leon.hoppe/HopFrame
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Finished permission management

Browse Source
This commit is contained in:
Leon Hoppe
2024-07-13 18:26:46 +02:00
parent d91ed3ad3a
commit f1266783b3
14 changed files with 132 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
HopFrame.Api/Controller/SecurityController.cs
View File

@@ -20,15 +20,15 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
private const string RefreshTokenType = "HopFrame.Security.RefreshToken";
[HttpPut("login")]
public async Task<ILogicResult<SingleValueResult<string>>> Login([FromBody] UserLogin login) {
public async Task<ActionResult<SingleValueResult<string>>> Login([FromBody] UserLogin login) {
var user = await context.Users.SingleOrDefaultAsync(user => user.Email == login.Email);
if (user is null)
return LogicResult<SingleValueResult<string>>.NotFound("The provided email address was not found");
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.NotFound("The provided email address was not found"));
var hashedPassword = EncryptionManager.Hash(login.Password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
if (hashedPassword != user.Password)
return LogicResult<SingleValueResult<string>>.Forbidden("The provided password is not correct");
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Forbidden("The provided password is not correct"));
var refreshToken = new TokenEntry {
CreatedAt = DateTime.Now,
@@ -52,15 +52,16 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
await context.Tokens.AddRangeAsync(refreshToken, accessToken);
await context.SaveChangesAsync();
return LogicResult<SingleValueResult<string>>.Ok(accessToken.Token);
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Ok(accessToken.Token));
}
[HttpPost("register")]
public async Task<ILogicResult<SingleValueResult<string>>> Register([FromBody] UserRegister register) {
//TODO: Validate Password requirements
public async Task<ActionResult<SingleValueResult<string>>> Register([FromBody] UserRegister register) {
if (register.Password.Length < 8)
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Conflict("Password needs to be at least 8 characters long"));
if (await context.Users.AnyAsync(user => user.Username == register.Username || user.Email == register.Email))
return LogicResult<SingleValueResult<string>>.Conflict("Username or Email is already registered");
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Conflict("Username or Email is already registered"));
var user = new UserEntry {
CreatedAt = DateTime.Now,
@@ -71,6 +72,17 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
user.Password = EncryptionManager.Hash(register.Password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
await context.Users.AddAsync(user);
var defaultGroups = await context.Groups
.Where(group => group.Default)
.Select(group => "group." + group.Name)
.ToListAsync();
await context.Permissions.AddRangeAsync(defaultGroups.Select(group => new PermissionEntry {
GrantedAt = DateTime.Now,
PermissionText = group,
UserId = user.Id
}));
var refreshToken = new TokenEntry {
CreatedAt = DateTime.Now,
@@ -94,23 +106,23 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
await context.Tokens.AddRangeAsync(refreshToken, accessToken);
await context.SaveChangesAsync();
return LogicResult<SingleValueResult<string>>.Ok(accessToken.Token);
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Ok(accessToken.Token));
}
[HttpGet("authenticate")]
public async Task<ILogicResult<SingleValueResult<string>>> Authenticate() {
public async Task<ActionResult<SingleValueResult<string>>> Authenticate() {
var refreshToken = HttpContext.Request.Cookies[RefreshTokenType];
if (string.IsNullOrEmpty(refreshToken))
return LogicResult<SingleValueResult<string>>.Conflict("Refresh token not provided");
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Conflict("Refresh token not provided"));
var token = await context.Tokens.SingleOrDefaultAsync(token => token.Token == refreshToken && token.Type == TokenEntry.RefreshTokenType);
if (token is null)
return LogicResult<SingleValueResult<string>>.NotFound("Refresh token not valid");
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.NotFound("Refresh token not valid"));
if (token.CreatedAt + HopFrameAuthentication<TDbContext>.RefreshTokenTime < DateTime.Now)
return LogicResult<SingleValueResult<string>>.Conflict("Refresh token is expired");
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Conflict("Refresh token is expired"));
var accessToken = new TokenEntry {
CreatedAt = DateTime.Now,
@@ -122,16 +134,16 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
await context.Tokens.AddAsync(accessToken);
await context.SaveChangesAsync();
return LogicResult<SingleValueResult<string>>.Ok(accessToken.Token);
return this.FromLogicResult(LogicResult<SingleValueResult<string>>.Ok(accessToken.Token));
}
[HttpDelete("logout"), Authorized]
public async Task<ILogicResult> Logout() {
public async Task<ActionResult> Logout() {
var accessToken = HttpContext.User.GetAccessTokenId();
var refreshToken = HttpContext.Request.Cookies[RefreshTokenType];
if (string.IsNullOrEmpty(accessToken) || string.IsNullOrEmpty(refreshToken))
return LogicResult.Conflict("access or refresh token not provided");
return this.FromLogicResult(LogicResult.Conflict("access or refresh token not provided"));
var tokenEntries = await context.Tokens.Where(token =>
(token.Token == accessToken && token.Type == TokenEntry.AccessTokenType) ||
@@ -139,7 +151,7 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
.ToArrayAsync();
if (tokenEntries.Length != 2)
return LogicResult.NotFound("One or more of the provided tokens was not found");
return this.FromLogicResult(LogicResult.NotFound("One or more of the provided tokens was not found"));
context.Tokens.Remove(tokenEntries[0]);
context.Tokens.Remove(tokenEntries[1]);
@@ -147,32 +159,34 @@ public class SecurityController<TDbContext>(TDbContext context) : ControllerBase
HttpContext.Response.Cookies.Delete(RefreshTokenType);
return LogicResult.Ok();
return this.FromLogicResult(LogicResult.Ok());
}
[HttpDelete("delete"), Authorized]
public async Task<ILogicResult> Delete([FromBody] UserLogin login) {
public async Task<ActionResult> Delete([FromBody] UserLogin login) {
var token = HttpContext.User.GetAccessTokenId();
var userId = (await context.Tokens.SingleOrDefaultAsync(t => t.Token == token && t.Type == TokenEntry.AccessTokenType))?.UserId;
if (string.IsNullOrEmpty(userId))
return LogicResult.NotFound("Access token does not match any user");
return this.FromLogicResult(LogicResult.NotFound("Access token does not match any user"));
var user = await context.Users.SingleAsync(user => user.Id == userId);
var password = EncryptionManager.Hash(login.Password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
if (user.Password != password)
return LogicResult.Forbidden("The provided password is not correct");
return this.FromLogicResult(LogicResult.Forbidden("The provided password is not correct"));
var tokens = await context.Tokens.Where(t => t.UserId == userId).ToArrayAsync();
var permissions = await context.Permissions.Where(perm => perm.UserId == userId).ToArrayAsync();
context.Tokens.RemoveRange(tokens);
context.Permissions.RemoveRange(permissions);
context.Users.Remove(user);
await context.SaveChangesAsync();
HttpContext.Response.Cookies.Delete(RefreshTokenType);
return LogicResult.Ok();
return this.FromLogicResult(LogicResult.Ok());
}
}