Add nullable annotations to Authentication.Core & Authentication.Cookies

src/Http/Authentication.Abstractions/src/AuthenticateResult.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 
 namespace Microsoft.AspNetCore.Authentication
@@ -19,6 +20,7 @@ protected AuthenticateResult() { }
         /// <summary>
         /// If a ticket was produced, authenticate was successful.
         /// </summary>
+        [MemberNotNullWhen(true, nameof(Ticket))]
         public bool Succeeded => Ticket != null;
 
         /// <summary>

src/Http/Authentication.Abstractions/src/AuthenticationHttpContextExtensions.cs

@@ -36,7 +36,7 @@ public static Task<AuthenticateResult> AuthenticateAsync(this HttpContext contex
         /// <param name="context">The <see cref="HttpContext"/> context.</param>
         /// <param name="scheme">The name of the authentication scheme.</param>
         /// <returns>The result.</returns>
-        public static Task ChallengeAsync(this HttpContext context, string scheme) =>
+        public static Task ChallengeAsync(this HttpContext context, string? scheme) =>
             context.ChallengeAsync(scheme, properties: null);
 
         /// <summary>
@@ -72,7 +72,7 @@ public static Task ChallengeAsync(this HttpContext context, string? scheme, Auth
         /// <param name="context">The <see cref="HttpContext"/> context.</param>
         /// <param name="scheme">The name of the authentication scheme.</param>
         /// <returns>The task.</returns>
-        public static Task ForbidAsync(this HttpContext context, string scheme) =>
+        public static Task ForbidAsync(this HttpContext context, string? scheme) =>
             context.ForbidAsync(scheme, properties: null);
 
         /// <summary>
@@ -109,7 +109,7 @@ public static Task ForbidAsync(this HttpContext context, string? scheme, Authent
         /// <param name="scheme">The name of the authentication scheme.</param>
         /// <param name="principal">The user.</param>
         /// <returns>The task.</returns>
-        public static Task SignInAsync(this HttpContext context, string scheme, ClaimsPrincipal principal) =>
+        public static Task SignInAsync(this HttpContext context, string? scheme, ClaimsPrincipal principal) =>
             context.SignInAsync(scheme, principal, properties: null);
 
         /// <summary>

src/Http/Authentication.Abstractions/src/AuthenticationTicket.cs

@@ -17,7 +17,7 @@ public class AuthenticationTicket
         /// <param name="principal">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param>
         /// <param name="properties">additional properties that can be consumed by the user or runtime.</param>
         /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param>
-        public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties? properties, string? authenticationScheme)
+        public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties? properties, string authenticationScheme)
         {
             if (principal == null)
             {
@@ -41,17 +41,17 @@ public AuthenticationTicket(ClaimsPrincipal principal, string authenticationSche
         /// <summary>
         /// Gets the authentication type.
         /// </summary>
-        public string? AuthenticationScheme { get; private set; }
+        public string AuthenticationScheme { get; }
 
         /// <summary>
         /// Gets the claims-principal with authenticated user identities.
         /// </summary>
-        public ClaimsPrincipal Principal { get; private set; }
+        public ClaimsPrincipal Principal { get; }
 
         /// <summary>
         /// Additional state values for the authentication session.
         /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
+        public AuthenticationProperties Properties { get; }
 
         /// <summary>
         /// Returns a copy of the ticket.

src/Http/Http.Abstractions/src/PathString.cs

@@ -424,7 +424,7 @@ public override int GetHashCode()
         /// <param name="left">The left parameter</param>
         /// <param name="right">The right parameter</param>
         /// <returns>The ToString combination of both values</returns>
-        public static string operator +(PathString left, string right)
+        public static string operator +(PathString left, string? right)
         {
             // This overload exists to prevent the implicit string<->PathString converter from
             // trying to call the PathString+PathString operator for things that are not path strings.

src/Security/Authentication/Cookies/src/CookieAuthenticationHandler.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using System.Linq;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
@@ -27,9 +28,9 @@ public class CookieAuthenticationHandler : SignInAuthenticationHandler<CookieAut
 
         private DateTimeOffset? _refreshIssuedUtc;
         private DateTimeOffset? _refreshExpiresUtc;
-        private string _sessionKey;
-        private Task<AuthenticateResult> _readCookieTask;
-        private AuthenticationTicket _refreshTicket;
+        private string? _sessionKey;
+        private Task<AuthenticateResult>? _readCookieTask;
+        private AuthenticationTicket? _refreshTicket;
 
         public CookieAuthenticationHandler(IOptionsMonitor<CookieAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
@@ -41,7 +42,7 @@ public CookieAuthenticationHandler(IOptionsMonitor<CookieAuthenticationOptions>
         /// </summary>
         protected new CookieAuthenticationEvents Events
         {
-            get { return (CookieAuthenticationEvents)base.Events; }
+            get { return (CookieAuthenticationEvents)base.Events!; }
             set { base.Events = value; }
         }
 
@@ -86,7 +87,7 @@ private void CheckForRefresh(AuthenticationTicket ticket)
             }
         }
 
-        private void RequestRefresh(AuthenticationTicket ticket, ClaimsPrincipal replacedPrincipal = null)
+        private void RequestRefresh(AuthenticationTicket ticket, ClaimsPrincipal? replacedPrincipal = null)
         {
             var issuedUtc = ticket.Properties.IssuedUtc;
             var expiresUtc = ticket.Properties.ExpiresUtc;
@@ -102,7 +103,7 @@ private void RequestRefresh(AuthenticationTicket ticket, ClaimsPrincipal replace
             }
         }
 
-        private AuthenticationTicket CloneTicket(AuthenticationTicket ticket, ClaimsPrincipal replacedPrincipal)
+        private AuthenticationTicket CloneTicket(AuthenticationTicket ticket, ClaimsPrincipal? replacedPrincipal)
         {
             var principal = replacedPrincipal ?? ticket.Principal;
             var newPrincipal = new ClaimsPrincipal();
@@ -122,7 +123,7 @@ private AuthenticationTicket CloneTicket(AuthenticationTicket ticket, ClaimsPrin
 
         private async Task<AuthenticateResult> ReadCookieTicket()
         {
-            var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name);
+            var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name!);
             if (string.IsNullOrEmpty(cookie))
             {
                 return AuthenticateResult.NoResult();
@@ -157,7 +158,7 @@ private async Task<AuthenticateResult> ReadCookieTicket()
             {
                 if (Options.SessionStore != null)
                 {
-                    await Options.SessionStore.RemoveAsync(_sessionKey);
+                    await Options.SessionStore.RemoveAsync(_sessionKey!);
                 }
                 return AuthenticateResult.Fail("Ticket expired");
             }
@@ -176,6 +177,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 return result;
             }
 
+            Debug.Assert(result.Ticket != null);
             var context = new CookieValidatePrincipalContext(Context, Scheme, Options, result.Ticket);
             await Events.ValidatePrincipal(context);
 
@@ -244,15 +246,15 @@ protected virtual async Task FinishResponseAsync()
 
                 Options.CookieManager.AppendResponseCookie(
                     Context,
-                    Options.Cookie.Name,
+                    Options.Cookie.Name!,
                     cookieValue,
                     cookieOptions);
 
                 await ApplyHeaders(shouldRedirectToReturnUrl: false, properties: properties);
             }
         }
 
-        protected async override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        protected async override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties? properties)
         {
             if (user == null)
             {
@@ -299,7 +301,7 @@ protected async override Task HandleSignInAsync(ClaimsPrincipal user, Authentica
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
-            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.Scheme.Name);
+            var ticket = new AuthenticationTicket(signInContext.Principal!, signInContext.Properties, signInContext.Scheme.Name);
 
             if (Options.SessionStore != null)
             {
@@ -324,14 +326,14 @@ protected async override Task HandleSignInAsync(ClaimsPrincipal user, Authentica
 
             Options.CookieManager.AppendResponseCookie(
                 Context,
-                Options.Cookie.Name,
+                Options.Cookie.Name!,
                 cookieValue,
                 signInContext.CookieOptions);
 
             var signedInContext = new CookieSignedInContext(
                 Context,
                 Scheme,
-                signInContext.Principal,
+                signInContext.Principal!,
                 signInContext.Properties,
                 Options);
 
@@ -344,7 +346,7 @@ protected async override Task HandleSignInAsync(ClaimsPrincipal user, Authentica
             Logger.AuthenticationSchemeSignedIn(Scheme.Name);
         }
 
-        protected async override Task HandleSignOutAsync(AuthenticationProperties properties)
+        protected async override Task HandleSignOutAsync(AuthenticationProperties? properties)
         {
             properties = properties ?? new AuthenticationProperties();
 
@@ -369,7 +371,7 @@ protected async override Task HandleSignOutAsync(AuthenticationProperties proper
 
             Options.CookieManager.DeleteCookie(
                 Context,
-                Options.Cookie.Name,
+                Options.Cookie.Name!,
                 context.CookieOptions);
 
             // Only redirect on the logout path
@@ -449,7 +451,7 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
             await Events.RedirectToLogin(redirectContext);
         }
 
-        private string GetTlsTokenBinding()
+        private string? GetTlsTokenBinding()
         {
             var binding = Context.Features.Get<ITlsTokenBindingFeature>()?.GetProvidedTokenBindingId();
             return binding == null ? null : Convert.ToBase64String(binding);

src/Security/Authentication/Cookies/src/CookieAuthenticationOptions.cs

@@ -71,7 +71,7 @@ public CookieBuilder Cookie
         /// <summary>
         /// If set this will be used by the CookieAuthenticationHandler for data protection.
         /// </summary>
-        public IDataProtectionProvider DataProtectionProvider { get; set; }
+        public IDataProtectionProvider? DataProtectionProvider { get; set; }
 
         /// <summary>
         /// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new
@@ -111,28 +111,28 @@ public CookieBuilder Cookie
         /// </summary>
         public new CookieAuthenticationEvents Events
         {
-            get => (CookieAuthenticationEvents)base.Events;
+            get => (CookieAuthenticationEvents)base.Events!;
             set => base.Events = value;
         }
 
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
         /// cookie value. If not provided one will be created using <see cref="DataProtectionProvider"/>.
         /// </summary>
-        public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
+        public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; } = default!;
 
         /// <summary>
         /// The component used to get cookies from the request or set them on the response.
         ///
         /// ChunkingCookieManager will be used by default.
         /// </summary>
-        public ICookieManager CookieManager { get; set; }
+        public ICookieManager CookieManager { get; set; } = default!;
 
         /// <summary>
         /// An optional container in which to store the identity across requests. When used, only a session identifier is sent
         /// to the client. This can be used to mitigate potential problems with very large identities.
         /// </summary>
-        public ITicketStore SessionStore { get; set; }
+        public ITicketStore? SessionStore { get; set; }
 
         /// <summary>
         /// <para>

src/Security/Authentication/Cookies/src/CookieExtensions.cs

@@ -17,13 +17,13 @@ public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder
         public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme)
             => builder.AddCookie(authenticationScheme, configureOptions: null);
 
-        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions> configureOptions) 
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions>? configureOptions) 
             => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
 
-        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions>? configureOptions)
             => builder.AddCookie(authenticationScheme, displayName: null, configureOptions: configureOptions);
 
-        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<CookieAuthenticationOptions> configureOptions)
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, string? displayName, Action<CookieAuthenticationOptions>? configureOptions)
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
             builder.Services.AddOptions<CookieAuthenticationOptions>(authenticationScheme).Validate(o => o.Cookie.Expiration == null, "Cookie.Expiration is ignored, use ExpireTimeSpan instead.");

src/Security/Authentication/Cookies/src/CookieSignedInContext.cs

@@ -23,7 +23,7 @@ public CookieSignedInContext(
             HttpContext context,
             AuthenticationScheme scheme,
             ClaimsPrincipal principal,
-            AuthenticationProperties properties,
+            AuthenticationProperties? properties,
             CookieAuthenticationOptions options)
             : base(context, scheme, options, properties)
         {

src/Security/Authentication/Cookies/src/CookieSigningInContext.cs

@@ -25,7 +25,7 @@ public CookieSigningInContext(
             AuthenticationScheme scheme,
             CookieAuthenticationOptions options,
             ClaimsPrincipal principal,
-            AuthenticationProperties properties,
+            AuthenticationProperties? properties,
             CookieOptions cookieOptions)
             : base(context, scheme, options, properties)
         {

src/Security/Authentication/Cookies/src/CookieSigningOutContext.cs

@@ -22,7 +22,7 @@ public CookieSigningOutContext(
             HttpContext context,
             AuthenticationScheme scheme,
             CookieAuthenticationOptions options, 
-            AuthenticationProperties properties, 
+            AuthenticationProperties? properties, 
             CookieOptions cookieOptions)
             : base(context, scheme, options, properties)
             => CookieOptions = cookieOptions;

src/Security/Authentication/Cookies/src/ICookieManager.cs

@@ -17,7 +17,7 @@ public interface ICookieManager
         /// <param name="context"></param>
         /// <param name="key"></param>
         /// <returns></returns>
-        string GetRequestCookie(HttpContext context, string key);
+        string? GetRequestCookie(HttpContext context, string key);
 
         /// <summary>
         /// Append the given cookie to the response.
@@ -26,7 +26,7 @@ public interface ICookieManager
         /// <param name="key"></param>
         /// <param name="value"></param>
         /// <param name="options"></param>
-        void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options);
+        void AppendResponseCookie(HttpContext context, string key, string? value, CookieOptions options);
 
         /// <summary>
         /// Append a delete cookie to the response.

src/Security/Authentication/Cookies/src/LoggingExtensions.cs

@@ -7,8 +7,8 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, string, Exception> _authenticationSchemeSignedIn;
-        private static Action<ILogger, string, Exception> _authenticationSchemeSignedOut;
+        private static Action<ILogger, string, Exception?> _authenticationSchemeSignedIn;
+        private static Action<ILogger, string, Exception?> _authenticationSchemeSignedOut;
 
         static LoggingExtensions()
         {

src/Security/Authentication/Cookies/src/Microsoft.AspNetCore.Authentication.Cookies.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
@@ -9,6 +9,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
     <IsPackable>false</IsPackable>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Cookies/src/PostConfigureCookieAuthenticationOptions.cs

@@ -26,7 +26,7 @@ public PostConfigureCookieAuthenticationOptions(IDataProtectionProvider dataProt
         /// <param name="options">The options instance to configure.</param>
         public void PostConfigure(string name, CookieAuthenticationOptions options)
         {
-            options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
+            options.DataProtectionProvider ??= _dp;
 
             if (string.IsNullOrEmpty(options.Cookie.Name))
             {