Added user role on creation. Updated Unixtime call. Updated how to add a role. Roles are now added to the claim
This commit is contained in:
parent
97fc34481c
commit
ff272ab146
@ -3,6 +3,7 @@ using System.Security.Claims;
|
|||||||
using System.Text;
|
using System.Text;
|
||||||
using Microsoft.AspNetCore.Identity;
|
using Microsoft.AspNetCore.Identity;
|
||||||
using Microsoft.IdentityModel.Tokens;
|
using Microsoft.IdentityModel.Tokens;
|
||||||
|
using Newsbot.Collector.Api.Domain.Consts;
|
||||||
using Newsbot.Collector.Domain.Results;
|
using Newsbot.Collector.Domain.Results;
|
||||||
using Newsbot.Collector.Domain.Entities;
|
using Newsbot.Collector.Domain.Entities;
|
||||||
using Newsbot.Collector.Domain.Interfaces;
|
using Newsbot.Collector.Domain.Interfaces;
|
||||||
@ -16,22 +17,24 @@ public interface IIdentityService
|
|||||||
AuthenticationResult Register(string email, string password);
|
AuthenticationResult Register(string email, string password);
|
||||||
AuthenticationResult Login(string email, string password);
|
AuthenticationResult Login(string email, string password);
|
||||||
AuthenticationResult RefreshToken(string token, string refreshToken);
|
AuthenticationResult RefreshToken(string token, string refreshToken);
|
||||||
void AddRole(string roleName, string userId);
|
void AddRole(string name, string userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public class IdentityService : IIdentityService
|
public class IdentityService : IIdentityService
|
||||||
{
|
{
|
||||||
private readonly UserManager<IdentityUser> _userManager;
|
private readonly UserManager<IdentityUser> _userManager;
|
||||||
|
private readonly RoleManager<IdentityRole> _roleManager;
|
||||||
private readonly JwtSettings _jwtSettings;
|
private readonly JwtSettings _jwtSettings;
|
||||||
private readonly TokenValidationParameters _tokenValidationParameters;
|
private readonly TokenValidationParameters _tokenValidationParameters;
|
||||||
private readonly IRefreshTokenRepository _refreshTokenRepository;
|
private readonly IRefreshTokenRepository _refreshTokenRepository;
|
||||||
|
|
||||||
public IdentityService(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, TokenValidationParameters tokenValidationParameters, IRefreshTokenRepository refreshTokenRepository)
|
public IdentityService(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, TokenValidationParameters tokenValidationParameters, IRefreshTokenRepository refreshTokenRepository, RoleManager<IdentityRole> roleManager)
|
||||||
{
|
{
|
||||||
_userManager = userManager;
|
_userManager = userManager;
|
||||||
_jwtSettings = jwtSettings;
|
_jwtSettings = jwtSettings;
|
||||||
_tokenValidationParameters = tokenValidationParameters;
|
_tokenValidationParameters = tokenValidationParameters;
|
||||||
_refreshTokenRepository = refreshTokenRepository;
|
_refreshTokenRepository = refreshTokenRepository;
|
||||||
|
_roleManager = roleManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthenticationResult Register(string email, string password)
|
public AuthenticationResult Register(string email, string password)
|
||||||
@ -64,6 +67,9 @@ public class IdentityService : IIdentityService
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var addRole = _userManager.AddToRoleAsync(newUser, Authorization.UsersRole);
|
||||||
|
addRole.Wait();
|
||||||
|
|
||||||
return GenerateJwtToken(newUser);
|
return GenerateJwtToken(newUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -109,8 +115,9 @@ public class IdentityService : IIdentityService
|
|||||||
var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
|
var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
|
||||||
|
|
||||||
// generate the unix epoc, add expiry time
|
// generate the unix epoc, add expiry time
|
||||||
var expiryDateTimeUtc = new DateTime(1970, 0, 0, 0, 0, 0, DateTimeKind.Utc)
|
|
||||||
.AddSeconds(expiryDateUnix);
|
var unixTime = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
|
||||||
|
var expiryDateTimeUtc = unixTime.AddSeconds(expiryDateUnix);
|
||||||
|
|
||||||
// if it expires in the future
|
// if it expires in the future
|
||||||
if (expiryDateTimeUtc > DateTime.Now)
|
if (expiryDateTimeUtc > DateTime.Now)
|
||||||
@ -179,7 +186,7 @@ public class IdentityService : IIdentityService
|
|||||||
return GenerateJwtToken(user.Result);
|
return GenerateJwtToken(user.Result);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void AddRole(string roleName, string userId)
|
public void AddRole(string name, string userId)
|
||||||
{
|
{
|
||||||
var user = _userManager.FindByIdAsync(userId);
|
var user = _userManager.FindByIdAsync(userId);
|
||||||
user.Wait();
|
user.Wait();
|
||||||
@ -189,7 +196,14 @@ public class IdentityService : IIdentityService
|
|||||||
throw new Exception("User was not found");
|
throw new Exception("User was not found");
|
||||||
}
|
}
|
||||||
|
|
||||||
_userManager.AddToRoleAsync(user.Result, roleName);
|
if (!name.Equals(Authorization.AdministratorClaim)
|
||||||
|
|| !name.Equals(Authorization.UserClaim))
|
||||||
|
{
|
||||||
|
throw new Exception("Invalid role");
|
||||||
|
}
|
||||||
|
|
||||||
|
var addRole = _userManager.AddToRoleAsync(user.Result, name);
|
||||||
|
addRole.Wait();
|
||||||
}
|
}
|
||||||
|
|
||||||
private ClaimsPrincipal? CheckTokenSigner(string token)
|
private ClaimsPrincipal? CheckTokenSigner(string token)
|
||||||
@ -221,15 +235,25 @@ public class IdentityService : IIdentityService
|
|||||||
{
|
{
|
||||||
var tokenHandler = new JwtSecurityTokenHandler();
|
var tokenHandler = new JwtSecurityTokenHandler();
|
||||||
var key = Encoding.ASCII.GetBytes(_jwtSettings.Secret ?? "");
|
var key = Encoding.ASCII.GetBytes(_jwtSettings.Secret ?? "");
|
||||||
var tokenDescriptor = new SecurityTokenDescriptor
|
|
||||||
{
|
var claims = new List<Claim>
|
||||||
Subject = new ClaimsIdentity(new[]
|
|
||||||
{
|
{
|
||||||
new Claim(JwtRegisteredClaimNames.Sub, user.Email ?? ""),
|
new Claim(JwtRegisteredClaimNames.Sub, user.Email ?? ""),
|
||||||
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
||||||
new Claim(JwtRegisteredClaimNames.Email, user.Email ?? ""),
|
new Claim(JwtRegisteredClaimNames.Email, user.Email ?? ""),
|
||||||
new Claim("id", user.Id)
|
new Claim("id", user.Id)
|
||||||
}),
|
};
|
||||||
|
|
||||||
|
var userRoles = _userManager.GetRolesAsync(user);
|
||||||
|
userRoles.Wait();
|
||||||
|
foreach (var role in userRoles.Result)
|
||||||
|
{
|
||||||
|
claims.Add(new Claim(ClaimTypes.Role, role));
|
||||||
|
}
|
||||||
|
|
||||||
|
var tokenDescriptor = new SecurityTokenDescriptor
|
||||||
|
{
|
||||||
|
Subject = new ClaimsIdentity(claims),
|
||||||
Expires = DateTime.UtcNow.AddHours(3),
|
Expires = DateTime.UtcNow.AddHours(3),
|
||||||
SigningCredentials =
|
SigningCredentials =
|
||||||
new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
||||||
@ -239,6 +263,7 @@ public class IdentityService : IIdentityService
|
|||||||
|
|
||||||
var refreshToken = new RefreshTokenEntity
|
var refreshToken = new RefreshTokenEntity
|
||||||
{
|
{
|
||||||
|
Token = token.Id,
|
||||||
JwtId = token.Id,
|
JwtId = token.Id,
|
||||||
UserId = user.Id,
|
UserId = user.Id,
|
||||||
CreatedDate = DateTime.UtcNow,
|
CreatedDate = DateTime.UtcNow,
|
||||||
|
Loading…
Reference in New Issue
Block a user