public Entitlement GetEntitlement(HttpContext _, IScopedIdentity __)
{
return(new Entitlement
{
Mask = RoleMask.User | RoleMask.Admin | RoleMask.Super | RoleMask.Identified | RoleMask.Federated,
Groups = new string[] { "urn:leaf:localhost:groups:random_group" }
});
}
public Entitlement GetEntitlement(HttpContext _, IScopedIdentity identity)
{
var rolesAndGroups = entitlementProvider.FetchEntitlements(identity);
var mask = GetMask(rolesAndGroups.Roles);
return(new Entitlement
{
Mask = mask,
Groups = rolesAndGroups.Groups
});
}
public Entitlement GetEntitlement(HttpContext _, IScopedIdentity identity)
{
var groups = mProvider.GetMembership(identity.Identity);
var mask = GetMask(groups);
return(new Entitlement
{
Mask = mask,
Groups = groups.Where(e => !roles.Roles.Contains(e))
});
}
public IDbUserRoleAndGroupProvider.UserDbEntitlements FetchEntitlements(IScopedIdentity identity)
{
using (var cn = new SqlConnection(opts.ConnectionString))
{
cn.Open();
var grid = cn.QueryMultiple(
Sql.Get,
new
{
scopedId = identity.ScopedIdentity
},
commandType: CommandType.StoredProcedure,
commandTimeout: opts.DefaultTimeout);
return(HydrateEntitlements(grid));
}
}
public Entitlement GetEntitlement(HttpContext context, IScopedIdentity _)
{
var headerMapping = options.HeadersMapping.Entitlements;
var headers = context.Request.Headers;
if (!headers.TryGetValue(headerMapping.Name, out var value))
{
throw new LeafAuthenticationException($"{headerMapping.Name} header not found, no entitlements available");
}
var asserts = value.ToString()
.Split(headerMapping.Delimiter)
.Select(s => s.Trim());
var roleMapping = options.RolesMapping;
var mask = GetMask(asserts);
return(new Entitlement
{
Mask = mask,
Groups = asserts.Where(e => !roleMapping.Roles.Contains(e))
});
}
List <Claim> IdClaims(IScopedIdentity identity, Entitlement entitlement)
{
if (!entitlement.Mask.HasFlag(RoleMask.User))
{
throw new LeafAuthenticationException($"{identity.Identity} is not a Leaf user.");
}
var idNonce = Guid.NewGuid().ToString();
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, identity.ScopedIdentity),
IssuedAt,
new Claim(JwtRegisteredClaimNames.Aud, jwtOptions.Issuer),
new Claim(TokenType.Key, TokenType.Id),
new Claim(Nonce.Id, idNonce),
new Claim(AuthType.Key, authenticationOptions.Mechanism.ToString()),
new Claim(LeafVersion.Key, versionOptions.Version.ToString())
};
claims.AddRange(GetRoles(entitlement));
claims.AddRange(GetGroups(entitlement));
return(claims);
}
public LoginEvent(IScopedIdentity identity, string issuer, IEnumerable <Claim> claims)
{
ScopedIdentity = identity.ScopedIdentity;
FullIdentity = $"{identity.ScopedIdentity}@{issuer}";
Claims = claims;
}
