btcpayserver/BTCPayServer/Security/GreenField/APIKeysAuthenticationHandler.cs

using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
using BTCPayServer.Client;
using BTCPayServer.Data;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace BTCPayServer.Security.GreenField
{
    public class APIKeysAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>
    {
        private readonly APIKeyRepository _apiKeyRepository;
        private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
        private readonly UserManager<ApplicationUser> _userManager;

        public APIKeysAuthenticationHandler(
            APIKeyRepository apiKeyRepository,
            IOptionsMonitor<IdentityOptions> identityOptions,
            IOptionsMonitor<GreenFieldAuthenticationOptions> options,
            ILoggerFactory logger,
            UrlEncoder encoder,
            ISystemClock clock,
            UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)
        {
            _apiKeyRepository = apiKeyRepository;
            _identityOptions = identityOptions;
            _userManager = userManager;
        }

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) || string.IsNullOrEmpty(apiKey))
                return AuthenticateResult.NoResult();

            var key = await _apiKeyRepository.GetKey(apiKey, true);

            if (key == null)
            {
                return AuthenticateResult.Fail("ApiKey authentication failed");
            }
            List<Claim> claims = new List<Claim>();
            claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));

            claims.AddRange((await _userManager.GetRolesAsync(key.User)).Select(s => new Claim(_identityOptions.CurrentValue.ClaimsIdentity.RoleClaimType, s)));
            claims.AddRange(Permission.ToPermissions(key.GetBlob().Permissions).Select(permission =>
                new Claim(GreenFieldConstants.ClaimTypes.Permission, permission.ToString())));
            return AuthenticateResult.Success(new AuthenticationTicket(
                new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),
                GreenFieldConstants.AuthenticationType));
        }
    }
}
Move directories, rename controllers 2020-03-27 12:58:45 +09:00			`using System.Collections.Generic;`
			`using System.Linq;`
			`using System.Security.Claims;`
			`using System.Text.Encodings.Web;`
			`using System.Threading.Tasks;`
			`using BTCPayServer.Client;`
			`using BTCPayServer.Data;`
			`using Microsoft.AspNetCore.Authentication;`
			`using Microsoft.AspNetCore.Identity;`
			`using Microsoft.Extensions.Logging;`
			`using Microsoft.Extensions.Options;`

			`namespace BTCPayServer.Security.GreenField`
			`{`
Split the greenfield authhandler in two classes 2020-03-27 13:06:41 +09:00			`public class APIKeysAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>`
Move directories, rename controllers 2020-03-27 12:58:45 +09:00			`{`
			`private readonly APIKeyRepository _apiKeyRepository;`
			`private readonly IOptionsMonitor<IdentityOptions> _identityOptions;`
			`private readonly UserManager<ApplicationUser> _userManager;`

Split the greenfield authhandler in two classes 2020-03-27 13:06:41 +09:00			`public APIKeysAuthenticationHandler(`
Move directories, rename controllers 2020-03-27 12:58:45 +09:00			`APIKeyRepository apiKeyRepository,`
			`IOptionsMonitor<IdentityOptions> identityOptions,`
			`IOptionsMonitor<GreenFieldAuthenticationOptions> options,`
			`ILoggerFactory logger,`
			`UrlEncoder encoder,`
			`ISystemClock clock,`
			`UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)`
			`{`
			`_apiKeyRepository = apiKeyRepository;`
			`_identityOptions = identityOptions;`
			`_userManager = userManager;`
			`}`

			`protected override async Task<AuthenticateResult> HandleAuthenticateAsync()`
			`{`
			`if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) \|\| string.IsNullOrEmpty(apiKey))`
			`return AuthenticateResult.NoResult();`

Set roles when authenticating via greenfield fixes #1855 2020-08-19 14:46:45 +02:00			`var key = await _apiKeyRepository.GetKey(apiKey, true);`
Move directories, rename controllers 2020-03-27 12:58:45 +09:00
			`if (key == null)`
			`{`
			`return AuthenticateResult.Fail("ApiKey authentication failed");`
			`}`
			`List<Claim> claims = new List<Claim>();`
			`claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));`
Run dotnet format (#3244) 2021-12-31 16:59:02 +09:00
Set roles when authenticating via greenfield fixes #1855 2020-08-19 14:46:45 +02:00			`claims.AddRange((await _userManager.GetRolesAsync(key.User)).Select(s => new Claim(_identityOptions.CurrentValue.ClaimsIdentity.RoleClaimType, s)));`
GreenField: Switch to Blob for API Keys 2020-04-02 08:59:20 +02:00			`claims.AddRange(Permission.ToPermissions(key.GetBlob().Permissions).Select(permission =>`
Move directories, rename controllers 2020-03-27 12:58:45 +09:00			`new Claim(GreenFieldConstants.ClaimTypes.Permission, permission.ToString())));`
			`return AuthenticateResult.Success(new AuthenticationTicket(`
			`new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),`
			`GreenFieldConstants.AuthenticationType));`
			`}`
			`}`
			`}`