btcpayserver/BTCPayServer/Security/APIKeys/APIKeyAuthorizationHandler.cs

using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using BTCPayServer.Client;
using BTCPayServer.Data;
using BTCPayServer.Services.Stores;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;

namespace BTCPayServer.Security.APIKeys
{
    public class APIKeyAuthorizationHandler : AuthorizationHandler<PolicyRequirement>

    {
        private readonly HttpContext _HttpContext;
        private readonly UserManager<ApplicationUser> _userManager;
        private readonly StoreRepository _storeRepository;

        public APIKeyAuthorizationHandler(IHttpContextAccessor httpContextAccessor,
            UserManager<ApplicationUser> userManager,
            StoreRepository storeRepository)
        {
            _HttpContext = httpContextAccessor.HttpContext;
            _userManager = userManager;
            _storeRepository = storeRepository;
        }

        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
            PolicyRequirement requirement)
        {
            if (context.User.Identity.AuthenticationType != APIKeyConstants.AuthenticationType)
                return;

            bool success = false;
            switch (requirement.Policy)
            {
                case Policies.CanModifyProfile.Key:
                    success = context.HasPermissions(Permissions.ProfileManagement);
                    break;
                case Policies.CanListStoreSettings.Key:
                    var selectiveStorePermissions =
                        Permissions.ExtractStorePermissionsIds(context.GetPermissions());
                    success = context.HasPermissions(Permissions.StoreManagement) ||
                              selectiveStorePermissions.Any();
                    break;
                case Policies.CanModifyStoreSettings.Key:
                    string storeId = _HttpContext.GetImplicitStoreId();
                    if (!context.HasPermissions(Permissions.StoreManagement) &&
                        !context.HasPermissions(Permissions.GetStorePermission(storeId)))
                        break;

                    if (storeId == null)
                    {
                        success = true;
                    }
                    else
                    {
                        var userid = _userManager.GetUserId(context.User);
                        if (string.IsNullOrEmpty(userid))
                            break;
                        var store = await _storeRepository.FindStore((string)storeId, userid);
                        if (store == null)
                            break;
                        success = true;
                        _HttpContext.SetStoreData(store);
                    }

                    break;
                case Policies.CanCreateUser.Key:
                case Policies.CanModifyServerSettings.Key:
                    if (!context.HasPermissions(Permissions.ServerManagement))
                        break;
                    // For this authorization, we still check in database because it is super sensitive.
                    success = await IsUserAdmin(context.User);
                    break;
            }

            //if you do not have the specific permissions, BUT you have server management, we enable god mode 
            if (!success && context.HasPermissions(Permissions.ServerManagement) &&
                requirement.Policy != Policies.CanModifyServerSettings.Key)
            {
                success = await IsUserAdmin(context.User);
            }

            if (success)
            {
                context.Succeed(requirement);
            }
        }

        private async Task<bool> IsUserAdmin(ClaimsPrincipal contextUser)
        {
            var user = await _userManager.GetUserAsync(contextUser);
            if (user == null)
                return false;
            if (!await _userManager.IsInRoleAsync(user, Roles.ServerAdmin))
                return false;
            return true;
        }
    }
}
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`using System.Linq;`
Greenfield API: God Mode When the `ServerManagement` permission is granted, you should be able to do everything in the system. Maybe I should rename it to GodMode as a permission to not have any confusion with managing server settings (currently `ServerManagement`)? 2020-03-12 18:43:57 +01:00			`using System.Security.Claims;`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`using System.Threading.Tasks;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`using BTCPayServer.Client;`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`using BTCPayServer.Data;`
			`using BTCPayServer.Services.Stores;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Http;`
			`using Microsoft.AspNetCore.Identity;`

			`namespace BTCPayServer.Security.APIKeys`
			`{`
			`public class APIKeyAuthorizationHandler : AuthorizationHandler<PolicyRequirement>`

			`{`
			`private readonly HttpContext _HttpContext;`
			`private readonly UserManager<ApplicationUser> _userManager;`
			`private readonly StoreRepository _storeRepository;`

			`public APIKeyAuthorizationHandler(IHttpContextAccessor httpContextAccessor,`
			`UserManager<ApplicationUser> userManager,`
			`StoreRepository storeRepository)`
			`{`
			`_HttpContext = httpContextAccessor.HttpContext;`
			`_userManager = userManager;`
			`_storeRepository = storeRepository;`
			`}`

			`protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,`
			`PolicyRequirement requirement)`
			`{`
			`if (context.User.Identity.AuthenticationType != APIKeyConstants.AuthenticationType)`
			`return;`

			`bool success = false;`
			`switch (requirement.Policy)`
			`{`
Greenfield API: Get current User Builds on #1368 This PR adds a new endpoint: Get current user.. It only returns the current user's id and email for now( let's extend later) It also adds a new permission: `ProfileManagement` which is needed for this endpoint (and for update endpoints later) 2020-03-12 14:59:24 +01:00			`case Policies.CanModifyProfile.Key:`
			`success = context.HasPermissions(Permissions.ProfileManagement);`
			`break;`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`case Policies.CanListStoreSettings.Key:`
			`var selectiveStorePermissions =`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`Permissions.ExtractStorePermissionsIds(context.GetPermissions());`
			`success = context.HasPermissions(Permissions.StoreManagement) \|\|`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`selectiveStorePermissions.Any();`
			`break;`
			`case Policies.CanModifyStoreSettings.Key:`
			`string storeId = _HttpContext.GetImplicitStoreId();`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`if (!context.HasPermissions(Permissions.StoreManagement) &&`
			`!context.HasPermissions(Permissions.GetStorePermission(storeId)))`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`break;`

			`if (storeId == null)`
			`{`
			`success = true;`
			`}`
			`else`
			`{`
			`var userid = _userManager.GetUserId(context.User);`
			`if (string.IsNullOrEmpty(userid))`
			`break;`
			`var store = await _storeRepository.FindStore((string)storeId, userid);`
			`if (store == null)`
			`break;`
			`success = true;`
			`_HttpContext.SetStoreData(store);`
			`}`

			`break;`
Greenfield API: Create User Slightly big PR because I started refactoring to reduce code duplication between the UI based business logic and the api one. 2020-03-13 11:47:22 +01:00			`case Policies.CanCreateUser.Key:`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`case Policies.CanModifyServerSettings.Key:`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`if (!context.HasPermissions(Permissions.ServerManagement))`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`break;`
Greenfield API: God Mode When the `ServerManagement` permission is granted, you should be able to do everything in the system. Maybe I should rename it to GodMode as a permission to not have any confusion with managing server settings (currently `ServerManagement`)? 2020-03-12 18:43:57 +01:00			`// For this authorization, we still check in database because it is super sensitive.`
			`success = await IsUserAdmin(context.User);`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`break;`
			`}`

Greenfield API: God Mode When the `ServerManagement` permission is granted, you should be able to do everything in the system. Maybe I should rename it to GodMode as a permission to not have any confusion with managing server settings (currently `ServerManagement`)? 2020-03-12 18:43:57 +01:00			`//if you do not have the specific permissions, BUT you have server management, we enable god mode`
			`if (!success && context.HasPermissions(Permissions.ServerManagement) &&`
			`requirement.Policy != Policies.CanModifyServerSettings.Key)`
			`{`
			`success = await IsUserAdmin(context.User);`
			`}`

Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`if (success)`
			`{`
			`context.Succeed(requirement);`
			`}`
			`}`
Greenfield API: God Mode When the `ServerManagement` permission is granted, you should be able to do everything in the system. Maybe I should rename it to GodMode as a permission to not have any confusion with managing server settings (currently `ServerManagement`)? 2020-03-12 18:43:57 +01:00
			`private async Task<bool> IsUserAdmin(ClaimsPrincipal contextUser)`
			`{`
			`var user = await _userManager.GetUserAsync(contextUser);`
			`if (user == null)`
			`return false;`
			`if (!await _userManager.IsInRoleAsync(user, Roles.ServerAdmin))`
			`return false;`
			`return true;`
			`}`
Api keys with openiddict (#1262) * Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :( 2020-02-24 14:36:15 +01:00			`}`
			`}`