finished OpenID integration

2024-12-22 14:28:49 +01:00
parent 9b38a10797
commit bee771a30e
15 changed files with 110 additions and 82 deletions
--- a/src/HopFrame.Api/Controller/HopFrameFeatureProvider.cs
+++ b/src/HopFrame.Api/Controller/HopFrameFeatureProvider.cs
@@ -1,16 +0,0 @@
-using System.Reflection;
-using Microsoft.AspNetCore.Mvc.Controllers;
-
-namespace HopFrame.Api.Controller;
-
-public class HopFrameFeatureProvider(params Type[] controllerTypes) : ControllerFeatureProvider {
-    protected override bool IsController(TypeInfo typeInfo) {
-        if (typeInfo.Namespace != typeof(HopFrameFeatureProvider).Namespace)
-            return base.IsController(typeInfo);
-
-        if (controllerTypes.All(c => c.Name != typeInfo.Name))
-            return false;
-        
-        return base.IsController(typeInfo);
-    }
-}
--- a/src/HopFrame.Api/Controller/OpenIdController.cs
+++ b/src/HopFrame.Api/Controller/OpenIdController.cs
@@ -10,10 +10,11 @@ namespace HopFrame.Api.Controller;

 [ApiController, Route("api/v1/openid")]
 public class OpenIdController(IOpenIdAccessor accessor, IOptions<OpenIdOptions> options) : ControllerBase {
+    public const string DefaultCallback = "api/v1/openid/callback";

    [HttpGet("redirect")]
    public async Task<IActionResult> RedirectToProvider([FromQuery] string redirectAfter, [FromQuery] int performRedirect = 1) {
-        var uri = await accessor.ConstructAuthUri(redirectAfter);
+        var uri = await accessor.ConstructAuthUri(DefaultCallback, redirectAfter);

        if (performRedirect == 1) {
            return Redirect(uri);
@@ -28,7 +29,11 @@ public class OpenIdController(IOpenIdAccessor accessor, IOptions<OpenIdOptions>
            return BadRequest("Authorization code is missing");
        }

-        var token = await accessor.RequestToken(code);
+        var token = await accessor.RequestToken(code, DefaultCallback);
+
+        if (token is null) {
+            return Forbid("Authorization code is not valid");
+        }
        
        Response.Cookies.Append(ITokenContext.AccessTokenType, token.AccessToken, new CookieOptions {
            MaxAge = TimeSpan.FromSeconds(token.ExpiresIn),
--- a/src/HopFrame.Api/Extensions/ServiceCollectionExtensions.cs
+++ b/src/HopFrame.Api/Extensions/ServiceCollectionExtensions.cs
@@ -19,7 +19,10 @@ public static class ServiceCollectionExtensions {
    /// <param name="configuration">The configuration used to configure HopFrame authentication</param>
    /// <typeparam name="TDbContext">The data source for all HopFrame entities</typeparam>
    public static void AddHopFrame<TDbContext>(this IServiceCollection services, ConfigurationManager configuration) where TDbContext : HopDbContextBase {
-        var controllers = new List<Type> { typeof(AuthController) };
+        var controllers = new List<Type>();
+        
+        if (configuration.GetValue<bool>("HopFrame:Authentication:DefaultAuthentication"))
+            controllers.Add(typeof(AuthController));
        
        if (configuration.GetValue<bool>("HopFrame:Authentication:OpenID:Enabled"))
            controllers.Add(typeof(OpenIdController));
--- a/src/HopFrame.Api/Logic/Implementation/AuthLogic.cs
+++ b/src/HopFrame.Api/Logic/Implementation/AuthLogic.cs
@@ -12,6 +12,8 @@ namespace HopFrame.Api.Logic.Implementation;
 internal class AuthLogic(IUserRepository users, ITokenRepository tokens, ITokenContext tokenContext, IHttpContextAccessor accessor, IOptions<HopFrameAuthenticationOptions> options) : IAuthLogic {
    
    public async Task<LogicResult<SingleValueResult<string>>> Login(UserLogin login) {
+        if (!options.Value.DefaultAuthentication) return LogicResult<SingleValueResult<string>>.BadRequest("HopFrame authentication scheme is disabled");
+        
        var user = await users.GetUserByEmail(login.Email);

        if (user is null)
@@ -38,6 +40,8 @@ internal class AuthLogic(IUserRepository users, ITokenRepository tokens, ITokenC
    }

    public async Task<LogicResult<SingleValueResult<string>>> Register(UserRegister register) {
+        if (!options.Value.DefaultAuthentication) return LogicResult<SingleValueResult<string>>.BadRequest("HopFrame authentication scheme is disabled");
+        
        if (register.Password.Length < 8)
            return LogicResult<SingleValueResult<string>>.BadRequest("Password needs to be at least 8 characters long");

@@ -69,6 +73,8 @@ internal class AuthLogic(IUserRepository users, ITokenRepository tokens, ITokenC
    }

    public async Task<LogicResult<SingleValueResult<string>>> Authenticate() {
+        if (!options.Value.DefaultAuthentication) return LogicResult<SingleValueResult<string>>.BadRequest("HopFrame authentication scheme is disabled");
+        
        var refreshToken = accessor.HttpContext?.Request.Cookies[ITokenContext.RefreshTokenType];
        
        if (string.IsNullOrEmpty(refreshToken))