public async Task ValidateAsync(CookieValidatePrincipalContext context)
{
if (context.Principal.Claims.Any(x => x.Type == PermissionConstants.PackedPermissionClaimType))
{
return;
}
//No permissions in the claims, so we need to add it. This is only happen once after the user has logged in
var dbContext = context.HttpContext.RequestServices.GetRequiredService <ExtraAuthorizeDbContext>();
var rtoPCalcer = new CalcAllowedPermissions(dbContext);
var claims = new List <Claim>();
claims.AddRange(context.Principal.Claims); //Copy over existing claims
//Now calculate the Permissions Claim value and add it
claims.Add(new Claim(PermissionConstants.PackedPermissionClaimType,
await rtoPCalcer.CalcPermissionsForUserAsync(context.Principal.Claims.GetUserIdFromClaims())));
//Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal
var identity = new ClaimsIdentity(claims, "Cookie");
var newPrincipal = new ClaimsPrincipal(identity);
context.ReplacePrincipal(newPrincipal);
//THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request
context.ShouldRenew = true;
}
private async Task <List <Claim> > BuildFeatureClaimsAsync(string userId, CalcAllowedPermissions rtoP)
{
var claims = new List <Claim>
{
new Claim(PermissionConstants.PackedPermissionClaimType, await rtoP.CalcPermissionsForUserAsync(userId)),
new Claim(PermissionConstants.LastPermissionsUpdatedClaimType, DateTime.UtcNow.Ticks.ToString())
};
return(claims);
}
private async Task <ClaimsIdentity> SetupUserClaimsAsync(IServiceCollection services, ApplicationUser userDetails)
{
BiddingContext dbContext = services.BuildServiceProvider().GetService <BiddingContext>();
var rtoPCalcer = new CalcAllowedPermissions(dbContext);
List <Claim> claims = new List <Claim>
{
new Claim(
type: PermissionConstants.UserIdClaimType,
value: userDetails.Id.ToString(),
valueType: ClaimValueTypes.Integer,
issuer: "Bidding"
),
new Claim(
type: PermissionConstants.PackedPermissionClaimType,
value: await rtoPCalcer.CalcPermissionsForUserAsync(userDetails.Id).ConfigureAwait(true)
)
};
return(new ClaimsIdentity(claims));
}
public async Task TestCalcPermissionsForUserAsyncWithModule()
{
//SETUP
var fakeAuthChanges = new FakeAuthChanges();
var options = SqliteInMemory.CreateOptions <ExtraAuthorizeDbContext>();
using (var context = new ExtraAuthorizeDbContext(options, fakeAuthChanges))
{
context.Database.EnsureCreated();
context.SeedUserWithDefaultPermissions(PaidForModules.Feature1);
var calc = new CalcAllowedPermissions(context);
//ATTEMPT
var packedP = await calc.CalcPermissionsForUserAsync("userId");
//VERIFY
packedP.UnpackPermissionsFromString().ShouldEqual(new List <Permissions> {
Permissions.StockRead, Permissions.Feature1Access
});
}
}
protected override async Task <ClaimsIdentity> GenerateClaimsAsync(IdentityUser user)
{
var identity = await base.GenerateClaimsAsync(user);
var userId = identity.Claims.GetUserIdFromClaims();
var rtoPCalcer = new CalcAllowedPermissions(_extraAuthDbContext);
identity.AddClaim(new Claim(PermissionConstants.PackedPermissionClaimType, await rtoPCalcer.CalcPermissionsForUserAsync(userId)));
return(identity);
}