Compare commits
6 Commits
d6315ce8a5
...
c4f1a9498b
| Author | SHA1 | Date | |
|---|---|---|---|
|
c4f1a9498b | ||
|
|
ffad37a517 | ||
|
|
ccd716badb | ||
|
|
077635e94b | ||
|
|
c6c4d0bd04 | ||
|
|
a73885286f |
@@ -1,18 +1,15 @@
|
|||||||
using DigitalData.Auth.API.Config;
|
using DigitalData.Auth.API.Config;
|
||||||
using DigitalData.Core.Abstractions.Security;
|
using DigitalData.Core.Abstractions.Security;
|
||||||
using DigitalData.UserManager.Domain.Entities;
|
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
using System.Security.Claims;
|
|
||||||
using System.IdentityModel.Tokens.Jwt;
|
|
||||||
using DigitalData.UserManager.Application.DTOs.Auth;
|
using DigitalData.UserManager.Application.DTOs.Auth;
|
||||||
using DigitalData.UserManager.Application.Contracts;
|
using DigitalData.UserManager.Application.Contracts;
|
||||||
using DigitalData.UserManager.Application.DTOs.User;
|
using DigitalData.UserManager.Application.DTOs.User;
|
||||||
using DigitalData.Core.Abstractions.Application;
|
using DigitalData.Core.Abstractions.Application;
|
||||||
using System.Net;
|
|
||||||
using DigitalData.Auth.API.Dto;
|
using DigitalData.Auth.API.Dto;
|
||||||
using DigitalData.Auth.API.Services.Contracts;
|
using DigitalData.Auth.API.Services.Contracts;
|
||||||
|
using DigitalData.Auth.API.Entities;
|
||||||
|
|
||||||
namespace DigitalData.Auth.API.Controllers
|
namespace DigitalData.Auth.API.Controllers
|
||||||
{
|
{
|
||||||
@@ -50,22 +47,17 @@ namespace DigitalData.Auth.API.Controllers
|
|||||||
|
|
||||||
private async Task<IActionResult> CreateTokenAsync(LogInDto login, string consumerRoute, bool cookie = true)
|
private async Task<IActionResult> CreateTokenAsync(LogInDto login, string consumerRoute, bool cookie = true)
|
||||||
{
|
{
|
||||||
bool isValid = _dirSearchService.ValidateCredentials(login.Username, login.Password);
|
bool isValid = await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
|
||||||
|
|
||||||
if (!isValid)
|
if (!isValid)
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
//find the user
|
//find the user
|
||||||
var uRes = await _userService.ReadByUsernameAsync(login.Username);
|
var uRes = await _userService.ReadByUsernameAsync(login.Username);
|
||||||
if (!uRes.IsSuccess || uRes.Data is null)
|
if (uRes.IsFailed || !_apiParams.Consumers.TryGetByRoute(consumerRoute, out var consumer))
|
||||||
{
|
|
||||||
return Unauthorized();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!_apiParams.Consumers.TryGetByRoute(consumerRoute, out var consumer))
|
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor) || descriptor is null)
|
if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
|
||||||
return StatusCode(StatusCodes.Status500InternalServerError);
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
||||||
|
|
||||||
var token = _userSignatureHandler.WriteToken(uRes.Data, descriptor);
|
var token = _userSignatureHandler.WriteToken(uRes.Data, descriptor);
|
||||||
@@ -87,10 +79,10 @@ namespace DigitalData.Auth.API.Controllers
|
|||||||
if (api is null || api.Password != login.Password)
|
if (api is null || api.Password != login.Password)
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.DefaultConsumer.Audience, out var descriptor) || descriptor is null)
|
if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.DefaultConsumer.Audience, out var descriptor))
|
||||||
return StatusCode(StatusCodes.Status500InternalServerError);
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
||||||
|
|
||||||
var token = _apiSignatureHandler!.WriteToken(api, descriptor);
|
var token = _apiSignatureHandler.WriteToken(api, descriptor);
|
||||||
|
|
||||||
//set cookie
|
//set cookie
|
||||||
if (cookie)
|
if (cookie)
|
||||||
@@ -103,7 +95,7 @@ namespace DigitalData.Auth.API.Controllers
|
|||||||
}
|
}
|
||||||
|
|
||||||
//TODO: Add role depends on group name
|
//TODO: Add role depends on group name
|
||||||
[HttpPost("~/{consumerRoute}/login")]
|
[HttpPost("{consumerRoute}/login")]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
public async Task<IActionResult> Login([FromForm] LogInDto login, [FromRoute] string consumerRoute)
|
public async Task<IActionResult> Login([FromForm] LogInDto login, [FromRoute] string consumerRoute)
|
||||||
{
|
{
|
||||||
@@ -118,7 +110,7 @@ namespace DigitalData.Auth.API.Controllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost("~/login")]
|
[HttpPost("login")]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
public async Task<IActionResult> Login([FromForm] ConsumerApiLogin login)
|
public async Task<IActionResult> Login([FromForm] ConsumerApiLogin login)
|
||||||
{
|
{
|
||||||
@@ -162,7 +154,7 @@ namespace DigitalData.Auth.API.Controllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost()]
|
[HttpPost]
|
||||||
public async Task<IActionResult> CreateTokenViaBody([FromBody] ConsumerApiLogin login, [FromQuery] bool cookie = false)
|
public async Task<IActionResult> CreateTokenViaBody([FromBody] ConsumerApiLogin login, [FromQuery] bool cookie = false)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
|||||||
@@ -10,14 +10,15 @@
|
|||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<PackageReference Include="DigitalData.Core.Abstractions" Version="3.1.0" />
|
<PackageReference Include="DigitalData.Core.Abstractions" Version="3.2.0" />
|
||||||
|
<PackageReference Include="DigitalData.Core.Application" Version="3.2.0" />
|
||||||
<PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
|
<PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
|
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
|
||||||
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.0" />
|
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.0" />
|
||||||
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
|
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
|
||||||
<PackageReference Include="UserManager.Application" Version="3.1.0" />
|
<PackageReference Include="UserManager.Application" Version="3.1.2" />
|
||||||
<PackageReference Include="UserManager.Domain" Version="3.0.0" />
|
<PackageReference Include="UserManager.Domain" Version="3.0.1" />
|
||||||
<PackageReference Include="UserManager.Infrastructure" Version="3.0.0" />
|
<PackageReference Include="UserManager.Infrastructure" Version="3.0.1" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
</Project>
|
</Project>
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
namespace DigitalData.Auth.API.Dto
|
namespace DigitalData.Auth.API.Entities
|
||||||
{
|
{
|
||||||
public record ConsumerApi(string Name, string Password);
|
public record ConsumerApi(string Name, string Password);
|
||||||
}
|
}
|
||||||
@@ -1,11 +1,12 @@
|
|||||||
using DigitalData.Auth.API.Config;
|
using DigitalData.Auth.API.Config;
|
||||||
using DigitalData.Auth.API.Dto;
|
using DigitalData.Auth.API.Entities;
|
||||||
using DigitalData.Auth.API.Services;
|
using DigitalData.Auth.API.Services;
|
||||||
using DigitalData.Core.Abstractions.Security;
|
using DigitalData.Core.Abstractions.Security;
|
||||||
using DigitalData.Core.Application;
|
using DigitalData.Core.Application;
|
||||||
using DigitalData.Core.Security;
|
using DigitalData.Core.Security;
|
||||||
using DigitalData.UserManager.Application;
|
using DigitalData.UserManager.Application;
|
||||||
using DigitalData.UserManager.Application.DTOs.User;
|
using DigitalData.UserManager.Application.DTOs.User;
|
||||||
|
using DigitalData.UserManager.Application.Services;
|
||||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||||
using Microsoft.IdentityModel.JsonWebTokens;
|
using Microsoft.IdentityModel.JsonWebTokens;
|
||||||
using Microsoft.IdentityModel.Tokens;
|
using Microsoft.IdentityModel.Tokens;
|
||||||
@@ -14,7 +15,7 @@ using System.Security.Claims;
|
|||||||
|
|
||||||
var builder = WebApplication.CreateBuilder(args);
|
var builder = WebApplication.CreateBuilder(args);
|
||||||
|
|
||||||
builder.Configuration.AddJsonFile("consumer-api.json", true, true);
|
builder.Configuration.AddJsonFile("consumers-api.json", true, true);
|
||||||
|
|
||||||
var config = builder.Configuration;
|
var config = builder.Configuration;
|
||||||
|
|
||||||
@@ -38,9 +39,7 @@ builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<stri
|
|||||||
{ JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
|
{ JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
|
||||||
{ JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
|
{ JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
|
||||||
});
|
});
|
||||||
builder.Services.AddLocalization();
|
builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
|
||||||
builder.Services.Configure<DirectorySearchOptions>(config.GetSection("DirectorySearchOptions"));
|
|
||||||
builder.Services.AddDirectorySearchService();
|
|
||||||
|
|
||||||
var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
|
var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
using DigitalData.Auth.API.Dto;
|
using DigitalData.Auth.API.Entities;
|
||||||
using DigitalData.Auth.API.Services.Contracts;
|
using DigitalData.Auth.API.Services.Contracts;
|
||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
using DigitalData.Auth.API.Dto;
|
using DigitalData.Auth.API.Entities;
|
||||||
|
|
||||||
namespace DigitalData.Auth.API.Services.Contracts
|
namespace DigitalData.Auth.API.Services.Contracts
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
using DigitalData.Auth.API.Dto;
|
using DigitalData.Auth.API.Entities;
|
||||||
using DigitalData.Auth.API.Services.Contracts;
|
using DigitalData.Auth.API.Services.Contracts;
|
||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
|
|
||||||
@@ -8,7 +8,7 @@ namespace DigitalData.Auth.API.Services
|
|||||||
{
|
{
|
||||||
public static IServiceCollection AddConsumerApiServiceFromConfiguration(this IServiceCollection services, IConfiguration configuration, string key = "ConsumerAPIs")
|
public static IServiceCollection AddConsumerApiServiceFromConfiguration(this IServiceCollection services, IConfiguration configuration, string key = "ConsumerAPIs")
|
||||||
{
|
{
|
||||||
var consumerApis = configuration.GetSection("ConsumerAPIs").Get<IEnumerable<ConsumerApi>>() ?? throw new InvalidOperationException($"No Consumer list found in {key} in configuration.");
|
var consumerApis = configuration.GetSection(key).Get<IEnumerable<ConsumerApi>>() ?? throw new InvalidOperationException($"No Consumer list found in {key} in configuration.");
|
||||||
services.AddSingleton(Options.Create(consumerApis));
|
services.AddSingleton(Options.Create(consumerApis));
|
||||||
services.AddSingleton<IConsumerApiService, ConfiguredConsumerApiService>();
|
services.AddSingleton<IConsumerApiService, ConfiguredConsumerApiService>();
|
||||||
return services;
|
return services;
|
||||||
|
|||||||
@@ -50,15 +50,5 @@
|
|||||||
"Lifetime": "02:00:00"
|
"Lifetime": "02:00:00"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
}
|
||||||
"ConsumerAPIs": [
|
|
||||||
{
|
|
||||||
"Name": "WorkFlow.API",
|
|
||||||
"Password": "t3B|aiJ'i-snLzNRj3B{9=&:lM5P@'iL"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"Name": "DigitalData.UserManager.API",
|
|
||||||
"Password": "a098Hvu1-y29ep{KPQO]#>8TK+fk{O`_d"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
@@ -2,7 +2,7 @@
|
|||||||
"ConsumerAPIs": [
|
"ConsumerAPIs": [
|
||||||
{
|
{
|
||||||
"Name": "WorkFlow.API",
|
"Name": "WorkFlow.API",
|
||||||
"Password": "t3B|aiJ'i-snLzNRj3B{9=&:lM5P@'i<EFBFBD>L"
|
"Password": "t3B|aiJ'i-snLzNRj3B{9=&:lM5P@'iL"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"Name": "DigitalData.UserManager.API",
|
"Name": "DigitalData.UserManager.API",
|
||||||
|
|||||||
Reference in New Issue
Block a user