From a8fdc1b0d7f74c5cb203ec03c8aca1aec0a0db36 Mon Sep 17 00:00:00 2001 From: Xelit3 Date: Wed, 26 Apr 2023 08:48:35 +0200 Subject: [PATCH 1/2] Retrieving UserId from nameid clain in ControllerBase --- .../ApiControllerBaseTest.cs | 35 +++++++++++++------ .../Extensions/ControllerBaseExtensions.cs | 18 ++++------ 2 files changed, 32 insertions(+), 21 deletions(-) diff --git a/ChustaSoft.Common.AspNet.UnitTest/ApiControllerBaseTest.cs b/ChustaSoft.Common.AspNet.UnitTest/ApiControllerBaseTest.cs index dfb36e2..0139891 100644 --- a/ChustaSoft.Common.AspNet.UnitTest/ApiControllerBaseTest.cs +++ b/ChustaSoft.Common.AspNet.UnitTest/ApiControllerBaseTest.cs @@ -54,7 +54,7 @@ public void Given_ActionResponseBuilderAndException_When_Ko_Then_IActionResultRe } [Test] - public void Given_TokenWithUserId_When_GetRequestUserId_Then_UserId() + public void Given_TokenWithUserId_When_GetRequestUserId_Then_UserIdRetrived() { //Arrange const string expectedUserId = "ff85452f-465b-4539-a056-fd516d635df5"; @@ -71,22 +71,21 @@ public void Given_TokenWithUserId_When_GetRequestUserId_Then_UserId() } [Test] - public void Given_TokenWithUserId_When_GetRequestUserId_With_InvalidClaim_Then_Exception() + public void Given_TokenWithUserIdInnameidClaim_When_GetRequestUserId_Then_UserIdRetrived() { //Arrange - const string expectedErrorMessage = "User id cannot be null"; + const string expectedUserId = "4c5a0310-8299-4a0b-8eb5-3d9a49a5aa8b"; var testController = CreateTestController(new ControllerContext() { - HttpContext = CreateHttpContextWithAuthrizationHeader(), + HttpContext = CreateHttpContextWithAuthrizationHeader(IdClaimType.Nameid), }); //Act - TestDelegate act = () => testController.GetRequestUserId("NonExistingClaim"); + var userId = testController.GetRequestUserId(); //Assert - var exception = Assert.Throws(act); - Assert.AreEqual(exception.Message, expectedErrorMessage); + Assert.AreEqual(userId, expectedUserId); } [Test] @@ -162,10 +161,19 @@ private TestController CreateTestController(ControllerContext controllerContext }; } - private DefaultHttpContext CreateHttpContextWithAuthrizationHeader() + private DefaultHttpContext CreateHttpContextWithAuthrizationHeader(IdClaimType idClaimType = IdClaimType.Oid) { var httpContext = new DefaultHttpContext(); - httpContext.Request.Headers["Authorization"] = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imwzc1EtNTBjQ0g0eEJWWkxIVEd3blNSNzY4MCIsImtpZCI6Imwzc1EtNTBjQ0g0eEJWWkxIVEd3blNSNzY4MCJ9.eyJhdWQiOiJhcGk6Ly9iNjZjYjc5MS01NWY4LTQ4OGMtODFjNC0yNzM2MjJhODVkNWEiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80NTMxZDk4NC03M2QwLTQ0MzktYTEwNi00YThhNDRkZGI4YzcvIiwiaWF0IjoxNjMzOTM4NDU2LCJuYmYiOjE2MzM5Mzg0NTYsImV4cCI6MTYzMzk0MjM1NiwiYWNyIjoiMSIsImFpbyI6IkFWUUFxLzhUQUFBQXk3akw3UE0wWGs4azVuSXhMV0ZiRGhoeFIrQ1hORm9BODQvQUVDT1hCVXRzL2l1TTNIQTI0RDl1V25pYVlRa3VzZGRoS2ROdEYyWDZwdnVQRDZoMEVmN3JBTk9SZGJlWG5UWDM2UmZ6cU1zPSIsImFtciI6WyJwd2QiLCJtZmEiXSwiYXBwaWQiOiI2OTI4NDNmOS00N2M2LTQwMTctYjYyNS1mYjJiOTBkZTE1ZDgiLCJhcHBpZGFjciI6IjEiLCJlbWFpbCI6Impvc2UuZWlndXJlbkBjb3RlY25hLmVzIiwiZmFtaWx5X25hbWUiOiJFaWd1cmVuIiwiZ2l2ZW5fbmFtZSI6Ikpvc2UiLCJpcGFkZHIiOiI5MC4xNzMuMTQ3LjEwOCIsIm5hbWUiOiJFaWd1cmVuIEpvc2UiLCJvaWQiOiJmZjg1NDUyZi00NjViLTQ1MzktYTA1Ni1mZDUxNmQ2MzVkZjUiLCJvbnByZW1fc2lkIjoiUy0xLTUtMjEtNjA2NzQ3MTQ1LTE5NTc5OTQ0ODgtODM5NTIyMTE1LTI4NzM3IiwicmgiOiIwLkFZRUFoTmt4UmRCek9VU2hCa3FLUk4yNHhfbERLR25HUnhkQXRpWDdLNURlRmRpQkFDSS4iLCJzY3AiOiJwYXJraW5nX2FwaV9hY2Nlc3MiLCJzaWQiOiJlOTU3YzEzOC00NmU4LTQwMjAtYjI3My1mM2Q0N2RiNTFjNjYiLCJzdWIiOiJSQkpLWlFPTDRuQjZCME5pSGVHblFlVFpVWkVNUTJTN01PMnpUYU1ISXpjIiwidGlkIjoiNDUzMWQ5ODQtNzNkMC00NDM5LWExMDYtNGE4YTQ0ZGRiOGM3IiwidW5pcXVlX25hbWUiOiJqb3NlLmVpZ3VyZW5AY290ZWNuYS5lcyIsInVwbiI6Impvc2UuZWlndXJlbkBjb3RlY25hLmVzIiwidXRpIjoiS2V6SWhjTkM5a2VILURiaTRPN0lBQSIsInZlciI6IjEuMCJ9.MIfNYBb1_--GgHZM7-9JFd6mUjhU_Os-3CU8HToFn8rJc8IzFS0BgfJMLTn730YVYNYSfwFr8JGt5ISHdHkorFJdAi7jY6n_hESCK0uyC1jcXjiKgeMOP-8OMZ2OXGHbu_-e0Qb4ujUGrdWygSKfyv6kWH5-weLZjWv8I2mN0cdmotbNDbygyI6GJa9kPEEoQNkzxxLu-9yzpk7HKIV9BXL3KV1-XErRoDhKFJiaxlQooKTlxzjqaGoUVu7gTKdXHmOXJBdObhJIaaKBVcaW66iYM391LlVLK2hIahJ6YHXoyiwmySWBObHyP0mmfNRv6hrst_l77y8ax71DtSNe8Q"; + + switch (idClaimType) + { + case IdClaimType.Oid: + httpContext.Request.Headers["Authorization"] = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imwzc1EtNTBjQ0g0eEJWWkxIVEd3blNSNzY4MCIsImtpZCI6Imwzc1EtNTBjQ0g0eEJWWkxIVEd3blNSNzY4MCJ9.eyJhdWQiOiJhcGk6Ly9iNjZjYjc5MS01NWY4LTQ4OGMtODFjNC0yNzM2MjJhODVkNWEiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80NTMxZDk4NC03M2QwLTQ0MzktYTEwNi00YThhNDRkZGI4YzcvIiwiaWF0IjoxNjMzOTM4NDU2LCJuYmYiOjE2MzM5Mzg0NTYsImV4cCI6MTYzMzk0MjM1NiwiYWNyIjoiMSIsImFpbyI6IkFWUUFxLzhUQUFBQXk3akw3UE0wWGs4azVuSXhMV0ZiRGhoeFIrQ1hORm9BODQvQUVDT1hCVXRzL2l1TTNIQTI0RDl1V25pYVlRa3VzZGRoS2ROdEYyWDZwdnVQRDZoMEVmN3JBTk9SZGJlWG5UWDM2UmZ6cU1zPSIsImFtciI6WyJwd2QiLCJtZmEiXSwiYXBwaWQiOiI2OTI4NDNmOS00N2M2LTQwMTctYjYyNS1mYjJiOTBkZTE1ZDgiLCJhcHBpZGFjciI6IjEiLCJlbWFpbCI6Impvc2UuZWlndXJlbkBjb3RlY25hLmVzIiwiZmFtaWx5X25hbWUiOiJFaWd1cmVuIiwiZ2l2ZW5fbmFtZSI6Ikpvc2UiLCJpcGFkZHIiOiI5MC4xNzMuMTQ3LjEwOCIsIm5hbWUiOiJFaWd1cmVuIEpvc2UiLCJvaWQiOiJmZjg1NDUyZi00NjViLTQ1MzktYTA1Ni1mZDUxNmQ2MzVkZjUiLCJvbnByZW1fc2lkIjoiUy0xLTUtMjEtNjA2NzQ3MTQ1LTE5NTc5OTQ0ODgtODM5NTIyMTE1LTI4NzM3IiwicmgiOiIwLkFZRUFoTmt4UmRCek9VU2hCa3FLUk4yNHhfbERLR25HUnhkQXRpWDdLNURlRmRpQkFDSS4iLCJzY3AiOiJwYXJraW5nX2FwaV9hY2Nlc3MiLCJzaWQiOiJlOTU3YzEzOC00NmU4LTQwMjAtYjI3My1mM2Q0N2RiNTFjNjYiLCJzdWIiOiJSQkpLWlFPTDRuQjZCME5pSGVHblFlVFpVWkVNUTJTN01PMnpUYU1ISXpjIiwidGlkIjoiNDUzMWQ5ODQtNzNkMC00NDM5LWExMDYtNGE4YTQ0ZGRiOGM3IiwidW5pcXVlX25hbWUiOiJqb3NlLmVpZ3VyZW5AY290ZWNuYS5lcyIsInVwbiI6Impvc2UuZWlndXJlbkBjb3RlY25hLmVzIiwidXRpIjoiS2V6SWhjTkM5a2VILURiaTRPN0lBQSIsInZlciI6IjEuMCJ9.MIfNYBb1_--GgHZM7-9JFd6mUjhU_Os-3CU8HToFn8rJc8IzFS0BgfJMLTn730YVYNYSfwFr8JGt5ISHdHkorFJdAi7jY6n_hESCK0uyC1jcXjiKgeMOP-8OMZ2OXGHbu_-e0Qb4ujUGrdWygSKfyv6kWH5-weLZjWv8I2mN0cdmotbNDbygyI6GJa9kPEEoQNkzxxLu-9yzpk7HKIV9BXL3KV1-XErRoDhKFJiaxlQooKTlxzjqaGoUVu7gTKdXHmOXJBdObhJIaaKBVcaW66iYM391LlVLK2hIahJ6YHXoyiwmySWBObHyP0mmfNRv6hrst_l77y8ax71DtSNe8Q"; + break; + case IdClaimType.Nameid: + httpContext.Request.Headers["Authorization"] = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InRlc3RAbWFpbC5jb20iLCJuYW1laWQiOiI0YzVhMDMxMC04Mjk5LTRhMGItOGViNS0zZDlhNDlhNWFhOGIiLCJlbWFpbCI6InRlc3RAbWFpbC5jb20iLCJyb2xlIjpbIlN5c3RlbSBBZG1pbiIsIlN1cGVyIEFkbWluIl0sImN1bHR1cmUiOiJlbi1VSyIsInN1YiI6InRlc3RAbWFpbC5jb20iLCJqdGkiOiIxYWJhNmU5NS1kNTlmLTRlM2QtODBmMi1kODIxMTRjMWY2NDQiLCJhdWQiOiJjb3RlY25hLmVzIiwiaXNzIjoiY290ZWNuYS5lcyIsIm5iZiI6MTY4MjQ5MDQ3OSwiZXhwIjoxNjgzMDk1Mjc5LCJpYXQiOjE2ODI0OTA0Nzl9.JLidtcuqp_VDi_paX05HRT68ekawGtZTvC4Mjw3IZcg"; + break; + } return httpContext; } @@ -221,4 +229,11 @@ internal IActionResult Expose_Ko(ActionResponseBuilder actionResponseBuild } } -} \ No newline at end of file + + + internal enum IdClaimType + { + Oid, + Nameid + } +} diff --git a/ChustaSoft.Common.AspNet/Extensions/ControllerBaseExtensions.cs b/ChustaSoft.Common.AspNet/Extensions/ControllerBaseExtensions.cs index 6b09ffa..574a97b 100644 --- a/ChustaSoft.Common.AspNet/Extensions/ControllerBaseExtensions.cs +++ b/ChustaSoft.Common.AspNet/Extensions/ControllerBaseExtensions.cs @@ -10,8 +10,7 @@ public static class ControllerBaseExtensions { private const string ACCESS_TOKEN_HEADER = "Authorization"; - private const string OID_CLAIM = "oid"; - + /// /// Gets the user id from the autorization token header @@ -19,17 +18,14 @@ public static class ControllerBaseExtensions /// Controller from wich get the information /// Claim where the userd id is located /// User id found in the access token authorization header - public static string GetRequestUserId(this ControllerBase controllerBase, string userIdClaim = OID_CLAIM) + public static string GetRequestUserId(this ControllerBase controllerBase) { var jwt = controllerBase.GetTokenFromAuthHeader(); - var userId = jwt.Claims.FirstOrDefault(x => x.Type.Equals(userIdClaim, StringComparison.OrdinalIgnoreCase))?.Value; - - if (string.IsNullOrEmpty(userId)) - { + + return + jwt.Claims.FirstOrDefault(c => c.Type.Equals("oid", StringComparison.OrdinalIgnoreCase))?.Value ?? + jwt.Claims.FirstOrDefault(c => c.Type.Equals("nameid", StringComparison.OrdinalIgnoreCase))?.Value ?? throw new InvalidOperationException("User id cannot be null"); - } - - return userId; } /// @@ -59,7 +55,7 @@ private static IEnumerable GetClaims(this ControllerBase controllerBase) return controllerBase.GetTokenFromAuthHeader().Claims; } - private static JwtSecurityToken GetTokenFromAuthHeader(this ControllerBase controllerBase) + public static JwtSecurityToken GetTokenFromAuthHeader(this ControllerBase controllerBase) { var accessToken = controllerBase.Request.Headers[ACCESS_TOKEN_HEADER].FirstOrDefault()?.Split(" ")[1]; var jwt = new JwtSecurityTokenHandler().ReadToken(accessToken) as JwtSecurityToken; From 23f848efe4b81402b158ce5ecf7d42c98c84cb15 Mon Sep 17 00:00:00 2001 From: Xelit3 Date: Wed, 26 Apr 2023 08:52:38 +0200 Subject: [PATCH 2/2] ChustaSoft.Common.AspNet 2.9.0 --- ChustaSoft.Common.AspNet/ChustaSoft.Common.AspNet.csproj | 6 +++--- ChustaSoft.Common.AspNet/changelog.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChustaSoft.Common.AspNet/ChustaSoft.Common.AspNet.csproj b/ChustaSoft.Common.AspNet/ChustaSoft.Common.AspNet.csproj index 6544ac8..d6b5526 100644 --- a/ChustaSoft.Common.AspNet/ChustaSoft.Common.AspNet.csproj +++ b/ChustaSoft.Common.AspNet/ChustaSoft.Common.AspNet.csproj @@ -9,9 +9,9 @@ Xelit3 ChustaSoft PackageReference - 2.8.0 - 2.8.0 - 2.8.0 + 2.9.0 + 2.9.0 + 2.9.0 https://github.com/ChustaSoft/CommonNET https://github.com/ChustaSoft/CommonNET/blob/main/LICENSE https://github.com/ChustaSoft/CommonNET.git diff --git a/ChustaSoft.Common.AspNet/changelog.md b/ChustaSoft.Common.AspNet/changelog.md index ab83258..16f076a 100644 --- a/ChustaSoft.Common.AspNet/changelog.md +++ b/ChustaSoft.Common.AspNet/changelog.md @@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.9.0] - 2023-04-26 +### Added +- Restricted the UserID retrieval masking the logic only for oid and nameid + ## [2.8.0] - 2022-12-20 ### Added - Support for .NET 7.0