public static void DemandAdmin(this NancyModule controller)
{
controller.RequiresAuthentication();
var user = (JWTUserIdentity)controller.Context.CurrentUser;
user.Claims.Contains("admin");
}
/// <summary>
/// Enables basic authentication for a module
/// </summary>
/// <param name="module">Module to add handlers to (usually "this")</param>
/// <param name="configuration">Forms authentication configuration</param>
public static void Enable(NancyModule module, BasicAuthenticationConfiguration configuration)
{
if (module == null)
{
throw new ArgumentNullException("module");
}
if (configuration == null)
{
throw new ArgumentNullException("configuration");
}
module.RequiresAuthentication();
module.Before.AddItemToStartOfPipeline(GetCredentialRetrievalHook(configuration));
module.After.AddItemToEndOfPipeline(GetAuthenticationPromptHook(configuration));
}
/// <summary>
/// Enables basic authentication for a module
/// </summary>
/// <param name="module">Module to add handlers to (usually "this")</param>
/// <param name="configuration">Forms authentication configuration</param>
public static void Enable(NancyModule module, BasicAuthenticationConfiguration configuration)
{
if (module == null)
{
throw new ArgumentNullException("module");
}
if (configuration == null)
{
throw new ArgumentNullException("configuration");
}
module.RequiresAuthentication();
module.Before.AddItemToStartOfPipeline(GetCredentialRetrievalHook(configuration));
module.After.AddItemToEndOfPipeline(GetAuthenticationPromptHook(configuration));
}
internal static async Task <string> GetUserId(NancyModule module, IRequestProvider requestProvider)
{
var result = string.Empty;
if (bool.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableKeys.RequireAuthentication), out bool value) && value)
{
InputModule.logger.Info("Authentication required...");
var accessToken = module.Request.Headers[HeaderNames.Authorization].FirstOrDefault();
if (accessToken == null)
{
result = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.AnonymousUserId);
InputModule.logger.Info($"User is anonymous. Using userId - {{{LoggerProperties.UserId}}}", result);
}
else
{
var introspectionResponse = await requestProvider.HttpClient.IntrospectTokenAsync(new TokenIntrospectionRequest
{
// TODO: use SettingsService for the following values which are duplicated in ei8.Avatar.Port.Adapter.In.Api.Startup.ConfigureServices
Address = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.TokenIssuerAddress) + "/connect/introspect",
ClientId = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.ApiName),
ClientSecret = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.ApiSecret),
Token = accessToken.Substring(accessToken.IndexOf(" ") + 1)
});
if (!introspectionResponse.IsActive)
{
InputModule.logger.Error($"Specified token is inactive.");
throw new AuthenticationException("Specified access token is inactive.");
}
module.RequiresAuthentication();
result = module.Context.CurrentUser.Claims.Single(c => c.Type == JwtClaimTypes.Email).Value;
InputModule.logger.Info($"User has been authenticated. Using userId - {{{LoggerProperties.UserId}}}", result);
}
}
else
{
result = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.ProxyUserId);
InputModule.logger.Info($"Authentication not required. Using userId - {{{LoggerProperties.UserId}}}", result);
}
return(result);
}
