public VerifiedOrderCloudUser(ClaimsPrincipal principal) { Principal = principal; if (Principal.Claims.Any()) { _token = new JwtOrderCloud(this.AccessToken); } }
protected override Task HandleForbiddenAsync(AuthenticationProperties properties) { var token = GetTokenFromAuthHeader(); var jwt = new JwtOrderCloud(token); throw new InsufficientRolesException(new InsufficientRolesError() { SufficientRoles = GetUserAuthAttribute().Roles.Select(r => r.ToString()).ToList(), AssignedRoles = jwt.Roles, }); }
// todo: add caching? protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { try { var token = GetTokenFromAuthHeader(); if (string.IsNullOrEmpty(token)) { return(AuthenticateResult.Fail("The OrderCloud bearer token was not provided in the Authorization header.")); } var jwt = new JwtOrderCloud(token); if (jwt.ClientID == null) { return(AuthenticateResult.Fail("The provided bearer token does not contain a 'cid' (Client ID) claim.")); } // we've validated the token as much as we can on this end, go make sure it's ok on OC var user = await _ocClient.Me.GetAsync(token); if (!user.Active) { return(AuthenticateResult.Fail("Authentication failure")); } var cid = new ClaimsIdentity("OcUser"); cid.AddClaim(new Claim("clientid", jwt.ClientID)); cid.AddClaim(new Claim("accesstoken", token)); cid.AddClaim(new Claim("username", user.Username)); cid.AddClaim(new Claim("userid", user.ID)); cid.AddClaim(new Claim("email", user.Email ?? "")); cid.AddClaim(new Claim("buyer", user.Buyer?.ID ?? "")); cid.AddClaim(new Claim("supplier", user.Supplier?.ID ?? "")); cid.AddClaim(new Claim("seller", user?.Seller?.ID ?? "")); cid.AddClaims(user.AvailableRoles.Select(r => new Claim(ClaimTypes.Role, r))); if (jwt.IsAnon) { cid.AddClaim(new Claim("anonorderid", jwt.OrderID)); } var ticket = new AuthenticationTicket(new ClaimsPrincipal(cid), "OcUser"); return(AuthenticateResult.Success(ticket)); } catch (Exception ex) { return(AuthenticateResult.Fail(ex.Message)); } }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { try { var token = GetTokenFromAuthHeader(); if (string.IsNullOrEmpty(token)) { return(AuthenticateResult.Fail("The OrderCloud bearer token was not provided in the Authorization header.")); } var jwt = new JwtOrderCloud(token); if (jwt.ClientID == null) { return(AuthenticateResult.Fail("The provided bearer token does not contain a 'cid' (Client ID) claim.")); } // we've validated the token as much as we can on this end, go make sure it's ok on OC var allowFetchUserRetry = false; var user = await _cache.GetOrAddAsync(token, TimeSpan.FromMinutes(5), () => { try { return(_ocClient.Me.GetAsync(token)); } catch (FlurlHttpException ex) when((int?)ex.Call.Response?.StatusCode < 500) { return(null); } catch (Exception) { allowFetchUserRetry = true; return(null); } }); if (allowFetchUserRetry) { _cache.RemoveAsync(token); // not their fault, don't make them wait 5 min } if (user == null || !user.Active) { return(AuthenticateResult.Fail("Authentication failure")); } var cid = new ClaimsIdentity("OcUser"); cid.AddClaim(new Claim("clientid", jwt.ClientID)); cid.AddClaim(new Claim("accesstoken", token)); cid.AddClaim(new Claim("username", user.Username)); cid.AddClaim(new Claim("userid", user.ID)); cid.AddClaim(new Claim("email", user.Email ?? "")); cid.AddClaim(new Claim("buyer", user.Buyer?.ID ?? "")); cid.AddClaim(new Claim("supplier", user.Supplier?.ID ?? "")); cid.AddClaim(new Claim("seller", user?.Seller?.ID ?? "")); cid.AddClaims(user.AvailableRoles.Select(r => new Claim(ClaimTypes.Role, r))); if (jwt.IsAnon) { cid.AddClaim(new Claim("anonorderid", jwt.AnonOrderID)); } var ticket = new AuthenticationTicket(new ClaimsPrincipal(cid), "OcUser"); return(AuthenticateResult.Success(ticket)); } catch (Exception ex) { return(AuthenticateResult.Fail(ex.Message)); } }