New: New Authhandler (coscine/issues#529)

src/ApiCommons.Tests/ApiCommons.Tests.csproj

@@ -38,8 +38,8 @@
     <Reference Include="Consul, Version=0.7.2.6, Culture=neutral, PublicKeyToken=20a6ad9a81df1d95, processorArchitecture=MSIL">
       <HintPath>..\packages\Consul.0.7.2.6\lib\net45\Consul.dll</HintPath>
     </Reference>
-    <Reference Include="Coscine.Logging, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e1ed402bc3f6525e, processorArchitecture=MSIL">
-      <HintPath>..\packages\Coscine.Logging.1.0.0\lib\net461\Coscine.Logging.dll</HintPath>
+    <Reference Include="Coscine.Logging, Version=1.0.1.0, Culture=neutral, PublicKeyToken=e1ed402bc3f6525e, processorArchitecture=MSIL">
+      <HintPath>..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Extensions.Logging.Abstractions, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Extensions.Logging.Abstractions.2.2.0\lib\netstandard2.0\Microsoft.Extensions.Logging.Abstractions.dll</HintPath>

src/ApiCommons.Tests/packages.config

 <?xml version="1.0" encoding="utf-8"?>
 <packages>
   <package id="Consul" version="0.7.2.6" targetFramework="net461" />
-  <package id="Coscine.Logging" version="1.0.0" targetFramework="net461" />
+  <package id="Coscine.Logging" version="1.0.1" targetFramework="net461" />
   <package id="Microsoft.Extensions.Logging.Abstractions" version="2.2.0" targetFramework="net461" />
   <package id="NLog" version="4.6.8" targetFramework="net461" />
   <package id="NLog.Config" version="4.6.8" targetFramework="net461" />

src/ApiCommons/AbstractStartup.cs

 using Coscine.ApiCommons.Middleware;
+using Coscine.ApiCommons.Utils;
+using Coscine.Configuration;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
+using Newtonsoft.Json;
+using System;
 
 namespace Coscine.ApiCommons
 {
     public abstract class AbstractStartup
     {
         private string _basePath;
+        private IConfiguration _configuration;
+        private JWTHandler _jWTHandler;
 
         public void SetBasePath(ApplicationInformation applicationInformation)
         {
             _basePath = $"/{applicationInformation.PathPrefix}";
+            _configuration = new ConsulConfiguration();
+            _jWTHandler = new JWTHandler(_configuration);
         }
 
         public virtual void ConfigureServicesExtension(IServiceCollection services)
@@ -24,6 +37,26 @@ namespace Coscine.ApiCommons
             ConfigureServicesExtension(services);
 
             services.AddMvc();
+
+
+            var key = _jWTHandler.GetSecurityKey();
+            services.AddAuthentication(x =>
+            {
+                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+            })
+            .AddJwtBearer(x =>
+            {
+                x.RequireHttpsMetadata = false;
+                x.SaveToken = true;
+                x.TokenValidationParameters = new TokenValidationParameters
+                {
+                    ValidateIssuerSigningKey = true,
+                    IssuerSigningKey = key,
+                    ValidateIssuer = false,
+                    ValidateAudience = false
+                };
+            });
         }
 
         public virtual void ConfigureExtension(IApplicationBuilder app, IHostingEnvironment env)
@@ -35,26 +68,28 @@ namespace Coscine.ApiCommons
         {
             ConfigureExtension(app, env);
 
-            app.UseForwardedHeaders();
+            app.UseDeveloperExceptionPage();
 
-            if (env.IsDevelopment())
-            {
-                app.UseDeveloperExceptionPage();
-            }
-            else
-            {
-                app.UseExceptionHandler("/Home/Error");
-            }
             app.UseMiddleware<LoggingMiddleware>();
-
             app.UseCors(builder => builder
             .AllowAnyOrigin()
             .AllowAnyMethod()
             .AllowAnyHeader()
             .AllowCredentials());
 
+            app.UseAuthentication();
+
             app.UsePathBase(_basePath);
             app.UseMvc();
+
+            app.UseStatusCodePages(async context =>
+            {
+                context.HttpContext.Response.ContentType = "text/plain";
+
+                await context.HttpContext.Response.WriteAsync(
+                    "Status code page, status code: " +
+                    context.HttpContext.Response.StatusCode);
+            });
         }
     }
 }

src/ApiCommons/ApiCommons.csproj

@@ -51,8 +51,8 @@
     <Reference Include="Coscine.Configuration, Version=1.4.0.0, Culture=neutral, PublicKeyToken=ce3d7a32d7dc1e5a, processorArchitecture=MSIL">
       <HintPath>..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll</HintPath>
     </Reference>
-    <Reference Include="Coscine.Database, Version=1.12.1.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
-      <HintPath>..\packages\Coscine.Database.1.12.1\lib\net461\Coscine.Database.dll</HintPath>
+    <Reference Include="Coscine.Database, Version=1.13.0.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
+      <HintPath>..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll</HintPath>
     </Reference>
     <Reference Include="Coscine.Logging, Version=1.0.1.0, Culture=neutral, PublicKeyToken=e1ed402bc3f6525e, processorArchitecture=MSIL">
       <HintPath>..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll</HintPath>
@@ -72,12 +72,18 @@
     <Reference Include="Microsoft.AspNetCore.Antiforgery, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNetCore.Antiforgery.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Antiforgery.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.AspNetCore.Authentication, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNetCore.Authentication.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.AspNetCore.Authentication.Abstractions, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNetCore.Authentication.Abstractions.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Abstractions.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.AspNetCore.Authentication.Core, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNetCore.Authentication.Core.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Core.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNetCore.Authentication.JwtBearer.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.JwtBearer.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.AspNetCore.Authorization, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNetCore.Authorization.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authorization.dll</HintPath>
     </Reference>
@@ -283,6 +289,12 @@
     <Reference Include="Microsoft.IdentityModel.Logging, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.Logging.5.5.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.5.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
     </Reference>

src/ApiCommons/Authenticator.cs

@@ -19,6 +19,7 @@ namespace Coscine.ApiCommons
             _configuration = configuration;
         }
 
+        [Obsolete("This method will soon be deprecated. Use GetUser instead.")]
         public bool ValidUser()
         {
             try
@@ -32,6 +33,41 @@ namespace Coscine.ApiCommons
             return true;
         }
 
+        public string GetUserId()
+        {
+            try
+            {
+                return _controller.HttpContext.User.FindFirst("UserID").Value;
+            } catch (NullReferenceException)
+            {
+                return null;
+            }
+        }
+
+        public User GetUser()
+        {
+            return GetUser(GetUserId());
+        }
+
+        public User GetUser(string userId)
+        {
+            if(string.IsNullOrWhiteSpace(userId))
+            {
+                return null;
+            }
+
+            var userModel = new UserPlainModel(_configuration);
+            try
+            {
+                return userModel.GetById(Guid.Parse(userId));
+            }
+            catch (Exception)
+            {
+                return null;
+            }
+        }
+
+        [Obsolete("This method will soon be deprecated. Use GetUser instead.")]
         public User GetUserFromToken()
         {
             var authorization = _controller.Request.Headers["Authorization"].ToArray();
@@ -60,21 +96,16 @@ namespace Coscine.ApiCommons
             }
         }
 
+        [Obsolete("This method will soon be deprecated. Use GetUser instead.")]
         public void ValidateAndExecute(Action<User> action)
         {
             action.Invoke(GetUserFromToken());
         }
 
+        [Obsolete("This method will soon be deprecated. Use GetUser instead.")]
         public T ValidateAndExecute<T>(Func<User, T> func)
         {
             return func.Invoke(GetUserFromToken());
         }
-
-        // Todo: Add roles as parameter
-        public bool HasRequiredRights()
-        {
-            return true;
-        }
-
     }
 }

src/ApiCommons/Middleware/LoggingMiddleware.cs

@@ -38,11 +38,14 @@ namespace Coscine.ApiCommons.Middleware
                 using (MemoryStream responseBodyStream = new MemoryStream())
                 {
                     Stream originalRequestBody = context.Request.Body;
-                    context.Request.EnableRewind();
                     Stream originalResponseBody = context.Response.Body;
 
                     var debugLevelIsActive = CoscineLogger.LogLevelIsActivated(LogType.Debug);
 
+                    if (debugLevelIsActive)
+                    {
+                        context.Request.EnableRewind();
+                    }
                     try
                     {
                         /*******************************************

src/ApiCommons/Properties/AssemblyInfo.cs

@@ -13,4 +13,3 @@ using System.Reflection;
 [assembly: AssemblyFileVersion("1.3.1.0")]
 [assembly: AssemblyInformationalVersion("1.3.1.0")]
 [assembly: AssemblyCopyright("2020 IT Center, RWTH Aachen University")]
-

src/ApiCommons/Utils/JWTHandler.cs

@@ -22,7 +22,7 @@ namespace Coscine.ApiCommons.Utils
             _jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
         }
 
-        private SymmetricSecurityKey GetSecurityKey()
+        public SymmetricSecurityKey GetSecurityKey()
         {
             string secretKey = _configuration.GetStringAndWait("coscine/global/jwtsecret");
 

src/ApiCommons/app.config

@@ -94,7 +94,18 @@
         <assemblyIdentity name="Microsoft.AspNetCore.Routing.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-2.2.0.0" newVersion="2.2.0.0" />
       </dependentAssembly>
-    </assemblyBinding>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.5.0.0" newVersion="5.5.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.5.0.0" newVersion="5.5.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.5.0.0" newVersion="5.5.0.0" />
+      </dependentAssembly>    </assemblyBinding>
   </runtime>
   <entityFramework>
     <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">

src/ApiCommons/packages.config

@@ -2,7 +2,7 @@
 <packages>
   <package id="Consul" version="0.7.2.6" targetFramework="net472" />
   <package id="Coscine.Configuration" version="1.4.0" targetFramework="net472" />
-  <package id="Coscine.Database" version="1.12.1" targetFramework="net461" />
+  <package id="Coscine.Database" version="1.13.0" targetFramework="net461" />
   <package id="Coscine.Logging" version="1.0.1" targetFramework="net461" />
   <package id="EntityFramework" version="6.2.0" targetFramework="net472" />
   <package id="linq2db" version="2.6.4" targetFramework="net472" />
@@ -10,8 +10,10 @@
   <package id="linq2db.t4models" version="2.6.4" targetFramework="net472" />
   <package id="LinqKit" version="1.1.16" targetFramework="net472" />
   <package id="Microsoft.AspNetCore.Antiforgery" version="2.2.0" targetFramework="net472" />
+  <package id="Microsoft.AspNetCore.Authentication" version="2.2.0" targetFramework="net461" />
   <package id="Microsoft.AspNetCore.Authentication.Abstractions" version="2.2.0" targetFramework="net472" />
   <package id="Microsoft.AspNetCore.Authentication.Core" version="2.2.0" targetFramework="net472" />
+  <package id="Microsoft.AspNetCore.Authentication.JwtBearer" version="2.2.0" targetFramework="net461" />
   <package id="Microsoft.AspNetCore.Authorization" version="2.2.0" targetFramework="net472" />
   <package id="Microsoft.AspNetCore.Authorization.Policy" version="2.2.0" targetFramework="net472" />
   <package id="Microsoft.AspNetCore.Connections.Abstractions" version="2.2.0" targetFramework="net472" />
@@ -91,6 +93,8 @@
   <package id="Microsoft.Extensions.WebEncoders" version="2.2.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.JsonWebTokens" version="5.5.0" targetFramework="net472" />
   <package id="Microsoft.IdentityModel.Logging" version="5.5.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols" version="5.3.0" targetFramework="net461" />
+  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net461" />
   <package id="Microsoft.IdentityModel.Tokens" version="5.5.0" targetFramework="net472" />
   <package id="Microsoft.Net.Http.Headers" version="2.2.0" targetFramework="net472" />
   <package id="Microsoft.Win32.Registry" version="4.5.0" targetFramework="net472" />