Code changes
Did not run code. Had a spur of the moment to try something out.
This commit is contained in:
@@ -12,7 +12,18 @@ namespace Icarus.Authorization.Handlers
|
|||||||
{
|
{
|
||||||
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement)
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement)
|
||||||
{
|
{
|
||||||
if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer))
|
var issuer = requirement.Issuer;
|
||||||
|
var scope = requirement.Scope;
|
||||||
|
var claim = string.Empty;
|
||||||
|
// if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer))
|
||||||
|
if (!context.User.HasClaim(c =>
|
||||||
|
{
|
||||||
|
var i = 0;
|
||||||
|
var b = 99;
|
||||||
|
claim = c.Type;
|
||||||
|
return c.Type == "scope";
|
||||||
|
})
|
||||||
|
)
|
||||||
{
|
{
|
||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,87 @@
|
|||||||
|
using System;
|
||||||
|
using System.Security.Cryptography;
|
||||||
|
|
||||||
|
using Microsoft.IdentityModel.Tokens;
|
||||||
|
using Org.BouncyCastle.Crypto.Parameters;
|
||||||
|
using Org.BouncyCastle.OpenSsl;
|
||||||
|
|
||||||
|
|
||||||
|
namespace Icarus.Certs
|
||||||
|
{
|
||||||
|
|
||||||
|
public class SigningIssuerCertificate : IDisposable
|
||||||
|
{
|
||||||
|
private readonly RSACryptoServiceProvider _rsa;
|
||||||
|
|
||||||
|
public SigningIssuerCertificate()
|
||||||
|
{
|
||||||
|
_rsa = new RSACryptoServiceProvider();
|
||||||
|
}
|
||||||
|
|
||||||
|
// public or private key?
|
||||||
|
public RsaSecurityKey GetIssuerSigningKey(string publicKeyPath)
|
||||||
|
{
|
||||||
|
var file = publicKeyPath;
|
||||||
|
var publicKey = System.IO.File.ReadAllText(file);
|
||||||
|
|
||||||
|
using (var reader = System.IO.File.OpenText(file))
|
||||||
|
{
|
||||||
|
var pem = new PemReader(reader);
|
||||||
|
var o = (RsaKeyParameters)pem.ReadObject();
|
||||||
|
var parameters = new RSAParameters();
|
||||||
|
parameters.Modulus = o.Modulus.ToByteArray();
|
||||||
|
parameters.Exponent = o.Exponent.ToByteArray();
|
||||||
|
_rsa.ImportParameters(parameters);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new RsaSecurityKey(_rsa);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public void Dispose()
|
||||||
|
{
|
||||||
|
_rsa?.Dispose();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public class SigningAudienceCertificate : IDisposable
|
||||||
|
{
|
||||||
|
// private readonly RSA _rsa;
|
||||||
|
private readonly RSACryptoServiceProvider _rsa;
|
||||||
|
|
||||||
|
public SigningAudienceCertificate()
|
||||||
|
{
|
||||||
|
_rsa = new RSACryptoServiceProvider();
|
||||||
|
}
|
||||||
|
// public or private key?
|
||||||
|
public SigningCredentials GetAudienceSigningKey(string keyPath)
|
||||||
|
{
|
||||||
|
// string privateXmlKey = System.IO.File.ReadAllText("./private_key.xml");
|
||||||
|
// rsa.FromXmlString(privateXmlKey);
|
||||||
|
|
||||||
|
var file = keyPath;
|
||||||
|
var publicKey = System.IO.File.ReadAllText(file);
|
||||||
|
// var rsa = new RSACryptoServiceProvider();
|
||||||
|
|
||||||
|
using (var reader = System.IO.File.OpenText(file))
|
||||||
|
{
|
||||||
|
var pem = new PemReader(reader);
|
||||||
|
var o = (RsaKeyParameters)pem.ReadObject();
|
||||||
|
var parameters = new RSAParameters();
|
||||||
|
parameters.Modulus = o.Modulus.ToByteArray();
|
||||||
|
parameters.Exponent = o.Exponent.ToByteArray();
|
||||||
|
_rsa.ImportParameters(parameters);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new SigningCredentials(
|
||||||
|
key: new RsaSecurityKey(_rsa),
|
||||||
|
algorithm: SecurityAlgorithms.RsaSha256);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void Dispose()
|
||||||
|
{
|
||||||
|
_rsa?.Dispose();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
namespace Icarus.Models.Shared
|
||||||
|
{
|
||||||
|
public class UserCredentials
|
||||||
|
{
|
||||||
|
public string Username { get; set; }
|
||||||
|
public string Password { get; set; }
|
||||||
|
}
|
||||||
|
}
|
||||||
Executable → Regular
@@ -1,13 +1,19 @@
|
|||||||
// using JwtAuthentication.AsymmetricEncryption.Certificates;
|
// using JwtAuthentication.AsymmetricEncryption.Certificates;
|
||||||
|
using System;
|
||||||
|
using System.IdentityModel.Tokens.Jwt;
|
||||||
|
using System.Security.Claims;
|
||||||
|
using System.Linq;
|
||||||
|
|
||||||
|
using Microsoft.IdentityModel.Tokens;
|
||||||
|
using Microsoft.Extensions.Configuration;
|
||||||
|
|
||||||
using Icarus;
|
using Icarus;
|
||||||
|
using Icarus.Certs;
|
||||||
|
using Icarus.Database.Contexts;
|
||||||
using Icarus.Repositories;
|
using Icarus.Repositories;
|
||||||
using Icarus.Models.Shared;
|
using Icarus.Models.Shared;
|
||||||
// using JwtAuthentication.Shared;
|
// using JwtAuthentication.Shared;
|
||||||
// using JwtAuthentication.Shared.Models;
|
// using JwtAuthentication.Shared.Models;
|
||||||
using Microsoft.IdentityModel.Tokens;
|
|
||||||
using System;
|
|
||||||
using System.IdentityModel.Tokens.Jwt;
|
|
||||||
using System.Security.Claims;
|
|
||||||
|
|
||||||
namespace Icarus.Services
|
namespace Icarus.Services
|
||||||
{
|
{
|
||||||
@@ -15,7 +21,8 @@ namespace Icarus.Services
|
|||||||
{
|
{
|
||||||
private Microsoft.Extensions.Configuration.IConfiguration _configuration;
|
private Microsoft.Extensions.Configuration.IConfiguration _configuration;
|
||||||
private readonly UserRepository userRepository;
|
private readonly UserRepository userRepository;
|
||||||
private readonly SigningAudienceCertificate signingAudienceCertificate;
|
private readonly UserContext _userContext;
|
||||||
|
private readonly Icarus.Certs.SigningAudienceCertificate signingAudienceCertificate;
|
||||||
private string _publickKeyPath = string.Empty;
|
private string _publickKeyPath = string.Empty;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -26,17 +33,29 @@ namespace Icarus.Services
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
public TokenService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration)
|
public TokenService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration)
|
||||||
{
|
{
|
||||||
this._configuration = configuration;
|
this._configuration = configuration;
|
||||||
this.userRepository = userRepository;
|
this.userRepository = userRepository;
|
||||||
signingAudienceCertificate = new SigningAudienceCertificate();
|
signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate();
|
||||||
|
_publickKeyPath = configuration["RSAKeys:PublicKeyPath"];
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
public TokenService(Microsoft.Extensions.Configuration.IConfiguration configuration)
|
||||||
|
{
|
||||||
|
this._configuration = configuration;
|
||||||
|
// this.userRepository = userRepository;
|
||||||
|
this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection"));
|
||||||
|
signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate();
|
||||||
_publickKeyPath = configuration["RSAKeys:PublicKeyPath"];
|
_publickKeyPath = configuration["RSAKeys:PublicKeyPath"];
|
||||||
}
|
}
|
||||||
|
|
||||||
public string GetToken(string username)
|
public string GetToken(string username)
|
||||||
{
|
{
|
||||||
var user = userRepository.GetUser(username);
|
// var user = userRepository.GetUser(username);
|
||||||
|
var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(username));
|
||||||
SecurityTokenDescriptor tokenDescriptor = GetTokenDescriptor(user);
|
SecurityTokenDescriptor tokenDescriptor = GetTokenDescriptor(user);
|
||||||
|
|
||||||
var tokenHandler = new JwtSecurityTokenHandler();
|
var tokenHandler = new JwtSecurityTokenHandler();
|
||||||
|
|||||||
@@ -1,9 +1,14 @@
|
|||||||
// using JwtAuthentication.Shared.Exceptions;
|
// using JwtAuthentication.Shared.Exceptions;
|
||||||
// using JwtAuthentication.Shared.Models;
|
// using JwtAuthentication.Shared.Models;
|
||||||
|
using System.Linq;
|
||||||
|
|
||||||
|
using Microsoft.Extensions.Configuration;
|
||||||
|
|
||||||
using Icarus.Exceptions;
|
using Icarus.Exceptions;
|
||||||
using Icarus.Models.Shared;
|
using Icarus.Models.Shared;
|
||||||
using Icarus.Services;
|
using Icarus.Services;
|
||||||
using Icarus.Repositories;
|
using Icarus.Repositories;
|
||||||
|
using Icarus.Database.Contexts;
|
||||||
|
|
||||||
namespace Icarus.Services
|
namespace Icarus.Services
|
||||||
{
|
{
|
||||||
@@ -11,6 +16,7 @@ namespace Icarus.Services
|
|||||||
{
|
{
|
||||||
private Microsoft.Extensions.Configuration.IConfiguration _configuration;
|
private Microsoft.Extensions.Configuration.IConfiguration _configuration;
|
||||||
private readonly UserRepository userRepository;
|
private readonly UserRepository userRepository;
|
||||||
|
private readonly UserContext _userContext;
|
||||||
|
|
||||||
public UserService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration)
|
public UserService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration)
|
||||||
{
|
{
|
||||||
@@ -18,9 +24,17 @@ namespace Icarus.Services
|
|||||||
this.userRepository = userRepository;
|
this.userRepository = userRepository;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// public UserService(UserContext userContext, Microsoft.Extensions.Configuration.IConfiguration configuration)
|
||||||
|
public UserService(Microsoft.Extensions.Configuration.IConfiguration configuration)
|
||||||
|
{
|
||||||
|
this._configuration = configuration;
|
||||||
|
this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection"));
|
||||||
|
}
|
||||||
|
|
||||||
public void ValidateCredentials(UserCredentials userCredentials)
|
public void ValidateCredentials(UserCredentials userCredentials)
|
||||||
{
|
{
|
||||||
Icarus.Models.User user = userRepository.GetUser(userCredentials.Username);
|
// Icarus.Models.User user = userRepository.GetUser(userCredentials.Username);
|
||||||
|
var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(userCredentials.Username));
|
||||||
bool isValid = user != null && AreValidCredentials(userCredentials, user);
|
bool isValid = user != null && AreValidCredentials(userCredentials, user);
|
||||||
|
|
||||||
if (!isValid)
|
if (!isValid)
|
||||||
@@ -31,8 +45,9 @@ namespace Icarus.Services
|
|||||||
|
|
||||||
private static bool AreValidCredentials(UserCredentials userCredentials, Icarus.Models.User user)
|
private static bool AreValidCredentials(UserCredentials userCredentials, Icarus.Models.User user)
|
||||||
{
|
{
|
||||||
return user.Username == userCredentials.Username &&
|
// TODO: Has the user provided password and compair it to the hash retrieved from
|
||||||
user.Password == userCredentials.Password;
|
// the DB
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+20
-5
@@ -37,6 +37,7 @@ using Icarus.Database.Contexts;
|
|||||||
namespace Icarus
|
namespace Icarus
|
||||||
{
|
{
|
||||||
#region Classes
|
#region Classes
|
||||||
|
/**
|
||||||
public class SigningIssuerCertificate
|
public class SigningIssuerCertificate
|
||||||
{
|
{
|
||||||
public SigningIssuerCertificate()
|
public SigningIssuerCertificate()
|
||||||
@@ -63,7 +64,9 @@ namespace Icarus
|
|||||||
return new RsaSecurityKey(rsa);
|
return new RsaSecurityKey(rsa);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
public class SigningAudienceCertificate
|
public class SigningAudienceCertificate
|
||||||
{
|
{
|
||||||
// public or private key?
|
// public or private key?
|
||||||
@@ -91,6 +94,7 @@ namespace Icarus
|
|||||||
algorithm: SecurityAlgorithms.RsaSha256);
|
algorithm: SecurityAlgorithms.RsaSha256);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
#endregion
|
#endregion
|
||||||
|
|
||||||
public static class MyClass
|
public static class MyClass
|
||||||
@@ -98,7 +102,7 @@ namespace Icarus
|
|||||||
public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration)
|
public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration)
|
||||||
// public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration)
|
// public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration)
|
||||||
{
|
{
|
||||||
var issuerSigningCertificate = new SigningIssuerCertificate();
|
var issuerSigningCertificate = new Icarus.Certs.SigningIssuerCertificate();
|
||||||
RsaSecurityKey issuerSigningKey = issuerSigningCertificate.GetIssuerSigningKey(configuration["RSAKeys:PublicKeyPath"]);
|
RsaSecurityKey issuerSigningKey = issuerSigningCertificate.GetIssuerSigningKey(configuration["RSAKeys:PublicKeyPath"]);
|
||||||
|
|
||||||
services.AddAuthentication(authOptions =>
|
services.AddAuthentication(authOptions =>
|
||||||
@@ -114,6 +118,14 @@ namespace Icarus
|
|||||||
|
|
||||||
return services;
|
return services;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static bool LifetimeValidator(DateTime? notBefore,
|
||||||
|
DateTime? expires,
|
||||||
|
SecurityToken securityToken,
|
||||||
|
TokenValidationParameters validationParameters)
|
||||||
|
{
|
||||||
|
return expires != null && expires > DateTime.UtcNow;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
public class Startup
|
public class Startup
|
||||||
{
|
{
|
||||||
@@ -138,7 +150,6 @@ namespace Icarus
|
|||||||
var auth_id = Configuration["Auth0:Domain"];
|
var auth_id = Configuration["Auth0:Domain"];
|
||||||
var domain = $"https://{auth_id}/";
|
var domain = $"https://{auth_id}/";
|
||||||
var audience = Configuration["Auth0:ApiIdentifier"];
|
var audience = Configuration["Auth0:ApiIdentifier"];
|
||||||
/**
|
|
||||||
|
|
||||||
services
|
services
|
||||||
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||||
@@ -148,6 +159,7 @@ namespace Icarus
|
|||||||
options.Audience = audience;
|
options.Audience = audience;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
services.AddAuthorization(options =>
|
services.AddAuthorization(options =>
|
||||||
{
|
{
|
||||||
options.AddPolicy("download:songs", policy =>
|
options.AddPolicy("download:songs", policy =>
|
||||||
@@ -211,9 +223,12 @@ namespace Icarus
|
|||||||
|
|
||||||
services.AddAsymmetricAuthentication(Configuration);
|
services.AddAsymmetricAuthentication(Configuration);
|
||||||
|
|
||||||
services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration));
|
// services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration));
|
||||||
services.AddTransient<UserService>(us => new UserService(new UserRepository(), Configuration));
|
services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(Configuration), new TokenService(Configuration), Configuration));
|
||||||
services.AddTransient<TokenService>(tk => new TokenService(new UserRepository(), Configuration));
|
// services.AddTransient<UserService>(us => new UserService(new UserRepository(), Configuration));
|
||||||
|
services.AddTransient<UserService>(us => new UserService(Configuration));
|
||||||
|
// services.AddTransient<TokenService>(tk => new TokenService(new UserRepository(), Configuration));
|
||||||
|
services.AddTransient<TokenService>(tk => new TokenService(Configuration));
|
||||||
services.AddTransient<UserRepository>();
|
services.AddTransient<UserRepository>();
|
||||||
services.AddTransient<UserContext>(uc => new UserContext(connString));
|
services.AddTransient<UserContext>(uc => new UserContext(connString));
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user