simona/dotnet-template
Template
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed JwtAuthorizationAttribute + tests

Browse Source
This commit is contained in:
Caterina Simona Pastore
2025-03-15 17:31:13 +01:00
parent 962de4df9e
commit bd175da738
6 changed files with 208 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
MainProject/Controllers/UserController.cs
View File

@@ -20,6 +20,7 @@ namespace BasicDotnetTemplate.MainProject.Controllers
this._userService = userService;
}
[JwtAuthorization()]
[HttpGet("get/{guid}")]
[ProducesResponseType<GetUserResponse>(StatusCodes.Status200OK)]
[ProducesResponseType<BaseResponse<object>>(StatusCodes.Status404NotFound)]

48
MainProject/Core/Attributes/JwtAuthorizationAttribute .cs
View File

@@ -11,6 +11,8 @@ using Microsoft.AspNetCore.Authorization;
using BasicDotnetTemplate.MainProject.Models.Settings;
using BasicDotnetTemplate.MainProject.Services;
using DatabaseSqlServer = BasicDotnetTemplate.MainProject.Models.Database.SqlServer;
using BasicDotnetTemplate.MainProject.Utils;
using BasicDotnetTemplate.MainProject.Models.Api.Common.User;
namespace BasicDotnetTemplate.MainProject.Core.Attributes
@@ -18,13 +20,9 @@ namespace BasicDotnetTemplate.MainProject.Core.Attributes
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class JwtAuthorizationAttribute : Attribute, IAuthorizationFilter
{
private readonly IJwtService _jwtService;
public JwtAuthorizationAttribute(
IJwtService jwtService
)
{
_jwtService = jwtService;
}
public static void Unauthorized(AuthorizationFilterContext context)
@@ -34,30 +32,54 @@ namespace BasicDotnetTemplate.MainProject.Core.Attributes
public void OnAuthorization(AuthorizationFilterContext context)
{
DatabaseSqlServer.User? user = null;
// If [AllowAnonymous], skip
if (context.ActionDescriptor.EndpointMetadata.Any(em => em is AllowAnonymousAttribute))
{
return;
}
string? userGuidFromToken = null;
var configuration = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
var appSettings = new AppSettings();
configuration.GetSection("AppSettings").Bind(appSettings);
string? headerAuthorization = context.HttpContext.Request.Headers.Authorization.FirstOrDefault();
if(!String.IsNullOrEmpty(headerAuthorization))
AuthenticatedUser? userContext = context.HttpContext.Items["User"] != null ? (AuthenticatedUser?)context.HttpContext.Items["User"] : null;
if (userContext == null)
{
user = _jwtService.ValidateToken(headerAuthorization!);
if(user == null)
Unauthorized(context);
}
else
{
if (!String.IsNullOrEmpty(headerAuthorization))
{
userGuidFromToken = JwtAuthorizationAttribute.ValidateToken(headerAuthorization!, appSettings);
if (String.IsNullOrEmpty(userGuidFromToken))
{
Unauthorized(context);
}
else
{
if (userContext!.Guid != userGuidFromToken)
{
Unauthorized(context);
}
}
}
else
{
Unauthorized(context);
}
}
else
{
Unauthorized(context);
}
}
private static string? ValidateToken(string headerAuthorization, AppSettings appSettings)
{
JwtTokenUtils _jwtTokenUtils = new(appSettings);
return _jwtTokenUtils.ValidateToken(headerAuthorization);
}
}
}

13
MainProject/Services/JwtService.cs
View File

@@ -14,7 +14,6 @@ namespace BasicDotnetTemplate.MainProject.Services;
public interface IJwtService
{
string GenerateToken(string guid);
DatabaseSqlServer.User? ValidateToken(string headerAuthorization);
}
public class JwtService : BaseService, IJwtService
@@ -38,17 +37,7 @@ public class JwtService : BaseService, IJwtService
return _jwtTokenUtils.GenerateToken(guid);
}
public DatabaseSqlServer.User? ValidateToken(string headerAuthorization)
{
DatabaseSqlServer.User? user = null;
string? guid = _jwtTokenUtils.ValidateToken(headerAuthorization);
if(!String.IsNullOrEmpty(guid))
{
var userTask = Task.Run(() => this._userService.GetUserByGuidAsync(guid));
user = userTask.Result;
}
return user;
}
}