diff --git a/GirafAPI/Authorization/OrgAdminRequirement.cs b/GirafAPI/Authorization/OrgAdminRequirement.cs old mode 100644 new mode 100755 index c509eaf..15ae9f5 --- a/GirafAPI/Authorization/OrgAdminRequirement.cs +++ b/GirafAPI/Authorization/OrgAdminRequirement.cs @@ -1,4 +1,8 @@ +using System.Security.Claims; +using GirafAPI.Data; +using GirafAPI.Entities.Users; using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Identity; namespace GirafAPI.Authorization; @@ -7,18 +11,31 @@ public class OrgAdminRequirement : IAuthorizationRequirement; public class OrgAdminAuthorizationHandler : AuthorizationHandler { private readonly IHttpContextAccessor _httpContextAccessor; + private readonly UserManager _userManager; - public OrgAdminAuthorizationHandler(IHttpContextAccessor httpContextAccessor) + public OrgAdminAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserManager userManager) { _httpContextAccessor = httpContextAccessor; + _userManager = userManager; } - protected override Task HandleRequirementAsync( + protected override async Task HandleRequirementAsync( AuthorizationHandlerContext context, OrgAdminRequirement requirement) { - var claims = context.User; - var orgIds = claims.Claims + var userId = _userManager.GetUserId(_httpContextAccessor.HttpContext.User); + var user = await _userManager.FindByIdAsync(userId); + + if (user == null) + { + context.Fail(); + return; + } + + + var claims = await _userManager.GetClaimsAsync(user); + + var orgIds = claims .Where(c => c.Type == "OrgAdmin") .Select(c => c.Value) .ToList(); @@ -29,10 +46,9 @@ protected override Task HandleRequirementAsync( if (orgIds.Contains(orgIdInUrl)) { context.Succeed(requirement); - return Task.CompletedTask; + return; } context.Fail(); - return Task.CompletedTask; } } \ No newline at end of file diff --git a/GirafAPI/Authorization/OrgMemberRequirement.cs b/GirafAPI/Authorization/OrgMemberRequirement.cs old mode 100644 new mode 100755 index bcb5489..6719cd5 --- a/GirafAPI/Authorization/OrgMemberRequirement.cs +++ b/GirafAPI/Authorization/OrgMemberRequirement.cs @@ -1,4 +1,6 @@ +using GirafAPI.Entities.Users; using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Identity; namespace GirafAPI.Authorization; @@ -7,21 +9,34 @@ public class OrgMemberRequirement : IAuthorizationRequirement; public class OrgMemberAuthorizationHandler : AuthorizationHandler { private readonly IHttpContextAccessor _httpContextAccessor; + private readonly UserManager _userManager; - public OrgMemberAuthorizationHandler(IHttpContextAccessor httpContextAccessor) + public OrgMemberAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserManager userManager) { _httpContextAccessor = httpContextAccessor; + _userManager = userManager; } - protected override Task HandleRequirementAsync( + protected override async Task HandleRequirementAsync( AuthorizationHandlerContext context, OrgMemberRequirement requirement) { - var claims = context.User; - var orgIds = claims.Claims - .Where(c => c.Type == "OrgMember") - .Select(c => c.Value) - .ToList(); + + var userId = _userManager.GetUserId(_httpContextAccessor.HttpContext.User); + var user = await _userManager.FindByIdAsync(userId); + + if (user == null) + { + context.Fail(); + return; + } + + var claims = await _userManager.GetClaimsAsync(user); + + var orgIds = claims + .Where(c => c.Type == "OrgMember") + .Select(c => c.Value) + .ToList(); var httpContext = _httpContextAccessor.HttpContext; var orgIdInUrl = httpContext.Request.RouteValues["orgId"]; @@ -29,10 +44,9 @@ protected override Task HandleRequirementAsync( if (orgIds.Contains(orgIdInUrl)) { context.Succeed(requirement); - return Task.CompletedTask; + return; } context.Fail(); - return Task.CompletedTask; } } \ No newline at end of file diff --git a/GirafAPI/Endpoints/LoginEndpoints.cs b/GirafAPI/Endpoints/LoginEndpoints.cs old mode 100644 new mode 100755 index a29c179..b30d5e4 --- a/GirafAPI/Endpoints/LoginEndpoints.cs +++ b/GirafAPI/Endpoints/LoginEndpoints.cs @@ -36,9 +36,6 @@ public static void MapLoginEndpoint(this WebApplication app) new Claim(ClaimTypes.Name, user.UserName) }; - var userClaims = await userManager.GetClaimsAsync(user); - claims.AddRange(userClaims); - var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.Value.SecretKey)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); diff --git a/GirafAPI/Endpoints/OrganizationEndpoints.cs b/GirafAPI/Endpoints/OrganizationEndpoints.cs old mode 100644 new mode 100755 index 5f72405..656dd42 --- a/GirafAPI/Endpoints/OrganizationEndpoints.cs +++ b/GirafAPI/Endpoints/OrganizationEndpoints.cs @@ -89,12 +89,6 @@ await dbContext.Entry(organization) { try { - var userClaims = httpContext.User.Claims; - foreach (var claim in userClaims) - { - Console.WriteLine($"{claim.Type}: {claim.Value}"); - } - var userId = userManager.GetUserId(httpContext.User); var user = userManager.FindByIdAsync(userId).GetAwaiter().GetResult(); @@ -174,6 +168,7 @@ await dbContext.Entry(organization) return Results.Problem(ex.Message, statusCode: StatusCodes.Status500InternalServerError); } }) + .RequireAuthorization("OrganizationAdmin") .WithName("DeleteOrganization") .WithDescription("Deletes the organization.") .WithTags("Organizations") diff --git a/GirafAPI/Extensions/ServiceExtensions.cs b/GirafAPI/Extensions/ServiceExtensions.cs old mode 100644 new mode 100755 index 73d96af..a3c0daf --- a/GirafAPI/Extensions/ServiceExtensions.cs +++ b/GirafAPI/Extensions/ServiceExtensions.cs @@ -81,8 +81,8 @@ public static IServiceCollection ConfigureJwt(this IServiceCollection services, public static IServiceCollection ConfigureAuthorizationPolicies(this IServiceCollection services) { - services.AddSingleton(); - services.AddSingleton(); + services.AddScoped(); + services.AddScoped(); services.AddAuthorization(options => {