private async Task <(string StoreId, bool SuccessAuth)> CheckBitId(HttpContext httpContext, string sig, string id, List <Claim> claims) { httpContext.Request.EnableBuffering(); string storeId = null; string body = string.Empty; if (httpContext.Request.ContentLength != 0 && httpContext.Request.Body != null) { using (StreamReader reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8, true, 1024, true)) { body = await reader.ReadToEndAsync(); } httpContext.Request.Body.Position = 0; } var url = httpContext.Request.GetEncodedUrl(); try { var key = new PubKey(id); if (BitIdExtensions.CheckBitIDSignature(key, sig, url, body)) { var sin = key.GetBitIDSIN(); claims.Add(new Claim(Claims.SIN, sin)); string token = null; if (httpContext.Request.Query.TryGetValue("token", out var tokenValues)) { token = tokenValues[0]; } if (token == null && !String.IsNullOrEmpty(body) && httpContext.Request.Method == "POST") { try { token = JObject.Parse(body)?.Property("token", StringComparison.OrdinalIgnoreCase)?.Value?.Value <string>(); } catch { } } if (token != null) { var bitToken = (await _TokenRepository.GetTokens(sin)).FirstOrDefault(); if (bitToken == null) { return(null, false); } storeId = bitToken.StoreId; } } else { return(storeId, false); } } catch (FormatException) { } return(storeId, true); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement) { string storeId = null; if (context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.ApiKeyAuthentication) { storeId = context.User.Claims.Where(c => c.Type == BitpayClaims.ApiKeyStoreId).Select(c => c.Value).First(); } else if (context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.SinAuthentication) { var sin = context.User.Claims.Where(c => c.Type == BitpayClaims.SIN).Select(c => c.Value).First(); var bitToken = (await _tokenRepository.GetTokens(sin)).FirstOrDefault(); storeId = bitToken?.StoreId; } else if (context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.Anonymous) { storeId = _HttpContext.GetImplicitStoreId(); } if (storeId == null) { return; } var store = await _storeRepository.FindStore(storeId); if (store == null) { return; } var isAnonymous = context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.Anonymous; var anyoneCanInvoice = store.GetStoreBlob().AnyoneCanInvoice; switch (requirement.Policy) { case Policies.CanCreateInvoice: if (!isAnonymous || (isAnonymous && anyoneCanInvoice)) { context.Succeed(requirement); _HttpContext.SetStoreData(store); return; } break; case ServerPolicies.CanGetRates.Key: context.Succeed(requirement); _HttpContext.SetStoreData(store); return; } }