aau-giraf · ronaldhej · Dec 6, 2024 · Dec 6, 2024 · Dec 6, 2024
diff --git a/GirafAPI/Authorization/OrgAdminRequirement.cs b/GirafAPI/Authorization/OrgAdminRequirement.cs
@@ -1,4 +1,8 @@
+using System.Security.Claims;
+using GirafAPI.Data;
+using GirafAPI.Entities.Users;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
 
 namespace GirafAPI.Authorization;
 
@@ -7,18 +11,31 @@ public class OrgAdminRequirement : IAuthorizationRequirement;
 public class OrgAdminAuthorizationHandler : AuthorizationHandler<OrgAdminRequirement>
 {
     private readonly IHttpContextAccessor _httpContextAccessor;
+    private readonly UserManager<GirafUser> _userManager;
 
-    public OrgAdminAuthorizationHandler(IHttpContextAccessor httpContextAccessor)
+    public OrgAdminAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserManager<GirafUser> userManager)
     {
         _httpContextAccessor = httpContextAccessor;
+        _userManager = userManager;
     }
 
-    protected override Task HandleRequirementAsync(
+    protected override async Task HandleRequirementAsync(
         AuthorizationHandlerContext context,
         OrgAdminRequirement requirement)
     {
-        var claims = context.User;
-        var orgIds = claims.Claims
+        var userId = _userManager.GetUserId(_httpContextAccessor.HttpContext.User);
+        var user = await _userManager.FindByIdAsync(userId);
+
+        if (user == null)
+        {
+            context.Fail();
+            return;
+        }
+
+
+        var claims = await _userManager.GetClaimsAsync(user);
+
+        var orgIds = claims
             .Where(c => c.Type == "OrgAdmin")
             .Select(c => c.Value)
             .ToList();
@@ -29,10 +46,9 @@ protected override Task HandleRequirementAsync(
         if (orgIds.Contains(orgIdInUrl))
         {
             context.Succeed(requirement);
-            return Task.CompletedTask;
+            return;
         }
 
         context.Fail();
-        return Task.CompletedTask;
     }
 }
diff --git a/GirafAPI/Authorization/OrgMemberRequirement.cs b/GirafAPI/Authorization/OrgMemberRequirement.cs
@@ -1,4 +1,6 @@
+using GirafAPI.Entities.Users;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
 
 namespace GirafAPI.Authorization;
 
@@ -7,32 +9,44 @@ public class OrgMemberRequirement : IAuthorizationRequirement;
 public class OrgMemberAuthorizationHandler : AuthorizationHandler<OrgMemberRequirement>
 {
     private readonly IHttpContextAccessor _httpContextAccessor;
+    private readonly UserManager<GirafUser> _userManager;
 
-    public OrgMemberAuthorizationHandler(IHttpContextAccessor httpContextAccessor)
+    public OrgMemberAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserManager<GirafUser> userManager)
     {
         _httpContextAccessor = httpContextAccessor;
+        _userManager = userManager;
     }
 
-    protected override Task HandleRequirementAsync(
+    protected override async Task HandleRequirementAsync(
         AuthorizationHandlerContext context,
         OrgMemberRequirement requirement)
     {
-        var claims = context.User;
-        var orgIds = claims.Claims
-                                .Where(c => c.Type == "OrgMember")
-                                .Select(c => c.Value)
-                                .ToList();
+
+        var userId = _userManager.GetUserId(_httpContextAccessor.HttpContext.User);
+        var user = await _userManager.FindByIdAsync(userId);
+
+        if (user == null)
+        {
+            context.Fail();
+            return;
+        }
+
+        var claims = await _userManager.GetClaimsAsync(user);
+
+        var orgIds = claims
+            .Where(c => c.Type == "OrgMember")
+            .Select(c => c.Value)
+            .ToList();
 
         var httpContext = _httpContextAccessor.HttpContext;
         var orgIdInUrl = httpContext.Request.RouteValues["orgId"];
 
         if (orgIds.Contains(orgIdInUrl))
         {
             context.Succeed(requirement);
-            return Task.CompletedTask;
+            return;
         }
 
         context.Fail();
-        return Task.CompletedTask;
     }
 }
diff --git a/GirafAPI/Endpoints/LoginEndpoints.cs b/GirafAPI/Endpoints/LoginEndpoints.cs
@@ -36,9 +36,6 @@ public static void MapLoginEndpoint(this WebApplication app)
                     new Claim(ClaimTypes.Name, user.UserName)
                 };
 
-                var userClaims = await userManager.GetClaimsAsync(user);
-                claims.AddRange(userClaims);
-
                 var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.Value.SecretKey));
                 var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
 

diff --git a/GirafAPI/Endpoints/OrganizationEndpoints.cs b/GirafAPI/Endpoints/OrganizationEndpoints.cs
@@ -89,12 +89,6 @@ await dbContext.Entry(organization)
                 {
                     try
                     {
-                        var userClaims = httpContext.User.Claims;
-                        foreach (var claim in userClaims)
-                        {
-                            Console.WriteLine($"{claim.Type}: {claim.Value}");
-                        }
-
                         var userId = userManager.GetUserId(httpContext.User);
 
                         var user = userManager.FindByIdAsync(userId).GetAwaiter().GetResult();
@@ -174,6 +168,7 @@ await dbContext.Entry(organization)
                     return Results.Problem(ex.Message, statusCode: StatusCodes.Status500InternalServerError);
                 }
             })
+            .RequireAuthorization("OrganizationAdmin")
             .WithName("DeleteOrganization")
             .WithDescription("Deletes the organization.")
             .WithTags("Organizations")

diff --git a/GirafAPI/Extensions/ServiceExtensions.cs b/GirafAPI/Extensions/ServiceExtensions.cs
@@ -81,8 +81,8 @@ public static IServiceCollection ConfigureJwt(this IServiceCollection services,
 
         public static IServiceCollection ConfigureAuthorizationPolicies(this IServiceCollection services)
         {
-            services.AddSingleton<IAuthorizationHandler, OrgMemberAuthorizationHandler>();
-            services.AddSingleton<IAuthorizationHandler, OrgAdminAuthorizationHandler>();
+            services.AddScoped<IAuthorizationHandler, OrgMemberAuthorizationHandler>();
+            services.AddScoped<IAuthorizationHandler, OrgAdminAuthorizationHandler>();
 
             services.AddAuthorization(options =>
             {