mirror of
https://github.com/aljazceru/btcpayserver.git
synced 2025-12-18 22:44:29 +01:00
4055eda757
* Part 1 & Part 2 squashed commits pr changes pr fixes remove config for openid -- no need for it for now Part 1: OpenIddict - Minor Changes & Config prep Part2: Openiddict: Init OpenIddict & Database Migration & Auth Policies pr changes fix merge fix compile fix compile #2 Part 1: OpenIddict - Minor Changes & Config prep add missing nuget Part2: Openiddict: Init OpenIddict & Database Migration & Auth Policies * Part3: OpenIddict: Add Flows Event Handlers * pr changes * fix merge * fix rebase * fix imports * cleanup * do not allow u2f enabled accounts to log in * start better tests for flows * add tests * fixes * reintroduce dynamic policy as policies on jwt do not work without it * reduce logs * fix incorrect endpoint definitions * Add implicit flow e2e test * add code flow and refresh flow * do not allow jwt bearer auth for all requests( only those under /api) * remove commentedt code * make sure authorize attr is marked with scheme * remove dynamic policy and set claims in jwt handler * cleanup * change serversettings policy to not need a claim * Add test to checkadmin verification * revert server setting claim removal * fix test * switch back to claim * unit test fixes * try fix build with weird references to csprojes * start fixing rebase * remove https requirement to handle tor * reformat tests correctly * fix csproj * fix ut formatting * PR Changes * do not show selenium browser
62 lines
2.1 KiB
C#
62 lines
2.1 KiB
C#
using System.Security.Claims;
|
|
using System.Threading.Tasks;
|
|
using BTCPayServer.Models;
|
|
using BTCPayServer.Services.Stores;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace BTCPayServer.Security
|
|
{
|
|
|
|
public class BTCPayClaimsFilter : IAsyncAuthorizationFilter, IConfigureOptions<MvcOptions>
|
|
{
|
|
UserManager<ApplicationUser> _userManager;
|
|
StoreRepository _StoreRepository;
|
|
public BTCPayClaimsFilter(
|
|
UserManager<ApplicationUser> userManager,
|
|
StoreRepository storeRepository)
|
|
{
|
|
_userManager = userManager;
|
|
_StoreRepository = storeRepository;
|
|
}
|
|
|
|
void IConfigureOptions<MvcOptions>.Configure(MvcOptions options)
|
|
{
|
|
options.Filters.Add(typeof(BTCPayClaimsFilter));
|
|
}
|
|
|
|
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
|
|
{
|
|
if (context.HttpContext.User?.Identity?.AuthenticationType != Policies.CookieAuthentication)
|
|
return;
|
|
var principal = context.HttpContext.User;
|
|
var identity = ((ClaimsIdentity)principal.Identity);
|
|
if (principal.IsInRole(Roles.ServerAdmin))
|
|
{
|
|
identity.AddClaim(new Claim(Policies.CanModifyServerSettings.Key, "true"));
|
|
}
|
|
|
|
if (context.RouteData.Values.TryGetValue("storeId", out var storeId))
|
|
{
|
|
var userid = _userManager.GetUserId(principal);
|
|
|
|
if (!string.IsNullOrEmpty(userid))
|
|
{
|
|
var store = await _StoreRepository.FindStore((string)storeId, userid);
|
|
if (store == null)
|
|
{
|
|
context.Result = new ChallengeResult();
|
|
}
|
|
else
|
|
{
|
|
context.HttpContext.SetStoreData(store);
|
|
identity.AddClaims(store.GetClaims());
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|