NDB.Security.Authentication.Identity upgrade

2021-11-12 02:40:46 +02:00 · 2021-11-12 02:40:46 +02:00 · f24972375d
parent 14ea9a7112
commit f24972375d
3 changed files with 50 additions and 13 deletions
--- a/NDB.Security.Authentication.Identity/Constants/ClaimTypes.cs
+++ b/NDB.Security.Authentication.Identity/Constants/ClaimTypes.cs
@ -3,6 +3,10 @@
    public struct ClaimTypes
    {
        public const string
-            IsGuestUser = "IsGuestUser";
+            UserName = "UserName",
+            FirstName = "FirstName",
+            LastName = "LastName",
+            IsGuestUser = "IsGuestUser",
+            ProfilePictureUrl = "ProfilePictureUrl";
    }
 }
--- a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
+++ b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
@ -4,6 +4,8 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using NDB.Security.Authentication.Identity.Abstractions;
+using System.Collections.Generic;
+using System.Linq;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
@ -30,40 +32,71 @@ namespace NDB.Security.Authentication.Identity
                var authenticateAsGuest = _authenticationOptions.AuthenticateAsGuest?.Invoke(Request) ?? false;
                if (authenticateAsGuest)
                {
-                    var guestTicket = GetAuthenticationTicket(new User() { UserId = _authenticationOptions.GuestUserId, UserName = _authenticationOptions.GuestUserName }, true);
+                    var guestTicket = GetGuestAuthenticationTicket(_authenticationOptions.GuestUserId, _authenticationOptions.GuestUserName);
                    return AuthenticateResult.Success(guestTicket);
                }

                return AuthenticateResult.Fail("Missing Authorization Header");
            }

-            User user;
+            TokenCore tokenCore;
            try
            {
                var authorizationHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
                var token = authorizationHeader.Parameter;
-                user = await _identityService.Authorize(token);
+                tokenCore = await _identityService.Authorize(token);
            }
            catch
            {
-                return AuthenticateResult.Fail("Invalid Authorization Header");
+                return AuthenticateResult.Fail("Invalid authorization header");
            }

-            if (user == null)
-                return AuthenticateResult.Fail("Invalid Username or Password");
+            if (tokenCore == null)
+                return AuthenticateResult.Fail("Invalid token");

-            var ticket = GetAuthenticationTicket(user);
+            var ticket = GetAuthenticationTicket(tokenCore);
            return AuthenticateResult.Success(ticket);
        }

-        private AuthenticationTicket GetAuthenticationTicket(User user, bool isGuest = false)
+        private AuthenticationTicket GetGuestAuthenticationTicket(int guestId, string guestName)
        {
            var claims = new[] {
-                new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString()),
-                new Claim(ClaimTypes.Name, user.UserName),
-                new Claim(Constants.ClaimTypes.IsGuestUser, isGuest.ToString())
+                new Claim(ClaimTypes.NameIdentifier, guestId.ToString()),
+                new Claim(ClaimTypes.Name, guestName),
+                new Claim(Constants.ClaimTypes.IsGuestUser, bool.TrueString)
            };

+            var ticket = GetAuthenticationTicket(claims);
+            return ticket;
+        }
+
+        private AuthenticationTicket GetAuthenticationTicket(TokenCore tokenCore)
+        {
+            var claimCollection = new Dictionary<string, string>()
+            {
+                { ClaimTypes.NameIdentifier, tokenCore.UserId.ToString() },
+                { ClaimTypes.Name, tokenCore.UserName },
+                { Constants.ClaimTypes.UserName, tokenCore.UserName },
+                { Constants.ClaimTypes.FirstName, tokenCore.FirstName },
+                { Constants.ClaimTypes.LastName, tokenCore.LastName },
+                { Constants.ClaimTypes.ProfilePictureUrl, tokenCore.ProfilePictureUrl },
+                { ClaimTypes.Email, tokenCore.Email }
+            };
+
+            if (tokenCore.Claims != null && tokenCore.Claims.Any())
+            {
+                foreach (var claim in tokenCore.Claims)
+                    claimCollection.Add(claim.Key, claim.Value);
+            }
+
+            var claims = claimCollection.Select(z => new Claim(z.Key, z.Value)).ToArray();
+            var ticket = GetAuthenticationTicket(claims);
+
+            return ticket;
+        }
+
+        private AuthenticationTicket GetAuthenticationTicket(Claim[] claims)
+        {
            var identity = new ClaimsIdentity(claims, Scheme.Name);
            var principal = new ClaimsPrincipal(identity);
            var ticket = new AuthenticationTicket(principal, Scheme.Name);
--- a/NDB.Security.Authentication.Identity/NDB.Security.Authentication.Identity.csproj
+++ b/NDB.Security.Authentication.Identity/NDB.Security.Authentication.Identity.csproj
@ -11,7 +11,7 @@
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="IdentityServer.Wrapper" Version="1.0.1" />
+    <PackageReference Include="IdentityServer.Wrapper" Version="1.1.0" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
  </ItemGroup>