features/role-updates #18

Merged
jtom38 merged 8 commits from features/role-updates into main 2023-08-06 13:39:48 -07:00
Showing only changes of commit ff272ab146 - Show all commits

View File

@ -3,6 +3,7 @@ using System.Security.Claims;
using System.Text; using System.Text;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.IdentityModel.Tokens; using Microsoft.IdentityModel.Tokens;
using Newsbot.Collector.Api.Domain.Consts;
using Newsbot.Collector.Domain.Results; using Newsbot.Collector.Domain.Results;
using Newsbot.Collector.Domain.Entities; using Newsbot.Collector.Domain.Entities;
using Newsbot.Collector.Domain.Interfaces; using Newsbot.Collector.Domain.Interfaces;
@ -16,22 +17,24 @@ public interface IIdentityService
AuthenticationResult Register(string email, string password); AuthenticationResult Register(string email, string password);
AuthenticationResult Login(string email, string password); AuthenticationResult Login(string email, string password);
AuthenticationResult RefreshToken(string token, string refreshToken); AuthenticationResult RefreshToken(string token, string refreshToken);
void AddRole(string roleName, string userId); void AddRole(string name, string userId);
} }
public class IdentityService : IIdentityService public class IdentityService : IIdentityService
{ {
private readonly UserManager<IdentityUser> _userManager; private readonly UserManager<IdentityUser> _userManager;
private readonly RoleManager<IdentityRole> _roleManager;
private readonly JwtSettings _jwtSettings; private readonly JwtSettings _jwtSettings;
private readonly TokenValidationParameters _tokenValidationParameters; private readonly TokenValidationParameters _tokenValidationParameters;
private readonly IRefreshTokenRepository _refreshTokenRepository; private readonly IRefreshTokenRepository _refreshTokenRepository;
public IdentityService(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, TokenValidationParameters tokenValidationParameters, IRefreshTokenRepository refreshTokenRepository) public IdentityService(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, TokenValidationParameters tokenValidationParameters, IRefreshTokenRepository refreshTokenRepository, RoleManager<IdentityRole> roleManager)
{ {
_userManager = userManager; _userManager = userManager;
_jwtSettings = jwtSettings; _jwtSettings = jwtSettings;
_tokenValidationParameters = tokenValidationParameters; _tokenValidationParameters = tokenValidationParameters;
_refreshTokenRepository = refreshTokenRepository; _refreshTokenRepository = refreshTokenRepository;
_roleManager = roleManager;
} }
public AuthenticationResult Register(string email, string password) public AuthenticationResult Register(string email, string password)
@ -64,7 +67,10 @@ public class IdentityService : IIdentityService
}; };
} }
return GenerateJwtToken(newUser); var addRole = _userManager.AddToRoleAsync(newUser, Authorization.UsersRole);
addRole.Wait();
return GenerateJwtToken(newUser);
} }
public AuthenticationResult Login(string email, string password) public AuthenticationResult Login(string email, string password)
@ -109,8 +115,9 @@ public class IdentityService : IIdentityService
var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value); var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
// generate the unix epoc, add expiry time // generate the unix epoc, add expiry time
var expiryDateTimeUtc = new DateTime(1970, 0, 0, 0, 0, 0, DateTimeKind.Utc)
.AddSeconds(expiryDateUnix); var unixTime = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
var expiryDateTimeUtc = unixTime.AddSeconds(expiryDateUnix);
// if it expires in the future // if it expires in the future
if (expiryDateTimeUtc > DateTime.Now) if (expiryDateTimeUtc > DateTime.Now)
@ -179,7 +186,7 @@ public class IdentityService : IIdentityService
return GenerateJwtToken(user.Result); return GenerateJwtToken(user.Result);
} }
public void AddRole(string roleName, string userId) public void AddRole(string name, string userId)
{ {
var user = _userManager.FindByIdAsync(userId); var user = _userManager.FindByIdAsync(userId);
user.Wait(); user.Wait();
@ -189,7 +196,14 @@ public class IdentityService : IIdentityService
throw new Exception("User was not found"); throw new Exception("User was not found");
} }
_userManager.AddToRoleAsync(user.Result, roleName); if (!name.Equals(Authorization.AdministratorClaim)
|| !name.Equals(Authorization.UserClaim))
{
throw new Exception("Invalid role");
}
var addRole = _userManager.AddToRoleAsync(user.Result, name);
addRole.Wait();
} }
private ClaimsPrincipal? CheckTokenSigner(string token) private ClaimsPrincipal? CheckTokenSigner(string token)
@ -221,15 +235,25 @@ public class IdentityService : IIdentityService
{ {
var tokenHandler = new JwtSecurityTokenHandler(); var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_jwtSettings.Secret ?? ""); var key = Encoding.ASCII.GetBytes(_jwtSettings.Secret ?? "");
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email ?? ""),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email ?? ""),
new Claim("id", user.Id)
};
var userRoles = _userManager.GetRolesAsync(user);
userRoles.Wait();
foreach (var role in userRoles.Result)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var tokenDescriptor = new SecurityTokenDescriptor var tokenDescriptor = new SecurityTokenDescriptor
{ {
Subject = new ClaimsIdentity(new[] Subject = new ClaimsIdentity(claims),
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email ?? ""),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email ?? ""),
new Claim("id", user.Id)
}),
Expires = DateTime.UtcNow.AddHours(3), Expires = DateTime.UtcNow.AddHours(3),
SigningCredentials = SigningCredentials =
new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
@ -239,6 +263,7 @@ public class IdentityService : IIdentityService
var refreshToken = new RefreshTokenEntity var refreshToken = new RefreshTokenEntity
{ {
Token = token.Id,
JwtId = token.Id, JwtId = token.Id,
UserId = user.Id, UserId = user.Id,
CreatedDate = DateTime.UtcNow, CreatedDate = DateTime.UtcNow,