Added user role on creation. Updated Unixtime call. Updated how to add a role. Roles are now added to the claim

This commit is contained in:
James Tombleson 2023-08-06 13:37:36 -07:00
parent 97fc34481c
commit ff272ab146

View File

@ -3,6 +3,7 @@ using System.Security.Claims;
using System.Text;
using Microsoft.AspNetCore.Identity;
using Microsoft.IdentityModel.Tokens;
using Newsbot.Collector.Api.Domain.Consts;
using Newsbot.Collector.Domain.Results;
using Newsbot.Collector.Domain.Entities;
using Newsbot.Collector.Domain.Interfaces;
@ -16,22 +17,24 @@ public interface IIdentityService
AuthenticationResult Register(string email, string password);
AuthenticationResult Login(string email, string password);
AuthenticationResult RefreshToken(string token, string refreshToken);
void AddRole(string roleName, string userId);
void AddRole(string name, string userId);
}
public class IdentityService : IIdentityService
{
private readonly UserManager<IdentityUser> _userManager;
private readonly RoleManager<IdentityRole> _roleManager;
private readonly JwtSettings _jwtSettings;
private readonly TokenValidationParameters _tokenValidationParameters;
private readonly IRefreshTokenRepository _refreshTokenRepository;
public IdentityService(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, TokenValidationParameters tokenValidationParameters, IRefreshTokenRepository refreshTokenRepository)
public IdentityService(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, TokenValidationParameters tokenValidationParameters, IRefreshTokenRepository refreshTokenRepository, RoleManager<IdentityRole> roleManager)
{
_userManager = userManager;
_jwtSettings = jwtSettings;
_tokenValidationParameters = tokenValidationParameters;
_refreshTokenRepository = refreshTokenRepository;
_roleManager = roleManager;
}
public AuthenticationResult Register(string email, string password)
@ -63,8 +66,11 @@ public class IdentityService : IIdentityService
ErrorMessage = new List<string>(createdUser.Result.Errors.Select(x => x.Description))
};
}
return GenerateJwtToken(newUser);
var addRole = _userManager.AddToRoleAsync(newUser, Authorization.UsersRole);
addRole.Wait();
return GenerateJwtToken(newUser);
}
public AuthenticationResult Login(string email, string password)
@ -109,8 +115,9 @@ public class IdentityService : IIdentityService
var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
// generate the unix epoc, add expiry time
var expiryDateTimeUtc = new DateTime(1970, 0, 0, 0, 0, 0, DateTimeKind.Utc)
.AddSeconds(expiryDateUnix);
var unixTime = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
var expiryDateTimeUtc = unixTime.AddSeconds(expiryDateUnix);
// if it expires in the future
if (expiryDateTimeUtc > DateTime.Now)
@ -179,7 +186,7 @@ public class IdentityService : IIdentityService
return GenerateJwtToken(user.Result);
}
public void AddRole(string roleName, string userId)
public void AddRole(string name, string userId)
{
var user = _userManager.FindByIdAsync(userId);
user.Wait();
@ -189,7 +196,14 @@ public class IdentityService : IIdentityService
throw new Exception("User was not found");
}
_userManager.AddToRoleAsync(user.Result, roleName);
if (!name.Equals(Authorization.AdministratorClaim)
|| !name.Equals(Authorization.UserClaim))
{
throw new Exception("Invalid role");
}
var addRole = _userManager.AddToRoleAsync(user.Result, name);
addRole.Wait();
}
private ClaimsPrincipal? CheckTokenSigner(string token)
@ -221,15 +235,25 @@ public class IdentityService : IIdentityService
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_jwtSettings.Secret ?? "");
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email ?? ""),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email ?? ""),
new Claim("id", user.Id)
};
var userRoles = _userManager.GetRolesAsync(user);
userRoles.Wait();
foreach (var role in userRoles.Result)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email ?? ""),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email ?? ""),
new Claim("id", user.Id)
}),
Subject = new ClaimsIdentity(claims),
Expires = DateTime.UtcNow.AddHours(3),
SigningCredentials =
new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
@ -239,6 +263,7 @@ public class IdentityService : IIdentityService
var refreshToken = new RefreshTokenEntity
{
Token = token.Id,
JwtId = token.Id,
UserId = user.Id,
CreatedDate = DateTime.UtcNow,