Skip to content
Snippets Groups Projects
Commit 4032591c authored by Marcel Nellesen's avatar Marcel Nellesen
Browse files

Fix: Changed Statuscode on invalid authorization

parent 3daf071a
Branches
No related tags found
1 merge request!65Sprint/2021 08
Hide whitespace changes
Inline Side-by-side
src/ApiCommons/Middleware/LoggingMiddleware.cs
+ 37
17
View file @ 4032591c
using Coscine.Configuration; using Coscine.Configuration;
using Coscine.JwtHandler; using Coscine.JwtHandler;
using Coscine.Logging; using Coscine.Logging;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
...@@ -23,6 +23,7 @@ namespace Coscine.ApiCommons.Middleware ...@@ -23,6 +23,7 @@ namespace Coscine.ApiCommons.Middleware
public async Task Invoke(HttpContext context) public async Task Invoke(HttpContext context)
{ {
bool _authorized = false;
if (context.Request.Path.Value.Contains("TOS")) if (context.Request.Path.Value.Contains("TOS"))
{ {
await _next(context); await _next(context);
...@@ -61,25 +62,33 @@ namespace Coscine.ApiCommons.Middleware ...@@ -61,25 +62,33 @@ namespace Coscine.ApiCommons.Middleware
CoscineLoggerMetadata.SetUri(_uri); CoscineLoggerMetadata.SetUri(_uri);
// Get the User Id // Get the User Id
var authorization = context.Request.Headers["Authorization"].ToArray(); try
string bearer = null;
foreach (var line in authorization)
{ {
if (line.Contains("Bearer")) var authorization = context.Request.Headers["Authorization"].ToArray();
string bearer = null;
foreach (var line in authorization)
{ {
bearer = line; if (line.Contains("Bearer"))
{
bearer = line;
}
} }
} if (!string.IsNullOrWhiteSpace(bearer))
if (!string.IsNullOrWhiteSpace(bearer))
{
bearer = bearer.Replace("Bearer", "").Trim();
JWTHandler jwtHandler = new JWTHandler(new ConsulConfiguration());
var claims = jwtHandler.GetContents(bearer);
var userId = Authenticator.GetUserId(claims);
if (userId != null)
{ {
CoscineLoggerMetadata.SetUserId(userId); bearer = bearer.Replace("Bearer", "").Trim();
JWTHandler jwtHandler = new JWTHandler(new ConsulConfiguration());
var claims = jwtHandler.GetContents(bearer);
var userId = Authenticator.GetUserId(claims);
if (userId != null)
{
CoscineLoggerMetadata.SetUserId(userId);
}
} }
_authorized = true;
}
catch (Exception ex)
{
_authorized = false;
} }
// Get the corrolation Id // Get the corrolation Id
...@@ -180,8 +189,19 @@ namespace Coscine.ApiCommons.Middleware ...@@ -180,8 +189,19 @@ namespace Coscine.ApiCommons.Middleware
if (!context.Response.HasStarted) if (!context.Response.HasStarted)
{ {
context.Response.StatusCode = StatusCodes.Status500InternalServerError; byte[] data;
byte[] data = System.Text.Encoding.UTF8.GetBytes("Unhandled Error occured. Please, try again in a while.");
if (!_authorized)
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
data = System.Text.Encoding.UTF8.GetBytes("Invalid authentication. Please try again.");
}
else
{
context.Response.StatusCode = StatusCodes.Status500InternalServerError;
data = System.Text.Encoding.UTF8.GetBytes("Unhandled Error occured. Please, try again in a while.");
}
context.Response.ContentLength = data.Length; context.Response.ContentLength = data.Length;
originalResponseBody.Write(data, 0, data.Length); originalResponseBody.Write(data, 0, data.Length);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment