Enhances security and updates dependencies

Directory.Packages.props

@@ -5,25 +5,25 @@
   </PropertyGroup>
 
   <ItemGroup Label=".Net Packages: Essentials">
-    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.InMemory" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Relational" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.FileExtensions" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.UserSecrets" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Hosting" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Options" Version="10.0.1" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.InMemory" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Relational" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.FileExtensions" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.UserSecrets" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Hosting" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Options" Version="10.0.2" />
   </ItemGroup>
 
   <ItemGroup Label="System Packages">
@@ -32,31 +32,32 @@
     <PackageVersion Include="EFCore.BulkExtensions.Dotnet10" Version="10.0.0" />
     <PackageVersion Include="EFCore.BulkExtensions.Dotnet10.PostgreSql" Version="10.0.0" />
     <PackageVersion Include="Google.Apis.Gmail.v1" Version="1.73.0.3987" />
-    <PackageVersion Include="itext" Version="9.4.0" />
-    <PackageVersion Include="itext.bouncy-castle-adapter" Version="9.4.0" />
-    <PackageVersion Include="itext.bouncy-castle-fips-adapter" Version="9.4.0" />
+    <PackageVersion Include="itext" Version="9.5.0" />
+    <PackageVersion Include="itext.bouncy-castle-adapter" Version="9.5.0" />
+    <PackageVersion Include="itext.bouncy-castle-fips-adapter" Version="9.5.0" />
+    <PackageVersion Include="Konscious.Security.Cryptography.Argon2" Version="1.3.1" />
     <PackageVersion Include="Mapster" Version="7.4.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="2.3.0" />
-    <PackageVersion Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.3.0" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="2.3.9" />
+    <PackageVersion Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.3.9" />
     <PackageVersion Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.22.1" />
     <PackageVersion Include="Npgsql" Version="10.0.1" />
     <PackageVersion Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.0" />
     <PackageVersion Include="Quartz" Version="3.15.1" />
-    <PackageVersion Include="Scalar.AspNetCore" Version="2.11.10" />
+    <PackageVersion Include="Scalar.AspNetCore" Version="2.12.11" />
     <PackageVersion Include="Scrutor" Version="7.0.0" />
-    <PackageVersion Include="SonarAnalyzer.CSharp" Version="10.17.0.131074" />
+    <PackageVersion Include="SonarAnalyzer.CSharp" Version="10.18.0.131500" />
     <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.15.0" />
     <PackageVersion Include="Telegram.Bot" Version="22.8.1" />
   </ItemGroup>
 
   <ItemGroup Label="Unit Tests Packages: Support">
     <PackageVersion Include="Bogus" Version="35.6.5" />
-    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.1" />
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.2" />
     <PackageVersion Include="NetArchTest.Rules" Version="1.3.2" />
     <PackageVersion Include="NSubstitute" Version="5.3.0" />
     <PackageVersion Include="NSubstitute.Analyzers.CSharp" Version="1.0.17" />
     <PackageVersion Include="Shouldly" Version="4.3.0" />
-    <PackageVersion Include="System.CodeDom" Version="10.0.1" />
+    <PackageVersion Include="System.CodeDom" Version="10.0.2" />
     <PackageVersion Include="Testcontainers" Version="4.10.0" />
     <PackageVersion Include="Testcontainers.PostgreSql" Version="4.10.0" />
   </ItemGroup>

InvoiceReminder.API/AuthenticationSetup/LoginRequest.cs

@@ -1,7 +1,13 @@
+using System.ComponentModel.DataAnnotations;
+
 namespace InvoiceReminder.API.AuthenticationSetup;
 
 public record LoginRequest
 {
-    public string Email { get; set; }
-    public string Password { get; set; }
+    [Required]
+    [EmailAddress]
+    public string Email { get; init; }
+
+    [Required]
+    public string Password { get; init; }
 }

InvoiceReminder.API/Endpoints/GoogleOAuthEndpoints.cs

@@ -35,7 +35,7 @@ private static void MapGetAuthUrl(RouteGroupBuilder endpoint)
     private static void MapAuthorize(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapGet("/authorize",
-            async (IGoogleOAuthService oAuthService, CancellationToken ct, Guid state, string code) =>
+            async (IGoogleOAuthService oAuthService, Guid state, string code, CancellationToken ct) =>
             {
                 var result = await oAuthService.GrantAuthorizationAsync(state, code, ct);
 
@@ -52,7 +52,7 @@ private static void MapAuthorize(RouteGroupBuilder endpoint)
 
     private static void MapRevoke(RouteGroupBuilder endpoint)
     {
-        _ = endpoint.MapDelete("/revoke", async (IGoogleOAuthService oAuthService, CancellationToken ct, Guid id) =>
+        _ = endpoint.MapDelete("/revoke", async (IGoogleOAuthService oAuthService, Guid id, CancellationToken ct) =>
             {
                 var result = await oAuthService.RevokeAuthorizationAsync(id, ct);
 

InvoiceReminder.API/Endpoints/InvoiceEndpoints.cs

@@ -22,9 +22,9 @@ public void RegisterEndpoints(IEndpointRouteBuilder endpoints)
 
     private static void MapGetInvoices(RouteGroupBuilder endpoint)
     {
-        _ = endpoint.MapGet("/", (IInvoiceAppService invoiceAppService) =>
+        _ = endpoint.MapGet("/", (IInvoiceAppService appService) =>
             {
-                var result = invoiceAppService.GetAll();
+                var result = appService.GetAll();
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -39,9 +39,9 @@ private static void MapGetInvoices(RouteGroupBuilder endpoint)
 
     private static void MapGetInvoice(RouteGroupBuilder endpoint)
     {
-        _ = endpoint.MapGet("/{id}", async (IInvoiceAppService invoiceAppService, CancellationToken ct, Guid id) =>
+        _ = endpoint.MapGet("/{id}", async (IInvoiceAppService appService, Guid id, CancellationToken ct) =>
             {
-                var result = await invoiceAppService.GetByIdAsync(id, ct);
+                var result = await appService.GetByIdAsync(id, ct);
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -58,9 +58,9 @@ private static void MapGetInvoice(RouteGroupBuilder endpoint)
     private static void MapGetInvoiceByBarcode(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapGet("/getby-barcode/{value}",
-            async (IInvoiceAppService invoiceAppService, CancellationToken ct, string value) =>
+            async (IInvoiceAppService appService, string value, CancellationToken ct) =>
             {
-                var result = await invoiceAppService.GetByBarcodeAsync(value, ct);
+                var result = await appService.GetByBarcodeAsync(value, ct);
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -77,9 +77,9 @@ private static void MapGetInvoiceByBarcode(RouteGroupBuilder endpoint)
     private static void MapCreateInvoice(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapPost("/",
-            async (IInvoiceAppService invoiceAppService, CancellationToken ct, [FromBody] InvoiceViewModel invoiceViewModel) =>
+            async (IInvoiceAppService appService, [FromBody] InvoiceViewModel viewModel, CancellationToken ct) =>
             {
-                var result = await invoiceAppService.AddAsync(invoiceViewModel, ct);
+                var result = await appService.AddAsync(viewModel, ct);
 
                 return result.IsSuccess
                     ? Results.Created($"{basepath}/{result.Value.Barcode}", result.Value)
@@ -95,9 +95,9 @@ private static void MapCreateInvoice(RouteGroupBuilder endpoint)
     private static void MapUpdateInvoice(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapPut("/",
-            async (IInvoiceAppService invoiceAppService, CancellationToken ct, [FromBody] InvoiceViewModel invoiceViewModel) =>
+            async (IInvoiceAppService appService, [FromBody] InvoiceViewModel viewModel, CancellationToken ct) =>
             {
-                var result = await invoiceAppService.UpdateAsync(invoiceViewModel, ct);
+                var result = await appService.UpdateAsync(viewModel, ct);
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -113,9 +113,9 @@ private static void MapUpdateInvoice(RouteGroupBuilder endpoint)
     private static void MapDeleteInvoice(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapDelete("/",
-            async (IInvoiceAppService invoiceAppService, CancellationToken ct, [FromBody] InvoiceViewModel invoiceViewModel) =>
+            async (IInvoiceAppService appService, [FromBody] InvoiceViewModel viewModel, CancellationToken ct) =>
             {
-                var result = await invoiceAppService.RemoveAsync(invoiceViewModel, ct);
+                var result = await appService.RemoveAsync(viewModel, ct);
 
                 return result.IsSuccess
                     ? Results.NoContent()

InvoiceReminder.API/Endpoints/JobScheduleEndpoints.cs

@@ -22,9 +22,9 @@ public void RegisterEndpoints(IEndpointRouteBuilder endpoints)
 
     private static void MapGetJobSchedules(RouteGroupBuilder endpoint)
     {
-        _ = endpoint.MapGet("/", (IJobScheduleAppService jobScheduleAppService) =>
+        _ = endpoint.MapGet("/", (IJobScheduleAppService appService) =>
             {
-                var result = jobScheduleAppService.GetAll();
+                var result = appService.GetAll();
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -39,9 +39,10 @@ private static void MapGetJobSchedules(RouteGroupBuilder endpoint)
 
     private static void MapGetJobSchedule(RouteGroupBuilder endpoint)
     {
-        _ = endpoint.MapGet("/{id}", async (IJobScheduleAppService jobScheduleAppService, CancellationToken ct, Guid id) =>
+        _ = endpoint.MapGet("/{id}",
+            async (IJobScheduleAppService appService, Guid id, CancellationToken ct) =>
             {
-                var result = await jobScheduleAppService.GetByIdAsync(id, ct);
+                var result = await appService.GetByIdAsync(id, ct);
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -58,9 +59,9 @@ private static void MapGetJobSchedule(RouteGroupBuilder endpoint)
     private static void MapGetJobScheduleByUserId(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapGet("/getby-userid/{id}",
-            async (IJobScheduleAppService jobScheduleAppService, CancellationToken ct, Guid id) =>
+            async (IJobScheduleAppService appService, Guid id, CancellationToken ct) =>
             {
-                var result = await jobScheduleAppService.GetByUserIdAsync(id, ct);
+                var result = await appService.GetByUserIdAsync(id, ct);
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -77,10 +78,10 @@ private static void MapGetJobScheduleByUserId(RouteGroupBuilder endpoint)
     private static void MapCreateJobSchedule(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapPost("/",
-            async (IJobScheduleAppService jobScheduleAppService, CancellationToken ct,
-                [FromBody] JobScheduleViewModel jobScheduleViewModel) =>
+            async (IJobScheduleAppService appService, [FromBody] JobScheduleViewModel viewModel,
+            CancellationToken ct) =>
             {
-                var result = await jobScheduleAppService.AddNewJobAsync(jobScheduleViewModel, ct);
+                var result = await appService.AddNewJobAsync(viewModel, ct);
 
                 return result.IsSuccess
                     ? Results.Created($"{basepath}/{result.Value.Id}", result.Value)
@@ -96,10 +97,10 @@ private static void MapCreateJobSchedule(RouteGroupBuilder endpoint)
     private static void MapUpdateJobSchedule(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapPut("/",
-            async (IJobScheduleAppService jobScheduleAppService, CancellationToken ct,
-                [FromBody] JobScheduleViewModel jobScheduleViewModel) =>
+            async (IJobScheduleAppService appService, [FromBody] JobScheduleViewModel viewModel,
+            CancellationToken ct) =>
             {
-                var result = await jobScheduleAppService.UpdateAsync(jobScheduleViewModel, ct);
+                var result = await appService.UpdateAsync(viewModel, ct);
 
                 return result.IsSuccess
                     ? Results.Ok(result.Value)
@@ -115,10 +116,10 @@ private static void MapUpdateJobSchedule(RouteGroupBuilder endpoint)
     private static void MapDeleteJobSchedule(RouteGroupBuilder endpoint)
     {
         _ = endpoint.MapDelete("/",
-            async (IJobScheduleAppService jobScheduleAppService, CancellationToken ct,
-                [FromBody] JobScheduleViewModel jobScheduleViewModel) =>
+            async (IJobScheduleAppService appService, [FromBody] JobScheduleViewModel viewModel,
+            CancellationToken ct) =>
             {
-                var result = await jobScheduleAppService.RemoveAsync(jobScheduleViewModel, ct);
+                var result = await appService.RemoveAsync(viewModel, ct);
 
                 return result.IsSuccess
                     ? Results.NoContent()

InvoiceReminder.API/Endpoints/LoginEndpoints.cs

@@ -1,6 +1,6 @@
 using InvoiceReminder.API.AuthenticationSetup;
 using InvoiceReminder.Application.Interfaces;
-using InvoiceReminder.Authentication.Extensions;
+using InvoiceReminder.Authentication.Abstractions;
 using InvoiceReminder.Authentication.Interfaces;
 using Microsoft.AspNetCore.Mvc;
 
@@ -20,23 +20,18 @@ public void RegisterEndpoints(IEndpointRouteBuilder endpoints)
     private static void MapLogin(IEndpointRouteBuilder endpoints)
     {
         _ = endpoints.MapPost("/",
-            async (IJwtProvider jwtProvider,
-                IUserAppService userAppService,
-                CancellationToken ct,
-                [FromBody] LoginRequest request) =>
+            async (IUserAppService appService, IJwtProvider jwtProvider, [FromBody] LoginRequest request,
+            CancellationToken ct) =>
             {
                 if (string.IsNullOrWhiteSpace(request?.Email) || string.IsNullOrWhiteSpace(request?.Password))
                 {
                     return Results.BadRequest("Email e senha são obrigatórios");
                 }
 
-                var result = await userAppService.GetByEmailAsync(request.Email, ct);
+                var result = await appService.ValidateUserPasswordAsync(request.Email, request.Password, ct);
 
-                var isValid = result.IsSuccess
-                    && request.Password.ToSHA256().Equals(result.Value.Password);
-
-                return isValid
-                    ? Results.Ok(jwtProvider.Generate(result.Value))
+                return result.IsSuccess
+                    ? Results.Ok(jwtProvider.Generate(new UserClaims { Id = result.Value.Id, Email = result.Value.Email }))
                     : Results.Unauthorized();
             })
             .WithName("Login")