Compare commits

...

12 Commits

Author SHA1 Message Date
Kun Deng 37cfda84b5 Merge pull request #86 from kdeng00/deprecate_asymmetric_keys
Deprecating asymmetric keys. Closes #84
2022-12-16 14:09:42 -05:00
Kun Deng 3ee17a77a8 Merge pull request #83 from kdeng00/dependabot/nuget/Newtonsoft.Json-13.0.2
Bump Newtonsoft.Json from 13.0.1 to 13.0.2
2022-12-16 14:07:06 -05:00
kdeng00 522be59973 Removing deprecated call
Removing method call that has been deprecated from one of the Controller classes
2022-12-16 13:56:56 -05:00
kdeng00 712a0a9a4a Updated config file 2022-12-16 13:54:18 -05:00
kdeng00 74569d85b6 Deprecating asymmetric keys
Starting work to deprecate using public and private keys to sign tokens
2022-12-16 13:48:15 -05:00
Kun Deng b660f8361f Merge pull request #85 from kdeng00/link_token_with_user
Token modification.  Closes #75
2022-12-16 13:04:37 -05:00
kdeng00 d460b5d5d6 Token modification
Addresses #84. Adding user ID to the access token.
2022-12-16 12:59:11 -05:00
dependabot[bot] 4a1c1f1f78 Bump Newtonsoft.Json from 13.0.1 to 13.0.2
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 13.0.1 to 13.0.2.
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](https://github.com/JamesNK/Newtonsoft.Json/compare/13.0.1...13.0.2)

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-08 15:46:41 +00:00
Kun Deng 66b5944f92 Merge pull request #81 from kdeng00/pre-release
Pre release
2022-09-05 17:13:11 -04:00
Kun Deng 1643f78720 Delete v0.2.yml 2022-09-04 21:29:10 -04:00
Kun Deng 06bb52dfa5 v0.2 Branch 2022-09-04 21:23:11 -04:00
Kun Deng ab89d1602f Create dotnet.yml 2022-09-04 21:20:53 -04:00
7 changed files with 41 additions and 27 deletions
+25
View File
@@ -0,0 +1,25 @@
name: .NET
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup .NET
uses: actions/setup-dotnet@v2
with:
dotnet-version: 6.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
run: dotnet test --no-build --verbosity normal
+12 -12
View File
@@ -5,7 +5,6 @@ using System.Security.Claims;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Threading.Tasks; using System.Threading.Tasks;
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text; using System.Text;
using JWT; using JWT;
@@ -30,10 +29,10 @@ namespace Icarus.Controllers.Managers
#region Fields #region Fields
private string _clientId; private string _clientId;
private string _clientSecret; private string _clientSecret;
private string _privateKeyPath; private string _privateKeyPath = string.Empty;
private string _privateKey; private string _privateKey = string.Empty;
private string _publicKeyPath; private string _publicKeyPath = string.Empty;
private string _publicKey; private string _publicKey = string.Empty;
private string _audience; private string _audience;
private string _grantType; private string _grantType;
private string _url; private string _url;
@@ -89,6 +88,7 @@ namespace Icarus.Controllers.Managers
} }
[Obsolete("Asymmetric key signing for tokens have been deprecated")]
public LoginResult LogIn(User user) public LoginResult LogIn(User user)
{ {
var tokenResult = new TokenTierOne(); var tokenResult = new TokenTierOne();
@@ -123,6 +123,8 @@ namespace Icarus.Controllers.Managers
tokenResult.TokenType = "Jwt"; tokenResult.TokenType = "Jwt";
var payload = Payload(); var payload = Payload();
payload.Add(new System.Security.Claims.Claim("user_id", user.UserID.ToString(), ClaimValueTypes.Integer));
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["JWT:Secret"])); var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["JWT:Secret"]));
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken( var token = new JwtSecurityToken(
@@ -151,6 +153,7 @@ namespace Icarus.Controllers.Managers
}; };
} }
[Obsolete("Asymmetric key signing for tokens have been deprecated")]
public bool IsTokenValid(string scope, string accessToken) public bool IsTokenValid(string scope, string accessToken)
{ {
var result = false; var result = false;
@@ -171,7 +174,8 @@ namespace Icarus.Controllers.Managers
return result; return result;
} }
public Token? DecodeToken(string accessToken) [Obsolete("Asymmetric key signing for tokens have been deprecated")]
public Token DecodeToken(string accessToken)
{ {
var rsaParams = GetRSAPublic(_publicKey); var rsaParams = GetRSAPublic(_publicKey);
Token tok = null; Token tok = null;
@@ -263,6 +267,7 @@ namespace Icarus.Controllers.Managers
return claim; return claim;
} }
[Obsolete("Asymmetric key signing for tokens have been deprecated")]
private string CreateToken(List<Claim> claims, string privateKey) private string CreateToken(List<Claim> claims, string privateKey)
{ {
var token = string.Empty; var token = string.Empty;
@@ -322,6 +327,7 @@ namespace Icarus.Controllers.Managers
return token; return token;
} }
[Obsolete("Asymmetric key signing for tokens have been deprecated")]
private RSAParameters GetRSAPublic(string publicKey) private RSAParameters GetRSAPublic(string publicKey)
{ {
using (var tr = new System.IO.StringReader(publicKey)) using (var tr = new System.IO.StringReader(publicKey))
@@ -361,12 +367,6 @@ namespace Icarus.Controllers.Managers
_audience = _config["Auth0:ApiIdentifier"]; _audience = _config["Auth0:ApiIdentifier"];
_grantType = "client_credentials"; _grantType = "client_credentials";
_url = $"https://{_config["Auth0:Domain"]}"; _url = $"https://{_config["Auth0:Domain"]}";
_privateKeyPath = _config["RSAKeys:PrivateKeyPath"];
_publicKeyPath = _config["RSAKeys:PublicKeyPath"];
_privateKey = System.IO.File.ReadAllText(_privateKeyPath);
_publicKey = System.IO.File.ReadAllText(_publicKeyPath);
PrintCredentials();
} }
#region Testing Methods #region Testing Methods
-5
View File
@@ -53,11 +53,6 @@ namespace Icarus.Controllers.V1
[HttpGet("{id}")] [HttpGet("{id}")]
public IActionResult GetArtist(int id) public IActionResult GetArtist(int id)
{ {
if (!IsTokenValid("read:artists"))
{
return StatusCode(401, "Not allowed");
}
Artist artist = new Artist Artist artist = new Artist
{ {
ArtistID = id ArtistID = id
+3 -1
View File
@@ -18,6 +18,7 @@ namespace Icarus.Controllers.V1
#region Methods #region Methods
[ApiExplorerSettings(IgnoreApi = true)] [ApiExplorerSettings(IgnoreApi = true)]
[Obsolete("Asymmetric key signing for tokens have been deprecated")]
protected string ParseBearerTokenFromHeader() protected string ParseBearerTokenFromHeader()
{ {
var token = string.Empty; var token = string.Empty;
@@ -39,6 +40,7 @@ namespace Icarus.Controllers.V1
} }
[ApiExplorerSettings(IgnoreApi = true)] [ApiExplorerSettings(IgnoreApi = true)]
[Obsolete("Asymmetric key signing for tokens have been deprecated")]
protected bool IsTokenValid(string scope) protected bool IsTokenValid(string scope)
{ {
var token = ParseBearerTokenFromHeader(); var token = ParseBearerTokenFromHeader();
@@ -48,4 +50,4 @@ namespace Icarus.Controllers.V1
} }
#endregion #endregion
} }
} }
+1 -1
View File
@@ -20,7 +20,7 @@
<PrivateAssets>all</PrivateAssets> <PrivateAssets>all</PrivateAssets>
</PackageReference> </PackageReference>
<PackageReference Include="MySql.EntityFrameworkCore" Version="5.0.8" /> <PackageReference Include="MySql.EntityFrameworkCore" Version="5.0.8" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" /> <PackageReference Include="Newtonsoft.Json" Version="13.0.2" />
<PackageReference Include="NLog.Web.AspNetCore" Version="4.14.0" /> <PackageReference Include="NLog.Web.AspNetCore" Version="4.14.0" />
<PackageReference Include="Portable.BouncyCastle" Version="1.9.0" /> <PackageReference Include="Portable.BouncyCastle" Version="1.9.0" />
<PackageReference Include="RestSharp" Version="106.15.0" /> <PackageReference Include="RestSharp" Version="106.15.0" />
-4
View File
@@ -12,10 +12,6 @@
"ClientId": "", "ClientId": "",
"ClientSecret": "" "ClientSecret": ""
}, },
"RSAKeys": {
"PrivateKeyPath": "",
"PublicKeyPath": ""
},
"JWT": { "JWT": {
"Issuer": "", "Issuer": "",
"Audience": "", "Audience": "",
-4
View File
@@ -12,10 +12,6 @@
"ClientId": "", "ClientId": "",
"ClientSecret": "" "ClientSecret": ""
}, },
"RSAKeys": {
"PrivateKeyPath": "",
"PublicKeyPath": ""
},
"JWT": { "JWT": {
"Issuer": "", "Issuer": "",
"Audience": "", "Audience": "",