[WIP]

2025-06-06 16:36:19 +02:00 · 2025-05-18 22:36:12 +02:00 · 2025-05-18 18:03:40 +02:00
10 changed files with 170 additions and 21 deletions
--- a/DotBased.AspNet.Authority/AuthorityDefaults.cs
+++ b/DotBased.AspNet.Authority/AuthorityDefaults.cs
@ -27,6 +27,14 @@ public static class AuthorityDefaults
        public const string Default = "/";
        public const string Login = "/auth/login";
        public const string Logout = "/auth/logout";
+        public const string Challenge = "/auth/challenge";
        public const string Forbidden = "/forbidden";
+        public const string Info = "/info";
+    }
+    
+    public static class ClaimTypes
+    {
+        public const string Attribute = "Authority.Attribute";
+        public const string AuthenticatedScheme = "Authority.Scheme.Authenticated";
    }
 }
--- a/DotBased.AspNet.Authority/Controllers/AuthorityController.cs
+++ b/DotBased.AspNet.Authority/Controllers/AuthorityController.cs
@ -1,4 +1,6 @@
 using System.Text.Json;
+using DotBased.AspNet.Authority.Models.Data.System;
+using DotBased.AspNet.Authority.Services;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@ -9,7 +11,7 @@ namespace DotBased.AspNet.Authority.Controllers;
 [Route("[controller]")]
 public class AuthorityController(IAuthenticationService authenticationService) : ControllerBase
 {
-    [HttpGet("auth/login")]
+    [HttpGet(AuthorityDefaults.Paths.Login)]
    [AllowAnonymous]
    public async Task<ActionResult> LoginFromSchemeAsync([FromQuery(Name = "s")] string? scheme, [FromQuery(Name = "ss")] string? sessionScheme)
    {
@ -17,17 +19,41 @@ public class AuthorityController(IAuthenticationService authenticationService) :
        return Ok();
    }

-    [HttpGet("auth/logout")]
+    [HttpGet(AuthorityDefaults.Paths.Challenge)]
+    [AllowAnonymous]
+    public IActionResult ChallengeLogin([FromQuery(Name = "s")] string? scheme, [FromQuery(Name = "returnUrl")] string returnUrl = "/")
+    {
+        return Challenge(scheme, returnUrl);
+    }
+
+    [HttpGet(AuthorityDefaults.Paths.Logout)]
    public async Task<ActionResult> LogoutAsync()
    {
        await HttpContext.SignOutAsync();
        return Ok();
    }

-    [HttpGet("info")]
+    [HttpGet(AuthorityDefaults.Paths.Info)]
    [AllowAnonymous]
    public async Task<ActionResult<JsonDocument>> GetAuthorityInfoAsync()
    {
-        return Ok();
+        if (authenticationService is not AuthorityAuthenticationService authService)
+        {
+            return BadRequest();
+        }
+
+        var schemesInfos = authService.GetAllSchemeInfos();
+        
+        var info = new AuthorityInformation
+        {
+            IsAuthenticated = false,
+            SchemeInformation = new SchemeInformation
+            {
+                DefaultScheme = authService.Options.DefaultScheme ?? "Unknown",
+                AvailableSchemes = schemesInfos.ToList()
+            }
+        };
+        
+        return Ok(info);
    }
 }
--- a/DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs
+++ b/DotBased.AspNet.Authority/Handlers/AuthorityLoginAuthenticationHandler.cs
@ -1,3 +1,5 @@
+using System.Buffers.Text;
+using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using DotBased.AspNet.Authority.Managers;
@ -5,6 +7,7 @@ using DotBased.AspNet.Authority.Models.Options.Auth;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Primitives;

 namespace DotBased.AspNet.Authority.Handlers;

@ -19,8 +22,81 @@ public class AuthorityLoginAuthenticationHandler(IOptionsMonitor<AuthorityLoginO
    // Validate credentials
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
-        var ticket = new AuthenticationTicket(new ClaimsPrincipal(), Scheme.Name);
+        var authResult = GetBasicAuthorization(out var email, out var password);
+        if (authResult != null || string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
+        {
+            return AuthenticateResult.Fail(authResult ?? "Failed to get basic authorization from header.");
+        }
+        
+        var userResult = await manager.GetUserByEmailAsync(email);
+        if (userResult is { IsSuccess: false, Error: not null })
+        {
+            return AuthenticateResult.Fail(userResult.Error.Description);
+        }
+        var user = userResult.Value;
+        
+        var passwordValidateResult = await manager.ValidatePasswordAsync(user, password);
+        if (!passwordValidateResult.IsSuccess)
+        {
+            return AuthenticateResult.Fail(passwordValidateResult.Error?.Description ?? "Failed to validate password.");
+        }
+
+        var identityClaims = new List<Claim>();
+        var rolesResult = await manager.GetAllUserRolesAsync(user);
+        if (rolesResult.IsSuccess)
+        {
+            var roles = rolesResult.Value;
+            foreach (var authorityRole in roles)
+            {
+                identityClaims.Add(new Claim(ClaimTypes.Role, authorityRole.Name));
+            }
+        }
+        
+        var principal = new ClaimsPrincipal(new ClaimsIdentity(identityClaims, Scheme.Name));
+        var ticket = new AuthenticationTicket(principal, Scheme.Name);
        var result = AuthenticateResult.Success(ticket);
        return result;
    }
+
+    private string? GetBasicAuthorization(out string? email, out string? password)
+    {
+        email = null;
+        password = null;
+        
+        if (StringValues.IsNullOrEmpty(Context.Request.Headers.Authorization))
+        {
+            return "Missing authorization header";
+        }
+
+        var basicAuth = string.Empty;
+        foreach (var authorizationValue in Context.Request.Headers.Authorization)
+        {
+            if (string.IsNullOrWhiteSpace(authorizationValue))
+            {
+                continue;
+            }
+
+            if (AuthenticationHeaderValue.TryParse(authorizationValue, out var basicAuthHeader) && !string.IsNullOrWhiteSpace(basicAuthHeader.Parameter))
+            {
+                basicAuth = basicAuthHeader.Parameter;
+            }
+        }
+
+        if (!Base64.IsValid(basicAuth))
+        {
+            return "Invalid basic authorization data!";
+        }
+        
+        var base64Auth = Convert.FromBase64String(basicAuth);
+        var decodedAuth = System.Text.Encoding.UTF8.GetString(base64Auth);
+        var parts = decodedAuth.Split(':');
+        if (parts.Length != 2)
+        {
+            return "No email and/or password found!";
+        }
+
+        email = parts[0];
+        password = parts[1];
+        return null;
+    }
 }
--- a/DotBased.AspNet.Authority/Managers/AuthorityUserManager.cs
+++ b/DotBased.AspNet.Authority/Managers/AuthorityUserManager.cs
@ -36,6 +36,22 @@ public partial class AuthorityManager
        return errors.Count > 0 ? ValidationResult.Fail(errors) : ValidationResult.Success();
    }

+    public async Task<Result<AuthorityUser>> GetUserByEmailAsync(string email)
+    {
+        if (string.IsNullOrEmpty(email))
+        {
+            return ResultError.Fail("No email given.");
+        }
+
+        var user = await userRepository.GetUserByEmailAsync(email);
+        if (user == null)
+        {
+            return ResultError.Fail("No user found with given email.");
+        }
+
+        return user;
+    }
+
    public async Task<Result<QueryItems<AuthorityUserItem>>> SearchUsersAsync(string query, int maxResults = 20, int offset = 0, CancellationToken cancellationToken = default)
    {
        var result = await UserRepository.GetUsersAsync(maxResults, offset, query, cancellationToken);
--- a/DotBased.AspNet.Authority/Models/Data/System/AboutModel.cs
+++ b/DotBased.AspNet.Authority/Models/Data/System/AboutModel.cs
@ -1,10 +0,0 @@
-using DotBased.AspNet.Authority.Models.Data.Auth;
-
-namespace DotBased.AspNet.Authority.Models.Data.System;
-
-public class AboutModel
-{
-    public string Name { get; set; } = "Authority.Server";
-    public List<AuthenticationType> AuthenticationTypes { get; set; } = [];
-    public List<AuthenticationSessionType> SessionTypes { get; set; } = [];
-}
--- a/DotBased.AspNet.Authority/Models/Data/System/AuthorityInformation.cs
+++ b/DotBased.AspNet.Authority/Models/Data/System/AuthorityInformation.cs
@ -0,0 +1,25 @@
+using DotBased.AspNet.Authority.Models.Data.Auth;
+using DotBased.AspNet.Authority.Models.Options.Auth;
+
+namespace DotBased.AspNet.Authority.Models.Data.System;
+
+public class AuthorityInformation
+{
+    public string ServerName { get; set; } = "Authority.Server";
+    public bool IsAuthenticated { get; set; }
+    public List<AuthenticationType> AuthenticationTypes { get; set; } = [];
+    public List<AuthenticationSessionType> SessionTypes { get; set; } = [];
+    public SchemeInformation? SchemeInformation { get; set; }
+    public AuthenticatedInformation? AuthenticatedInformation { get; set; }
+}
+
+public class SchemeInformation
+{
+    public string? DefaultScheme { get; set; }
+    public List<SchemeInfo> AvailableSchemes { get; set; } = [];
+}
+
+public class AuthenticatedInformation
+{
+    public string? AuthenticatedScheme { get; set; }
+}
--- a/DotBased.AspNet.Authority/Models/Options/Auth/AuthorityAuthenticationOptions.cs
+++ b/DotBased.AspNet.Authority/Models/Options/Auth/AuthorityAuthenticationOptions.cs
@ -22,6 +22,7 @@ public class SchemeInfo
    public string Description { get; set; } = string.Empty;
    public SchemeType Type { get; set; }
    public string AuthenticationType { get; set; } = string.Empty;
+    public string? Endpoint { get; set; }
 }

 public enum SchemeType
--- a/DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs
+++ b/DotBased.AspNet.Authority/Services/AuthorityAuthenticationService.cs
@ -27,7 +27,7 @@ public class AuthorityAuthenticationService(
        return base.AuthenticateAsync(context, scheme);
    }

-    // Trigger login
+    // Trigger login - Redirects to provider (OIDC, etc.)
    // Used when access to a resource requires authentication, but the user has not provided valid credentials.
    public override Task ChallengeAsync(HttpContext context, string? scheme, AuthenticationProperties? properties)
    {
--- a/TestWebApi/Program.cs
+++ b/TestWebApi/Program.cs
@ -33,23 +33,26 @@ builder.Services.AddAuthority()
 .MapAuthorityEndpoints()
 .AddAuthorityAuth(options =>
 {
-    options.DefaultScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
-    options.DefaultSignInScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
-    options.DefaultSignOutScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
+    options.DefaultScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
+    options.DefaultAuthenticateScheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme;
+    options.DefaultSignInScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
+    options.DefaultSignOutScheme = AuthorityDefaults.Scheme.Cookie.AuthenticationScheme;
    options.SchemeInfoMap = [
        new SchemeInfo
        {
            Scheme = AuthorityDefaults.Scheme.Authority.AuthenticationScheme,
            Description = "Authority password login",
            Type = SchemeType.Authentication,
-            AuthenticationType = "Password"
+            AuthenticationType = "Password",
+            Endpoint = AuthorityDefaults.Paths.Login
        },
        /*new SchemeInfo
        {
            Scheme = "OIDC",
            Description = "Authentik OIDC login",
            Type = SchemeType.Authentication,
-            AuthenticationType = "OpenIdConnect"
+            AuthenticationType = "OpenIdConnect",
+            Endpoint = AuthorityDefaults.Paths.Challenge
        },*/
        new SchemeInfo
        {
--- a/TestWebApi/TestWebApi.csproj
+++ b/TestWebApi/TestWebApi.csproj
@ -25,4 +25,8 @@
      <ProjectReference Include="..\DotBased\DotBased.csproj" />
    </ItemGroup>

+    <ItemGroup>
+      <Folder Include="Migrations\" />
+    </ItemGroup>
+
 </Project>
Author	SHA1	Message	Date
max	333cf66cb4	[WIP]	2025-05-18 22:36:12 +02:00
max	217c55df00	[WIP]	2025-05-18 18:03:40 +02:00