Merge branch 'feature/Fix_Log_JWT' into develop
This commit is contained in:
@@ -25,6 +25,7 @@ namespace Step.Database.Controllers
|
||||
{
|
||||
return dbCtx
|
||||
.Sessions
|
||||
.Include("MachineUser")
|
||||
.Where(x => x.Token == token) // Find session by token
|
||||
.FirstOrDefault();
|
||||
}
|
||||
|
||||
@@ -109,6 +109,7 @@ namespace Step.Model
|
||||
public const string REGISTER_MACHINE_ID_KEY_NAME = "MachineUniqueId";
|
||||
|
||||
// Token fields Keys
|
||||
public const string AUTHENTICATION_TYPE = "Bearer";
|
||||
public const string MACHINE_ID_KEY = "machineId";
|
||||
|
||||
public const string ROLE_LEVEL_KEY = "roleLevel";
|
||||
|
||||
@@ -87,7 +87,7 @@ namespace Step.App_Start
|
||||
// Set authorization options
|
||||
app.UseOAuthAuthorizationServer(OAuthOptions);
|
||||
// Set bearer oAuth as authentication method
|
||||
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
|
||||
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions() { AuthenticationType = AUTHENTICATION_TYPE });
|
||||
}
|
||||
|
||||
public void SignalRConfig(IAppBuilder app)
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Web.Http;
|
||||
using System.Web.Http.Controllers;
|
||||
using Step.Database.Controllers;
|
||||
@@ -10,6 +9,10 @@ using static Step.Config.ServerConfig;
|
||||
using static Step.Model.Constants;
|
||||
using static Step.Listeners.SignalRStaticObjects;
|
||||
|
||||
using Microsoft.Owin.Security.OAuth;
|
||||
using System.Security.Claims;
|
||||
using Microsoft.Owin.Security;
|
||||
|
||||
namespace Step
|
||||
{
|
||||
class WebApiAuthorizeAttribute : AuthorizeAttribute
|
||||
@@ -18,38 +21,43 @@ namespace Step
|
||||
public ACTIONS Action;
|
||||
protected override bool IsAuthorized(HttpActionContext actionContext)
|
||||
{
|
||||
if (!base.IsAuthorized(actionContext))
|
||||
return false;
|
||||
|
||||
// Get claims from token
|
||||
ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
|
||||
// Get user id stored in the bearer token
|
||||
var userId = principal.Claims.Where(c => c.Type == USER_ID_KEY).FirstOrDefault();
|
||||
|
||||
// Get machine unique id stored in the bearer token
|
||||
var machineId = principal.Claims.Where(c => c.Type == MACHINE_ID_KEY).FirstOrDefault();
|
||||
|
||||
//User data not found -> not authorized
|
||||
if (userId == null || machineId == null)
|
||||
return false;
|
||||
|
||||
// Get token from headers
|
||||
string token = actionContext.Request.Headers.Authorization.ToString();
|
||||
|
||||
|
||||
token = token.Split(' ')[1];
|
||||
if (!base.IsAuthorized(actionContext))
|
||||
if (string.IsNullOrEmpty(token))
|
||||
return false;
|
||||
|
||||
// check authorization
|
||||
if (!CheckAuthorization(Convert.ToInt32(machineId.Value), Convert.ToInt32(userId.Value), FunctionAccess, token))
|
||||
if (!CheckAuthorization(FunctionAccess, token, out int machineId, out int userId))
|
||||
return false;
|
||||
|
||||
var claims = new ClaimsIdentity(AUTHENTICATION_TYPE);
|
||||
claims.AddClaim(new Claim(USER_ID_KEY, userId.ToString()));
|
||||
claims.AddClaim(new Claim(MACHINE_ID_KEY, machineId.ToString()));
|
||||
|
||||
|
||||
actionContext.RequestContext.Principal = new ClaimsPrincipal(claims);
|
||||
// Get claims from token
|
||||
//ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
|
||||
//// Get user id stored in the bearer token
|
||||
//var userId = principal.Claims.Where(c => c.Type == USER_ID_KEY).FirstOrDefault();
|
||||
|
||||
//// Get machine unique id stored in the bearer token
|
||||
//var machineId = principal.Claims.Where(c => c.Type == MACHINE_ID_KEY).FirstOrDefault();
|
||||
|
||||
////User data not found -> not authorized
|
||||
//if (userId == null || machineId == null)
|
||||
// return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private bool CheckAuthorization(int machineId, int userId, string functionName, string token)
|
||||
{
|
||||
// Check if the machine is the same where the user logged in
|
||||
if (machineId != MachineConfig.MachineId)
|
||||
return false;
|
||||
|
||||
private bool CheckAuthorization(string functionName, string token, out int machineId, out int userId)
|
||||
{
|
||||
machineId = userId = 0;
|
||||
using (SessionsController sessionsController = new SessionsController())
|
||||
{
|
||||
// Find user session on this machine
|
||||
@@ -57,6 +65,13 @@ namespace Step
|
||||
if (session == null)
|
||||
return false;
|
||||
|
||||
// Check if the machine is the same where the user logged in
|
||||
if (session.MachineUserId != MachineConfig.MachineId)
|
||||
return false;
|
||||
|
||||
machineId = session.MachineUserId;
|
||||
userId = session.MachineUser.UserId;
|
||||
|
||||
MachineUserModel machineUser = new MachineUserModel();
|
||||
using (MachinesUsersController machineUsersController = new MachinesUsersController())
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user