Merge branch 'feature/Fix_Log_JWT' into develop

This commit is contained in:
Lucio Maranta
2019-04-17 14:06:48 +02:00
4 changed files with 41 additions and 24 deletions
@@ -25,6 +25,7 @@ namespace Step.Database.Controllers
{
return dbCtx
.Sessions
.Include("MachineUser")
.Where(x => x.Token == token) // Find session by token
.FirstOrDefault();
}
+1
View File
@@ -109,6 +109,7 @@ namespace Step.Model
public const string REGISTER_MACHINE_ID_KEY_NAME = "MachineUniqueId";
// Token fields Keys
public const string AUTHENTICATION_TYPE = "Bearer";
public const string MACHINE_ID_KEY = "machineId";
public const string ROLE_LEVEL_KEY = "roleLevel";
+1 -1
View File
@@ -87,7 +87,7 @@ namespace Step.App_Start
// Set authorization options
app.UseOAuthAuthorizationServer(OAuthOptions);
// Set bearer oAuth as authentication method
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions() { AuthenticationType = AUTHENTICATION_TYPE });
}
public void SignalRConfig(IAppBuilder app)
+38 -23
View File
@@ -1,6 +1,5 @@
using System;
using System.Linq;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Http.Controllers;
using Step.Database.Controllers;
@@ -10,6 +9,10 @@ using static Step.Config.ServerConfig;
using static Step.Model.Constants;
using static Step.Listeners.SignalRStaticObjects;
using Microsoft.Owin.Security.OAuth;
using System.Security.Claims;
using Microsoft.Owin.Security;
namespace Step
{
class WebApiAuthorizeAttribute : AuthorizeAttribute
@@ -18,38 +21,43 @@ namespace Step
public ACTIONS Action;
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (!base.IsAuthorized(actionContext))
return false;
// Get claims from token
ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
// Get user id stored in the bearer token
var userId = principal.Claims.Where(c => c.Type == USER_ID_KEY).FirstOrDefault();
// Get machine unique id stored in the bearer token
var machineId = principal.Claims.Where(c => c.Type == MACHINE_ID_KEY).FirstOrDefault();
//User data not found -> not authorized
if (userId == null || machineId == null)
return false;
// Get token from headers
string token = actionContext.Request.Headers.Authorization.ToString();
token = token.Split(' ')[1];
if (!base.IsAuthorized(actionContext))
if (string.IsNullOrEmpty(token))
return false;
// check authorization
if (!CheckAuthorization(Convert.ToInt32(machineId.Value), Convert.ToInt32(userId.Value), FunctionAccess, token))
if (!CheckAuthorization(FunctionAccess, token, out int machineId, out int userId))
return false;
var claims = new ClaimsIdentity(AUTHENTICATION_TYPE);
claims.AddClaim(new Claim(USER_ID_KEY, userId.ToString()));
claims.AddClaim(new Claim(MACHINE_ID_KEY, machineId.ToString()));
actionContext.RequestContext.Principal = new ClaimsPrincipal(claims);
// Get claims from token
//ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
//// Get user id stored in the bearer token
//var userId = principal.Claims.Where(c => c.Type == USER_ID_KEY).FirstOrDefault();
//// Get machine unique id stored in the bearer token
//var machineId = principal.Claims.Where(c => c.Type == MACHINE_ID_KEY).FirstOrDefault();
////User data not found -> not authorized
//if (userId == null || machineId == null)
// return false;
return true;
}
private bool CheckAuthorization(int machineId, int userId, string functionName, string token)
{
// Check if the machine is the same where the user logged in
if (machineId != MachineConfig.MachineId)
return false;
private bool CheckAuthorization(string functionName, string token, out int machineId, out int userId)
{
machineId = userId = 0;
using (SessionsController sessionsController = new SessionsController())
{
// Find user session on this machine
@@ -57,6 +65,13 @@ namespace Step
if (session == null)
return false;
// Check if the machine is the same where the user logged in
if (session.MachineUserId != MachineConfig.MachineId)
return false;
machineId = session.MachineUserId;
userId = session.MachineUser.UserId;
MachineUserModel machineUser = new MachineUserModel();
using (MachinesUsersController machineUsersController = new MachinesUsersController())
{