feat: Fix #51.

1 files changed, 60 insertions, 3 deletions

diff --git a/BackEnd/Timeline/Auth/MyAuthenticationHandler.cs b/BackEnd/Timeline/Auth/MyAuthenticationHandler.cs
index e4122c65..f1f71b20 100644
--- a/BackEnd/Timeline/Auth/MyAuthenticationHandler.cs
+++ b/BackEnd/Timeline/Auth/MyAuthenticationHandler.cs
@@ -1,13 +1,18 @@
 using Microsoft.AspNetCore.Authentication;

+using Microsoft.AspNetCore.Mvc;

 using Microsoft.Extensions.Logging;

 using Microsoft.Extensions.Options;

 using Microsoft.Net.Http.Headers;

 using System;

+using System.Collections.Generic;

 using System.Globalization;

 using System.Linq;

 using System.Security.Claims;

 using System.Text.Encodings.Web;

+using System.Text.Json;

 using System.Threading.Tasks;

+using Timeline.Models;

+using Timeline.Models.Http;

 using Timeline.Services;

 using static Timeline.Resources.Authentication.AuthHandler;

 

@@ -30,16 +35,33 @@ namespace Timeline.Auth
 

     public class MyAuthenticationHandler : AuthenticationHandler<MyAuthenticationOptions>

     {

+        private const string TokenErrorCodeKey = "TokenErrorCode";

+

+        private static CommonResponse CreateChallengeResponseBody(int errorCode)

+        {

+            return new CommonResponse(errorCode, errorCode switch

+            {

+                ErrorCodes.Common.Token.TimeExpired => "The token is out of date and expired. Please create a new one.",

+                ErrorCodes.Common.Token.VersionExpired => "The token is of old version and expired. Please create a new one.",

+                ErrorCodes.Common.Token.BadFormat => "The token is of bad format. It might not be created by this server.",

+                ErrorCodes.Common.Token.UserNotExist => "The owner of the token does not exist. It might have been deleted.",

+                _ => "Unknown error."

+            });

+        }

+

         private readonly ILogger<MyAuthenticationHandler> _logger;

         private readonly IUserTokenManager _userTokenManager;

         private readonly IUserPermissionService _userPermissionService;

 

-        public MyAuthenticationHandler(IOptionsMonitor<MyAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IUserTokenManager userTokenManager, IUserPermissionService userPermissionService)

+        private readonly IOptionsMonitor<JsonOptions> _jsonOptions;

+

+        public MyAuthenticationHandler(IOptionsMonitor<MyAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IUserTokenManager userTokenManager, IUserPermissionService userPermissionService, IOptionsMonitor<JsonOptions> jsonOptions)

             : base(options, logger, encoder, clock)

         {

             _logger = logger.CreateLogger<MyAuthenticationHandler>();

             _userTokenManager = userTokenManager;

             _userPermissionService = userPermissionService;

+            _jsonOptions = jsonOptions;

         }

 

         // return null if no token is found

@@ -49,7 +71,7 @@ namespace Timeline.Auth
             string header = Request.Headers[HeaderNames.Authorization];

             if (!string.IsNullOrEmpty(header) && header.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))

             {

-                var token = header.Substring("Bearer ".Length).Trim();

+                var token = header["Bearer ".Length..].Trim();

                 _logger.LogInformation(LogTokenFoundInHeader, token);

                 return token;

             }

@@ -98,8 +120,43 @@ namespace Timeline.Auth
             catch (Exception e) when (!(e is ArgumentException))

             {

                 _logger.LogInformation(e, LogTokenValidationFail);

-                return AuthenticateResult.Fail(e);

+                return AuthenticateResult.Fail(e, new AuthenticationProperties(new Dictionary<string, string?>()

+                {

+                    [TokenErrorCodeKey] = (e switch

+                    {

+                        UserTokenTimeExpiredException => ErrorCodes.Common.Token.TimeExpired,

+                        UserTokenVersionExpiredException => ErrorCodes.Common.Token.VersionExpired,

+                        UserTokenBadFormatException => ErrorCodes.Common.Token.BadFormat,

+                        UserTokenUserNotExistException => ErrorCodes.Common.Token.UserNotExist,

+                        _ => ErrorCodes.Common.Token.Unknown

+                    }).ToString(CultureInfo.InvariantCulture)

+                }));

             }

         }

+

+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)

+        {

+            Response.StatusCode = 401;

+

+            CommonResponse body;

+

+            if (properties.Items.TryGetValue(TokenErrorCodeKey, out var tokenErrorCode))

+            {

+                if (!int.TryParse(tokenErrorCode, out var errorCode))

+                    errorCode = ErrorCodes.Common.Token.Unknown;

+                body = CreateChallengeResponseBody(errorCode);

+            }

+            else

+            {

+                body = new CommonResponse(ErrorCodes.Common.Unauthorized, "You must use a token to authenticate.");

+            }

+

+

+            var bodyData = JsonSerializer.SerializeToUtf8Bytes(body, typeof(CommonResponse), _jsonOptions.CurrentValue.JsonSerializerOptions);

+

+            Response.ContentType = MimeTypes.ApplicationJson;

+            Response.ContentLength = bodyData.Length;

+            await Response.Body.WriteAsync(bodyData);

+        }

     }

 }