Merge branch 'release/2.1' into release/3.1

Author: jkotalik

eng/Baseline.Designer.props

@@ -2,7 +2,11 @@
 <Project>
   <PropertyGroup>
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
+<<<<<<< HEAD
     <AspNetCoreBaselineVersion>3.1.1</AspNetCoreBaselineVersion>
+=======
+    <AspNetCoreBaselineVersion>2.1.15</AspNetCoreBaselineVersion>
+>>>>>>> release/2.1
   </PropertyGroup>
   <!-- Package: AspNetCoreRuntime.3.0.x64-->
   <PropertyGroup Condition=" '$(PackageId)' == 'AspNetCoreRuntime.3.0.x64' ">

src/PackageArchive/Archive.CiServer.Patch.Compat/ArchiveBaseline.2.1.15.txt

@@ -0,0 +1 @@
+

src/PackageArchive/Archive.CiServer.Patch/ArchiveBaseline.2.1.15.txt

@@ -0,0 +1 @@
+

src/Security/Authentication/OpenIdConnect/samples/OpenIdConnectSample/Startup.cs

@@ -35,7 +35,7 @@ public Startup(IConfiguration config, IWebHostEnvironment env)
 
         private void CheckSameSite(HttpContext httpContext, CookieOptions options)
         {
-            if (options.SameSite > SameSiteMode.Unspecified)
+            if (options.SameSite == SameSiteMode.None)
             {
                 var userAgent = httpContext.Request.Headers["User-Agent"];
                 // TODO: Use your User Agent library of choice here.

src/Security/Authentication/test/WsFederation/WsFederationTest.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -440,4 +440,4 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
             }
         }
     }
-}
+}

src/Security/CookiePolicy/test/CookieChunkingTests.cs

@@ -44,6 +44,29 @@ public void AppendLargeCookie_WithOptions_Appended()
             Assert.Equal($"TestCookie={testString}; expires={now.AddMinutes(5).ToString("R")}; max-age=300; domain=foo.com; path=/bar; secure; samesite=strict; httponly", values[0]);
         }
 
+        [Fact]
+        public void AppendLargeCookie_WithOptions_Appended()
+        {
+            HttpContext context = new DefaultHttpContext();
+            var now = DateTimeOffset.UtcNow;
+            var options = new CookieOptions
+            {
+                Domain = "foo.com",
+                HttpOnly = true,
+                SameSite = SameSiteMode.Strict,
+                Path = "/bar",
+                Secure = true,
+                Expires = now.AddMinutes(5),
+                MaxAge = TimeSpan.FromMinutes(5)
+            };
+            var testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+            new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, options);
+
+            var values = context.Response.Headers["Set-Cookie"];
+            Assert.Single(values);
+            Assert.Equal($"TestCookie={testString}; expires={now.AddMinutes(5).ToString("R")}; max-age=300; domain=foo.com; path=/bar; secure; samesite=strict; httponly", values[0]);
+        }
+
         [Fact]
         public void AppendLargeCookieWithLimit_Chunked()
         {

src/SignalR/common/Http.Connections/src/Internal/HttpConnectionContext.cs

@@ -33,7 +33,10 @@ internal class HttpConnectionContext : ConnectionContext,
     {
         private static long _tenSeconds = TimeSpan.FromSeconds(10).Ticks;
 
+<<<<<<< HEAD
         private readonly object _stateLock = new object();
+=======
+>>>>>>> release/2.1
         private readonly object _itemsLock = new object();
         private readonly object _heartbeatLock = new object();
         private List<(Action<object> handler, object state)> _heartbeatHandlers;
@@ -46,6 +49,10 @@ internal class HttpConnectionContext : ConnectionContext,
         private bool _activeSend;
         private long _startedSendTime;
         private readonly object _sendingLock = new object();
+<<<<<<< HEAD
+=======
+
+>>>>>>> release/2.1
         internal CancellationToken SendingToken { get; private set; }
 
         // This tcs exists so that multiple calls to DisposeAsync all wait asynchronously
@@ -292,6 +299,7 @@ private async Task WaitOnTasks(Task applicationTask, Task transportTask, bool cl
                 // Wait for either to finish
                 var result = await Task.WhenAny(applicationTask, transportTask);
 
+<<<<<<< HEAD
                 // If the application is complete, complete the transport pipe (it's the pipe to the transport)
                 if (result == applicationTask)
                 {
@@ -333,7 +341,47 @@ private async Task WaitOnTasks(Task applicationTask, Task transportTask, bool cl
 
                         Transport?.Output.Complete();
                         Transport?.Input.Complete();
+=======
+                    // Normally it isn't safe to try and acquire this lock because the Send can hold onto it for a long time if there is backpressure
+                    // It is safe to wait for this lock now because the Send will be in one of 4 states
+                    // 1. In the middle of a write which is in the middle of being canceled by the CancelPendingFlush above, when it throws
+                    //    an OperationCanceledException it will complete the PipeWriter which will make any other Send waiting on the lock
+                    //    throw an InvalidOperationException if they call Write
+                    // 2. About to write and see that there is a pending cancel from the CancelPendingFlush, go to 1 to see what happens
+                    // 3. Enters the Send and sees the Dispose state from DisposeAndRemoveAsync and releases the lock
+                    // 4. No Send in progress
+                    await WriteLock.WaitAsync();
+                    try
+                    {
+                        // Complete the applications read loop
+                        Application?.Output.Complete(transportTask.Exception?.InnerException);
+                    }
+                    finally
+                    {
+                        WriteLock.Release();
+>>>>>>> release/2.1
                     }
+
+                    Application?.Input.CancelPendingRead();
+
+                    await transportTask.NoThrow();
+                    Application?.Input.Complete();
+
+                    Log.WaitingForTransportAndApplication(_logger, TransportType);
+
+                    // A poorly written application *could* in theory get stuck forever and it'll show up as a memory leak
+                    // Wait for application so we can complete the writer safely
+                    await applicationTask.NoThrow();
+                    Log.TransportAndApplicationComplete(_logger, TransportType);
+
+                    // Shutdown application side now that it's finished
+                    Transport?.Output.Complete(applicationTask.Exception?.InnerException);
+
+                    // Close the reading side after both sides run
+                    Transport?.Input.Complete();
+
+                    // Observe exceptions
+                    await Task.WhenAll(transportTask, applicationTask);
                 }
 
                 // Notify all waiters that we're done disposing
@@ -353,6 +401,7 @@ private async Task WaitOnTasks(Task applicationTask, Task transportTask, bool cl
             }
         }
 
+<<<<<<< HEAD
         internal bool TryActivatePersistentConnection(
             ConnectionDelegate connectionDelegate,
             IHttpTransport transport,
@@ -533,6 +582,8 @@ private async Task ExecuteApplication(ConnectionDelegate connectionDelegate)
             await connectionDelegate(this);
         }
 
+=======
+>>>>>>> release/2.1
         internal void StartSendCancellation()
         {
             lock (_sendingLock)
@@ -542,10 +593,18 @@ internal void StartSendCancellation()
                     _sendCts = new CancellationTokenSource();
                     SendingToken = _sendCts.Token;
                 }
+<<<<<<< HEAD
+=======
+
+>>>>>>> release/2.1
                 _startedSendTime = DateTime.UtcNow.Ticks;
                 _activeSend = true;
             }
         }
+<<<<<<< HEAD
+=======
+
+>>>>>>> release/2.1
         internal void TryCancelSend(long currentTicks)
         {
             lock (_sendingLock)
@@ -559,6 +618,10 @@ internal void TryCancelSend(long currentTicks)
                 }
             }
         }
+<<<<<<< HEAD
+=======
+
+>>>>>>> release/2.1
         internal void StopSendCancellation()
         {
             lock (_sendingLock)

src/SignalR/common/Http.Connections/src/Internal/HttpConnectionDispatcher.cs

@@ -142,7 +142,11 @@ private async Task ExecuteAsync(HttpContext context, ConnectionDelegate connecti
                 connection.SupportedFormats = TransferFormat.Text;
 
                 // We only need to provide the Input channel since writing to the application is handled through /send.
+<<<<<<< HEAD
                 var sse = new ServerSentEventsServerTransport(connection.Application.Input, connection.ConnectionId, connection, _loggerFactory);
+=======
+                var sse = new ServerSentEventsTransport(connection.Application.Input, connection.ConnectionId, connection, _loggerFactory);
+>>>>>>> release/2.1
 
                 await DoPersistentConnection(connectionDelegate, sse, context, connection);
             }
@@ -191,9 +195,83 @@ private async Task ExecuteAsync(HttpContext context, ConnectionDelegate connecti
 
                 if (!await connection.CancelPreviousPoll(context))
                 {
+<<<<<<< HEAD
                     // Connection closed. It's already set the response status code.
                     return;
                 }
+=======
+                    if (connection.Status == HttpConnectionStatus.Disposed)
+                    {
+                        Log.ConnectionDisposed(_logger, connection.ConnectionId);
+
+                        // The connection was disposed
+                        context.Response.StatusCode = StatusCodes.Status404NotFound;
+                        context.Response.ContentType = "text/plain";
+                        return;
+                    }
+
+                    if (connection.Status == HttpConnectionStatus.Active)
+                    {
+                        var existing = connection.GetHttpContext();
+                        Log.ConnectionAlreadyActive(_logger, connection.ConnectionId, existing.TraceIdentifier);
+                    }
+
+                    using (connection.Cancellation)
+                    {
+                        // Cancel the previous request
+                        connection.Cancellation?.Cancel();
+
+                        try
+                        {
+                            // Wait for the previous request to drain
+                            await connection.PreviousPollTask;
+                        }
+                        catch (OperationCanceledException)
+                        {
+                            // Previous poll canceled due to connection closing, close this poll too
+                            context.Response.ContentType = "text/plain";
+                            context.Response.StatusCode = StatusCodes.Status204NoContent;
+                            return;
+                        }
+
+                        connection.PreviousPollTask = currentRequestTcs.Task;
+                    }
+
+                    // Mark the connection as active
+                    connection.Status = HttpConnectionStatus.Active;
+
+                    // Raise OnConnected for new connections only since polls happen all the time
+                    if (connection.ApplicationTask == null)
+                    {
+                        Log.EstablishedConnection(_logger);
+
+                        connection.ApplicationTask = ExecuteApplication(connectionDelegate, connection);
+
+                        context.Response.ContentType = "application/octet-stream";
+
+                        // This request has no content
+                        context.Response.ContentLength = 0;
+
+                        // On the first poll, we flush the response immediately to mark the poll as "initialized" so future
+                        // requests can be made safely
+                        connection.TransportTask = context.Response.Body.FlushAsync();
+                    }
+                    else
+                    {
+                        Log.ResumingConnection(_logger);
+
+                        // REVIEW: Performance of this isn't great as this does a bunch of per request allocations
+                        connection.Cancellation = new CancellationTokenSource();
+
+                        var timeoutSource = new CancellationTokenSource();
+                        var tokenSource = CancellationTokenSource.CreateLinkedTokenSource(connection.Cancellation.Token, context.RequestAborted, timeoutSource.Token);
+
+                        // Dispose these tokens when the request is over
+                        context.Response.RegisterForDispose(timeoutSource);
+                        context.Response.RegisterForDispose(tokenSource);
+
+                        var longPolling = new LongPollingTransport(timeoutSource.Token, connection.Application.Input, _loggerFactory, connection);
+>>>>>>> release/2.1
 
                 // Create a new Tcs every poll to keep track of the poll finishing, so we can properly wait on previous polls
                 var currentRequestTcs = new TaskCompletionSource<object>(TaskCreationOptions.RunContinuationsAsynchronously);
@@ -236,7 +314,23 @@ private async Task ExecuteAsync(HttpContext context, ConnectionDelegate connecti
                             connection.MarkInactive();
                         }
                     }
+<<<<<<< HEAD
                     else if (resultTask.IsFaulted || resultTask.IsCanceled)
+=======
+                    else if (connection.TransportTask.IsFaulted || connection.TransportTask.IsCanceled)
+                    {
+                        // Cancel current request to release any waiting poll and let dispose aquire the lock
+                        currentRequestTcs.TrySetCanceled();
+
+                        // We should be able to safely dispose because there's no more data being written
+                        // We don't need to wait for close here since we've already waited for both sides
+                        await _manager.DisposeAndRemoveAsync(connection, closeGracefully: false);
+
+                        // Don't poll again if we've removed the connection completely
+                        pollAgain = false;
+                    }
+                    else if (context.Response.StatusCode == StatusCodes.Status204NoContent)
+>>>>>>> release/2.1
                     {
                         // Cancel current request to release any waiting poll and let dispose acquire the lock
                         currentRequestTcs.TrySetCanceled();
@@ -444,6 +538,7 @@ private async Task ProcessSend(HttpContext context, HttpConnectionDispatcherOpti
                         // Other code isn't guaranteed to be able to acquire the lock before another write
                         // even if CancelPendingFlush is called, and the other write could hang if there is backpressure
                         connection.Application.Output.Complete();
+<<<<<<< HEAD
                         return;
                     }
                     catch (IOException ex)
@@ -453,6 +548,8 @@ private async Task ProcessSend(HttpContext context, HttpConnectionDispatcherOpti
 
                         context.Response.StatusCode = StatusCodes.Status400BadRequest;
                         context.Response.ContentType = "text/plain";
+=======
+>>>>>>> release/2.1
                         return;
                     }
 

src/SignalR/common/Http.Connections/src/Internal/HttpConnectionManager.cs

@@ -32,7 +32,10 @@ internal partial class HttpConnectionManager
         private readonly ILogger<HttpConnectionManager> _logger;
         private readonly ILogger<HttpConnectionContext> _connectionLogger;
         private readonly bool _useSendTimeout = true;
+<<<<<<< HEAD
         private readonly TimeSpan _disconnectTimeout;
+=======
+>>>>>>> release/2.1
 
         public HttpConnectionManager(ILoggerFactory loggerFactory, IHostApplicationLifetime appLifetime)
             : this(loggerFactory, appLifetime, Options.Create(new ConnectionOptions() { DisconnectTimeout = ConnectionOptionsSetup.DefaultDisconectTimeout }))
@@ -53,6 +56,15 @@ public HttpConnectionManager(ILoggerFactory loggerFactory, IHostApplicationLifet
             // Register these last as the callbacks could run immediately
             appLifetime.ApplicationStarted.Register(() => Start());
             appLifetime.ApplicationStopping.Register(() => CloseConnections());
+<<<<<<< HEAD
+=======
+            _nextHeartbeat = new TimerAwaitable(_heartbeatTickRate, _heartbeatTickRate);
+
+            if (AppContext.TryGetSwitch("Microsoft.AspNetCore.Http.Connections.DoNotUseSendTimeout", out var timeoutDisabled))
+            {
+                _useSendTimeout = !timeoutDisabled;
+            }
+>>>>>>> release/2.1
         }
 
         public void Start()
@@ -161,10 +173,31 @@ public void Scan()
                 // Capture the connection state
                 var lastSeenUtc = connection.LastSeenUtcIfInactive;
 
+<<<<<<< HEAD
                 var utcNow = DateTimeOffset.UtcNow;
                 // Once the decision has been made to dispose we don't check the status again
                 // But don't clean up connections while the debugger is attached.
                 if (!Debugger.IsAttached && lastSeenUtc.HasValue && (utcNow - lastSeenUtc.Value).TotalSeconds > _disconnectTimeout.TotalSeconds)
+=======
+                await connection.StateLock.WaitAsync();
+
+                try
+                {
+                    // Capture the connection state
+                    status = connection.Status;
+
+                    lastSeenUtc = connection.LastSeenUtc;
+                }
+                finally
+                {
+                    connection.StateLock.Release();
+                }
+
+                var utcNow = DateTimeOffset.UtcNow;
+                // Once the decision has been made to dispose we don't check the status again
+                // But don't clean up connections while the debugger is attached.
+                if (!Debugger.IsAttached && status == HttpConnectionStatus.Inactive && (utcNow - lastSeenUtc).TotalSeconds > 5)
+>>>>>>> release/2.1
                 {
                     Log.ConnectionTimedOut(_logger, connection.ConnectionId);
                     HttpConnectionsEventSource.Log.ConnectionTimedOut(connection.ConnectionId);