From aec1de1cb460b7febf9d589d647f8fb839e6450b Mon Sep 17 00:00:00 2001 From: a-postx Date: Fri, 15 Sep 2023 16:59:27 -0700 Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=B5=D1=80=D0=B5=D0=B4=D0=B5=D0=BB?= =?UTF-8?q?=D0=BA=D0=B0=20=D0=BC=D0=B5=D1=82=D0=BE=D0=B4=D0=B0=20=D0=B4?= =?UTF-8?q?=D0=BE=D0=B1=D1=8B=D1=87=D0=B8=20=D1=82=D0=BE=D0=BA=D0=B5=D0=BD?= =?UTF-8?q?=D0=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Authentication/Auth0AuthenticationHandler.cs | 16 +++++----------- .../KeyCloakAuthenticationHandler.cs | 16 +++++----------- 2 files changed, 10 insertions(+), 22 deletions(-) diff --git a/src/Authentication/Auth0AuthenticationHandler.cs b/src/Authentication/Auth0AuthenticationHandler.cs index bcfb945..a772182 100644 --- a/src/Authentication/Auth0AuthenticationHandler.cs +++ b/src/Authentication/Auth0AuthenticationHandler.cs @@ -58,7 +58,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context) } else { - throw new InvalidOperationException(); + throw new InvalidOperationException("Authentication scheme or headers are not found"); } return Task.CompletedTask; @@ -67,10 +67,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context) /// public async Task AuthenticateAsync() { - if (!JwtTokenFound(out string? token)) - { - return AuthenticateResult.Fail("Security token is not found"); - } + string? token = GetJwtToken(); if (token == null) { @@ -221,32 +218,29 @@ public Task ForbidAsync(AuthenticationProperties? properties) return Task.CompletedTask; } - private bool JwtTokenFound(out string? token) + private string? GetJwtToken() { if (_httpCtx.HttpContext == null) { throw new InvalidOperationException("Http context not found"); } - bool tokenFound = false; - token = null; + string? token = null; if (_headers.Headers.TryGetValue(HeaderNames.Authorization, out StringValues authHeaders) && authHeaders.Any()) { string tokenHeaderValue = authHeaders.ElementAt(0); token = tokenHeaderValue.StartsWith(_authOptions.AuthType + " ", StringComparison.OrdinalIgnoreCase) ? tokenHeaderValue[7..] : tokenHeaderValue; - tokenFound = true; } //проблема безопасности //запросы на загрузку файлов идут через window.open, поэтому ключ посылается в параметрах else if (_httpCtx.HttpContext.Request.Query.TryGetValue("at", out StringValues accessToken)) { token = accessToken.ToString(); - tokenFound = true; } - return tokenFound; + return token; } private async Task ValidateTokenAsync(string token, CancellationToken cancellationToken) diff --git a/src/Authentication/KeyCloakAuthenticationHandler.cs b/src/Authentication/KeyCloakAuthenticationHandler.cs index e534262..13c4478 100644 --- a/src/Authentication/KeyCloakAuthenticationHandler.cs +++ b/src/Authentication/KeyCloakAuthenticationHandler.cs @@ -56,7 +56,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context) } else { - throw new InvalidOperationException(); + throw new InvalidOperationException("Authentication scheme or headers are not found"); } return Task.CompletedTask; @@ -65,10 +65,7 @@ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context) /// public async Task AuthenticateAsync() { - if (!TryGetJwtToken(out string? token)) - { - return AuthenticateResult.Fail("Security token is not found"); - } + string? token = GetJwtToken(); if (token == null) { @@ -191,32 +188,29 @@ public Task ForbidAsync(AuthenticationProperties? properties) return Task.CompletedTask; } - private bool TryGetJwtToken(out string? token) + private string? GetJwtToken() { if (_httpCtx.HttpContext == null) { throw new InvalidOperationException("Http context not found"); } - bool tokenFound = false; - token = null; + string? token = null; if (_headers.Headers.TryGetValue(HeaderNames.Authorization, out StringValues authHeaders) && authHeaders.Any()) { string tokenHeaderValue = authHeaders.ElementAt(0); token = tokenHeaderValue.StartsWith(_authOptions.AuthType + " ", StringComparison.OrdinalIgnoreCase) ? tokenHeaderValue[7..] : tokenHeaderValue; - tokenFound = true; } //проблема безопасности //запросы на загрузку файлов идут через window.open, поэтому ключ посылается в параметрах else if (_httpCtx.HttpContext.Request.Query.TryGetValue("at", out StringValues accessToken)) { token = accessToken.ToString(); - tokenFound = true; } - return tokenFound; + return token; } private async Task ValidateTokenAsync(string token, CancellationToken cancellationToken)