private bool IsUserAuthorized(HttpActionContext actionContext)
{
try
{
string token = FetchFromHeader(actionContext); // fetch authorization token from header
if (token != null && !String.IsNullOrWhiteSpace(token))
{
AuthenticationModule auth = new AuthenticationModule();
JwtSecurityToken userPayloadToken = auth.ValidateToken(token);
if (userPayloadToken != null)
{
JWTAuthenticationIdentity identity = AuthenticationModule.PopulateUserIdentity(userPayloadToken);
if (this.role == null || identity.Roles.Contains(this.role))
{
actionContext.ControllerContext.RequestContext.Principal = identity.GetPrincipal();
return(true);
}
}
}
}
catch (Exception ex)
{
LogManager.GetLogger().Error(ex);
}
return(false);
}
/// <summary>
/// Affecte les permissions pour chaque base de données de la liste
/// en fonction de l'utilsateur connecté
/// </summary>
/// <param name="list"></param>
/// <param name="jWTAuthenticationIdentity"></param>
private void FillPermissions(List <DatabaseDB> list, JWTAuthenticationIdentity jwtAuthenticationIdentity)
{
foreach (DatabaseDB databaseDB in list)
{
FillPermissions(databaseDB, jwtAuthenticationIdentity);
}
}
public bool IsUserAuthorized(HttpActionContext actionContext)
{
var authHeader = FetchFromHeader(actionContext); // fetch authorization token from header
if (authHeader != null)
{
var auth = new AuthenticationModule();
JwtSecurityToken userPayloadToken = auth.GenerateUserClaimFromJWT(authHeader);
if (userPayloadToken != null)
{
JWTAuthenticationIdentity identity = auth.PopulateUserIdentity(userPayloadToken);
string[] roles = { "All" };
var genericPrincipal = new GenericPrincipal(identity, roles);
Thread.CurrentPrincipal = genericPrincipal;
var authenticationIdentity = Thread.CurrentPrincipal.Identity as JWTAuthenticationIdentity;
if (authenticationIdentity != null && !String.IsNullOrEmpty(authenticationIdentity.UserName))
{
authenticationIdentity.UserId = identity.UserId;
authenticationIdentity.UserName = identity.UserName;
}
return(true);
}
}
return(false);
}
public JWTAuthenticationIdentity AuthenticateUser(string userName, string password)
{
//TODO - actually validate the user
if (userName == "kkilton")
{
var identity = new JWTAuthenticationIdentity(userName)
{
FirstName = "Kris",
LastName = "Kilton",
UserName = userName,
Roles = new List <string> {
"admin"
}
};
AuthenticationModule.SetUserIdentity(identity);
return(identity);
}
if (userName == "user")
{
var identity = new JWTAuthenticationIdentity(userName)
{
FirstName = "Just",
LastName = "User",
UserName = userName,
Roles = new List <string> {
"user"
}
};
AuthenticationModule.SetUserIdentity(identity);
return(identity);
}
throw new AuthenticationException();
}
/// <summary>
/// Affecte les permissions pour chaque base de données de la liste
/// en fonction de l'utilsateur connecté
/// </summary>
/// <param name="list"></param>
private void FillPermissions(List <DatabaseDb> list)
{
JWTAuthenticationIdentity jwtAuthenticationIdentity = GetJWTIdentity();
foreach (DatabaseDb databaseDb in list)
{
FillPermissions(databaseDb, jwtAuthenticationIdentity);
}
}
/// <summary>
///
/// </summary>
/// <param name="databaseDb"></param>
/// <param name="jwtAuthenticationIdentity"></param>
private void FillPermissions(DatabaseDb databaseDb, JWTAuthenticationIdentity jwtAuthenticationIdentity)
{
if (jwtAuthenticationIdentity == null || string.IsNullOrEmpty(jwtAuthenticationIdentity.Name))
{
databaseDb.CanBeDeleted = databaseDb.CanBeUpdated = databaseDb.CanAddGroupUser = false;
if (databaseDb.Users != null)
{
foreach (DatabaseGroupUser user in databaseDb.Users)
{
user.CanBeUpdated = user.CanBeDeleted = false;
}
}
}
else
{
// Si l'utilisateur est administrateur il peut faire toutes les opérations
int groupType = DatabaseGroupUserPermissions.GetGroupType(databaseDb.Users, jwtAuthenticationIdentity.Name);
if (groupType == DatabaseGroupUserPermissions.ADMINISTRATEUR)
{
databaseDb.CanBeDeleted = databaseDb.CanBeUpdated = databaseDb.CanAddGroupUser = true;
if (databaseDb.Users != null)
{
foreach (DatabaseGroupUser user in databaseDb.Users)
{
user.CanBeUpdated = user.CanBeDeleted = true;
}
}
}
else
{
databaseDb.CanBeDeleted = databaseDb.CanBeUpdated = databaseDb.CanAddGroupUser = false;
if (databaseDb.Users != null)
{
foreach (DatabaseGroupUser user in databaseDb.Users)
{
// Si l'utilisateur connecté est l'utilisateur alors il peut faire les actions
if (!String.IsNullOrWhiteSpace(user.UserLogin) && user.UserLogin.Equals(jwtAuthenticationIdentity.Name, StringComparison.InvariantCultureIgnoreCase))
{
user.CanBeUpdated = user.CanBeDeleted = true;
}
else
{
user.CanBeUpdated = user.CanBeDeleted = false;
}
}
}
}
}
}
protected bool SecurityCheckRoleAdminOrUser()
{
if (User?.Identity == null)
{
return(false);
}
/* La demande de modification est valide ssi
* - le rôle est ROLE_SUPER_ADMIN
* ou
* - le rôle est ROLE_USER
*/
JWTAuthenticationIdentity jwtAuthenticationIdentity = GetJWTIdentity();
return(jwtAuthenticationIdentity.IsInRole("ROLE_SUPER_ADMIN") || jwtAuthenticationIdentity.IsInRole("ROLE_USER"));
}
protected bool SecurityCheckRoleAdminOrOwner(string userLogin)
{
if (User?.Identity == null)
{
return(false);
}
/* La demande de modification est valide ssi
* - le rôle est ROLE_SUPER_ADMIN
* ou
* - le rôle est ROLE_USER et l'utilisateur authentifié pat le token est l'utilisateur qui fait la modification
*/
JWTAuthenticationIdentity jwtAuthenticationIdentity = GetJWTIdentity();
return(jwtAuthenticationIdentity.IsInRole("ROLE_SUPER_ADMIN") ||
(jwtAuthenticationIdentity.IsInRole("ROLE_USER") && jwtAuthenticationIdentity.Name.Equals(userLogin, System.StringComparison.InvariantCultureIgnoreCase)));
}
public void TokenValidation()
{
AuthenticationModule authentication = new AuthenticationModule();
string token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbi50ZXN0Iiwibm9tIjoiQWRtaW5pc3RyYXRldXIiLCJwcmVub20iOiJBZG1pbmlzdHJhdGV1ciIsIm1haWwiOiJhZG1pbi5yZXNlYXVAbW9udHBlbGxpZXItZXBzaS5mciIsImNsYXNzZSI6IkFkbWluaXN0cmF0aW9uIiwicm9sZXMiOiJST0xFX1NVUEVSX0FETUlOIiwiaWF0IjoxNTQ0Nzc3NzgzLCJleHAiOjE1NDQ3ODQ5ODN9.ebNHIHnaOtiCTPJmP2a0V7vhkrCZB0S5-wpN2fkzOKk";
JwtSecurityToken securityToken = authentication.ValidateToken(token);
Assert.IsNotNull(securityToken);
JWTAuthenticationIdentity identity = AuthenticationModule.PopulateUserIdentity(securityToken);
Assert.IsTrue(identity.Name.Equals("admin.test"));
Assert.IsTrue(identity.Nom.Equals("Administrateur"));
Assert.IsTrue(identity.Mail.Equals("*****@*****.**"));
Assert.IsTrue(1 == 1);
}
public WeatherForecast Get(int id)
{
JWTAuthenticationIdentity jwtUser = AuthenticationModule.PopulateUser(HttpContext.User.Identity as ClaimsIdentity);
Console.WriteLine($"WeatherForecastController.Get, jwtUser.Name={jwtUser.Name}");
LogManager.GetLogger().Info($"WeatherForecastController.Get, jwtUser.Name={jwtUser.Name}");
var rng = new Random();
return(new WeatherForecast
{
Date = DateTime.Now.AddDays(2),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)],
Roles = String.Join(",", jwtUser.Roles),
Email = jwtUser.Mail,
Classe = jwtUser.Classe
});
}
