⬆️ Bump files with dotnet-file sync

# devlooped/oss

- Fix improper first / in gh api repos devlooped/oss@f2b690c

# devlooped/SponsorLink

- Improve wording on editor usage requiring sponsorship devlooped/SponsorLink@21d8dac
- Introduce standalone SponsorManifest for read/validate devlooped/SponsorLink@a755e4b

Author: devlooped-bot

.github/actions/dotnet/action.yml

@@ -8,7 +8,7 @@ runs:
       id: dotnet
       shell: bash
       run: |
-        VERSIONS=$(gh api /repos/${{ github.repository }}/properties/values | jq -r '.[] | select(.property_name == "DOTNET") | .value')
+        VERSIONS=$(gh api repos/${{ github.repository }}/properties/values | jq -r '.[] | select(.property_name == "DOTNET") | .value')
         # Remove extra whitespace from VERSIONS
         VERSIONS=$(echo "$VERSIONS" | tr -s ' ' | tr -d ' ')
         # Convert comma-separated to newline-separated

.netconfig

@@ -223,12 +223,6 @@
 
 	etag = a5d79dbc0ed9fac4fb1879fb3790b9ebab18e47c14c454554ce9f53f21487bb5
 	weak
-[file "src/SponsorLink/SponsorLink/ManifestStatus.cs"]
-	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/ManifestStatus.cs
-	sha = f47528874a6d9192b5546f84b455f5ccc474a707
-
-	etag = e46848f83c0436ba33a1c09a4060ad627a74db41bab66bb37ca40fce8a6532a7
-	weak
 [file "src/SponsorLink/SponsorLink/Resources.es-AR.resx"]
 	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/Resources.es-AR.resx
 	sha = 586398c3e650495f36601ecc8983a14ed745e058
@@ -237,21 +231,21 @@
 	weak
 [file "src/SponsorLink/SponsorLink/Resources.es.resx"]
 	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/Resources.es.resx
-	sha = 29921560c73bb91c2a21a21800daf0b250773598
+	sha = 21d8dac3077c75cd07d7cc7f9e10f2620afce834
 
-	etag = feb9dc86e4d9c0c4a294cd6e03c5b914943e8d206b88a125abd1b0f882ddb247
+	etag = 89a7bb797aeacca43e043196a00eea91f282df4caf9bbe937749026a03f707ad
 	weak
 [file "src/SponsorLink/SponsorLink/Resources.resx"]
 	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/Resources.resx
-	sha = 29921560c73bb91c2a21a21800daf0b250773598
+	sha = 21d8dac3077c75cd07d7cc7f9e10f2620afce834
 
-	etag = 7665a3be17cd224b1c413ade6a9c1c5a822dace1e7f9daae33a2e52d8bca15bb
+	etag = 8902652b8907de2fbccf73f3738d0fce503fc667a084171d6b88bf3373e559e7
 	weak
 [file "src/SponsorLink/SponsorLink/SponsorLink.cs"]
 	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/SponsorLink.cs
-	sha = 3f72a9fd35274a659dd380a7d5b747d71b9732a1
+	sha = a755e4be0f7cb73cfde208857e28f7cfeba2dcc3
 
-	etag = 616598e0ecb6d2ce97660aa6ac049e2a31a1c953669743b7b612b61d40c37706
+	etag = 402e2beb11cf64c07be3d0fc3e89115fd09fc24133c08a8951bf0e784909c510
 	weak
 [file "src/SponsorLink/SponsorLink/SponsorLink.csproj"]
 	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/SponsorLink.csproj
@@ -343,12 +337,6 @@
 
 	etag = 1875555adb7eab21acf1e730b6baeb8c095d9f6f9f07303a87ad9c16e0f6490d
 	weak
-[file "src/SponsorLink/Tests/SponsorLinkTests.cs"]
-	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/Tests/SponsorLinkTests.cs
-	sha = f47528874a6d9192b5546f84b455f5ccc474a707
-
-	etag = 1fa41250bd984e8aa840a966d34ce0e94f2111d1422d7f50b864c38364fcf4a4
-	weak
 [file "src/SponsorLink/Tests/SponsorableManifest.cs"]
 	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/Tests/SponsorableManifest.cs
 	sha = f47528874a6d9192b5546f84b455f5ccc474a707
@@ -424,6 +412,16 @@
 	weak
 [file ".github/actions/dotnet/action.yml"]
 	url = https://github.com/devlooped/oss/blob/main/.github/actions/dotnet/action.yml
-	sha = 7e9acf45714821735ccc5bb3f0f844f505d5ae8a
-	etag = 0dda1755bb185e92aecd1bf8665214f12e3562315257f642ca4ad85c24771ac1
+	sha = f2b690ce307acb76c5b8d7faec1a5b971a93653e
+	etag = 27ea11baa2397b3ec9e643a935832da97719c4e44215cfd135c49cad4c29373f
+	weak
+[file "src/SponsorLink/SponsorLink/SponsorManifest.cs"]
+	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/SponsorLink/SponsorManifest.cs
+	sha = a755e4be0f7cb73cfde208857e28f7cfeba2dcc3
+	etag = 55ef89e8441156541c1c74a50675b7f56633b56493031f0ffa877460839e3536
+	weak
+[file "src/SponsorLink/Tests/SponsorManifestTests.cs"]
+	url = https://github.com/devlooped/SponsorLink/blob/main/samples/dotnet/Tests/SponsorManifestTests.cs
+	sha = a755e4be0f7cb73cfde208857e28f7cfeba2dcc3
+	etag = 82ae1c417265f2e136544980b4f687a1cc2c1bfb24df93d354c259053550f4a3
 	weak

src/SponsorLink/SponsorLink/ManifestStatus.cs

@@ -169,6 +169,9 @@ Por favor considera apoyar el proyecto patrocinando en {0} y ejecutando posterio
   <data name="Contributor_Title" xml:space="preserve">
     <value>Eres un contribuidor al proyecto, eres lo máximo 💟!</value>
   </data>
+  <data name="Editor_Disabled" xml:space="preserve">
+    <value>El uso de {0} sin warnings en el editor requiere un patrocinio activo. Ver mas en {1}.</value>
+  </data>
   <data name="Grace_Description" xml:space="preserve">
     <value>Patrocinar los proyectos en que dependes asegura que se mantengan activos, y que recibas el apoyo que necesitas. También es muy económico y está disponible en todo el mundo!
 Por favor considera apoyar el proyecto patrocinando en {0} y ejecutando posteriormente 'sponsor sync {1}'.</value>

src/SponsorLink/SponsorLink/Resources.es.resx

@@ -171,7 +171,7 @@ Please consider supporting the project by sponsoring at {0} and running 'sponsor
     <value>You are a contributor to the project, you rock 💟!</value>
   </data>
   <data name="Editor_Disabled" xml:space="preserve">
-    <value>Editor usage of {0} requires an active sponsorship. Learn more at {1}.</value>
+    <value>Editor usage of {0} without warnings requires an active sponsorship. Learn more at {1}.</value>
   </data>
   <data name="Grace_Description" xml:space="preserve">
     <value>Sponsoring projects you depend on ensures they remain active, and that you get the support you need. It's also super affordable and available worldwide! 

src/SponsorLink/SponsorLink/Resources.resx

@@ -165,82 +165,4 @@ public static bool TryRead([NotNullWhen(true)] out ClaimsPrincipal? principal, I
 
         return principal != null;
     }
-
-    /// <summary>
-    /// Validates the manifest signature and optional expiration.
-    /// </summary>
-    /// <param name="jwt">The JWT to validate.</param>
-    /// <param name="jwk">The key to validate the manifest signature with.</param>
-    /// <param name="token">Except when returning <see cref="Status.Unknown"/>, returns the security token read from the JWT, even if signature check failed.</param>
-    /// <param name="identity">The associated claims, only when return value is not <see cref="Status.Unknown"/>.</param>
-    /// <param name="requireExpiration">Whether to check for expiration.</param>
-    /// <returns>The status of the validation.</returns>
-    public static ManifestStatus Validate(string jwt, string jwk, out SecurityToken? token, out ClaimsIdentity? identity, bool validateExpiration)
-    {
-        token = default;
-        identity = default;
-
-        SecurityKey key;
-        try
-        {
-            key = JsonWebKey.Create(jwk);
-        }
-        catch (ArgumentException)
-        {
-            return ManifestStatus.Unknown;
-        }
-
-        var handler = new JsonWebTokenHandler { MapInboundClaims = false };
-
-        if (!handler.CanReadToken(jwt))
-            return ManifestStatus.Unknown;
-
-        var validation = new TokenValidationParameters
-        {
-            RequireExpirationTime = false,
-            ValidateLifetime = false,
-            ValidateAudience = false,
-            ValidateIssuer = false,
-            ValidateIssuerSigningKey = true,
-            IssuerSigningKey = key,
-            RoleClaimType = "roles",
-            NameClaimType = "sub",
-        };
-
-        var result = handler.ValidateTokenAsync(jwt, validation).Result;
-        if (result.Exception != null)
-        {
-            if (result.Exception is SecurityTokenInvalidSignatureException)
-            {
-                var jwtToken = handler.ReadJsonWebToken(jwt);
-                token = jwtToken;
-                identity = new ClaimsIdentity(jwtToken.Claims);
-                return ManifestStatus.Invalid;
-            }
-            else
-            {
-                var jwtToken = handler.ReadJsonWebToken(jwt);
-                token = jwtToken;
-                identity = new ClaimsIdentity(jwtToken.Claims);
-                return ManifestStatus.Invalid;
-            }
-        }
-
-        token = result.SecurityToken;
-        identity = new ClaimsIdentity(result.ClaimsIdentity.Claims, "JWT");
-
-        if (validateExpiration && token.ValidTo == DateTime.MinValue)
-            return ManifestStatus.Invalid;
-
-        // The sponsorable manifest does not have an expiration time.
-        if (validateExpiration && token.ValidTo < DateTimeOffset.UtcNow)
-            return ManifestStatus.Expired;
-
-        return ManifestStatus.Valid;
-    }
-
-    class JwtRolesPrincipal(ClaimsIdentity identity) : ClaimsPrincipal([identity])
-    {
-        public override bool IsInRole(string role) => HasClaim("roles", role) || base.IsInRole(role);
-    }
 }

src/SponsorLink/SponsorLink/SponsorLink.cs

@@ -0,0 +1,160 @@
+// <autogenerated />
+#nullable enable
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IO;
+using System.Security.Claims;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Devlooped.Sponsors;
+
+/// <summary>
+/// The resulting status from validation.
+/// </summary>
+public enum ManifestStatus
+{
+    /// <summary>
+    /// The manifest couldn't be read at all.
+    /// </summary>
+    Unknown,
+    /// <summary>
+    /// The manifest was read and is valid (not expired and properly signed).
+    /// </summary>
+    Valid,
+    /// <summary>
+    /// The manifest was read but has expired.
+    /// </summary>
+    Expired,
+    /// <summary>
+    /// The manifest was read, but its signature is invalid.
+    /// </summary>
+    Invalid,
+}
+
+/// <summary>
+/// Represents the sponsorship status of a user.
+/// </summary>
+/// <param name="Status">The status.</param>
+/// <param name="Principal">The principal potentially containing roles validated from the manifest.</param>
+/// <param name="SecurityToken">The security token from the validated manifest.</param>
+public record SponsorManifest(ManifestStatus Status, ClaimsPrincipal Principal, SecurityToken? SecurityToken)
+{
+    /// <summary>
+    /// Whether the manifest <see cref="Status"/> is <see cref="ManifestStatus.Valid"/>.
+    /// </summary>
+    public bool IsValid => Status == ManifestStatus.Valid;
+}
+
+static partial class SponsorLink
+{
+    /// <summary>
+    /// Reads the local manifest (if present) for the specified sponsorable account and validates it 
+    /// against the given JWK key.
+    /// </summary>
+    /// <param name="sponsorable">The sponsorable account to read.</param>
+    /// <param name="jwk">The public key to validate the signature on the manifest JWT if found.</param>
+    /// <param name="validateExpiration">Whether to validate the manifest expiration. If <see langword="false"/>, 
+    /// an expired manifest will be reported as <see cref="ManifestStatus.Valid"/>. The expiration date 
+    /// can be checked in that case via the <see cref="SponsorManifest.SecurityToken"/>.</param>
+    /// <returns>A manifest that represents the user status.</returns>
+    public static SponsorManifest GetManifest(string sponsorable, string jwk, bool validateExpiration = true)
+    {
+        var path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), 
+            ".sponsorlink", "github", sponsorable + ".jwt");
+
+        if (!File.Exists(path))
+            return new SponsorManifest(ManifestStatus.Unknown, new ClaimsPrincipal(), null);
+
+        return ParseManifest(File.ReadAllText(path), jwk, validateExpiration);
+    }
+
+    internal static SponsorManifest ParseManifest(string jwt, string jwk, bool validateExpiration)
+    {
+        var status = Validate(jwt, jwk, out var token, out var identity, validateExpiration);
+
+        if (status == ManifestStatus.Unknown || identity == null)
+            return new SponsorManifest(status, new ClaimsPrincipal(), token);
+
+        return new SponsorManifest(status, new JwtRolesPrincipal(identity), token);
+    }
+
+    /// <summary>
+    /// Validates the manifest signature and optional expiration.
+    /// </summary>
+    /// <param name="jwt">The JWT to validate.</param>
+    /// <param name="jwk">The key to validate the manifest signature with.</param>
+    /// <param name="token">Except when returning <see cref="Status.Unknown"/>, returns the security token read from the JWT, even if signature check failed.</param>
+    /// <param name="identity">The associated claims, only when return value is not <see cref="Status.Unknown"/>.</param>
+    /// <param name="requireExpiration">Whether to check for expiration.</param>
+    /// <returns>The status of the validation.</returns>
+    public static ManifestStatus Validate(string jwt, string jwk, out SecurityToken? token, out ClaimsIdentity? identity, bool validateExpiration)
+    {
+        token = default;
+        identity = default;
+
+        SecurityKey key;
+        try
+        {
+            key = JsonWebKey.Create(jwk);
+        }
+        catch (ArgumentException)
+        {
+            return ManifestStatus.Unknown;
+        }
+
+        var handler = new JsonWebTokenHandler { MapInboundClaims = false };
+
+        if (!handler.CanReadToken(jwt))
+            return ManifestStatus.Unknown;
+
+        var validation = new TokenValidationParameters
+        {
+            RequireExpirationTime = false,
+            ValidateLifetime = false,
+            ValidateAudience = false,
+            ValidateIssuer = false,
+            ValidateIssuerSigningKey = true,
+            IssuerSigningKey = key,
+            RoleClaimType = "roles",
+            NameClaimType = "sub",
+        };
+
+        var result = handler.ValidateTokenAsync(jwt, validation).Result;
+        if (!result.IsValid || result.Exception != null)
+        {
+            if (result.Exception is SecurityTokenInvalidSignatureException)
+            {
+                var jwtToken = handler.ReadJsonWebToken(jwt);
+                token = jwtToken;
+                identity = new ClaimsIdentity(jwtToken.Claims);
+                return ManifestStatus.Invalid;
+            }
+            else
+            {
+                var jwtToken = handler.ReadJsonWebToken(jwt);
+                token = jwtToken;
+                identity = new ClaimsIdentity(jwtToken.Claims);
+                return ManifestStatus.Invalid;
+            }
+        }
+
+        token = result.SecurityToken;
+        identity = new ClaimsIdentity(result.ClaimsIdentity.Claims, "JWT");
+
+        if (validateExpiration && token.ValidTo == DateTime.MinValue)
+            return ManifestStatus.Invalid;
+
+        // The sponsorable manifest does not have an expiration time.
+        if (validateExpiration && token.ValidTo < DateTimeOffset.UtcNow)
+            return ManifestStatus.Expired;
+
+        return ManifestStatus.Valid;
+    }
+
+    class JwtRolesPrincipal(ClaimsIdentity identity) : ClaimsPrincipal([identity])
+    {
+        public override bool IsInRole(string role) => HasClaim("roles", role) || base.IsInRole(role);
+    }
+}