PetriePanel-Team/PetriePanel
2
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Added userinfo endpoint usage and api now properly creates necessary claims to start doing database stuff

Browse Source
This commit is contained in:
littlefoot
2021-10-18 11:06:44 -04:00
parent 320d939c76
commit 9e6c7f33a5
13 changed files with 129 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
WebAPI/Auth/CustomAuthorizationFilter.cs
View File

@@ -1,64 +0,0 @@
using System;
using System.Linq;
using System.Net.Http.Headers;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Logging;
using Microsoft.Net.Http.Headers;
using WebAPI.Data;
namespace WebAPI.Auth
{
public class OIDCAuthorization : ServiceFilterAttribute
{
public OIDCAuthorization() : base(typeof(CustomAuthorizationFilter))
{
}
}
/// <summary>
/// Authorization filter for checking the bearer token against the OIDC service.
/// Will short circuit on an invalid token
///
/// </summary>
public class CustomAuthorizationFilter: IAsyncAuthorizationFilter
{
private readonly ILogger<CustomAuthorizationFilter> _logger;
private readonly OIDCService _oidcService;
private readonly AppDbContext _appDbContext;
public CustomAuthorizationFilter(ILogger<CustomAuthorizationFilter> logger, OIDCService oidcService, AppDbContext appDbContext)
{
_logger = logger;
_oidcService = oidcService;
_appDbContext = appDbContext;
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
try
{
var httpContext = context.HttpContext;
var bearerToken = httpContext?.Request?.Headers[HeaderNames.Authorization].FirstOrDefault();
if (string.IsNullOrEmpty(bearerToken))
{
throw new Exception("Need a token");
}
string token = bearerToken.Split(" ").ElementAt(1);
if (!await _oidcService.ValidateAccessToken(token))
{
throw new Exception("bad token");
}
}
catch (Exception e)
{
context.Result = new ForbidResult(e.Message);
}
}
}
}

21
WebAPI/Auth/OIDCAuthHandler.cs → WebAPI/Auth/OIDCTokenAuthHandler.cs
View File

@@ -34,9 +34,17 @@ namespace WebAPI.Auth
return AuthenticateResult.Fail("failed to validate token");
}
var userInfo = await _oidcService.GetTokenDetails(token);
if (userInfo == null)
{
return AuthenticateResult.Fail("Failed to get info for token");
}
var identity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Authentication, token)
new Claim(ClaimTypes.Authentication, token),
new Claim(ClaimTypes.Name, userInfo.Name),
new Claim(OIDCClaimTypes.Username, userInfo.PreferredUsername),
new Claim(OIDCClaimTypes.Subject, userInfo.Sub)
}, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
return AuthenticateResult.Success(new AuthenticationTicket(principal, Scheme.Name));
@@ -45,14 +53,17 @@ namespace WebAPI.Auth
public class OIDCTokenAuthenticationOptions : AuthenticationSchemeOptions
{
public string OIDCIntrospectionEndpoint { get; set; }
public string OIDCClientId { get; set; }
public string OIDCClientSecret { get; set; }
}
public class OIDCTokenAuthenticationDefaults
{
public static string DefaultScheme => "OIDCAuthentication";
}
public static class OIDCClaimTypes
{
public static string Username => "Username";
public static string Subject => "Subject";
}
}