public void OnAuthorization(AuthorizationFilterContext context)
{
var endpointDescription = context.ActionDescriptor as ControllerActionDescriptor;
// Skip if anonymous
if (SecurityHelper.IsAnonymous(endpointDescription.ControllerName, endpointDescription.ActionName))
{
// if anonymous, we remove authorization header to prevent exceptions while processing token
if (_httpContext.HttpContext.Request.Headers.ContainsKey(Constants.Authentication.AuthorizationHeaderKey))
{
_httpContext.HttpContext.Request.Headers.Remove(Constants.Authentication.AuthorizationHeaderKey);
}
return;
}
var unathorizedException = new ExceptionBase(ExceptionCodes.IDENTITY_NOT_AUTHORIZED, "User is not authorized", null, StatusCodes.Status403Forbidden);
// Retrieve the token and checks whether it´s a valid token according to token validation parameters (expiry date, issuer, audience, etc.)
var token = JwtRetriever.GetUserToken(context.HttpContext);
if (token == null)
{
throw unathorizedException;
}
// **********************************************************************
// TODO: Improve performance of this section using Watch collections
// in MongoDB or Redis to get the current valid tokens instead
// of direct access to the database.
var claimsHelper = new ClaimsHelper(token.Claims);
var renewRepository = Startup.GetService <IAuthRenewRepository>();
var authRenew = renewRepository.GetByUserToken(token.RawData);
// Check if the token exists in the database and it has not expired
if (authRenew == null || authRenew.ExpiteAt <= DateTime.UtcNow)
{
throw unathorizedException;
}
// **********************************************************************
// Check end point controller/action security based on Security.yaml description
if (!SecurityHelper.CheckSecurity(endpointDescription.ControllerName, endpointDescription.ActionName, claimsHelper.Roles))
{
throw unathorizedException;
}
}
public async Task <GetUserResponse> GetCurrent()
{
var userToken = JwtRetriever.GetUserToken(_contextAccesor.HttpContext);
var claims = new ClaimsHelper(userToken.Claims);
var user = await _userRetriever.GetByUserName(claims.UserName.ToUpper());
if (user == null)
{
throw new AuthenticationException(ExceptionCodes.IDENTITY_USER_NOT_EXIST, "User not found", null, StatusCodes.Status404NotFound);
}
return(new GetUserResponse
{
User = user
});
}
public async Task <WorkspaceResponse> GetWorkspace()
{
var token = JwtRetriever.GetUserToken(_httpContext.HttpContext);
var claimsHelper = new ClaimsHelper(token.Claims);
List <WorkspaceEntry> workspaceEntries = new List <WorkspaceEntry>
{
new WorkspaceEntry
{
Name = "All Asigned To Me",
Count = await _articlesService.SearchCount(new ArticleFilter { ReviewedBy = claimsHelper.UserName }),
Reviewer = claimsHelper.UserName
}
};
var statuses = TranslationStatus.GetTraslationStatus();
foreach (var status in statuses)
{
workspaceEntries.Add(new WorkspaceEntry
{
Name = status,
Count = await _articlesService.SearchCount(new ArticleFilter {
ReviewedBy = claimsHelper.UserName, Status = status
}),
Reviewer = claimsHelper.UserName,
Status = status
});
}
return(new WorkspaceResponse
{
WorkspaceEntries = workspaceEntries
});
}
