Split the greenfield authhandler in two classes

BTCPayServer/Security/AuthenticationSchemes.cs

@@ -4,6 +4,8 @@
     {
         public const string Cookie = "Identity.Application";
         public const string Bitpay = "Bitpay";
-        public const string Greenfield = "Greenfield";
+        public const string Greenfield = "Greenfield.APIKeys,Greenfield.Basic";
+        public const string GreenfieldAPIKeys = "Greenfield.APIKeys";
+        public const string GreenfieldBasic = "Greenfield.Basic";
     }
 }

BTCPayServer/Security/GreenField/APIKeyExtensions.cs

@@ -26,7 +26,9 @@ namespace BTCPayServer.Security.GreenField
 
         public static AuthenticationBuilder AddAPIKeyAuthentication(this AuthenticationBuilder builder)
         {
-            builder.AddScheme<GreenFieldAuthenticationOptions, GreenFieldAuthenticationHandler>(AuthenticationSchemes.Greenfield,
+            builder.AddScheme<GreenFieldAuthenticationOptions, APIKeysAuthenticationHandler>(AuthenticationSchemes.GreenfieldAPIKeys,
+                o => { });
+            builder.AddScheme<GreenFieldAuthenticationOptions, BasicAuthenticationHandler>(AuthenticationSchemes.GreenfieldBasic,
                 o => { });
             return builder;
         }

BTCPayServer/Security/GreenField/APIKeysAuthenticationHandler.cs

@@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using BTCPayServer.Client;
+using BTCPayServer.Data;
+using BTCPayServer.Security.Bitpay;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace BTCPayServer.Security.GreenField
+{
+    public class APIKeysAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>
+    {
+        private readonly APIKeyRepository _apiKeyRepository;
+        private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
+        private readonly SignInManager<ApplicationUser> _signInManager;
+        private readonly UserManager<ApplicationUser> _userManager;
+
+        public APIKeysAuthenticationHandler(
+            APIKeyRepository apiKeyRepository,
+            IOptionsMonitor<IdentityOptions> identityOptions,
+            IOptionsMonitor<GreenFieldAuthenticationOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder,
+            ISystemClock clock,
+            SignInManager<ApplicationUser> signInManager,
+            UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)
+        {
+            _apiKeyRepository = apiKeyRepository;
+            _identityOptions = identityOptions;
+            _signInManager = signInManager;
+            _userManager = userManager;
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) || string.IsNullOrEmpty(apiKey))
+                return AuthenticateResult.NoResult();
+
+            var key = await _apiKeyRepository.GetKey(apiKey);
+
+            if (key == null)
+            {
+                return AuthenticateResult.Fail("ApiKey authentication failed");
+            }
+
+            List<Claim> claims = new List<Claim>();
+            claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));
+            claims.AddRange(Permission.ToPermissions(key.Permissions).Select(permission =>
+                new Claim(GreenFieldConstants.ClaimTypes.Permission, permission.ToString())));
+            return AuthenticateResult.Success(new AuthenticationTicket(
+                new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),
+                GreenFieldConstants.AuthenticationType));
+        }
+    }
+}

BTCPayServer/Security/GreenField/BasicAuthenticationHandler.cs

@@ -15,15 +15,13 @@ using Microsoft.Extensions.Options;
 
 namespace BTCPayServer.Security.GreenField
 {
-    public class GreenFieldAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>
+    public class BasicAuthenticationHandler : AuthenticationHandler<GreenFieldAuthenticationOptions>
     {
-        private readonly APIKeyRepository _apiKeyRepository;
         private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
         private readonly SignInManager<ApplicationUser> _signInManager;
         private readonly UserManager<ApplicationUser> _userManager;
 
-        public GreenFieldAuthenticationHandler(
+        public BasicAuthenticationHandler(
-            APIKeyRepository apiKeyRepository,
             IOptionsMonitor<IdentityOptions> identityOptions,
             IOptionsMonitor<GreenFieldAuthenticationOptions> options,
             ILoggerFactory logger,
@@ -32,49 +30,17 @@ namespace BTCPayServer.Security.GreenField
             SignInManager<ApplicationUser> signInManager,
             UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)
         {
-            _apiKeyRepository = apiKeyRepository;
             _identityOptions = identityOptions;
             _signInManager = signInManager;
             _userManager = userManager;
         }
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
-        {
-            var res = await HandleApiKeyAuthenticateResult();
-            if (res.None)
-            {
-                return await HandleBasicAuthenticateAsync();
-            }
-
-            return res;
-        }
-
-        private async Task<AuthenticateResult> HandleApiKeyAuthenticateResult()
-        {
-            if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) || string.IsNullOrEmpty(apiKey))
-                return AuthenticateResult.NoResult();
-
-            var key = await _apiKeyRepository.GetKey(apiKey);
-
-            if (key == null)
-            {
-                return AuthenticateResult.Fail("ApiKey authentication failed");
-            }
-
-            List<Claim> claims = new List<Claim>();
-            claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));
-            claims.AddRange(Permission.ToPermissions(key.Permissions).Select(permission =>
-                new Claim(GreenFieldConstants.ClaimTypes.Permission, permission.ToString())));
-            return AuthenticateResult.Success(new AuthenticationTicket(
-                new ClaimsPrincipal(new ClaimsIdentity(claims, GreenFieldConstants.AuthenticationType)),
-                GreenFieldConstants.AuthenticationType));
-        }
-
-        private async Task<AuthenticateResult> HandleBasicAuthenticateAsync()
         {
             string authHeader = Context.Request.Headers["Authorization"];
 
-            if (authHeader == null || !authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase)) return AuthenticateResult.NoResult();
+            if (authHeader == null || !authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
+                return AuthenticateResult.NoResult();
             var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
             var decodedUsernamePassword =
                 Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
@@ -82,7 +48,8 @@ namespace BTCPayServer.Security.GreenField
             var password = decodedUsernamePassword[1];
 
             var result = await _signInManager.PasswordSignInAsync(username, password, true, true);
-            if (!result.Succeeded) return AuthenticateResult.Fail(result.ToString());
+            if (!result.Succeeded)
+                return AuthenticateResult.Fail(result.ToString());
 
             var user = await _userManager.FindByNameAsync(username);
             var claims = new List<Claim>()