jwt working without policy

Author: AJEETX

src/Api/Endpoints/Common/UsersController.cs

@@ -1,42 +1,30 @@
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Xero.Demo.Api.Xero.Demo.Domain.Models;
+using Microsoft.AspNetCore.Mvc;
+using Xero.Demo.Api.Domain;
+using Xero.Demo.Api.Domain.Extension;
+using Xero.Demo.Api.Xero.Demo.Domain.Services;
+using static Xero.Demo.Api.Domain.Models.CONSTANTS;
 
 namespace Xero.Demo.Api.Endpoints.Common
 {
-    [Route("api/[controller]")]
-    [ApiController]
-    public class UsersController : ControllerBase
+    [ApiVersion(ApiVersionNumbers.V1)]
+    [ApiVersion(ApiVersionNumbers.V2)]
+    public class UsersController : BaseApiController
     {
-        private readonly IUserService _user;
+        private readonly IUserService _userService;
 
-        public UsersController(IUserService user)
+        public UsersController(IUserService userService)
         {
-            this._user = user;
+            this._userService = userService;
         }
 
         [HttpPost("authenticate")]
-        public IActionResult Authenticate(AuthenticateRequest model)
+        public IActionResult Authenticate(string culture = "en-US")
         {
-            var response = _user.Authenticate(model);
+            var response = _userService.Authenticate();
 
-            if (response == null)
-                return BadRequest(new { message = "Username or password is incorrect" });
+            if (response == null) return BadRequest(ModelState.GetErrorMessages());
 
             return Ok(response);
         }
-
-        [Authorize]
-        [HttpGet]
-        public IActionResult GetAll()
-        {
-            var users = _user.GetAll();
-            return Ok(users);
-        }
     }
 }

src/Api/Endpoints/V1/Products/Create.cs

@@ -7,6 +7,7 @@
 using Xero.Demo.Api.Domain;
 using Xero.Demo.Api.Domain.Extension;
 using Xero.Demo.Api.Domain.Models;
+using Xero.Demo.Api.Xero.Demo.Domain.Models;
 using static Xero.Demo.Api.Domain.Models.CONSTANTS;
 
 namespace Xero.Demo.Api.Endpoints.V1.Products
@@ -26,7 +27,7 @@ public ProductsController(Database db)
         /// <param name="product">Enter the product</param>
         /// <param name="culture">Enter the culture</param>
         /// <returns></returns>
-        [Authorize("ShouldContainRole")]
+        [Authorize]
         [FeatureGate(Features.PRODUCT)]
         [ApiVersion(ApiVersionNumbers.V1)]
         [HttpPost("", Name = RouteNames.PostAsync)]

src/Api/Product.db

@@ -22,7 +22,7 @@
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "https://localhost:5001;http://localhost:5000"
+      "applicationUrl": "http://localhost:5000"
     }
   }
 }

src/Api/Properties/launchSettings.json

@@ -8,18 +8,18 @@ namespace Xero.Demo.Api.Xero.Demo.Domain.Models
     public class AuthenticateResponse
     {
         public int Id { get; set; }
-        public string FirstName { get; set; }
-        public string LastName { get; set; }
+        public string Name { get; set; }
         public string Username { get; set; }
         public string Token { get; set; }
+        public string Role { get; set; }
 
-        public AuthenticateResponse(User user, string token)
+        public AuthenticateResponse(User user, string token, string role)
         {
             Id = user.Id;
-            FirstName = user.FirstName;
-            LastName = user.LastName;
+            Name = user.Name;
             Username = user.Username;
             Token = token;
+            Role = role;
         }
     }
 }

src/Api/Xero.Demo.Domain/Models/AuthenticateResponse.cs

@@ -5,8 +5,10 @@
 
 namespace Xero.Demo.Api.Xero.Demo.Domain.Models
 {
-    public class AppSettings
+    public class JwtSettings
     {
-        public string Secret { get; set; }
+        public string SecretKey { get; set; }
+        public string Issuer { get; set; }
+        public string Audience { get; set; }
     }
 }

…i/Xero.Demo.Domain/Models/AppSettings.cs …i/Xero.Demo.Domain/Models/JwtSettings.cssrc/Api/Xero.Demo.Domain/Models/AppSettings.cs renamed to src/Api/Xero.Demo.Domain/Models/JwtSettings.cs src/Api/Xero.Demo.Domain/Models/AppSettings.cs renamed to src/Api/Xero.Demo.Domain/Models/JwtSettings.cs

@@ -1,80 +1,21 @@
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
-using System;
-using System.Collections.Generic;
-using System.IdentityModel.Tokens.Jwt;
-using System.Linq;
-using System.Security.Claims;
-using System.Text;
+using System.Collections.Generic;
+using static Xero.Demo.Api.Domain.Models.CONSTANTS;
 
 namespace Xero.Demo.Api.Xero.Demo.Domain.Models
 {
     public class User
     {
-        public string FirstName { get; set; }
         public int Id { get; set; }
-        public string LastName { get; set; }
+        public string Name { get; set; }
         public string Password { get; set; }
         public string Username { get; set; }
-    }
-
-    public interface IUserService
-    {
-        AuthenticateResponse Authenticate(AuthenticateRequest model);
-
-        IEnumerable<User> GetAll();
-
-        User GetById(int id);
-    }
+        public string Role { get; set; }
 
-    public class UserService : IUserService
-    {
-        private List<User> _users = new List<User>
+        public static List<User> Users = new List<User>
         {
-            new User {Id= 1,FirstName= "FirstName",LastName ="LastName", Username="string", Password="string" }
+            new User {Id= 1,Name= "Xero", Username="Admin", Password="Password",Role=Roles.Admin },
+            new User {Id= 2,Name= "Azy", Username="Editor", Password="Password",Role=Roles.Editor},
+            new User {Id= 2,Name= "Azy", Username="Reader", Password="Password",Role=Roles.Reader}
         };
-
-        private readonly AppSettings _appSettings;
-
-        public UserService(IOptions<AppSettings> appSettings)
-        {
-            _appSettings = appSettings.Value;
-        }
-
-        public AuthenticateResponse Authenticate(AuthenticateRequest model)
-        {
-            var user = _users.SingleOrDefault(x => x.Username == model.Username && x.Password == model.Password);
-
-            if (user == null) return null;
-
-            var token = generateJwtToken(user);
-
-            return new AuthenticateResponse(user, token);
-        }
-
-        public IEnumerable<User> GetAll()
-        {
-            return _users;
-        }
-
-        public User GetById(int id)
-        {
-            return _users.FirstOrDefault(x => x.Id == id);
-        }
-
-        private string generateJwtToken(User user)
-        {
-            // generate token that is valid for 7 days
-            var tokenHandler = new JwtSecurityTokenHandler();
-            var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
-            var tokenDescriptor = new SecurityTokenDescriptor
-            {
-                Subject = new ClaimsIdentity(new[] { new Claim("id", user.Id.ToString()), new Claim(ClaimTypes.Role, "Admin") }),
-                Expires = DateTime.UtcNow.AddDays(7),
-                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
-            };
-            var token = tokenHandler.CreateToken(tokenDescriptor);
-            return tokenHandler.WriteToken(token);
-        }
     }
 }

src/Api/Xero.Demo.Domain/Models/User.cs

@@ -0,0 +1,59 @@
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using System;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
+using System.Text;
+using Xero.Demo.Api.Xero.Demo.Domain.Models;
+
+namespace Xero.Demo.Api.Xero.Demo.Domain.Services
+{
+    public interface IUserService
+    {
+        AuthenticateResponse Authenticate();
+
+        User GetById(int userId);
+    }
+
+    public class UserService : IUserService
+    {
+        private readonly JwtSettings _jwtSettings;
+
+        public UserService(IOptions<JwtSettings> jwtSettings)
+        {
+            _jwtSettings = jwtSettings.Value;
+        }
+
+        public AuthenticateResponse Authenticate()
+        {
+            var user = User.Users.First();
+
+            return new AuthenticateResponse(user, GenerateJWTToken(user), user.Role);
+        }
+
+        public User GetById(int userId)
+        {
+            return User.Users.FirstOrDefault(u => u.Id == userId);
+        }
+
+        private string GenerateJWTToken(User userInfo)
+        {
+            var token = new JwtSecurityToken(
+                issuer: _jwtSettings.Issuer,
+                audience: _jwtSettings.Audience,
+                claims: new[]
+                        {
+                            new Claim("id", userInfo.Id.ToString()),
+                            new Claim(JwtRegisteredClaimNames.Sub, userInfo.Username),
+                            new Claim("Name", userInfo.Name+userInfo.Name.ToString()),
+                            new Claim("Role",userInfo.Role),
+                            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
+                        },
+                expires: DateTime.Now.AddMinutes(10),
+                signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwtSettings.SecretKey)), SecurityAlgorithms.HmacSha256)
+            );
+            return new JwtSecurityTokenHandler().WriteToken(token);
+        }
+    }
+}

src/Api/Xero.Demo.Domain/Services/UserService.cs

@@ -10,83 +10,42 @@
 using System.Text;
 using Xero.Demo.Api.Domain.Security;
 using Xero.Demo.Api.Xero.Demo.Domain.Models;
+using Xero.Demo.Api.Xero.Demo.Domain.Services;
+using static Xero.Demo.Api.Domain.Models.CONSTANTS;
 
 namespace Xero.Demo.Api.Domain.Infrastructure
 {
     public static partial class AddAuthorizationExtension
     {
-        public static IServiceCollection AddRolesAndPolicyAuthorization(this IServiceCollection services)
+        public static IServiceCollection AddSecurity(this IServiceCollection services)
         {
-            services.AddScoped<IUserService, UserService>();
-            services.AddAuthorization(
-                config =>
-                {
-                    config.AddPolicy("ShouldBeAnAdmin", options =>
-                    {
-                        options.RequireAuthenticatedUser();
-                        options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
-                        options.Requirements.Add(new ShouldBeAnAdminRequirement());
-                    });
-
-                    config.AddPolicy("ShouldBeAnEditor", options =>
-                    {
-                        options.RequireClaim(ClaimTypes.Role);
-                        options.RequireRole("Reader");
-                        options.RequireAuthenticatedUser();
-                        options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
-                        options.Requirements.Add(new ShouldBeAReaderRequirement());
-                    });
-
-                    config.AddPolicy("ShouldBeAReader", options =>
-                    {
-                        options.RequireClaim(ClaimTypes.Role);
-                        options.RequireRole("Reader");
-                        options.RequireAuthenticatedUser();
-                        options.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
-                        options.Requirements.Add(new ShouldBeAReaderRequirement());
-                    });
-
-                    config.AddPolicy("ShouldContainRole", options =>
-                        options.RequireClaim(ClaimTypes.Role));
-                });
-
             return services;
         }
 
         public static IServiceCollection AddJwtAuthentication(this IServiceCollection services, IConfiguration configuration)
         {
-            services.AddAuthentication(x =>
-            {
-                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-            })
-                        .AddJwtBearer(x =>
+            services.AddScoped<IUserService, UserService>();
+
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                        .AddJwtBearer(options =>
                         {
-                            x.RequireHttpsMetadata = false;
-                            x.SaveToken = true;
-                            x.TokenValidationParameters = new TokenValidationParameters
+                            options.RequireHttpsMetadata = false;
+                            options.SaveToken = true;
+                            options.TokenValidationParameters = new TokenValidationParameters
                             {
+                                ValidateIssuer = true,
+                                ValidateAudience = true,
+                                ValidateLifetime = true,
                                 ValidateIssuerSigningKey = true,
-                                IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("hdftasdvjrlvfvfjyvwevfcmdfkjsdnhvzfmbnsdfvm")),
-                                ValidateIssuer = false,
-                                ValidateAudience = false
+                                ValidIssuer = configuration["Jwt:Issuer"],
+                                ValidAudience = configuration["Jwt:Audience"],
+                                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:SecretKey"])),
+                                ClockSkew = TimeSpan.Zero
                             };
                         });
-            return services;
-        }
-    }
 
-    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
-    public class AuthorizeAttribute : Attribute, IAuthorizationFilter
-    {
-        public void OnAuthorization(AuthorizationFilterContext context)
-        {
-            var user = (User)context.HttpContext.Items["User"];
-            if (user == null)
-            {
-                // not logged in
-                context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
-            }
+            services.AddAuthorization();
+            return services;
         }
     }
 }