tudor.stanciu
/
tuitio
mirror of https://dev.azure.com/tstanciu94/Tuitio/_git/Tuitio
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute.

master
Tudor Stanciu 2023-04-07 19:12:14 +03:00
parent d85ed53cdf
commit ebb0f4de62
6 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Directory.Build.props
View File

@ -1,7 +1,7 @@
<Project> <Project>
<Import Project="dependencies.props" /> <Import Project="dependencies.props" />
<PropertyGroup> <PropertyGroup>
<Version>2.4.0</Version> <Version>2.4.1</Version>
<Authors>Tudor Stanciu</Authors> <Authors>Tudor Stanciu</Authors>
<Company>STA</Company> <Company>STA</Company>
<PackageTags>Tuitio</PackageTags> <PackageTags>Tuitio</PackageTags>

8
ReleaseNotes.xml
View File

@ -95,4 +95,12 @@
◾ Each user group can have roles that will be applied to all users who are part of the group. ◾ Each user group can have roles that will be applied to all users who are part of the group.
</Content> </Content>
</Note> </Note>
<Note>
<Version>2.4.1</Version>
<Date>2023-04-07 19:12</Date>
<Content>
Authentication handler changes
◾ The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute.
</Content>
</Note>
</ReleaseNotes> </ReleaseNotes>

4
src/Tuitio/Authentication/AuthenticationExtensions.cs
View File

@ -1,4 +1,6 @@
using Microsoft.AspNetCore.Authentication; // Copyright (c) 2020 Tudor Stanciu
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Tuitio.Application.Abstractions; using Tuitio.Application.Abstractions;

12
src/Tuitio/Authentication/AuthenticationHandler.cs
View File

@ -1,4 +1,8 @@
using Microsoft.AspNetCore.Authentication; // Copyright (c) 2020 Tudor Stanciu
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using System.Collections.Generic; using System.Collections.Generic;
@ -25,6 +29,12 @@ namespace Tuitio.Authentication
protected override async Task<AuthenticateResult> HandleAuthenticateAsync() protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{ {
var endpoint = Context.GetEndpoint();
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
{
return AuthenticateResult.NoResult();
}
var token = GetAuthorizationToken(); var token = GetAuthorizationToken();
if (token == null) if (token == null)
return AuthenticateResult.Fail("AUTHORIZATION_HEADER_IS_MISSING"); return AuthenticateResult.Fail("AUTHORIZATION_HEADER_IS_MISSING");

4
src/Tuitio/Authentication/HttpContextService.cs
View File

@ -1,4 +1,6 @@
using Microsoft.AspNetCore.Http; // Copyright (c) 2020 Tudor Stanciu
using Microsoft.AspNetCore.Http;
using System.Linq; using System.Linq;
using System; using System;
using Tuitio.Application.Abstractions; using Tuitio.Application.Abstractions;

3
src/Tuitio/Controllers/AccountController.cs
View File

@ -1,12 +1,14 @@
// Copyright (c) 2020 Tudor Stanciu // Copyright (c) 2020 Tudor Stanciu
using MediatR; using MediatR;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks; using System.Threading.Tasks;
using Tuitio.Application.CommandHandlers; using Tuitio.Application.CommandHandlers;
namespace Tuitio.Controllers namespace Tuitio.Controllers
{ {
[Authorize]
[ApiController] [ApiController]
[Route("account")] [Route("account")]
public class AccountController : ControllerBase public class AccountController : ControllerBase
@ -18,6 +20,7 @@ namespace Tuitio.Controllers
_mediator = mediator; _mediator = mediator;
} }
[AllowAnonymous]
[HttpPost("login")] [HttpPost("login")]
public async Task<IActionResult> Login([FromQuery] string userName, string password) public async Task<IActionResult> Login([FromQuery] string userName, string password)
{ {