public void OnAuthorization(AuthorizationFilterContext context) { var endpointDescription = context.ActionDescriptor as ControllerActionDescriptor; // Skip if anonymous if (SecurityHelper.IsAnonymous(endpointDescription.ControllerName, endpointDescription.ActionName)) { // if anonymous, we remove authorization header to prevent exceptions while processing token if (_httpContext.HttpContext.Request.Headers.ContainsKey(Constants.Authentication.AuthorizationHeaderKey)) { _httpContext.HttpContext.Request.Headers.Remove(Constants.Authentication.AuthorizationHeaderKey); } return; } var unathorizedException = new ExceptionBase(ExceptionCodes.IDENTITY_NOT_AUTHORIZED, "User is not authorized", null, StatusCodes.Status403Forbidden); // Retrieve the token and checks whether it´s a valid token according to token validation parameters (expiry date, issuer, audience, etc.) var token = JwtRetriever.GetUserToken(context.HttpContext); if (token == null) { throw unathorizedException; } // ********************************************************************** // TODO: Improve performance of this section using Watch collections // in MongoDB or Redis to get the current valid tokens instead // of direct access to the database. var claimsHelper = new ClaimsHelper(token.Claims); var renewRepository = Startup.GetService <IAuthRenewRepository>(); var authRenew = renewRepository.GetByUserToken(token.RawData); // Check if the token exists in the database and it has not expired if (authRenew == null || authRenew.ExpiteAt <= DateTime.UtcNow) { throw unathorizedException; } // ********************************************************************** // Check end point controller/action security based on Security.yaml description if (!SecurityHelper.CheckSecurity(endpointDescription.ControllerName, endpointDescription.ActionName, claimsHelper.Roles)) { throw unathorizedException; } }
public async Task <GetUserResponse> GetCurrent() { var userToken = JwtRetriever.GetUserToken(_contextAccesor.HttpContext); var claims = new ClaimsHelper(userToken.Claims); var user = await _userRetriever.GetByUserName(claims.UserName.ToUpper()); if (user == null) { throw new AuthenticationException(ExceptionCodes.IDENTITY_USER_NOT_EXIST, "User not found", null, StatusCodes.Status404NotFound); } return(new GetUserResponse { User = user }); }
public async Task <WorkspaceResponse> GetWorkspace() { var token = JwtRetriever.GetUserToken(_httpContext.HttpContext); var claimsHelper = new ClaimsHelper(token.Claims); List <WorkspaceEntry> workspaceEntries = new List <WorkspaceEntry> { new WorkspaceEntry { Name = "All Asigned To Me", Count = await _articlesService.SearchCount(new ArticleFilter { ReviewedBy = claimsHelper.UserName }), Reviewer = claimsHelper.UserName } }; var statuses = TranslationStatus.GetTraslationStatus(); foreach (var status in statuses) { workspaceEntries.Add(new WorkspaceEntry { Name = status, Count = await _articlesService.SearchCount(new ArticleFilter { ReviewedBy = claimsHelper.UserName, Status = status }), Reviewer = claimsHelper.UserName, Status = status }); } return(new WorkspaceResponse { WorkspaceEntries = workspaceEntries }); }