Fix claims.
Use OID instead of email for microsoft identifier. Fix PlayerCount route. Add created date to user table. Create spectator icon.
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||
using Shogi.Api.Extensions;
|
||||
using Microsoft.Identity.Web;
|
||||
using Shogi.Api.Models;
|
||||
using Shogi.Api.Repositories;
|
||||
using System.Security.Claims;
|
||||
@@ -13,76 +13,92 @@ namespace Shogi.Api;
|
||||
/// </summary>
|
||||
public class ShogiUserClaimsTransformer : IShogiUserClaimsTransformer
|
||||
{
|
||||
private readonly IUserRepository userRepository;
|
||||
private readonly IUserRepository userRepository;
|
||||
|
||||
public ShogiUserClaimsTransformer(IUserRepository userRepository)
|
||||
{
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
|
||||
{
|
||||
var newPrincipal = principal.IsMicrosoft()
|
||||
? await CreateClaimsFromMicrosoftPrincipal(principal)
|
||||
: await CreateClaimsFromGuestPrincipal(principal);
|
||||
|
||||
return newPrincipal;
|
||||
}
|
||||
|
||||
public async Task<ClaimsPrincipal> CreateClaimsFromGuestPrincipal(ClaimsPrincipal principal)
|
||||
{
|
||||
var id = principal.GetGuestUserId();
|
||||
if (string.IsNullOrWhiteSpace(id))
|
||||
public ShogiUserClaimsTransformer(IUserRepository userRepository)
|
||||
{
|
||||
var newUser = User.CreateGuestUser(Guid.NewGuid().ToString());
|
||||
await this.userRepository.CreateUser(newUser);
|
||||
return new ClaimsPrincipal(CreateClaimsIdentity(newUser));
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
var user = await this.userRepository.ReadUser(id);
|
||||
if (user == null) throw new UnauthorizedAccessException("Guest account does not exist.");
|
||||
return new ClaimsPrincipal(CreateClaimsIdentity(user));
|
||||
}
|
||||
|
||||
private async Task<ClaimsPrincipal> CreateClaimsFromMicrosoftPrincipal(ClaimsPrincipal principal)
|
||||
{
|
||||
var id = principal.GetMicrosoftUserId();
|
||||
if (string.IsNullOrWhiteSpace(id))
|
||||
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
|
||||
{
|
||||
throw new UnauthorizedAccessException("Found MSAL claims but no preferred_username.");
|
||||
var newPrincipal = IsMicrosoft(principal)
|
||||
? await CreateClaimsFromMicrosoftPrincipal(principal)
|
||||
: await CreateClaimsFromGuestPrincipal(principal);
|
||||
|
||||
return newPrincipal;
|
||||
}
|
||||
|
||||
var user = await this.userRepository.ReadUser(id);
|
||||
if (user == null)
|
||||
public async Task<ClaimsPrincipal> CreateClaimsFromGuestPrincipal(ClaimsPrincipal principal)
|
||||
{
|
||||
user = User.CreateMsalUser(id);
|
||||
await this.userRepository.CreateUser(user);
|
||||
var id = GetGuestUserId(principal);
|
||||
if (string.IsNullOrWhiteSpace(id))
|
||||
{
|
||||
var newUser = User.CreateGuestUser(Guid.NewGuid().ToString());
|
||||
await this.userRepository.CreateUser(newUser);
|
||||
return new ClaimsPrincipal(CreateClaimsIdentity(newUser));
|
||||
}
|
||||
|
||||
var user = await this.userRepository.ReadUser(id);
|
||||
if (user == null) throw new UnauthorizedAccessException("Guest account does not exist.");
|
||||
return new ClaimsPrincipal(CreateClaimsIdentity(user));
|
||||
}
|
||||
return new ClaimsPrincipal(CreateClaimsIdentity(user));
|
||||
|
||||
}
|
||||
private async Task<ClaimsPrincipal> CreateClaimsFromMicrosoftPrincipal(ClaimsPrincipal principal)
|
||||
{
|
||||
var id = GetMicrosoftUserId(principal);
|
||||
var displayname = principal.GetDisplayName();
|
||||
if (string.IsNullOrWhiteSpace(id) || string.IsNullOrWhiteSpace(displayname))
|
||||
{
|
||||
throw new UnauthorizedAccessException("Unknown claim set.");
|
||||
}
|
||||
|
||||
private static ClaimsIdentity CreateClaimsIdentity(User user)
|
||||
{
|
||||
var claims = new List<Claim>(4)
|
||||
var user = await this.userRepository.ReadUser(id);
|
||||
if (user == null)
|
||||
{
|
||||
user = User.CreateMsalUser(id, displayname);
|
||||
await this.userRepository.CreateUser(user);
|
||||
}
|
||||
return new ClaimsPrincipal(CreateClaimsIdentity(user));
|
||||
|
||||
}
|
||||
|
||||
private static bool IsMicrosoft(ClaimsPrincipal self)
|
||||
{
|
||||
return self.GetObjectId() != null;
|
||||
}
|
||||
|
||||
private static string? GetMicrosoftUserId(ClaimsPrincipal self)
|
||||
{
|
||||
return self.GetObjectId();
|
||||
}
|
||||
|
||||
private static string? GetGuestUserId(ClaimsPrincipal self)
|
||||
{
|
||||
return self.GetNameIdentifierId();
|
||||
}
|
||||
|
||||
private static ClaimsIdentity CreateClaimsIdentity(User user)
|
||||
{
|
||||
var claims = new List<Claim>(4)
|
||||
{
|
||||
new Claim(ClaimTypes.NameIdentifier, user.Id),
|
||||
new Claim(ClaimTypes.Name, user.DisplayName),
|
||||
};
|
||||
if (user.LoginPlatform == WhichLoginPlatform.Guest)
|
||||
{
|
||||
if (user.LoginPlatform == WhichLoginPlatform.Guest)
|
||||
{
|
||||
|
||||
claims.Add(new Claim(ClaimTypes.Role, "Guest"));
|
||||
return new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
claims.Add(new Claim(ClaimTypes.Role, "Guest"));
|
||||
return new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
}
|
||||
else
|
||||
{
|
||||
return new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public interface IShogiUserClaimsTransformer : IClaimsTransformation
|
||||
{
|
||||
Task<ClaimsPrincipal> CreateClaimsFromGuestPrincipal(ClaimsPrincipal principal);
|
||||
Task<ClaimsPrincipal> CreateClaimsFromGuestPrincipal(ClaimsPrincipal principal);
|
||||
}
|
||||
Reference in New Issue
Block a user