public void GetBasicAuthModel_given_valid_data_should_return_valid_BasicAuthModel() { // Arrange var username = "******"; var password = "******"; var expected = new BasicAuthModel() { Username = username, Password = password }; IAuthorizationModelService classUnderTest = new AuthorizationModelService(); // Act var actual = classUnderTest.GetBasicAuthModel(username, password); // Assert actual.Should().BeEquivalentTo(expected); }
public BasicAuthModel GetBasicAuthModel(string usernameBasic, string passwordBasic) { var username = !string.IsNullOrEmpty(usernameBasic) ? usernameBasic : Environment.GetEnvironmentVariable("USERNAME_BASIC"); var password = !string.IsNullOrEmpty(passwordBasic) ? passwordBasic : Environment.GetEnvironmentVariable("PASSWORD_BASIC"); var basicAuthModel = new BasicAuthModel() { Password = password, Username = username }; if (basicAuthModel.IsNullOrEmpty()) { throw new Exception("BasicAuthModel IsNullOrEmpty, check keys in appsettings.json or provide keys in environment variables."); } return(basicAuthModel); }
public async Task <IActionResult> Login([FromHeader] BasicAuthModel model) { if (!ModelState.IsValid || !model.IsValid()) { return(BadRequest("Basic Auth required in request header!")); } model.Parse(); string username = model.Username; string password = model.Password; var user = await _userManager.FindByNameAsync(username); if (user != null && await _userManager.CheckPasswordAsync(user, password)) { SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.GetValue <string>("JwtSecretKey"))); SigningCredentials credentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature); Claim[] claimsData = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.UserName) }; var token = new JwtSecurityToken( issuer: "domain.capital", audience: "domain.capital", claims: claimsData, signingCredentials: credentials, expires: DateTime.UtcNow.AddHours(1)); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) })); } return(Unauthorized()); }