private NuGetAuthenticationResult Fail(string message, bool includeRealm)
{
var realm = includeRealm ? $"{_settings.ServerName} Package Registry" : null;
_logger.LogWarning($"Failed login from {Connection.RemoteIpAddress} (Realm: {realm})\n{message}");
return(NuGetAuthenticationResult.Fail(message, _settings.ServerName, realm));
}
protected override async Task <NuGetAuthenticationResult> IsAuthorized(IPackageAuthenticationService authenticationService)
{
GetUserCredentials(out var username, out var password);
var result = await authenticationService.AuthenticateAsync(username, password, default);
if (!result.Succeeded && string.IsNullOrEmpty(result.Realm))
{
return(NuGetAuthenticationResult.Fail(result.Message, result.Server, "AvantiPoint Package Feed"));
}
return(result);
}
private void SetFailedResponse(ActionExecutingContext context, NuGetAuthenticationResult result)
{
if (!string.IsNullOrEmpty(result.Realm))
{
context.HttpContext.Response.Headers.Add("Www-Authenticate", GetRealm(result.Realm));
}
context.HttpContext.Response.Headers.Add("X-Frame-Options", "Deny");
context.HttpContext.Response.Headers.Add("X-Nuget-Warning", result.Message);
context.HttpContext.Response.Headers.Add("Server", result.Server);
context.HttpContext.Response.StatusCode = 401;
}
private NuGetAuthenticationResult Authenticate(string apiKey)
{
// No authentication is necessary if there is no required API key.
if (string.IsNullOrEmpty(_apiKey))
{
return(NuGetAuthenticationResult.Success());
}
if (string.IsNullOrEmpty(apiKey))
{
return(NuGetAuthenticationResult.Fail("No Api Token provided.", "AvantiPoint Package Server"));
}
return(_apiKey == apiKey?NuGetAuthenticationResult.Success() : NuGetAuthenticationResult.Fail("Invalid Api Token provided.", "AvantiPoint Package Server"));
}
private NuGetAuthenticationResult CreateResult(AuthToken token, bool includeRealm)
{
if (token is null || !token.IsValid())
{
return(Fail("Invalid Token or Credentials", includeRealm));
}
var identity = new ClaimsIdentity("GitHub Auth");
identity.AddClaim(new Claim(ClaimTypes.Name, token.User.Name));
identity.AddClaim(new Claim(ClaimTypes.Email, token.User.Email));
identity.AddClaim(new Claim(FeedClaims.Token, token.Key));
identity.AddClaim(new Claim(FeedClaims.TokenDescription, token.Description));
identity.AddClaim(new Claim(ClaimTypes.Role, FeedRoles.Consumer));
if (token.User.PackagePublisher)
{
identity.AddClaim(new Claim(ClaimTypes.Role, FeedRoles.Publisher));
}
_logger.LogInformation($"Authenticated user: {token.User.Name} from {Connection.RemoteIpAddress}.");
return(NuGetAuthenticationResult.Success(new ClaimsPrincipal(identity)));
}
public Task <NuGetAuthenticationResult> AuthenticateAsync(string username, string token, CancellationToken cancellationToken) => Task.FromResult(NuGetAuthenticationResult.Success());
public Task <NuGetAuthenticationResult> AuthenticateAsync(string username, string token, CancellationToken cancellationToken)
{
var result = username == "skroob" && token == "12345" ? NuGetAuthenticationResult.Success(DemoUser) : NuGetAuthenticationResult.Fail("Invalid username or token", "Demo Authenticated Feed");
return(Task.FromResult(result));
}
public Task <NuGetAuthenticationResult> AuthenticateAsync(string apiKey, CancellationToken cancellationToken)
{
var result = apiKey == "12345" ? NuGetAuthenticationResult.Success(DemoUser) : NuGetAuthenticationResult.Fail("Unauthorized apiKey", "Demo Authenticated Feed");
return(Task.FromResult(result));
}
