btcpayserver/BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
using BTCPayServer.Client;
using BTCPayServer.Data;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace BTCPayServer.Security.GreenField
{
    public class BasicAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>
    {
        private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
        private readonly SignInManager<ApplicationUser> _signInManager;
        private readonly UserManager<ApplicationUser> _userManager;

        public BasicAuthenticationHandler(
            IOptionsMonitor<IdentityOptions> identityOptions,
            IOptionsMonitor<GreenFieldAuthenticationOptions> options,
            ILoggerFactory logger,
            UrlEncoder encoder,
            ISystemClock clock,
            SignInManager<ApplicationUser> signInManager,
            UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)
        {
            _identityOptions = identityOptions;
            _signInManager = signInManager;
            _userManager = userManager;
        }

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            string authHeader = Context.Request.Headers["Authorization"];

            if (authHeader == null || !authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
                return AuthenticateResult.NoResult();
            string password;
            string username;
            try
            {
                var encodedUsernamePassword =
                    authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
                var decodedUsernamePassword =
                    Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
                username = decodedUsernamePassword[0];
                password = decodedUsernamePassword[1];
            }
            catch (Exception)
            {
                return AuthenticateResult.Fail(
                    "Basic authentication header was not in a correct format. (username:password encoded in base64)");
            }

            var result = await _signInManager.PasswordSignInAsync(username, password, true, true);
            if (!result.Succeeded)
                return AuthenticateResult.Fail(result.ToString());

            var user = await _userManager.Users
                .Include(applicationUser => applicationUser.Fido2Credentials)
                .FirstOrDefaultAsync(applicationUser =>
                    applicationUser.NormalizedUserName == _userManager.NormalizeName(username));
            
            if (user.Fido2Credentials.Any())
            {
                return AuthenticateResult.Fail("Cannot use Basic authentication with multi-factor is enabled.");
            }
            var claims = new List<Claim>()
            {
                new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, user.Id),
                new Claim(GreenFieldConstants.ClaimTypes.Permission,
                    Permission.Create(Policies.Unrestricted).ToString())
            };
            claims.AddRange((await _userManager.GetRolesAsync(user)).Select(s => new Claim(_identityOptions.CurrentValue.ClaimsIdentity.RoleClaimType, s)));

            return AuthenticateResult.Success(new AuthenticationTicket(
                new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),
                GreenFieldConstants.AuthenticationType));
        }
    }
}
Cleaning up bom from cs files 2020-06-29 04:44:35 +02:00			`using System;`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`using System.Collections.Generic;`
Set roles when authenticating via greenfield fixes #1855 2020-08-19 14:46:45 +02:00			`using System.Linq;`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`using System.Security.Claims;`
			`using System.Text;`
			`using System.Text.Encodings.Web;`
			`using System.Threading.Tasks;`
			`using BTCPayServer.Client;`
			`using BTCPayServer.Data;`
			`using Microsoft.AspNetCore.Authentication;`
			`using Microsoft.AspNetCore.Identity;`
Migrate existing U2F to Fido2 (#2484) * Migrate existing U2F to Fido2 This seamlessly switches all u2f registrations over to the new FIDO2 support. Please note that I have not yet added a way to drop the u2f DB and its UI so that we can test the migration works properly for all. * add testing logic * fix u2f tests * remove duplicate status message * fix test and namespaces * fix test 2021-04-28 06:14:15 +02:00			`using Microsoft.EntityFrameworkCore;`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`using Microsoft.Extensions.Logging;`
			`using Microsoft.Extensions.Options;`

			`namespace BTCPayServer.Security.GreenField`
			`{`
Split the greenfield authhandler in two classes 2020-03-27 05:06:41 +01:00			`public class BasicAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`{`
			`private readonly IOptionsMonitor<IdentityOptions> _identityOptions;`
			`private readonly SignInManager<ApplicationUser> _signInManager;`
			`private readonly UserManager<ApplicationUser> _userManager;`

Split the greenfield authhandler in two classes 2020-03-27 05:06:41 +01:00			`public BasicAuthenticationHandler(`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`IOptionsMonitor<IdentityOptions> identityOptions,`
			`IOptionsMonitor<GreenFieldAuthenticationOptions> options,`
			`ILoggerFactory logger,`
			`UrlEncoder encoder,`
			`ISystemClock clock,`
			`SignInManager<ApplicationUser> signInManager,`
			`UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)`
			`{`
			`_identityOptions = identityOptions;`
			`_signInManager = signInManager;`
			`_userManager = userManager;`
			`}`

			`protected override async Task<AuthenticateResult> HandleAuthenticateAsync()`
			`{`
			`string authHeader = Context.Request.Headers["Authorization"];`

Split the greenfield authhandler in two classes 2020-03-27 05:06:41 +01:00			`if (authHeader == null \|\| !authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))`
			`return AuthenticateResult.NoResult();`
fail auth on incorrect basic auth value fixes #1713 2020-07-13 08:35:13 +02:00			`string password;`
			`string username;`
			`try`
			`{`
			`var encodedUsernamePassword =`
			`authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();`
			`var decodedUsernamePassword =`
			`Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');`
			`username = decodedUsernamePassword[0];`
			`password = decodedUsernamePassword[1];`
			`}`
			`catch (Exception)`
			`{`
			`return AuthenticateResult.Fail(`
			`"Basic authentication header was not in a correct format. (username:password encoded in base64)");`
			`}`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00
			`var result = await _signInManager.PasswordSignInAsync(username, password, true, true);`
Split the greenfield authhandler in two classes 2020-03-27 05:06:41 +01:00			`if (!result.Succeeded)`
			`return AuthenticateResult.Fail(result.ToString());`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00
Migrate existing U2F to Fido2 (#2484) * Migrate existing U2F to Fido2 This seamlessly switches all u2f registrations over to the new FIDO2 support. Please note that I have not yet added a way to drop the u2f DB and its UI so that we can test the migration works properly for all. * add testing logic * fix u2f tests * remove duplicate status message * fix test and namespaces * fix test 2021-04-28 06:14:15 +02:00			`var user = await _userManager.Users`
			`.Include(applicationUser => applicationUser.Fido2Credentials)`
			`.FirstOrDefaultAsync(applicationUser =>`
			`applicationUser.NormalizedUserName == _userManager.NormalizeName(username));`

U2fremove (#2496) * Remove U2F support and JS * fix final changes * fix more final stuff 2021-04-28 09:22:09 +02:00			`if (user.Fido2Credentials.Any())`
Migrate existing U2F to Fido2 (#2484) * Migrate existing U2F to Fido2 This seamlessly switches all u2f registrations over to the new FIDO2 support. Please note that I have not yet added a way to drop the u2f DB and its UI so that we can test the migration works properly for all. * add testing logic * fix u2f tests * remove duplicate status message * fix test and namespaces * fix test 2021-04-28 06:14:15 +02:00			`{`
			`return AuthenticateResult.Fail("Cannot use Basic authentication with multi-factor is enabled.");`
			`}`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`var claims = new List<Claim>()`
			`{`
			`new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, user.Id),`
			`new Claim(GreenFieldConstants.ClaimTypes.Permission,`
			`Permission.Create(Policies.Unrestricted).ToString())`
			`};`
Set roles when authenticating via greenfield fixes #1855 2020-08-19 14:46:45 +02:00			`claims.AddRange((await _userManager.GetRolesAsync(user)).Select(s => new Claim(_identityOptions.CurrentValue.ClaimsIdentity.RoleClaimType, s)));`
Move directories, rename controllers 2020-03-27 04:58:45 +01:00
			`return AuthenticateResult.Success(new AuthenticationTicket(`
			`new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),`
			`GreenFieldConstants.AuthenticationType));`
			`}`
			`}`
			`}`