From 2e458af4fbbcee9f8eaa4456ea4b06c9def80431 Mon Sep 17 00:00:00 2001 From: d11n Date: Thu, 16 Jan 2025 06:34:57 +0100 Subject: [PATCH] App: Authentication updates (#6536) - Updates API key extraction to also accept "Bearer" auth header. This is necessary for non-cookie based SignalR connections. - Adds authentication related models to the client lib - Succeeds and replaces #6484. --- BTCPayServer.Client/App/Models/AuthenticationResult.cs | 7 +++++++ BTCPayServer.Client/App/Models/LoginRequest.cs | 10 ++++++++++ BTCPayServer.Client/App/Models/ResetPasswordRequest.cs | 8 ++++++++ BTCPayServer/Security/GreenField/APIKeyExtensions.cs | 8 +++++--- 4 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 BTCPayServer.Client/App/Models/AuthenticationResult.cs create mode 100644 BTCPayServer.Client/App/Models/LoginRequest.cs create mode 100644 BTCPayServer.Client/App/Models/ResetPasswordRequest.cs diff --git a/BTCPayServer.Client/App/Models/AuthenticationResult.cs b/BTCPayServer.Client/App/Models/AuthenticationResult.cs new file mode 100644 index 000000000..223ebd0e3 --- /dev/null +++ b/BTCPayServer.Client/App/Models/AuthenticationResult.cs @@ -0,0 +1,7 @@ +#nullable enable +namespace BTCPayServer.Client.App.Models; + +public class AuthenticationResponse +{ + public string? AccessToken { get; set; } +} diff --git a/BTCPayServer.Client/App/Models/LoginRequest.cs b/BTCPayServer.Client/App/Models/LoginRequest.cs new file mode 100644 index 000000000..9bb038f74 --- /dev/null +++ b/BTCPayServer.Client/App/Models/LoginRequest.cs @@ -0,0 +1,10 @@ +#nullable enable +namespace BTCPayServer.Client.App.Models; + +public class LoginRequest +{ + public string? Email { get; set; } + public string? Password { get; set; } + public string? TwoFactorCode { get; set; } + public string? TwoFactorRecoveryCode { get; set; } +} diff --git a/BTCPayServer.Client/App/Models/ResetPasswordRequest.cs b/BTCPayServer.Client/App/Models/ResetPasswordRequest.cs new file mode 100644 index 000000000..733728eb8 --- /dev/null +++ b/BTCPayServer.Client/App/Models/ResetPasswordRequest.cs @@ -0,0 +1,8 @@ +namespace BTCPayServer.Client.App.Models; + +public class ResetPasswordRequest +{ + public string Email { get; set; } + public string ResetCode { get; set; } + public string NewPassword { get; set; } +} diff --git a/BTCPayServer/Security/GreenField/APIKeyExtensions.cs b/BTCPayServer/Security/GreenField/APIKeyExtensions.cs index c6be705b8..820cb89f4 100644 --- a/BTCPayServer/Security/GreenField/APIKeyExtensions.cs +++ b/BTCPayServer/Security/GreenField/APIKeyExtensions.cs @@ -1,5 +1,6 @@ using System; using System.Linq; +using System.Text.RegularExpressions; using BTCPayServer.Abstractions.Constants; using BTCPayServer.Client; using Microsoft.AspNetCore.Authentication; @@ -15,10 +16,11 @@ namespace BTCPayServer.Security.Greenfield public static bool GetAPIKey(this HttpContext httpContext, out StringValues apiKey) { apiKey = default; - if (httpContext.Request.Headers.TryGetValue("Authorization", out var value) && - value.ToString().StartsWith("token ", StringComparison.InvariantCultureIgnoreCase)) + if (httpContext.Request.Headers.TryGetValue("Authorization", out var value)) { - apiKey = value.ToString().Substring("token ".Length); + var match = Regex.Match(value.ToString(), @"^(token|bearer)\s+(\S+)", RegexOptions.IgnoreCase); + if (!match.Success) return false; + apiKey = match.Groups[2].Value; return true; } return false;