public StuntmanOptions AddUser(StuntmanUser user)
{
if (user == null) throw new ArgumentNullException(nameof(user));
if (!IsUniqueUser(user))
{
throw new ApplicationException($"{nameof(user)} must have unique Id.");
}
Users.Add(user);
return this;
}
public StuntmanOptions AddUser(StuntmanUser user)
{
if (user == null) throw new ArgumentNullException("user");
if (!IsUniqueUser(user))
{
throw new ApplicationException("user must have unique Id.");
}
else
{
Users.Add(user);
}
return this;
}
public StuntmanOptions AddUser(StuntmanUser user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (!IsUniqueUser(user))
{
throw new ApplicationException($"{nameof(user)} must have unique Id.");
}
Users.Add(user);
return(this);
}
public StuntmanOptions AddUser(StuntmanUser user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (!IsUniqueUser(user))
{
throw new ApplicationException("user must have unique Id.");
}
else
{
Users.Add(user);
}
return(this);
}
/// <remarks>
/// This method is private to avoid exposing it as part of the public API.
/// </remarks>
private StuntmanOptions AddUser(StuntmanUser user, string source)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (!IsUniqueUser(user))
{
throw new ApplicationException($"{nameof(user)} must have unique Id.");
}
if (source != null)
{
user.SetSource(source);
}
Users.Add(user);
return(this);
}
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
var authorizationBearerToken = context.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(authorizationBearerToken))
{
context.Rejected();
return(Task.FromResult(false));
}
else
{
var authorizationBearerTokenParts = authorizationBearerToken
.Split(' ');
var accessToken = authorizationBearerTokenParts
.LastOrDefault();
var claims = new List <Claim>();
StuntmanUser user = null;
if (authorizationBearerTokenParts.Count() != 2 ||
string.IsNullOrWhiteSpace(accessToken))
{
context.Response.StatusCode = 400;
context.Response.ReasonPhrase = "Authorization header is not in correct format.";
context.Rejected();
return(Task.FromResult(false));
}
else
{
user = options.Users
.Where(x => x.AccessToken == accessToken)
.FirstOrDefault();
if (user == null)
{
if (!options.AllowBearerTokenPassthrough)
{
context.Response.StatusCode = 403;
context.Response.ReasonPhrase =
$"options provided does not include the requested '{accessToken}' user.";
context.Rejected();
}
return(Task.FromResult(false));
}
else
{
claims.Add(new Claim("access_token", accessToken));
}
}
claims.Add(new Claim(ClaimTypes.Name, user.Name));
claims.AddRange(user.Claims);
var identity = new ClaimsIdentity(claims, Constants.StuntmanAuthenticationType, user.NameClaimType, user.RoleClaimType);
context.Validated(identity);
var authManager = context.OwinContext.Authentication;
authManager.SignIn(identity);
if (options.AfterBearerValidateIdentity != null)
{
options.AfterBearerValidateIdentity(context);
}
return(Task.FromResult(true));
}
}
private static async Task StuntmanOnMessageReceived(
StuntmanOptions options,
MessageReceivedContext context)
{
var authorizationBearerToken = context.HttpContext.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(authorizationBearerToken))
{
// TODO: Skip to next middleware?
return;
}
else
{
var authorizationBearerTokenParts = authorizationBearerToken.ToString().Split(' ');
var accessToken = authorizationBearerTokenParts
.LastOrDefault();
var claims = new List <Claim>();
StuntmanUser user = null;
if (authorizationBearerTokenParts.Count() != 2 ||
string.IsNullOrWhiteSpace(accessToken))
{
context.HttpContext.Response.StatusCode = 400;
await context.HttpContext.Response.WriteAsync(
"Authorization header is not in correct format.");
context.Fail(
"Authorization header is not in correct format.");
return;
}
else
{
user = options.Users
.Where(x => x.AccessToken == accessToken)
.FirstOrDefault();
if (user == null)
{
if (!options.AllowBearerTokenPassthrough)
{
context.Response.StatusCode = 403;
await context.HttpContext.Response.WriteAsync(
$"options provided does not include the requested '{accessToken}' user.");
}
context.Fail(
$"options provided does not include the requested '{accessToken}' user.");
return;
}
else
{
claims.Add(new Claim("access_token", accessToken));
}
}
claims.Add(new Claim(user.NameClaimType, user.Name));
claims.AddRange(user.Claims);
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, Constants.StuntmanAuthenticationType, user.NameClaimType, user.RoleClaimType));
context.Success();
options.AfterBearerValidateIdentity?.Invoke(context);
}
}
/// <summary>
/// Add a new Stuntman user.
/// </summary>
public StuntmanOptions AddUser(StuntmanUser user)
{
return(AddUser(user, Constants.StuntmanOptions.LocalSource));
}
/// <summary>
/// Uses existing user collection to validate whether potential
/// user's Id is already in the collection.
/// </summary>
/// <param name="user">Potential user to add to collection</param>
private bool IsUniqueUser(StuntmanUser user)
{
return(Users
.Select(x => x.Id)
.Contains(user.Id) == false);
}
/// <summary>
/// Uses existing user collection to validate whether potential
/// user's Id is already in the collection.
/// </summary>
/// <param name="user">Potential user to add to collection</param>
private bool IsUniqueUser(StuntmanUser user)
{
return Users
.Select(x => x.Id)
.Contains(user.Id) == false;
}
