public VerifiedOrderCloudUser(ClaimsPrincipal principal)
{
Principal = principal;
if (Principal.Claims.Any())
{
_token = new JwtOrderCloud(this.AccessToken);
}
}
protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
{
var token = GetTokenFromAuthHeader();
var jwt = new JwtOrderCloud(token);
throw new InsufficientRolesException(new InsufficientRolesError()
{
SufficientRoles = GetUserAuthAttribute().Roles.Select(r => r.ToString()).ToList(),
AssignedRoles = jwt.Roles,
});
}
// todo: add caching?
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
try {
var token = GetTokenFromAuthHeader();
if (string.IsNullOrEmpty(token))
{
return(AuthenticateResult.Fail("The OrderCloud bearer token was not provided in the Authorization header."));
}
var jwt = new JwtOrderCloud(token);
if (jwt.ClientID == null)
{
return(AuthenticateResult.Fail("The provided bearer token does not contain a 'cid' (Client ID) claim."));
}
// we've validated the token as much as we can on this end, go make sure it's ok on OC
var user = await _ocClient.Me.GetAsync(token);
if (!user.Active)
{
return(AuthenticateResult.Fail("Authentication failure"));
}
var cid = new ClaimsIdentity("OcUser");
cid.AddClaim(new Claim("clientid", jwt.ClientID));
cid.AddClaim(new Claim("accesstoken", token));
cid.AddClaim(new Claim("username", user.Username));
cid.AddClaim(new Claim("userid", user.ID));
cid.AddClaim(new Claim("email", user.Email ?? ""));
cid.AddClaim(new Claim("buyer", user.Buyer?.ID ?? ""));
cid.AddClaim(new Claim("supplier", user.Supplier?.ID ?? ""));
cid.AddClaim(new Claim("seller", user?.Seller?.ID ?? ""));
cid.AddClaims(user.AvailableRoles.Select(r => new Claim(ClaimTypes.Role, r)));
if (jwt.IsAnon)
{
cid.AddClaim(new Claim("anonorderid", jwt.OrderID));
}
var ticket = new AuthenticationTicket(new ClaimsPrincipal(cid), "OcUser");
return(AuthenticateResult.Success(ticket));
}
catch (Exception ex) {
return(AuthenticateResult.Fail(ex.Message));
}
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
try {
var token = GetTokenFromAuthHeader();
if (string.IsNullOrEmpty(token))
{
return(AuthenticateResult.Fail("The OrderCloud bearer token was not provided in the Authorization header."));
}
var jwt = new JwtOrderCloud(token);
if (jwt.ClientID == null)
{
return(AuthenticateResult.Fail("The provided bearer token does not contain a 'cid' (Client ID) claim."));
}
// we've validated the token as much as we can on this end, go make sure it's ok on OC
var allowFetchUserRetry = false;
var user = await _cache.GetOrAddAsync(token, TimeSpan.FromMinutes(5), () =>
{
try
{
return(_ocClient.Me.GetAsync(token));
}
catch (FlurlHttpException ex) when((int?)ex.Call.Response?.StatusCode < 500)
{
return(null);
}
catch (Exception)
{
allowFetchUserRetry = true;
return(null);
}
});
if (allowFetchUserRetry)
{
_cache.RemoveAsync(token); // not their fault, don't make them wait 5 min
}
if (user == null || !user.Active)
{
return(AuthenticateResult.Fail("Authentication failure"));
}
var cid = new ClaimsIdentity("OcUser");
cid.AddClaim(new Claim("clientid", jwt.ClientID));
cid.AddClaim(new Claim("accesstoken", token));
cid.AddClaim(new Claim("username", user.Username));
cid.AddClaim(new Claim("userid", user.ID));
cid.AddClaim(new Claim("email", user.Email ?? ""));
cid.AddClaim(new Claim("buyer", user.Buyer?.ID ?? ""));
cid.AddClaim(new Claim("supplier", user.Supplier?.ID ?? ""));
cid.AddClaim(new Claim("seller", user?.Seller?.ID ?? ""));
cid.AddClaims(user.AvailableRoles.Select(r => new Claim(ClaimTypes.Role, r)));
if (jwt.IsAnon)
{
cid.AddClaim(new Claim("anonorderid", jwt.AnonOrderID));
}
var ticket = new AuthenticationTicket(new ClaimsPrincipal(cid), "OcUser");
return(AuthenticateResult.Success(ticket));
}
catch (Exception ex) {
return(AuthenticateResult.Fail(ex.Message));
}
}