From ebb0f4de62466a6554a275444441e782632a15be Mon Sep 17 00:00:00 2001 From: Tudor Stanciu Date: Fri, 7 Apr 2023 19:12:14 +0300 Subject: [PATCH] The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute. --- Directory.Build.props | 2 +- ReleaseNotes.xml | 8 ++++++++ .../Authentication/AuthenticationExtensions.cs | 4 +++- src/Tuitio/Authentication/AuthenticationHandler.cs | 12 +++++++++++- src/Tuitio/Authentication/HttpContextService.cs | 4 +++- src/Tuitio/Controllers/AccountController.cs | 3 +++ 6 files changed, 29 insertions(+), 4 deletions(-) diff --git a/Directory.Build.props b/Directory.Build.props index f2b90fb..375016d 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -1,7 +1,7 @@ - 2.4.0 + 2.4.1 Tudor Stanciu STA Tuitio diff --git a/ReleaseNotes.xml b/ReleaseNotes.xml index 3122d04..f62bf29 100644 --- a/ReleaseNotes.xml +++ b/ReleaseNotes.xml @@ -95,4 +95,12 @@ ◾ Each user group can have roles that will be applied to all users who are part of the group. + + 2.4.1 + 2023-04-07 19:12 + + Authentication handler changes + ◾ The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute. + + \ No newline at end of file diff --git a/src/Tuitio/Authentication/AuthenticationExtensions.cs b/src/Tuitio/Authentication/AuthenticationExtensions.cs index 66eabb1..fc480fc 100644 --- a/src/Tuitio/Authentication/AuthenticationExtensions.cs +++ b/src/Tuitio/Authentication/AuthenticationExtensions.cs @@ -1,4 +1,6 @@ -using Microsoft.AspNetCore.Authentication; +// Copyright (c) 2020 Tudor Stanciu + +using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.DependencyInjection; using Tuitio.Application.Abstractions; diff --git a/src/Tuitio/Authentication/AuthenticationHandler.cs b/src/Tuitio/Authentication/AuthenticationHandler.cs index 8c1a0da..d54de57 100644 --- a/src/Tuitio/Authentication/AuthenticationHandler.cs +++ b/src/Tuitio/Authentication/AuthenticationHandler.cs @@ -1,4 +1,8 @@ -using Microsoft.AspNetCore.Authentication; +// Copyright (c) 2020 Tudor Stanciu + +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using System.Collections.Generic; @@ -25,6 +29,12 @@ namespace Tuitio.Authentication protected override async Task HandleAuthenticateAsync() { + var endpoint = Context.GetEndpoint(); + if (endpoint?.Metadata?.GetMetadata() != null) + { + return AuthenticateResult.NoResult(); + } + var token = GetAuthorizationToken(); if (token == null) return AuthenticateResult.Fail("AUTHORIZATION_HEADER_IS_MISSING"); diff --git a/src/Tuitio/Authentication/HttpContextService.cs b/src/Tuitio/Authentication/HttpContextService.cs index 682c7b5..1e250f5 100644 --- a/src/Tuitio/Authentication/HttpContextService.cs +++ b/src/Tuitio/Authentication/HttpContextService.cs @@ -1,4 +1,6 @@ -using Microsoft.AspNetCore.Http; +// Copyright (c) 2020 Tudor Stanciu + +using Microsoft.AspNetCore.Http; using System.Linq; using System; using Tuitio.Application.Abstractions; diff --git a/src/Tuitio/Controllers/AccountController.cs b/src/Tuitio/Controllers/AccountController.cs index f5e4cac..f73ac08 100644 --- a/src/Tuitio/Controllers/AccountController.cs +++ b/src/Tuitio/Controllers/AccountController.cs @@ -1,12 +1,14 @@ // Copyright (c) 2020 Tudor Stanciu using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.Threading.Tasks; using Tuitio.Application.CommandHandlers; namespace Tuitio.Controllers { + [Authorize] [ApiController] [Route("account")] public class AccountController : ControllerBase @@ -18,6 +20,7 @@ namespace Tuitio.Controllers _mediator = mediator; } + [AllowAnonymous] [HttpPost("login")] public async Task Login([FromQuery] string userName, string password) {