public async Task <IActionResult> WhoAmI()
{
string token = this.GetTokenFromHeader(out string tokenTypeStr);
if (string.IsNullOrEmpty(token))
{
return(this.AuthorizationHeaderMissing());
}
if (!TokenTypeExtensions.TryParseTokenType(tokenTypeStr, out var tokenType))
{
throw ErtisAuthException.UnsupportedTokenType();
}
switch (tokenType)
{
case SupportedTokenTypes.None:
throw ErtisAuthException.UnsupportedTokenType();
case SupportedTokenTypes.Basic:
var application = await this.tokenService.WhoAmIAsync(new BasicToken(token));
if (application != null)
{
return(this.Ok(application));
}
else
{
return(this.InvalidToken());
}
case SupportedTokenTypes.Bearer:
var user = await this.tokenService.WhoAmIAsync(BearerToken.CreateTemp(token));
if (user != null)
{
return(this.Ok(user));
}
else
{
return(this.InvalidToken());
}
default:
throw ErtisAuthException.UnsupportedTokenType();
}
}
public async Task <IResponseResult> RevokeTokenAsync(string accessToken)
{
return(await this.RevokeTokenAsync(BearerToken.CreateTemp(accessToken)));
}
public IResponseResult RevokeToken(string accessToken)
{
return(this.RevokeToken(BearerToken.CreateTemp(accessToken)));
}
public async Task <IResponseResult <BearerToken> > VerifyTokenAsync(string accessToken)
{
return(await this.VerifyTokenAsync(BearerToken.CreateTemp(accessToken)));
}
public IResponseResult <BearerToken> VerifyToken(string accessToken)
{
return(this.VerifyToken(BearerToken.CreateTemp(accessToken)));
}
private async Task <Utilizer> CheckAuthorizationAsync()
{
var token = this.Request.GetTokenFromHeader(out var tokenType);
if (string.IsNullOrEmpty(token))
{
throw ErtisAuthException.AuthorizationHeaderMissing();
}
if (string.IsNullOrEmpty(tokenType))
{
throw ErtisAuthException.UnsupportedTokenType();
}
TokenTypeExtensions.TryParseTokenType(tokenType, out var _tokenType);
switch (_tokenType)
{
case SupportedTokenTypes.None:
throw ErtisAuthException.UnsupportedTokenType();
case SupportedTokenTypes.Basic:
var basicToken = new BasicToken(token);
var applicationId = token.Split(':')[0];
var getApplicationResponse = await this.applicationService.GetApplicationAsync(applicationId, basicToken);
if (getApplicationResponse.IsSuccess)
{
var rbacDefinition = this.Context.GetRbacDefinition(getApplicationResponse.Data.Id);
var rbac = $"{rbacDefinition.Resource}.{rbacDefinition.Action}";
var isPermittedForAction = await this.roleService.CheckPermissionAsync(rbac, basicToken);
if (!isPermittedForAction)
{
throw ErtisAuthException.AccessDenied($"Token owner role is not permitted for this resource/action ({rbac})");
}
return(new Utilizer
{
Id = getApplicationResponse.Data.Id,
Username = getApplicationResponse.Data.Name,
Type = tokenType == "Basic" ? Utilizer.UtilizerType.Application : Utilizer.UtilizerType.User,
Role = getApplicationResponse.Data.Role,
Token = token,
TokenType = _tokenType
});
}
else
{
var errorMessage = getApplicationResponse.Message;
if (ResponseHelper.TryParseError(getApplicationResponse.Message, out var error))
{
errorMessage = error.Message;
}
throw ErtisAuthException.Unauthorized(errorMessage);
}
case SupportedTokenTypes.Bearer:
var bearerToken = BearerToken.CreateTemp(token);
var meResponse = await this.authenticationService.WhoAmIAsync(bearerToken);
if (meResponse.IsSuccess)
{
var rbacDefinition = this.Context.GetRbacDefinition(meResponse.Data.Id);
var rbac = $"{rbacDefinition.Resource}.{rbacDefinition.Action}";
var isPermittedForAction = await this.roleService.CheckPermissionAsync(rbac, bearerToken);
if (!isPermittedForAction)
{
throw ErtisAuthException.AccessDenied($"Token owner role is not permitted for this resource/action ({rbac})");
}
return(new Utilizer
{
Id = meResponse.Data.Id,
Username = meResponse.Data.Username,
Type = tokenType == "Basic" ? Utilizer.UtilizerType.Application : Utilizer.UtilizerType.User,
Role = meResponse.Data.Role,
Token = token,
TokenType = _tokenType
});
}
else
{
var errorMessage = meResponse.Message;
if (ResponseHelper.TryParseError(meResponse.Message, out var error))
{
errorMessage = error.Message;
}
throw ErtisAuthException.Unauthorized(errorMessage);
}
default:
throw ErtisAuthException.UnsupportedTokenType();
}
}
public async Task <IResponseResult> RevokeTokenAsync(string accessToken, bool logoutFromAllDevices = false)
{
return(await this.RevokeTokenAsync(BearerToken.CreateTemp(accessToken), logoutFromAllDevices));
}
public IResponseResult RevokeToken(string accessToken, bool logoutFromAllDevices = false)
{
return(this.RevokeToken(BearerToken.CreateTemp(accessToken), logoutFromAllDevices));
}