diff --git a/Authorization/Handlers/HasScopeHandler.cs b/Authorization/Handlers/HasScopeHandler.cs index 82e54e6..8f51065 100644 --- a/Authorization/Handlers/HasScopeHandler.cs +++ b/Authorization/Handlers/HasScopeHandler.cs @@ -12,18 +12,7 @@ namespace Icarus.Authorization.Handlers { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement) { - var issuer = requirement.Issuer; - var scope = requirement.Scope; - var claim = string.Empty; - // if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer)) - if (!context.User.HasClaim(c => - { - var i = 0; - var b = 99; - claim = c.Type; - return c.Type == "scope"; - }) - ) + if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer)) { return Task.CompletedTask; } diff --git a/Certs/Signing.cs b/Certs/Signing.cs index 4f53a26..55bfc8e 100644 --- a/Certs/Signing.cs +++ b/Certs/Signing.cs @@ -8,7 +8,6 @@ using Org.BouncyCastle.OpenSsl; namespace Icarus.Certs { - public class SigningIssuerCertificate : IDisposable { private readonly RSACryptoServiceProvider _rsa; @@ -18,7 +17,6 @@ namespace Icarus.Certs _rsa = new RSACryptoServiceProvider(); } - // public or private key? public RsaSecurityKey GetIssuerSigningKey(string publicKeyPath) { var file = publicKeyPath; @@ -47,22 +45,17 @@ namespace Icarus.Certs public class SigningAudienceCertificate : IDisposable { - // private readonly RSA _rsa; private readonly RSACryptoServiceProvider _rsa; public SigningAudienceCertificate() { _rsa = new RSACryptoServiceProvider(); } - // public or private key? + public SigningCredentials GetAudienceSigningKey(string keyPath) { - // string privateXmlKey = System.IO.File.ReadAllText("./private_key.xml"); - // rsa.FromXmlString(privateXmlKey); - var file = keyPath; var publicKey = System.IO.File.ReadAllText(file); - // var rsa = new RSACryptoServiceProvider(); using (var reader = System.IO.File.OpenText(file)) { diff --git a/Controllers/Managers/SongManager.cs b/Controllers/Managers/SongManager.cs index d0a39de..500b50b 100644 --- a/Controllers/Managers/SongManager.cs +++ b/Controllers/Managers/SongManager.cs @@ -180,18 +180,9 @@ namespace Icarus.Controllers.Managers DirectoryManager dirMgr = new DirectoryManager(_config, song); dirMgr.CreateDirectory(); - /** - await Task.Run(() => - { - System.IO.File.Delete(song.SongPath()); - }); - */ - var tempPath = song.SongPath(); song.Filename = song.GenerateFilename(1); var filePath = $"{dirMgr.SongDirectory}{song.Filename}"; - // $"{dirMgr.SongDirectory}"; - // filePath += $"{song.Filename}"; _logger.Info($"Absolute song path: {filePath}"); @@ -202,7 +193,6 @@ namespace Icarus.Controllers.Managers { var songBytes = System.IO.File.ReadAllBytes(tempPath); - // System.IO.File.WriteAllBytes(filePath, songBytes); _logger.Info("Saving song to the filesystem"); fileStream.Write(songBytes, 0, songBytes.Count()); @@ -267,26 +257,9 @@ namespace Icarus.Controllers.Managers var filePath = song.SongPath(); _logger.Info($"Absolute song path: {filePath}"); - if (System.IO.File.Exists(filePath)) - { - _logger.Info("Why does the file exist?"); - } - - if (System.IO.File.Exists(tempPath)) - { - // System.IO.File.Move(tempPath, filePath); - // _logger.Info("Moved song from temporary location to final location"); - } - using (var fileStream = new FileStream(filePath, FileMode.Create)) { var songBytes = System.IO.File.ReadAllBytes(tempPath); - // fileStream.ReadAsync(songBytes) - - if (System.IO.File.Exists(filePath)) - { - _logger.Info("Why does the file exist?"); - } try { @@ -297,9 +270,6 @@ namespace Icarus.Controllers.Managers } else { - // System.IO.File.WriteAllBytes(filePath, songBytes); - // - fileStream.Write(songBytes, 0, songBytes.Count()); _logger.Info("Saved song to filesystem: {0}", filePath); diff --git a/Controllers/Managers/TokenManager.cs b/Controllers/Managers/TokenManager.cs index 610a891..c00452f 100644 --- a/Controllers/Managers/TokenManager.cs +++ b/Controllers/Managers/TokenManager.cs @@ -21,16 +21,6 @@ using Icarus.Models; namespace Icarus.Controllers.Managers { #region Classes - /** - { - "scope":"download:songs read:song_details upload:songs delete:songs read:albums read:artists update:songs stream:songs read:genre read:year download:cover_art", - "exp":1661616071, - "aud":"http://localhost:5002", - "iss":"http://localhost:5002", - "iat":1661529671 -} - */ - public class TokenManager : BaseManager { #region Fields diff --git a/Exceptions/InvalidCredentialsException.cs b/Exceptions/InvalidCredentialsException.cs deleted file mode 100644 index 2145caa..0000000 --- a/Exceptions/InvalidCredentialsException.cs +++ /dev/null @@ -1,20 +0,0 @@ -using System; - -namespace Icarus.Exceptions -{ - public class InvalidCredentialsException : Exception - { - public InvalidCredentialsException() - { - } - - public InvalidCredentialsException(string message) : base(message) - { - } - - public InvalidCredentialsException(string message, - Exception exception) : base(message, exception) - { - } - } -} \ No newline at end of file diff --git a/Models/Shared/User.cs b/Models/Shared/User.cs deleted file mode 100644 index 5a467d1..0000000 --- a/Models/Shared/User.cs +++ /dev/null @@ -1,21 +0,0 @@ -using System.Collections.Generic; -using System.Linq; -using System.Security.Claims; - -namespace Icarus.Models.Shared -{ - public class User - { - public string Username { get; set; } - public string Password { get; set; } - public IEnumerable Roles { get; set; } - - public IEnumerable Claims() - { - var claims = new List { new Claim(ClaimTypes.Name, Username) }; - claims.AddRange(Roles.Select(role => new Claim(ClaimTypes.Role, role))); - - return claims; - } - } -} \ No newline at end of file diff --git a/Models/Shared/UserCredentials.cs b/Models/Shared/UserCredentials.cs deleted file mode 100644 index 1b8bf3d..0000000 --- a/Models/Shared/UserCredentials.cs +++ /dev/null @@ -1,8 +0,0 @@ -namespace Icarus.Models.Shared -{ - public class UserCredentials - { - public string Username { get; set; } - public string Password { get; set; } - } -} \ No newline at end of file diff --git a/Repositories/UserRepository.cs b/Repositories/UserRepository.cs deleted file mode 100644 index 073fbb2..0000000 --- a/Repositories/UserRepository.cs +++ /dev/null @@ -1,37 +0,0 @@ -// using JwtAuthentication.Shared.Models; -// using Icarus.Models.Shared; -using System.Collections.Generic; -using System.Linq; - -namespace Icarus.Repositories -{ - // TODO: Replace this with the UserContext. - public class UserRepository - { - private readonly IEnumerable users; - - public UserRepository() - { - users = new List - { - new Icarus.Models.User - { - Username = "john.doe", - Password = "john.password", - Roles = new []{"User"} - }, - new Icarus.Models.User - { - Username = "jane.doe", - Password = "jane.password", - Roles = new []{"User", "Admin"} - } - }; - } - - public Icarus.Models.User GetUser(string username) - { - return users.SingleOrDefault(u => u.Username.Equals(username)); - } - } -} \ No newline at end of file diff --git a/Services/AuthenticationService.cs b/Services/AuthenticationService.cs deleted file mode 100644 index 61c1354..0000000 --- a/Services/AuthenticationService.cs +++ /dev/null @@ -1,31 +0,0 @@ -// using JwtAuthentication.Shared.Models; -// using JwtAuthentication.Shared.Services; -using Icarus; -using Icarus.Repositories; -using Icarus.Models.Shared; -using Icarus.Services; - -namespace Icarus.Services -{ - public class AuthenticationService - { - private Microsoft.Extensions.Configuration.IConfiguration _configuration; - private readonly UserService userService; - private readonly TokenService tokenService; - - public AuthenticationService(UserService userService, TokenService tokenService, Microsoft.Extensions.Configuration.IConfiguration configuration) - { - this.userService = userService; - this.tokenService = tokenService; - this._configuration = configuration; - } - - public string Authenticate(UserCredentials userCredentials) - { - userService.ValidateCredentials(userCredentials); - string securityToken = tokenService.GetToken(userCredentials.Username); - - return securityToken; - } - } -} \ No newline at end of file diff --git a/Services/TokenService.cs b/Services/TokenService.cs deleted file mode 100644 index 3c0e598..0000000 --- a/Services/TokenService.cs +++ /dev/null @@ -1,82 +0,0 @@ -// using JwtAuthentication.AsymmetricEncryption.Certificates; -using System; -using System.IdentityModel.Tokens.Jwt; -using System.Security.Claims; -using System.Linq; - -using Microsoft.IdentityModel.Tokens; -using Microsoft.Extensions.Configuration; - -using Icarus; -using Icarus.Certs; -using Icarus.Database.Contexts; -using Icarus.Repositories; -using Icarus.Models.Shared; -// using JwtAuthentication.Shared; -// using JwtAuthentication.Shared.Models; - -namespace Icarus.Services -{ - public class TokenService - { - private Microsoft.Extensions.Configuration.IConfiguration _configuration; - private readonly UserRepository userRepository; - private readonly UserContext _userContext; - private readonly Icarus.Certs.SigningAudienceCertificate signingAudienceCertificate; - private string _publickKeyPath = string.Empty; - - /** - public TokenService(UserRepository userRepository) - { - this.userRepository = userRepository; - signingAudienceCertificate = new SigningAudienceCertificate(); - } - */ - - /** - public TokenService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration) - { - this._configuration = configuration; - this.userRepository = userRepository; - signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate(); - _publickKeyPath = configuration["RSAKeys:PublicKeyPath"]; - } - */ - - public TokenService(Microsoft.Extensions.Configuration.IConfiguration configuration) - { - this._configuration = configuration; - // this.userRepository = userRepository; - this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection")); - signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate(); - _publickKeyPath = configuration["RSAKeys:PublicKeyPath"]; - } - - public string GetToken(string username) - { - // var user = userRepository.GetUser(username); - var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(username)); - SecurityTokenDescriptor tokenDescriptor = GetTokenDescriptor(user); - - var tokenHandler = new JwtSecurityTokenHandler(); - SecurityToken securityToken = tokenHandler.CreateToken(tokenDescriptor); - string token = tokenHandler.WriteToken(securityToken); - - return token; - } - - private SecurityTokenDescriptor GetTokenDescriptor(Icarus.Models.User user) - { - const int expiringDays = 7; - - var tokenDescriptor = new SecurityTokenDescriptor - { - Subject = new ClaimsIdentity(user.Claims()), - Expires = DateTime.UtcNow.AddDays(expiringDays), - SigningCredentials = signingAudienceCertificate.GetAudienceSigningKey(_publickKeyPath) - }; - - return tokenDescriptor; - } - } -} \ No newline at end of file diff --git a/Services/UserService.sc.cs b/Services/UserService.sc.cs deleted file mode 100644 index 19684f4..0000000 --- a/Services/UserService.sc.cs +++ /dev/null @@ -1,53 +0,0 @@ -// using JwtAuthentication.Shared.Exceptions; -// using JwtAuthentication.Shared.Models; -using System.Linq; - -using Microsoft.Extensions.Configuration; - -using Icarus.Exceptions; -using Icarus.Models.Shared; -using Icarus.Services; -using Icarus.Repositories; -using Icarus.Database.Contexts; - -namespace Icarus.Services -{ - public class UserService - { - private Microsoft.Extensions.Configuration.IConfiguration _configuration; - private readonly UserRepository userRepository; - private readonly UserContext _userContext; - - public UserService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration) - { - this._configuration = configuration; - this.userRepository = userRepository; - } - - // public UserService(UserContext userContext, Microsoft.Extensions.Configuration.IConfiguration configuration) - public UserService(Microsoft.Extensions.Configuration.IConfiguration configuration) - { - this._configuration = configuration; - this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection")); - } - - public void ValidateCredentials(UserCredentials userCredentials) - { - // Icarus.Models.User user = userRepository.GetUser(userCredentials.Username); - var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(userCredentials.Username)); - bool isValid = user != null && AreValidCredentials(userCredentials, user); - - if (!isValid) - { - throw new InvalidCredentialsException(); - } - } - - private static bool AreValidCredentials(UserCredentials userCredentials, Icarus.Models.User user) - { - // TODO: Has the user provided password and compair it to the hash retrieved from - // the DB - return true; - } - } -} \ No newline at end of file diff --git a/Startup.cs b/Startup.cs index 05fb68d..6dea1e4 100644 --- a/Startup.cs +++ b/Startup.cs @@ -1,18 +1,7 @@ using System; -using System.Collections.Generic; -using System.Linq; -using System.Threading.Tasks; -using System.IdentityModel.Tokens.Jwt; -using System.Security.Claims; -using System.Security.Cryptography; -using System.Security.Cryptography.X509Certificates; -using Microsoft.AspNetCore.Authentication.JwtBearer; -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; -using Microsoft.AspNetCore.HttpsPolicy; -using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; @@ -23,84 +12,14 @@ using Newtonsoft.Json; using NLog; using NLog.Web; using NLog.Web.AspNetCore; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.OpenSsl; -using Org.BouncyCastle.Security; -using Icarus.Services; -using Icarus.Repositories; -using Icarus.Authorization; -using Icarus.Authorization.Handlers; using Icarus.Database.Contexts; namespace Icarus { - #region Classes - /** - public class SigningIssuerCertificate - { - public SigningIssuerCertificate() - { - } - - // public or private key? - public RsaSecurityKey GetIssuerSigningKey(string publicKeyPath) - { - var file = publicKeyPath; - var publicKey = System.IO.File.ReadAllText(file); - var rsa = new RSACryptoServiceProvider(); - - using (var reader = System.IO.File.OpenText(file)) - { - var pem = new PemReader(reader); - var o = (RsaKeyParameters)pem.ReadObject(); - var parameters = new RSAParameters(); - parameters.Modulus = o.Modulus.ToByteArray(); - parameters.Exponent = o.Exponent.ToByteArray(); - rsa.ImportParameters(parameters); - } - - return new RsaSecurityKey(rsa); - } - } - */ - - /** - public class SigningAudienceCertificate - { - // public or private key? - public SigningCredentials GetAudienceSigningKey(string keyPath) - { - // string privateXmlKey = System.IO.File.ReadAllText("./private_key.xml"); - // rsa.FromXmlString(privateXmlKey); - - var file = keyPath; - var publicKey = System.IO.File.ReadAllText(file); - var rsa = new RSACryptoServiceProvider(); - - using (var reader = System.IO.File.OpenText(file)) - { - var pem = new PemReader(reader); - var o = (RsaKeyParameters)pem.ReadObject(); - var parameters = new RSAParameters(); - parameters.Modulus = o.Modulus.ToByteArray(); - parameters.Exponent = o.Exponent.ToByteArray(); - rsa.ImportParameters(parameters); - } - - return new SigningCredentials( - key: new RsaSecurityKey(rsa), - algorithm: SecurityAlgorithms.RsaSha256); - } - } - */ - #endregion - - public static class MyClass + public static class ServiceStartup { public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration) - // public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration) { var issuerSigningCertificate = new Icarus.Certs.SigningIssuerCertificate(); RsaSecurityKey issuerSigningKey = issuerSigningCertificate.GetIssuerSigningKey(configuration["RSAKeys:PublicKeyPath"]); @@ -151,69 +70,8 @@ namespace Icarus var domain = $"https://{auth_id}/"; var audience = Configuration["Auth0:ApiIdentifier"]; - /** - services - .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) - .AddJwtBearer(options => - { - options.Authority = domain; - options.Audience = audience; - }); - - services.AddAuthorization(options => - { - options.AddPolicy("download:songs", policy => - policy.Requirements - .Add(new HasScopeRequirement("download:songs", domain))); - - options.AddPolicy("download:cover_art", policy => - policy.Requirements - .Add(new HasScopeRequirement("download:cover_art", domain))); - - options.AddPolicy("upload:songs", policy => - policy.Requirements - .Add(new HasScopeRequirement("upload:songs", domain))); - - options.AddPolicy("delete:songs", policy => - policy.Requirements - .Add(new HasScopeRequirement("delete:songs", domain))); - - options.AddPolicy("read:song_details", policy => - policy.Requirements - .Add(new HasScopeRequirement("read:song_details", domain))); - - options.AddPolicy("update:songs", policy => - policy.Requirements - .Add(new HasScopeRequirement("update:songs", domain))); - - options.AddPolicy("read:artists", policy => - policy.Requirements - .Add(new HasScopeRequirement("read:artists", domain))); - - options.AddPolicy("read:albums", policy => - policy.Requirements - .Add(new HasScopeRequirement("read:albums", domain))); - - options.AddPolicy("read:genre", policy => - policy.Requirements - .Add(new HasScopeRequirement("read:genre", domain))); - - options.AddPolicy("read:year", policy => - policy.Requirements - .Add(new HasScopeRequirement("read:year", domain))); - - options.AddPolicy("stream:songs", policy => - policy.Requirements - .Add(new HasScopeRequirement("stream:songs", domain))); - }); - - - services.AddSingleton(); - */ - var connString = Configuration.GetConnectionString("DefaultConnection"); - services.AddDbContext(options => options.UseMySQL(connString)); services.AddDbContext(options => options.UseMySQL(connString)); services.AddDbContext(options => options.UseMySQL(connString)); @@ -223,20 +81,12 @@ namespace Icarus services.AddAsymmetricAuthentication(Configuration); - // services.AddTransient(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration)); + /** services.AddTransient(au => new AuthenticationService(new UserService(Configuration), new TokenService(Configuration), Configuration)); - // services.AddTransient(us => new UserService(new UserRepository(), Configuration)); services.AddTransient(us => new UserService(Configuration)); - // services.AddTransient(tk => new TokenService(new UserRepository(), Configuration)); services.AddTransient(tk => new TokenService(Configuration)); services.AddTransient(); services.AddTransient(uc => new UserContext(connString)); - /** - services.AddTransient((providers) => - { - return new Func((numParams) => - new UserContext(providers.GetRequiredService, numParams)); - }); */ services.AddControllers()