From c576e0f8873a07cc5b6717e6876cfdacb1a4767b Mon Sep 17 00:00:00 2001 From: "ion.dormenco" Date: Thu, 9 Apr 2020 13:02:29 +0300 Subject: [PATCH] Add admin role and expose it + add admin controller for testing --- .../Controllers/AdminController.cs | 18 ++ .../IdentityHostingStartup.cs | 2 + .../src/StamAcasa.IdentityServer/SeedData.cs | 36 +++ .../StamAcasa.IdentityServer/appsettings.json | 208 +++++++++--------- 4 files changed, 160 insertions(+), 104 deletions(-) create mode 100644 backend/src/StamAcasa.Api/Controllers/AdminController.cs diff --git a/backend/src/StamAcasa.Api/Controllers/AdminController.cs b/backend/src/StamAcasa.Api/Controllers/AdminController.cs new file mode 100644 index 00000000..c37729cf --- /dev/null +++ b/backend/src/StamAcasa.Api/Controllers/AdminController.cs @@ -0,0 +1,18 @@ +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Mvc; + +namespace StamAcasa.Api.Controllers +{ + [Authorize(AuthenticationSchemes = "answersApi", Roles = "Admin")] + [Route("api/admin")] + [ApiController] + public class AdminController : ControllerBase + { + + [HttpGet] + public IActionResult Get() + { + return Content("Yes you are admin"); + } + } +} \ No newline at end of file diff --git a/backend/src/StamAcasa.IdentityServer/IdentityHostingStartup.cs b/backend/src/StamAcasa.IdentityServer/IdentityHostingStartup.cs index 2aadc0d2..71f65843 100644 --- a/backend/src/StamAcasa.IdentityServer/IdentityHostingStartup.cs +++ b/backend/src/StamAcasa.IdentityServer/IdentityHostingStartup.cs @@ -2,6 +2,7 @@ using IdentityServer.Data; using IdentityServerAspNetIdentity; using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; @@ -21,6 +22,7 @@ public void Configure(IWebHostBuilder builder) var emailConfirmation = context.Configuration.GetValue("EnableEmailConfirmation"); services.AddDefaultIdentity(options => options.SignIn.RequireConfirmedAccount = emailConfirmation) + .AddRoles() .AddEntityFrameworkStores(); SeedData.EnsureSeedData(context.Configuration.GetConnectionString("ApplicationDbContextConnection")); diff --git a/backend/src/StamAcasa.IdentityServer/SeedData.cs b/backend/src/StamAcasa.IdentityServer/SeedData.cs index 0465eab8..ba81cc58 100644 --- a/backend/src/StamAcasa.IdentityServer/SeedData.cs +++ b/backend/src/StamAcasa.IdentityServer/SeedData.cs @@ -37,6 +37,10 @@ public static void EnsureSeedData(string connectionString) context.Database.Migrate(); var userMgr = scope.ServiceProvider.GetRequiredService>(); + var roleManager = scope.ServiceProvider.GetRequiredService>(); + + var adminRole = CreateRole("Admin", roleManager); + var alice = userMgr.FindByNameAsync("alice@test.com").Result; if (alice == null) { @@ -64,6 +68,14 @@ public static void EnsureSeedData(string connectionString) { throw new Exception(result.Errors.First().Description); } + + result = userMgr.AddToRoleAsync(alice, adminRole.Name).Result; + if (!result.Succeeded) + { + throw new Exception(result.Errors.First().Description); + } + + Log.Debug("alice created"); } else @@ -99,6 +111,12 @@ public static void EnsureSeedData(string connectionString) { throw new Exception(result.Errors.First().Description); } + + result = userMgr.AddToRoleAsync(bob, adminRole.Name).Result; + if (!result.Succeeded) + { + throw new Exception(result.Errors.First().Description); + } Log.Debug("bob created"); } else @@ -108,5 +126,23 @@ public static void EnsureSeedData(string connectionString) } } } + + private static IdentityRole CreateRole(string roleName, RoleManager roleManager) + { + var role = roleManager.FindByNameAsync(roleName).Result; + if (role == null) + { + var identityRole = new IdentityRole(roleName); + var result = roleManager.CreateAsync(identityRole).Result; + if (!result.Succeeded) + { + throw new Exception(result.Errors.First().Description); + } + + return identityRole; + } + + return role; + } } } diff --git a/backend/src/StamAcasa.IdentityServer/appsettings.json b/backend/src/StamAcasa.IdentityServer/appsettings.json index 533f3199..8402091a 100644 --- a/backend/src/StamAcasa.IdentityServer/appsettings.json +++ b/backend/src/StamAcasa.IdentityServer/appsettings.json @@ -1,110 +1,110 @@ { - "Logging": { - "LogLevel": { - "Default": "Information", - "Microsoft": "Warning", - "Microsoft.Hosting.Lifetime": "Information" - } - }, - "AllowedHosts": "*", - "ConnectionStrings": { - "ApplicationDbContextConnection": "Server=postgres;Port=5432;Database=IdentityServer;User Id=docker;Password=docker;" - }, - "ApiConfiguration": [ - { - "Name": "answersApi", - "ClaimList": [ "openid" ], - "Secret": "svpqYnJSR8xzn8Rl" + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft": "Warning", + "Microsoft.Hosting.Lifetime": "Information" + } }, - { - "Name": "usersApi", - "Secret": "st4k!b7s$af201cv", - "ClaimList": [ "openid", "email" ] - } - ], - "ClientApplications": [ - { - "ClientId": "js", - "ClientName": "JavaScript Client", - "AllowedGrantTypes": [ "implicit" ], - "RequirePkce": false, - "RequireClientSecret": false, - "RequireConsent": false, - "RedirectUris": [ - "http://localhost:3000/signin-oidc", - "http://localhost:3000/silent-refresh" - ], - "PostLogoutRedirectUris": [ "http://localhost:3000/post-logout" ], - "AllowedCorsOrigins": [ "http://localhost:3000" ], - "AllowedScopes": [ - "openid", - "email", - "answersApi", - "usersApi" - ], - "AllowAccessTokensViaBrowser": true, - "AccessTokenType": 1 + "AllowedHosts": "*", + "ConnectionStrings": { + "ApplicationDbContextConnection": "Server=postgres;Port=5432;Database=IdentityServer;User Id=docker;Password=docker;" + }, + "ApiConfiguration": [ + { + "Name": "answersApi", + "ClaimList": [ "openid", "role" ], + "Secret": "svpqYnJSR8xzn8Rl" + }, + { + "Name": "usersApi", + "Secret": "st4k!b7s$af201cv", + "ClaimList": [ "openid", "email", "role" ] + } + ], + "ClientApplications": [ + { + "ClientId": "js", + "ClientName": "JavaScript Client", + "AllowedGrantTypes": [ "implicit" ], + "RequirePkce": false, + "RequireClientSecret": false, + "RequireConsent": false, + "RedirectUris": [ + "http://localhost:3000/signin-oidc", + "http://localhost:3000/silent-refresh" + ], + "PostLogoutRedirectUris": [ "http://localhost:3000/post-logout" ], + "AllowedCorsOrigins": [ "http://localhost:3000" ], + "AllowedScopes": [ + "openid", + "email", + "answersApi", + "usersApi" + ], + "AllowAccessTokensViaBrowser": true, + "AccessTokenType": 1 + }, + { + "ClientId": "jsdocker", + "ClientName": "JavaScript Client", + "AllowedGrantTypes": [ "implicit" ], + "RequirePkce": false, + "RequireClientSecret": false, + "RequireConsent": false, + "RedirectUris": [ + "http://localhost:5002/signin-oidc", + "http://localhost:5002/silent-refresh" + ], + "PostLogoutRedirectUris": [ "http://localhost:5002/post-logout" ], + "AllowedCorsOrigins": [ "http://localhost:5002" ], + "AllowedScopes": [ + "openid", + "email", + "answersApi", + "usersApi" + ], + "AllowAccessTokensViaBrowser": true, + "AccessTokenType": 1 + }, + { + "ClientId": "swaggerClientLocalhost", + "ClientName": "Swagger UI Client", + "AllowedGrantTypes": [ "implicit" ], + "RequirePkce": false, + "RequireClientSecret": false, + "RequireConsent": false, + "RedirectUris": [ "http://localhost:5008/swagger/oauth2-redirect.html" ], + "AllowedCorsOrigins": [ "http://localhost:5008" ], + "PostLogoutRedirectUris": [], + "AllowedScopes": [ + "openid", + "email", + "answersApi", + "usersApi" + ], + "AllowAccessTokensViaBrowser": true, + "AccessTokenType": 1 + } + ], + "EnableEmailConfirmation": true, + "EMailingSystem": "SendGrid", + "AdminFromName": "Admin", + "AdminFromEmail": "admin@stam-acasa.ro", + "Smtp": { + "Host": "", + "Port": 0, + "User": "", + "Password": "" }, - { - "ClientId": "jsdocker", - "ClientName": "JavaScript Client", - "AllowedGrantTypes": [ "implicit" ], - "RequirePkce": false, - "RequireClientSecret": false, - "RequireConsent": false, - "RedirectUris": [ - "http://localhost:5002/signin-oidc", - "http://localhost:5002/silent-refresh" - ], - "PostLogoutRedirectUris": [ "http://localhost:5002/post-logout" ], - "AllowedCorsOrigins": [ "http://localhost:5002" ], - "AllowedScopes": [ - "openid", - "email", - "answersApi", - "usersApi" - ], - "AllowAccessTokensViaBrowser": true, - "AccessTokenType": 1 + "SendGrid": { + "ApiKey": "", + "ClickTracking": false }, - { - "ClientId": "swaggerClientLocalhost", - "ClientName": "Swagger UI Client", - "AllowedGrantTypes": [ "implicit" ], - "RequirePkce": false, - "RequireClientSecret": false, - "RequireConsent": false, - "RedirectUris": [ "http://localhost:5008/swagger/oauth2-redirect.html" ], - "AllowedCorsOrigins": [ "http://localhost:5008" ], - "PostLogoutRedirectUris": [], - "AllowedScopes": [ - "openid", - "email", - "answersApi", - "usersApi" - ], - "AllowAccessTokensViaBrowser": true, - "AccessTokenType": 1 + "RabbitMQ": { + "HostName": "localhost", + "Port": 5672, + "User": "user", + "Password": "password" } - ], - "EnableEmailConfirmation": true, - "EMailingSystem": "SendGrid", - "AdminFromName": "Admin", - "AdminFromEmail": "admin@stam-acasa.ro", - "Smtp": { - "Host": "", - "Port": 0, - "User": "", - "Password": "" - }, - "SendGrid": { - "ApiKey": "", - "ClickTracking": false - }, - "RabbitMQ": { - "HostName": "localhost", - "Port": 5672, - "User": "user", - "Password": "password" - } } \ No newline at end of file