessage response, string sele
 
         var html = await response.Content.ReadAsStringAsync();
 
-        var dom = new CQ(html);
-        var element = dom.Find(selector);
+        var parser = new HtmlParser();
+        var dom = parser.ParseDocument(html);
+        var element = dom.QuerySelectorAll(selector);
         element.Length.Should().Be(0);
     }