private async Task <(string StoreId, bool SuccessAuth)> CheckBitId(HttpContext httpContext, string sig, string id, List <Claim> claims)
{
httpContext.Request.EnableBuffering();
string storeId = null;
string body = string.Empty;
if (httpContext.Request.ContentLength != 0 && httpContext.Request.Body != null)
{
using (StreamReader reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8, true, 1024, true))
{
body = await reader.ReadToEndAsync();
}
httpContext.Request.Body.Position = 0;
}
var url = httpContext.Request.GetEncodedUrl();
try
{
var key = new PubKey(id);
if (BitIdExtensions.CheckBitIDSignature(key, sig, url, body))
{
var sin = key.GetBitIDSIN();
claims.Add(new Claim(Claims.SIN, sin));
string token = null;
if (httpContext.Request.Query.TryGetValue("token", out var tokenValues))
{
token = tokenValues[0];
}
if (token == null && !String.IsNullOrEmpty(body) && httpContext.Request.Method == "POST")
{
try
{
token = JObject.Parse(body)?.Property("token", StringComparison.OrdinalIgnoreCase)?.Value?.Value <string>();
}
catch { }
}
if (token != null)
{
var bitToken = (await _TokenRepository.GetTokens(sin)).FirstOrDefault();
if (bitToken == null)
{
return(null, false);
}
storeId = bitToken.StoreId;
}
}
else
{
return(storeId, false);
}
}
catch (FormatException) { }
return(storeId, true);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement)
{
string storeId = null;
if (context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.ApiKeyAuthentication)
{
storeId = context.User.Claims.Where(c => c.Type == BitpayClaims.ApiKeyStoreId).Select(c => c.Value).First();
}
else if (context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.SinAuthentication)
{
var sin = context.User.Claims.Where(c => c.Type == BitpayClaims.SIN).Select(c => c.Value).First();
var bitToken = (await _tokenRepository.GetTokens(sin)).FirstOrDefault();
storeId = bitToken?.StoreId;
}
else if (context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.Anonymous)
{
storeId = _HttpContext.GetImplicitStoreId();
}
if (storeId == null)
{
return;
}
var store = await _storeRepository.FindStore(storeId);
if (store == null)
{
return;
}
var isAnonymous = context.User.Identity.AuthenticationType == BitpayAuthenticationTypes.Anonymous;
var anyoneCanInvoice = store.GetStoreBlob().AnyoneCanInvoice;
switch (requirement.Policy)
{
case Policies.CanCreateInvoice:
if (!isAnonymous || (isAnonymous && anyoneCanInvoice))
{
context.Succeed(requirement);
_HttpContext.SetStoreData(store);
return;
}
break;
case ServerPolicies.CanGetRates.Key:
context.Succeed(requirement);
_HttpContext.SetStoreData(store);
return;
}
}
