Переделка метода добычи токена

a-postx · Sep 15, 2023 · aec1de1 · aec1de1
1 parent d01f70c
commit aec1de1
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 22 deletions.
diff --git a/src/Authentication/Auth0AuthenticationHandler.cs b/src/Authentication/Auth0AuthenticationHandler.cs
@@ -58,7 +58,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
         }
         else
         {
-            throw new InvalidOperationException();
+            throw new InvalidOperationException("Authentication scheme or headers are not found");
         }
 
         return Task.CompletedTask;
@@ -67,10 +67,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
     /// <inheritdoc/>
     public async Task<AuthenticateResult> AuthenticateAsync()
     {
-        if (!JwtTokenFound(out string? token))
-        {
-            return AuthenticateResult.Fail("Security token is not found");
-        }
+        string? token = GetJwtToken();
 
         if (token == null)
         {
@@ -221,32 +218,29 @@ public Task ForbidAsync(AuthenticationProperties? properties)
         return Task.CompletedTask;
     }
 
-    private bool JwtTokenFound(out string? token)
+    private string? GetJwtToken()
     {
         if (_httpCtx.HttpContext == null)
         {
             throw new InvalidOperationException("Http context not found");
         }
 
-        bool tokenFound = false;
-        token = null;
+        string? token = null;
 
         if (_headers.Headers.TryGetValue(HeaderNames.Authorization, out StringValues authHeaders) && authHeaders.Any())
         {
             string tokenHeaderValue = authHeaders.ElementAt(0);
             token = tokenHeaderValue.StartsWith(_authOptions.AuthType + " ", StringComparison.OrdinalIgnoreCase)
                 ? tokenHeaderValue[7..] : tokenHeaderValue;
-            tokenFound = true;
         }
         //проблема безопасности
         //запросы на загрузку файлов идут через window.open, поэтому ключ посылается в параметрах
         else if (_httpCtx.HttpContext.Request.Query.TryGetValue("at", out StringValues accessToken))
         {
             token = accessToken.ToString();
-            tokenFound = true;
         }
 
-        return tokenFound;
+        return token;
     }
 
     private async Task<JwtSecurityToken?> ValidateTokenAsync(string token, CancellationToken cancellationToken)

diff --git a/src/Authentication/KeyCloakAuthenticationHandler.cs b/src/Authentication/KeyCloakAuthenticationHandler.cs
@@ -56,7 +56,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
         }
         else
         {
-            throw new InvalidOperationException();
+            throw new InvalidOperationException("Authentication scheme or headers are not found");
         }
 
         return Task.CompletedTask;
@@ -65,10 +65,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
     /// <inheritdoc/>
     public async Task<AuthenticateResult> AuthenticateAsync()
     {
-        if (!TryGetJwtToken(out string? token))
-        {
-            return AuthenticateResult.Fail("Security token is not found");
-        }
+        string? token = GetJwtToken();
 
         if (token == null)
         {
@@ -191,32 +188,29 @@ public Task ForbidAsync(AuthenticationProperties? properties)
         return Task.CompletedTask;
     }
 
-    private bool TryGetJwtToken(out string? token)
+    private string? GetJwtToken()
     {
         if (_httpCtx.HttpContext == null)
         {
             throw new InvalidOperationException("Http context not found");
         }
 
-        bool tokenFound = false;
-        token = null;
+        string? token = null;
 
         if (_headers.Headers.TryGetValue(HeaderNames.Authorization, out StringValues authHeaders) && authHeaders.Any())
         {
             string tokenHeaderValue = authHeaders.ElementAt(0);
             token = tokenHeaderValue.StartsWith(_authOptions.AuthType + " ", StringComparison.OrdinalIgnoreCase)
                 ? tokenHeaderValue[7..] : tokenHeaderValue;
-            tokenFound = true;
         }
         //проблема безопасности
         //запросы на загрузку файлов идут через window.open, поэтому ключ посылается в параметрах
         else if (_httpCtx.HttpContext.Request.Query.TryGetValue("at", out StringValues accessToken))
         {
             token = accessToken.ToString();
-            tokenFound = true;
         }
 
-        return tokenFound;
+        return token;
     }
 
     private async Task<JwtSecurityToken?> ValidateTokenAsync(string token, CancellationToken cancellationToken)