public async Task <IActionResult> WhoAmI() { string token = this.GetTokenFromHeader(out string tokenTypeStr); if (string.IsNullOrEmpty(token)) { return(this.AuthorizationHeaderMissing()); } if (!TokenTypeExtensions.TryParseTokenType(tokenTypeStr, out var tokenType)) { throw ErtisAuthException.UnsupportedTokenType(); } switch (tokenType) { case SupportedTokenTypes.None: throw ErtisAuthException.UnsupportedTokenType(); case SupportedTokenTypes.Basic: var application = await this.tokenService.WhoAmIAsync(new BasicToken(token)); if (application != null) { return(this.Ok(application)); } else { return(this.InvalidToken()); } case SupportedTokenTypes.Bearer: var user = await this.tokenService.WhoAmIAsync(BearerToken.CreateTemp(token)); if (user != null) { return(this.Ok(user)); } else { return(this.InvalidToken()); } default: throw ErtisAuthException.UnsupportedTokenType(); } }
public async Task <IResponseResult> RevokeTokenAsync(string accessToken) { return(await this.RevokeTokenAsync(BearerToken.CreateTemp(accessToken))); }
public IResponseResult RevokeToken(string accessToken) { return(this.RevokeToken(BearerToken.CreateTemp(accessToken))); }
public async Task <IResponseResult <BearerToken> > VerifyTokenAsync(string accessToken) { return(await this.VerifyTokenAsync(BearerToken.CreateTemp(accessToken))); }
public IResponseResult <BearerToken> VerifyToken(string accessToken) { return(this.VerifyToken(BearerToken.CreateTemp(accessToken))); }
private async Task <Utilizer> CheckAuthorizationAsync() { var token = this.Request.GetTokenFromHeader(out var tokenType); if (string.IsNullOrEmpty(token)) { throw ErtisAuthException.AuthorizationHeaderMissing(); } if (string.IsNullOrEmpty(tokenType)) { throw ErtisAuthException.UnsupportedTokenType(); } TokenTypeExtensions.TryParseTokenType(tokenType, out var _tokenType); switch (_tokenType) { case SupportedTokenTypes.None: throw ErtisAuthException.UnsupportedTokenType(); case SupportedTokenTypes.Basic: var basicToken = new BasicToken(token); var applicationId = token.Split(':')[0]; var getApplicationResponse = await this.applicationService.GetApplicationAsync(applicationId, basicToken); if (getApplicationResponse.IsSuccess) { var rbacDefinition = this.Context.GetRbacDefinition(getApplicationResponse.Data.Id); var rbac = $"{rbacDefinition.Resource}.{rbacDefinition.Action}"; var isPermittedForAction = await this.roleService.CheckPermissionAsync(rbac, basicToken); if (!isPermittedForAction) { throw ErtisAuthException.AccessDenied($"Token owner role is not permitted for this resource/action ({rbac})"); } return(new Utilizer { Id = getApplicationResponse.Data.Id, Username = getApplicationResponse.Data.Name, Type = tokenType == "Basic" ? Utilizer.UtilizerType.Application : Utilizer.UtilizerType.User, Role = getApplicationResponse.Data.Role, Token = token, TokenType = _tokenType }); } else { var errorMessage = getApplicationResponse.Message; if (ResponseHelper.TryParseError(getApplicationResponse.Message, out var error)) { errorMessage = error.Message; } throw ErtisAuthException.Unauthorized(errorMessage); } case SupportedTokenTypes.Bearer: var bearerToken = BearerToken.CreateTemp(token); var meResponse = await this.authenticationService.WhoAmIAsync(bearerToken); if (meResponse.IsSuccess) { var rbacDefinition = this.Context.GetRbacDefinition(meResponse.Data.Id); var rbac = $"{rbacDefinition.Resource}.{rbacDefinition.Action}"; var isPermittedForAction = await this.roleService.CheckPermissionAsync(rbac, bearerToken); if (!isPermittedForAction) { throw ErtisAuthException.AccessDenied($"Token owner role is not permitted for this resource/action ({rbac})"); } return(new Utilizer { Id = meResponse.Data.Id, Username = meResponse.Data.Username, Type = tokenType == "Basic" ? Utilizer.UtilizerType.Application : Utilizer.UtilizerType.User, Role = meResponse.Data.Role, Token = token, TokenType = _tokenType }); } else { var errorMessage = meResponse.Message; if (ResponseHelper.TryParseError(meResponse.Message, out var error)) { errorMessage = error.Message; } throw ErtisAuthException.Unauthorized(errorMessage); } default: throw ErtisAuthException.UnsupportedTokenType(); } }
public async Task <IResponseResult> RevokeTokenAsync(string accessToken, bool logoutFromAllDevices = false) { return(await this.RevokeTokenAsync(BearerToken.CreateTemp(accessToken), logoutFromAllDevices)); }
public IResponseResult RevokeToken(string accessToken, bool logoutFromAllDevices = false) { return(this.RevokeToken(BearerToken.CreateTemp(accessToken), logoutFromAllDevices)); }