public async Task <int> GetUserId(HttpRequest req) { AuthGUID authGUID = await GetGUIDAsync(req); if (!authGUID.Acces || authGUID.GUID == "") { return(0); } IAuthorizationRepository authRepository = DIContainer.Instance.GetService <IAuthorizationRepository>(); return(authRepository.GetUserId(authGUID.GUID, false)); }
/** * Authorization Check for every call */ public async Task <AuthResultModel> CheckAuthorization(HttpRequest req, int userId = 0, bool isDoctor = false) { // Get AuthentificationHeader from request AuthenticationHeaderValue.TryParse(req.Headers[HeaderNames.Authorization], out var authHeader); if (authHeader == null) { return(new AuthResultModel(false, AuthStatusCode.Unauthorized)); } // Token validation with Auth0 servers ClaimsPrincipal claims = await Auth0.ValidateTokenAsync(authHeader); if (claims == null) { return(new AuthResultModel(false, AuthStatusCode.Unauthorized)); } // Get Token Guid for Authorization string tokenGuid = claims.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value; IAuthorizationRepository authRepository = DIContainer.Instance.GetService <IAuthorizationRepository>(); // If userId needs to come from token, only calls the method GetAccountId if userId is zero if (userId == 0 && authRepository.GetUserId(tokenGuid, isDoctor) == 0) { return(new AuthResultModel(false, AuthStatusCode.Forbidden)); } // When a call is from a Doctor that needs info about a patient, the following method will be called // UserId is here patientId if (isDoctor && authRepository.CheckDoctorAcces(userId, tokenGuid)) { return(new AuthResultModel(true, AuthStatusCode.Ok)); } // When a call is from a patient of doctor and only ask for information about the same user the following method will be called if (userId != 0 && !authRepository.UserAuth(userId, tokenGuid, isDoctor)) { return(new AuthResultModel(false, AuthStatusCode.Forbidden)); } return(new AuthResultModel(true, AuthStatusCode.Ok)); }