⬆️ Bump files with dotnet-file sync

# devlooped/oss

- Update to newest JsonWebTokens devlooped/oss@068140b
- Add support and showcase determining install time devlooped/oss@717ddb1
- Fix formatting/whitespace devlooped/oss@7febebc
- Switch to built-in item metadata for manifest analyzer files devlooped/oss@49c9a38
- Extend grace period to unknown status too devlooped/oss@9f918ec
- Change debug traces location to the well-known location of .sponsorlink devlooped/oss@1019e2a
- Remove unused tracing overloads devlooped/oss@08a8488
- Fix roles checking from new identity-based token handler devlooped/oss@6eecf46

src/SponsorLink/Analyzer/StatusReportingAnalyzer.cs

@@ -14,14 +14,14 @@ namespace Analyzer;
 public class StatusReportingAnalyzer : DiagnosticAnalyzer
 {
     public override ImmutableArray<DiagnosticDescriptor> SupportedDiagnostics => ImmutableArray.Create(new DiagnosticDescriptor(
-        "SL001", "Report Sponsoring Status", "Reports sponsoring status determined by SponsorLink", "Sponsors", 
+        "SL001", "Report Sponsoring Status", "Reports sponsoring status determined by SponsorLink", "Sponsors",
         DiagnosticSeverity.Warning, true));
 
     public override void Initialize(AnalysisContext context)
     {
         context.EnableConcurrentExecution();
         context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
-        
+
         context.RegisterCompilationAction(c =>
         {
             var installed = c.Options.AdditionalFiles.Where(x =>

src/SponsorLink/SponsorLink.targets

@@ -16,8 +16,8 @@
     <FundingProduct Condition="'$(FundingProduct)' == ''">$(Product)</FundingProduct>
     <!-- Default prefix is the joined upper-case letters in the product name (i.e. for ThisAssembly, TA) -->
     <FundingPrefix Condition="'$(FundingPrefix)' == ''">$([System.Text.RegularExpressions.Regex]::Replace("$(FundingProduct)", "[^A-Z]", ""))</FundingPrefix>
-    <!-- Default grace days for an expired sponsor manifest -->
-    <FundingGrace Condition="'$(FundingGrace)' == ''">21</FundingGrace>
+    <!-- Default grace days for an expired sponsor manifest or unknown status -->
+    <FundingGrace Condition="'$(FundingGrace)' == ''">15</FundingGrace>
   </PropertyGroup>
 
   <ItemGroup>

src/SponsorLink/SponsorLink/SponsorLink.cs

@@ -88,7 +88,7 @@ public static bool TryRead([NotNullWhen(true)] out ClaimsPrincipal? principal, I
             if (Validate(value.jwt, value.jwk, out var token, out var identity, false) == ManifestStatus.Valid && identity != null)
             {
                 if (principal == null)
-                    principal = new(identity);
+                    principal = new JwtRolesPrincipal(identity);
                 else
                     principal.AddIdentity(identity);
             }
@@ -158,7 +158,7 @@ public static ManifestStatus Validate(string jwt, string jwk, out SecurityToken?
         }
 
         token = result.SecurityToken;
-        identity = new ClaimsIdentity(result.ClaimsIdentity.Claims);
+        identity = new ClaimsIdentity(result.ClaimsIdentity.Claims, "JWT");
 
         if (validateExpiration && token.ValidTo == DateTime.MinValue)
             return ManifestStatus.Invalid;
@@ -169,4 +169,9 @@ public static ManifestStatus Validate(string jwt, string jwk, out SecurityToken?
 
         return ManifestStatus.Valid;
     }
+
+    class JwtRolesPrincipal(ClaimsIdentity identity) : ClaimsPrincipal([identity])
+    {
+        public override bool IsInRole(string role) => HasClaim("roles", role) || base.IsInRole(role);
+    }
 }

src/SponsorLink/SponsorLink/SponsorLinkAnalyzer.cs

@@ -58,17 +58,49 @@ public override void Initialize(AnalysisContext context)
 
             // Setting the status early allows other analyzers to potentially check for it.
             var status = SetStatus(manifests);
+
             // Never report any diagnostic unless we're in an editor.
             if (IsEditor)
             {
-                // NOTE: even if we don't report the diagnostic, we still set the status so other analyzers can use it.
                 ctx.RegisterCompilationEndAction(ctx =>
                 {
                     // NOTE: for multiple projects with the same product name, we only report one diagnostic, 
                     // so it's expected to NOT get a diagnostic back. Also, we don't want to report 
                     // multiple diagnostics for each project in a solution that uses the same product.
                     if (Diagnostics.Pop(Funding.Product) is Diagnostic diagnostic)
                     {
+                        // For unknown (never sync'ed), only report if install grace period is over
+                        if (status == SponsorStatus.Unknown)
+                        {
+                            var noGrace = ctx.Options.AnalyzerConfigOptionsProvider.GlobalOptions.TryGetValue("build_property.SponsorLinkNoInstallGrace", out var value) &&
+                                           bool.TryParse(value, out var skipCheck) && skipCheck;
+
+                            // NOTE: we'll always report if noGrace is set to true, regardless of install time, for 
+                            // testing purposes. This can be achieved via MSBuild with:
+                            // <PropertyGroup>
+                            //   <SponsorLinkNoInstallGrace>true</SponsorLinkNoInstallGrace>
+                            // </PropertyGroup>
+                            // <ItemGroup>
+                            //   <CompilerVisibleProperty Include="SponsorLinkNoInstallGrace" />
+                            // </ItemGroup>
+                            if (noGrace == false)
+                            {
+                                var installed = ctx.Options.AdditionalFiles.Where(x =>
+                                {
+                                    var options = ctx.Options.AnalyzerConfigOptionsProvider.GetOptions(x);
+                                    // In release builds, we'll have a single such item, since we IL-merge the analyzer.
+                                    return options.TryGetValue("build_metadata.Analyzer.ItemType", out var itemType) &&
+                                           options.TryGetValue("build_metadata.Analyzer.NuGetPackageId", out var packageId) &&
+                                           itemType == "Analyzer" &&
+                                           packageId == Funding.Product;
+                                }).Select(x => File.GetLastWriteTime(x.Path)).OrderByDescending(x => x).FirstOrDefault();
+
+                                // NOTE: if we can't determine install time, we'll always report.
+                                if (installed != default && installed.AddDays(Funding.Grace) > DateTime.Now)
+                                    return;
+                            }
+                        }
+
                         ctx.ReportDiagnostic(diagnostic);
                     }
                 });

src/SponsorLink/SponsorLink/Tracing.cs

@@ -10,12 +10,6 @@ namespace Devlooped.Sponsors;
 
 static class Tracing
 {
-    public static void Trace(string message, object? value, [CallerArgumentExpression("value")] string? expression = null, [CallerFilePath] string? filePath = null, [CallerLineNumber] int lineNumber = 0)
-        => Trace($"{message}: {value} ({expression})", filePath, lineNumber);
-
-    public static void Trace(object? value, [CallerArgumentExpression("value")] string? expression = null, [CallerFilePath] string? filePath = null, [CallerLineNumber] int lineNumber = 0)
-        => Trace($"{value} ({expression})", filePath, lineNumber);
-
     public static void Trace([CallerMemberName] string? message = null, [CallerFilePath] string? filePath = null, [CallerLineNumber] int lineNumber = 0)
     {
         var trace = !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("SPONSORLINK_TRACE"));

src/SponsorLink/Tests/Sample.cs

@@ -40,7 +40,7 @@ public void Test(string culture, SponsorStatus kind)
     public void RenderSponsorables()
     {
         Assert.NotEmpty(SponsorLink.Sponsorables);
-        
+
         foreach (var pair in SponsorLink.Sponsorables)
         {
             output.WriteLine($"{pair.Key} = {pair.Value}");

src/SponsorLink/Tests/SponsorableManifest.cs

@@ -285,7 +285,7 @@ public ClaimsIdentity Validate(string jwt, out SecurityToken? token)
             MapInboundClaims = false,
             SetDefaultTimesOnTokenCreation = false,
         }.ValidateTokenAsync(jwt, validation).Result;
-        
+
         token = result.SecurityToken;
         return result.ClaimsIdentity;
     }

src/SponsorLink/Tests/Tests.csproj

@@ -19,7 +19,7 @@
   <ItemGroup>
     <!-- This project reference allows debugging the source generator/analyzer project -->
     <ProjectReference Include="..\Analyzer\Analyzer.csproj" Aliases="Analyzer" />
-    <Analyzer Include="..\Analyzer\bin\$(Configuration)\netstandard2.0\*.dll" NuGetPackageId="SponsorableLib" />
+    <Analyzer Include="..\Analyzer\bin\$(Configuration)\netstandard2.0\*.dll" NuGetPackageId="SponsorableLib" Visible="false" />
   </ItemGroup>
 
   <ItemGroup>
@@ -54,8 +54,15 @@
   <!-- Simulates importing SponsorableLib.targets -->
   <Import Project="..\SponsorLink\buildTransitive\Devlooped.Sponsors.targets" />
   <ItemGroup>
-    <!-- Bring in the analyzer file to report installation time -->
-    <AdditionalFiles Include="@(Analyzer -> WithMetadataValue('NuGetPackageId', 'SponsorableLib'))" />
+    <!-- Brings in the analyzer file to report installation time -->
+    <SponsorablePackageId Include="SponsorableLib" />
   </ItemGroup>
 
+  <!-- Force immediate reporting of status, no install-time grace period -->
+  <PropertyGroup>
+    <SponsorLinkNoInstallGrace>true</SponsorLinkNoInstallGrace>
+  </PropertyGroup>
+  <ItemGroup>
+    <CompilerVisibleProperty Include="SponsorLinkNoInstallGrace" />
+  </ItemGroup>
 </Project>