App: Authentication updates (#6536)

- Updates API key extraction to also accept "Bearer" auth header. This is necessary for non-cookie based SignalR connections. - Adds authentication related models to the client lib - Succeeds and replaces #6484.
2026-01-31 11:54:24 +01:00 · 2025-01-16 06:34:57 +01:00
parent 1c25d793c7
commit 2e458af4fb
4 changed files with 30 additions and 3 deletions
--- a/BTCPayServer.Client/App/Models/AuthenticationResult.cs
+++ b/BTCPayServer.Client/App/Models/AuthenticationResult.cs
@@ -0,0 +1,7 @@
+#nullable enable
+namespace BTCPayServer.Client.App.Models;
+
+public class AuthenticationResponse
+{
+    public string? AccessToken { get; set; }
+}
--- a/BTCPayServer.Client/App/Models/LoginRequest.cs
+++ b/BTCPayServer.Client/App/Models/LoginRequest.cs
@@ -0,0 +1,10 @@
+#nullable enable
+namespace BTCPayServer.Client.App.Models;
+
+public class LoginRequest
+{
+    public string? Email { get; set; }
+    public string? Password { get; set; }
+    public string? TwoFactorCode { get; set; }
+    public string? TwoFactorRecoveryCode { get; set; }
+}
--- a/BTCPayServer.Client/App/Models/ResetPasswordRequest.cs
+++ b/BTCPayServer.Client/App/Models/ResetPasswordRequest.cs
@@ -0,0 +1,8 @@
+namespace BTCPayServer.Client.App.Models;
+
+public class ResetPasswordRequest
+{
+    public string Email { get; set; }
+    public string ResetCode { get; set; }
+    public string NewPassword { get; set; }
+}
--- a/BTCPayServer/Security/GreenField/APIKeyExtensions.cs
+++ b/BTCPayServer/Security/GreenField/APIKeyExtensions.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Linq;
+using System.Text.RegularExpressions;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Client;
 using Microsoft.AspNetCore.Authentication;
@@ -15,10 +16,11 @@ namespace BTCPayServer.Security.Greenfield
        public static bool GetAPIKey(this HttpContext httpContext, out StringValues apiKey)
        {
            apiKey = default;
-            if (httpContext.Request.Headers.TryGetValue("Authorization", out var value) &&
-                value.ToString().StartsWith("token ", StringComparison.InvariantCultureIgnoreCase))
+            if (httpContext.Request.Headers.TryGetValue("Authorization", out var value))
            {
-                apiKey = value.ToString().Substring("token ".Length);
+                var match = Regex.Match(value.ToString(), @"^(token|bearer)\s+(\S+)", RegexOptions.IgnoreCase);
+                if (!match.Success) return false;
+                apiKey = match.Groups[2].Value;
                return true;
            }
            return false;