Consolidate auth into one

2025-12-25 09:54:21 +01:00 · 2020-03-23 14:23:23 +01:00
parent e48e8c34d9
commit 56ba834ca2
10 changed files with 67 additions and 114 deletions
--- a/BTCPayServer/Security/APIKeys/APIKeyAuthenticationHandler.cs
+++ b/BTCPayServer/Security/APIKeys/APIKeyAuthenticationHandler.cs
@@ -2,12 +2,12 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using BTCPayServer.Client;
 using BTCPayServer.Data;
 using BTCPayServer.Security.Bitpay;
-using BTCPayServer.Services.Stores;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Logging;
@@ -19,6 +19,8 @@ namespace BTCPayServer.Security.APIKeys
    {
        private readonly APIKeyRepository _apiKeyRepository;
        private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
+        private readonly SignInManager<ApplicationUser> _signInManager;
+        private readonly UserManager<ApplicationUser> _userManager;

        public APIKeyAuthenticationHandler(
            APIKeyRepository apiKeyRepository,
@@ -26,13 +28,28 @@ namespace BTCPayServer.Security.APIKeys
            IOptionsMonitor<APIKeyAuthenticationOptions> options,
            ILoggerFactory logger,
            UrlEncoder encoder,
-            ISystemClock clock) : base(options, logger, encoder, clock)
+            ISystemClock clock,
+            SignInManager<ApplicationUser> signInManager,
+            UserManager<ApplicationUser> userManager) : base(options, logger, encoder, clock)
        {
            _apiKeyRepository = apiKeyRepository;
            _identityOptions = identityOptions;
+            _signInManager = signInManager;
+            _userManager = userManager;
        }

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var res = await HandleApiKeyAuthenticateResult();
+            if (res.None)
+            {
+                return await HandleBasicAuthenticateAsync();
+            }
+
+            return res;
+        }
+
+        private async Task<AuthenticateResult> HandleApiKeyAuthenticateResult()
        {
            if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) || string.IsNullOrEmpty(apiKey))
                return AuthenticateResult.NoResult();
@@ -46,9 +63,38 @@ namespace BTCPayServer.Security.APIKeys

            List<Claim> claims = new List<Claim>();
            claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));
-            claims.AddRange(Permission.ToPermissions(key.Permissions).Select(permission => new Claim(APIKeyConstants.ClaimTypes.Permission, permission.ToString())));
+            claims.AddRange(Permission.ToPermissions(key.Permissions).Select(permission =>
+                new Claim(APIKeyConstants.ClaimTypes.Permission, permission.ToString())));
            return AuthenticateResult.Success(new AuthenticationTicket(
-                new ClaimsPrincipal(new ClaimsIdentity(claims, APIKeyConstants.AuthenticationType)), APIKeyConstants.AuthenticationType));
+                new ClaimsPrincipal(new ClaimsIdentity(claims, APIKeyConstants.AuthenticationType)),
+                APIKeyConstants.AuthenticationType));
+        }
+
+        private async Task<AuthenticateResult> HandleBasicAuthenticateAsync()
+        {
+            string authHeader = Context.Request.Headers["Authorization"];
+
+            if (authHeader == null || !authHeader.StartsWith("Basic ")) return AuthenticateResult.NoResult();
+            var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
+            var decodedUsernamePassword =
+                Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)).Split(':');
+            var username = decodedUsernamePassword[0];
+            var password = decodedUsernamePassword[1];
+
+            var result = await _signInManager.PasswordSignInAsync(username, password, true, true);
+            if (!result.Succeeded) return AuthenticateResult.Fail(result.ToString());
+
+            var user = await _userManager.FindByNameAsync(username);
+            var claims = new List<Claim>()
+            {
+                new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, user.Id),
+                new Claim(APIKeyConstants.ClaimTypes.Permission,
+                    Permission.Create(Policies.Unrestricted).ToString())
+            };
+
+            return AuthenticateResult.Success(new AuthenticationTicket(
+                new ClaimsPrincipal(new ClaimsIdentity(claims, APIKeyConstants.AuthenticationType)),
+                APIKeyConstants.AuthenticationType));
        }
    }
 }