From 854dedead3a3ed987997a0132f527db73b65b0ac Mon Sep 17 00:00:00 2001
From: ivar <i@oiee.no>
Date: Sat, 11 Nov 2023 22:10:42 +0100
Subject: Div more changes

---
 .../src/Utilities/BasicAuthenticationAttribute.cs  | 30 ++++++++++++++--------
 .../src/Utilities/BasicAuthenticationHandler.cs    | 27 +++++++++++--------
 2 files changed, 36 insertions(+), 21 deletions(-)

(limited to 'code/api/src/Utilities')

diff --git a/code/api/src/Utilities/BasicAuthenticationAttribute.cs b/code/api/src/Utilities/BasicAuthenticationAttribute.cs
index 0bfd007..9e57595 100644
--- a/code/api/src/Utilities/BasicAuthenticationAttribute.cs
+++ b/code/api/src/Utilities/BasicAuthenticationAttribute.cs
@@ -5,10 +5,11 @@ namespace IOL.GreatOffice.Api.Utilities;
 
 public class BasicAuthenticationAttribute : TypeFilterAttribute
 {
-	public BasicAuthenticationAttribute(string claimPermission) : base(typeof(BasicAuthenticationFilter)) {
-		Arguments = new object[] {
+	public BasicAuthenticationAttribute(string claimPermission) : base(typeof(BasicAuthenticationFilter))
+	{
+		Arguments = [
 				new Claim(claimPermission, "True")
-		};
+		];
 	}
 }
 
@@ -16,23 +17,30 @@ public class BasicAuthenticationFilter : IAuthorizationFilter
 {
 	private readonly Claim _claim;
 
-	public BasicAuthenticationFilter(Claim claim) {
+	public BasicAuthenticationFilter(Claim claim)
+	{
 		_claim = claim;
 	}
 
-	public void OnAuthorization(AuthorizationFilterContext context) {
-		if (!context.HttpContext.Request.Headers.ContainsKey("Authorization")) return;
-		try {
-			var authHeader = AuthenticationHeaderValue.Parse(context.HttpContext.Request.Headers["Authorization"]);
-			if (authHeader.Parameter is null) {
+	public void OnAuthorization(AuthorizationFilterContext context)
+	{
+		if (!context.HttpContext.Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues authzHeaderValue)) return;
+		try
+		{
+			var authHeader = AuthenticationHeaderValue.Parse(authzHeaderValue);
+			if (authHeader.Parameter is null)
+			{
 				context.Result = new ForbidResult(AppConstants.BASIC_AUTH_SCHEME);
 			}
 
 			var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
-			if (!hasClaim) {
+			if (!hasClaim)
+			{
 				context.Result = new ForbidResult(AppConstants.BASIC_AUTH_SCHEME);
 			}
-		} catch {
+		}
+		catch
+		{
 			// ignore
 		}
 	}
diff --git a/code/api/src/Utilities/BasicAuthenticationHandler.cs b/code/api/src/Utilities/BasicAuthenticationHandler.cs
index 3b92293..41486ef 100644
--- a/code/api/src/Utilities/BasicAuthenticationHandler.cs
+++ b/code/api/src/Utilities/BasicAuthenticationHandler.cs
@@ -1,7 +1,6 @@
 using System.Net.Http.Headers;
 using System.Text;
 using System.Text.Encodings.Web;
-using IOL.GreatOffice.Api.Models.Database;
 using Microsoft.Extensions.Options;
 
 namespace IOL.GreatOffice.Api.Utilities;
@@ -16,17 +15,18 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 			IOptionsMonitor<AuthenticationSchemeOptions> options,
 			ILoggerFactory logger,
 			UrlEncoder encoder,
-			ISystemClock clock,
 			MainAppDatabase context,
 			VaultService vaultService
 	) :
-			base(options, logger, encoder, clock) {
+			base(options, logger, encoder)
+	{
 		_context = context;
 		_configuration = vaultService.GetCurrentAppConfiguration();
 		_logger = logger.CreateLogger<BasicAuthenticationHandler>();
 	}
 
-	protected override Task<AuthenticateResult> HandleAuthenticateAsync() {
+	protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+	{
 		var endpoint = Context.GetEndpoint();
 		if (endpoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
 			return Task.FromResult(AuthenticateResult.NoResult());
@@ -34,9 +34,11 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 		if (!Request.Headers.ContainsKey("Authorization"))
 			return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header"));
 
-		try {
+		try
+		{
 			var tokenEntropy = _configuration.APP_AES_KEY;
-			if (tokenEntropy.IsNullOrWhiteSpace()) {
+			if (tokenEntropy.IsNullOrWhiteSpace())
+			{
 				_logger.LogWarning("No token entropy is available in env:TOKEN_ENTROPY, Basic auth is disabled");
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
 			}
@@ -47,16 +49,19 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 			var decryptedString = Encoding.UTF8.GetString(credentialBytes).DecryptWithAes(tokenEntropy);
 			var tokenIsGuid = Guid.TryParse(decryptedString, out var tokenId);
 
-			if (!tokenIsGuid) {
+			if (!tokenIsGuid)
+			{
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
 			}
 
 			var token = _context.AccessTokens.Include(c => c.User).SingleOrDefault(c => c.Id == tokenId);
-			if (token == default) {
+			if (token == default)
+			{
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header: Not Found"));
 			}
 
-			if (token.HasExpired) {
+			if (token.HasExpired)
+			{
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header: Expired"));
 			}
 
@@ -72,7 +77,9 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 			var ticket = new AuthenticationTicket(principal, AppConstants.BASIC_AUTH_SCHEME);
 
 			return Task.FromResult(AuthenticateResult.Success(ticket));
-		} catch (Exception e) {
+		}
+		catch (Exception e)
+		{
 			_logger.LogError(e, $"An exception occured when challenging {AppConstants.BASIC_AUTH_SCHEME}");
 			return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
 		}
-- 
cgit v1.3