Commit 266e423

committed

WIP : Authorization applied

1 parent f104baf commit 266e423Copy full SHA for 266e423

File tree

6 files changed

+92

-33

lines changed

server
- AuthWebApplication/AuthWebApplication/Controllers
  - AuthorizeTokenController.cs
  - TokenController.cs
- RedisLibrary
  - Services
    - RedisService.cs
  - obj
    - AuthLibrary.csproj.nuget.dgspec.json
    - project.assets.json
- WebApplication2/WebApplication2/Attributes
  - TokenAuthorizeAttribute.cs

6 files changed

+92

-33

lines changed

`‎server/AuthWebApplication/AuthWebApplication/Controllers/AuthorizeTokenController.cs`

Lines changed: 79 additions & 23 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,59 +17,115 @@`
`17`	`17`
`18`	`18`	`namespace AuthWebApplication.Controllers`
`19`	`19`	`{`
`20`		`- [Authorize]`
	`20`	`+ //[Authorize]`
`21`	`21`	`[Route("api/[controller]")]`
`22`	`22`	`[ApiController]`
`23`	`23`	`public class AuthorizeTokenController : ControllerBase`
`24`	`24`	`{`
`25`	`25`	`private RedisService redisService;`
`26`	`26`	`private readonly ILogger<AuthorizeTokenController> logger;`
`27`	`27`
`28`		`- public AuthorizeTokenController(ILogger<AuthorizeTokenController> logger,RedisService redisService)`
	`28`	`+ public AuthorizeTokenController(ILogger<AuthorizeTokenController> logger,RedisService redisService)`
`29`	`29`	`{`
`30`	`30`	`this.logger = logger;`
`31`	`31`	`this.redisService = redisService;`
`32`	`32`	`}`
`33`	`33`
`34`		`- public async Task<IActionResult> Get(string resource)`
`35`		`- {`
`36`		`- var userName = this.User.Identity.Name;`
`37`		`- var claimsIdentity = this.User.Identities.First() as ClaimsIdentity;`
`38`		`- var claim = claimsIdentity.Claims.First(x => x.Type == JwtRegisteredClaimNames.Jti);`
`39`		`- var jti = claim.Value;`
	`34`	`+ // public async Task<IActionResult> Get(string resource)`
	`35`	`+ // {`
	`36`	`+ // var userName = this.User.Identity.Name;`
	`37`	`+ // var claimsIdentity = this.User.Identities.First() as ClaimsIdentity;`
	`38`	`+ // var claim = claimsIdentity.Claims.First(x => x.Type == JwtRegisteredClaimNames.Jti);`
	`39`	`+ // var jti = claim.Value;`
	`40`	`+`
	`41`	`+ // var inValid = string.IsNullOrWhiteSpace(userName) \|\| string.IsNullOrWhiteSpace(jti) \|\| string.IsNullOrWhiteSpace(resource);`
	`42`	`+ // if (inValid)`
	`43`	`+ // {`
	`44`	`+ // return Unauthorized("Invalid data");`
	`45`	`+ // }`
	`46`	`+`
	`47`	`+ // var redisValue = await redisService.Get(userName);`
	`48`	`+ // if (string.IsNullOrWhiteSpace(redisValue))`
	`49`	`+ // {`
	`50`	`+ // return Unauthorized(userName);`
	`51`	`+ // }`
	`52`	`+`
	`53`	`+ // var dbValue = (dynamic)JsonConvert.DeserializeObject(redisValue);`
	`54`	`+ // var jtiArray = ((dbValue as dynamic).jtis as dynamic) as JArray;`
	`55`	`+ // var list = jtiArray.ToObject<List<string>>();`
	`56`	`+ // var validJti = list.Exists(x => x == jti);`
	`57`	`+`
	`58`	`+ // if (!validJti)`
	`59`	`+ // {`
	`60`	`+ // return Unauthorized(jti);`
	`61`	`+ // }`
	`62`	`+`
	`63`	`+ // var permissionViewModels = JsonConvert.DeserializeObject<List<ApplicationPermissionViewModel>>(`
	`64`	`+ // ((dbValue as dynamic).resources as JValue).ToString());`
	`65`	`+ // var permitted = permissionViewModels.Exists(x => x.Name == resource && Convert.ToBoolean(x.IsAllowed));`
`40`	`66`
`41`		`- var inValid = string.IsNullOrWhiteSpace(userName) \|\| string.IsNullOrWhiteSpace(jti) \|\| string.IsNullOrWhiteSpace(resource);`
	`67`	`+ // if (!permitted)`
	`68`	`+ // {`
	`69`	`+ // return Forbid("Bearer");`
	`70`	`+ // }`
	`71`	`+`
	`72`	`+ // return Ok();`
	`73`	`+ // }`
	`74`	`+`
	`75`	`+ public async Task<IActionResult> Get(string user, string resource, string jti)`
	`76`	`+ {`
	`77`	`+ var inValid = string.IsNullOrWhiteSpace(user) \|\| string.IsNullOrWhiteSpace(jti) \|\| string.IsNullOrWhiteSpace(resource);`
`42`	`78`	`if (inValid)`
`43`	`79`	`{`
`44`		`- return Unauthorized("Invalid data");`
	`80`	`+ return Unauthorized("Invalid data. User or resource or jti cannot be empty");`
`45`	`81`	`}`
`46`	`82`
`47`		`- var redisValue = await redisService.Get(userName);`
	`83`	`+ var redisValue = await redisService.Get(user);`
`48`	`84`	`if (string.IsNullOrWhiteSpace(redisValue))`
`49`	`85`	`{`
`50`		`- return Unauthorized(userName);`
	`86`	`+ return Unauthorized(user);`
`51`	`87`	`}`
`52`	`88`
`53`		`- var dbValue = (dynamic)JsonConvert.DeserializeObject(redisValue);`
`54`		`- var jtiArray = ((dbValue as dynamic).jtis as dynamic) as JArray;`
`55`		`- var list = jtiArray.ToObject<List<string>>();`
`56`		`- var validJti = list.Exists(x => x == jti);`
	`89`	`+ var dbValue = JsonConvert.DeserializeObject<AuthorizationDataModel>(redisValue);`
`57`	`90`
`58`		`- if (!validJti)`
	`91`	`+ if (dbValue==null)`
`59`	`92`	`{`
`60`		`- return Unauthorized(jti);`
	`93`	`+ return Unauthorized("Invalid cache. Please logout and do a fresh login");`
`61`	`94`	`}`
`62`	`95`
`63`		`- var permissionViewModels = JsonConvert.DeserializeObject<List<ApplicationPermissionViewModel>>(`
`64`		`- ((dbValue as dynamic).resources as JValue).ToString());`
`65`		`- var permitted = permissionViewModels.Exists(x => x.Name == resource && Convert.ToBoolean(x.IsAllowed));`
	`96`	`+ var validJti = dbValue.jtis.Exists(x => x == jti);`
`66`	`97`
`67`		`- if (!permitted)`
	`98`	`+ if (!validJti)`
`68`	`99`	`{`
`69`		`- return Forbid("Bearer");`
	`100`	`+ return Unauthorized(jti);`
`70`	`101`	`}`
`71`	`102`
	`103`	`+ // var permissionViewModels = JsonConvert.DeserializeObject<List<ApplicationPermissionViewModel>>(`
	`104`	`+ // ((dbValue as dynamic).resources as JValue).ToString());`
	`105`	`+ // var permitted = permissionViewModels.Exists(x => x.Name == resource && Convert.ToBoolean(x.IsAllowed));`
	`106`	`+`
	`107`	`+ // if (!permitted)`
	`108`	`+ // {`
	`109`	`+ // return Forbid("Bearer");`
	`110`	`+ // }`
	`111`	`+`
`72`	`112`	`return Ok();`
`73`	`113`	`}`
	`114`	`+`
	`115`	`+ private class AuthorizationDataModel`
	`116`	`+ {`
	`117`	`+ public List<string> jtis { get; set; }`
	`118`	`+`
	`119`	`+ public List<AuthorizationResourceModel> resources { get; set; }`
	`120`	`+ }`
	`121`	`+`
	`122`	`+ private class AuthorizationResourceModel`
	`123`	`+ {`
	`124`	`+ public string Name { get; set; }`
	`125`	`+`
	`126`	`+ public string IsAllowed { get; set; }`
	`127`	`+`
	`128`	`+ public string IsDisabled { get; set; }`
	`129`	`+ }`
`74`	`130`	`}`
`75`	`131`	`}`

`‎server/AuthWebApplication/AuthWebApplication/Controllers/TokenController.cs`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ public async Task<ActionResult> Post([FromBody] LoginViewModel loginViewModel)`
`108`	`108`
`109`	`109`	`await securityDb.UserTokens.AddAsync(token);`
`110`	`110`	`await securityDb.SaveChangesAsync();`
`111`		`- await redisService.Set(token.Name, jwtOptions.ValidFor, token.Jti, JsonConvert.SerializeObject(resources));`
	`111`	`+ await redisService.Set(token.Name, jwtOptions.ValidFor, token.Jti, resources);`
`112`	`112`	`return Ok(jwt);`
`113`	`113`	`}`
`114`	`114`

`‎server/RedisLibrary/Services/RedisService.cs`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ public void Connect()`
`43`	`43`	`logger.LogDebug("Connected to Redis");`
`44`	`44`	`}`
`45`	`45`
`46`		`- public async Task<bool> Set(string key, TimeSpan expiry, string tokenJti, string resources)`
	`46`	`+ public async Task<bool> Set(string key, TimeSpan expiry, string tokenJti, List<dynamic> resources)`
`47`	`47`	`{`
`48`	`48`	`var db = _redis.GetDatabase();`
`49`	`49`	`var redisValue = await db.StringGetAsync(key);`

`‎server/RedisLibrary/obj/AuthLibrary.csproj.nuget.dgspec.json`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@`
`79`	`79`	`"privateAssets": "all"`
`80`	`80`	`}`
`81`	`81`	`},`
`82`		`- "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\5.0.100\\RuntimeIdentifierGraph.json"`
	`82`	`+ "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\5.0.101\\RuntimeIdentifierGraph.json"`
`83`	`83`	`}`
`84`	`84`	`}`
`85`	`85`	`}`

`‎server/RedisLibrary/obj/project.assets.json`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1277,7 +1277,7 @@`
`1277`	`1277`	`"privateAssets": "all"`
`1278`	`1278`	`}`
`1279`	`1279`	`},`
`1280`		`- "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\5.0.100\\RuntimeIdentifierGraph.json"`
	`1280`	`+ "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\5.0.101\\RuntimeIdentifierGraph.json"`
`1281`	`1281`	`}`
`1282`	`1282`	`}`
`1283`	`1283`	`}`

`‎server/WebApplication2/WebApplication2/Attributes/TokenAuthorizeAttribute.cs`

Lines changed: 9 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public void OnAuthorization(AuthorizationFilterContext context)`
`24`	`24`	`var token = context.HttpContext.Request.Headers["Authorization"].ToString();`
`25`	`25`	`try`
`26`	`26`	`{`
`27`		`- HttpAuthorization(resource,token);`
	`27`	`+ HttpAuthorization(context,resource);`
`28`	`28`
`29`	`29`	`// GrpcAuthorization(token, resource);`
`30`	`30`
`@@ -58,18 +58,21 @@ private void GoAuthorization(AuthorizationFilterContext context, string resource`
`58`	`58`	`httpResponseMessage.EnsureSuccessStatusCode();`
`59`	`59`	`}`
`60`	`60`
`61`		`- private staticstring HttpAuthorization(stringresource, string token)`
	`61`	`+ private string HttpAuthorization(AuthorizationFilterContextcontext, string resource)`
`62`	`62`	`{`
`63`	`63`	`var client = Factory.HttpClient;`
`64`		`- client.DefaultRequestHeaders.Authorization = AuthenticationHeaderValue.Parse(token);`
`65`		`- var url = $"{Constants.AuthServer}/api/AuthorizeToken?resource={resource}";`
	`64`	`+ var user = context.HttpContext.User.Identity.Name;`
	`65`	`+ var claimsIdentity = context.HttpContext.User.Identities.First() as ClaimsIdentity;`
	`66`	`+ var claim = claimsIdentity.Claims.First(x => x.Type == JwtRegisteredClaimNames.Jti);`
	`67`	`+ var jti = claim.Value;`
	`68`	`+ var url = $"{Constants.AuthServer}/api/AuthorizeToken?user={user}&resource={resource}&jti={jti}";`
`66`	`69`	`var httpResponseMessage = client.GetAsync(url).GetAwaiter().GetResult();`
`67`	`70`	`httpResponseMessage.EnsureSuccessStatusCode();`
`68`		`- return token;`
	`71`	`+ return jti;`
`69`	`72`	`}`
`70`	`73`
`71`	`74`
`72`		`- private staticvoid GrpcAuthorization(string token, string resource)`
	`75`	`+ private void GrpcAuthorization(string token, string resource)`
`73`	`76`	`{`
`74`	`77`	`Greeter.GreeterClient gClient = Factory.GreeterClient;`
`75`	`78`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 266e423

File tree

6 files changed

6 files changed

`‎server/AuthWebApplication/AuthWebApplication/Controllers/AuthorizeTokenController.cs`

`‎server/AuthWebApplication/AuthWebApplication/Controllers/TokenController.cs`

`‎server/RedisLibrary/Services/RedisService.cs`

`‎server/RedisLibrary/obj/AuthLibrary.csproj.nuget.dgspec.json`

`‎server/RedisLibrary/obj/project.assets.json`

`‎server/WebApplication2/WebApplication2/Attributes/TokenAuthorizeAttribute.cs`

0 commit comments