aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Timeline.Tests/AuthorizationUnitTest.cs18
-rw-r--r--Timeline.Tests/Helpers/Authentication/AuthenticationExtensions.cs9
-rw-r--r--Timeline.Tests/JwtTokenUnitTest.cs22
-rw-r--r--Timeline/Authenticate/AuthHandler.cs2
-rw-r--r--Timeline/Controllers/UserTestController.cs11
-rw-r--r--Timeline/Services/JwtService.cs2
-rw-r--r--Timeline/Services/PasswordService.cs2
-rw-r--r--Timeline/Services/UserService.cs4
8 files changed, 27 insertions, 43 deletions
diff --git a/Timeline.Tests/AuthorizationUnitTest.cs b/Timeline.Tests/AuthorizationUnitTest.cs
index 28715ada..ee3deac8 100644
--- a/Timeline.Tests/AuthorizationUnitTest.cs
+++ b/Timeline.Tests/AuthorizationUnitTest.cs
@@ -10,9 +10,9 @@ namespace Timeline.Tests
{
public class AuthorizationUnitTest : IClassFixture<WebApplicationFactory<Startup>>
{
- private const string NeedAuthorizeUrl = "Test/User/NeedAuthorize";
- private const string BothUserAndAdminUrl = "Test/User/BothUserAndAdmin";
- private const string OnlyAdminUrl = "Test/User/OnlyAdmin";
+ private const string AuthorizeUrl = "Test/User/Authorize";
+ private const string UserUrl = "Test/User/User";
+ private const string AdminUrl = "Test/User/Admin";
private readonly WebApplicationFactory<Startup> _factory;
@@ -26,7 +26,7 @@ namespace Timeline.Tests
{
using (var client = _factory.CreateDefaultClient())
{
- var response = await client.GetAsync(NeedAuthorizeUrl);
+ var response = await client.GetAsync(AuthorizeUrl);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
}
@@ -36,7 +36,7 @@ namespace Timeline.Tests
{
using (var client = await _factory.CreateClientWithUser("user", "user"))
{
- var response = await client.GetAsync(NeedAuthorizeUrl);
+ var response = await client.GetAsync(AuthorizeUrl);
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
}
@@ -47,9 +47,9 @@ namespace Timeline.Tests
using (var client = _factory.CreateDefaultClient())
{
var token = (await client.CreateUserTokenAsync("user", "user")).Token;
- var response1 = await client.SendWithAuthenticationAsync(token, BothUserAndAdminUrl);
+ var response1 = await client.SendWithAuthenticationAsync(token, UserUrl);
Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
- var response2 = await client.SendWithAuthenticationAsync(token, OnlyAdminUrl);
+ var response2 = await client.SendWithAuthenticationAsync(token, AdminUrl);
Assert.Equal(HttpStatusCode.Forbidden, response2.StatusCode);
}
}
@@ -59,9 +59,9 @@ namespace Timeline.Tests
{
using (var client = await _factory.CreateClientWithUser("admin", "admin"))
{
- var response1 = await client.GetAsync(BothUserAndAdminUrl);
+ var response1 = await client.GetAsync(UserUrl);
Assert.Equal(HttpStatusCode.OK, response1.StatusCode);
- var response2 = await client.GetAsync(OnlyAdminUrl);
+ var response2 = await client.GetAsync(AdminUrl);
Assert.Equal(HttpStatusCode.OK, response2.StatusCode);
}
}
diff --git a/Timeline.Tests/Helpers/Authentication/AuthenticationExtensions.cs b/Timeline.Tests/Helpers/Authentication/AuthenticationExtensions.cs
index cda9fe99..f4e2e45a 100644
--- a/Timeline.Tests/Helpers/Authentication/AuthenticationExtensions.cs
+++ b/Timeline.Tests/Helpers/Authentication/AuthenticationExtensions.cs
@@ -1,11 +1,9 @@
using Microsoft.AspNetCore.Mvc.Testing;
using Newtonsoft.Json;
using System;
-using System.Net;
using System.Net.Http;
using System.Threading.Tasks;
using Timeline.Entities.Http;
-using Xunit;
namespace Timeline.Tests.Helpers.Authentication
{
@@ -13,15 +11,10 @@ namespace Timeline.Tests.Helpers.Authentication
{
private const string CreateTokenUrl = "/token/create";
- public static async Task<CreateTokenResponse> CreateUserTokenAsync(this HttpClient client, string username, string password, bool assertSuccess = true)
+ public static async Task<CreateTokenResponse> CreateUserTokenAsync(this HttpClient client, string username, string password)
{
var response = await client.PostAsJsonAsync(CreateTokenUrl, new CreateTokenRequest { Username = username, Password = password });
- Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-
var result = JsonConvert.DeserializeObject<CreateTokenResponse>(await response.Content.ReadAsStringAsync());
- if (assertSuccess)
- Assert.True(result.Success);
-
return result;
}
diff --git a/Timeline.Tests/JwtTokenUnitTest.cs b/Timeline.Tests/JwtTokenUnitTest.cs
index a4e5432f..6ab4e8a6 100644
--- a/Timeline.Tests/JwtTokenUnitTest.cs
+++ b/Timeline.Tests/JwtTokenUnitTest.cs
@@ -28,11 +28,7 @@ namespace Timeline.Tests
using (var client = _factory.CreateDefaultClient())
{
var response = await client.PostAsJsonAsync(CreateTokenUrl, new CreateTokenRequest { Username = "???", Password = "???" });
- Assert.Equal(HttpStatusCode.OK, response.StatusCode);
- var result = JsonConvert.DeserializeObject<CreateTokenResponse>(await response.Content.ReadAsStringAsync());
- Assert.False(result.Success);
- Assert.Null(result.Token);
- Assert.Null(result.UserInfo);
+ Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
}
@@ -44,9 +40,8 @@ namespace Timeline.Tests
var response = await client.PostAsJsonAsync(CreateTokenUrl, new CreateTokenRequest { Username = "user", Password = "user" });
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = JsonConvert.DeserializeObject<CreateTokenResponse>(await response.Content.ReadAsStringAsync());
- Assert.True(result.Success);
Assert.NotNull(result.Token);
- Assert.NotNull(result.UserInfo);
+ Assert.NotNull(result.User);
}
}
@@ -56,11 +51,7 @@ namespace Timeline.Tests
using (var client = _factory.CreateDefaultClient())
{
var response = await client.PostAsJsonAsync(VerifyTokenUrl, new VerifyTokenRequest { Token = "bad token hahaha" });
- Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-
- var validationInfo = JsonConvert.DeserializeObject<VerifyTokenResponse>(await response.Content.ReadAsStringAsync());
- Assert.False(validationInfo.IsValid);
- Assert.Null(validationInfo.UserInfo);
+ Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
}
}
@@ -75,10 +66,9 @@ namespace Timeline.Tests
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = JsonConvert.DeserializeObject<VerifyTokenResponse>(await response.Content.ReadAsStringAsync());
- Assert.True(result.IsValid);
- Assert.NotNull(result.UserInfo);
- Assert.Equal(createTokenResult.UserInfo.Username, result.UserInfo.Username);
- Assert.Equal(createTokenResult.UserInfo.IsAdmin, result.UserInfo.IsAdmin);
+ Assert.NotNull(result.User);
+ Assert.Equal(createTokenResult.User.Username, result.User.Username);
+ Assert.Equal(createTokenResult.User.IsAdmin, result.User.IsAdmin);
}
}
}
diff --git a/Timeline/Authenticate/AuthHandler.cs b/Timeline/Authenticate/AuthHandler.cs
index 80bbaf14..80860edf 100644
--- a/Timeline/Authenticate/AuthHandler.cs
+++ b/Timeline/Authenticate/AuthHandler.cs
@@ -78,7 +78,7 @@ namespace Timeline.Authenticate
{
var userInfo = await _userService.VerifyToken(token);
- var identity = new ClaimsIdentity();
+ var identity = new ClaimsIdentity(AuthConstants.Scheme);
identity.AddClaim(new Claim(identity.NameClaimType, userInfo.Username, ClaimValueTypes.String));
identity.AddClaims(Entities.UserUtility.IsAdminToRoleArray(userInfo.IsAdmin).Select(role => new Claim(identity.RoleClaimType, role, ClaimValueTypes.String)));
diff --git a/Timeline/Controllers/UserTestController.cs b/Timeline/Controllers/UserTestController.cs
index f1edb0d5..21686b81 100644
--- a/Timeline/Controllers/UserTestController.cs
+++ b/Timeline/Controllers/UserTestController.cs
@@ -1,5 +1,6 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
+using Timeline.Authenticate;
namespace Timeline.Controllers
{
@@ -8,21 +9,21 @@ namespace Timeline.Controllers
{
[HttpGet("[action]")]
[Authorize]
- public ActionResult NeedAuthorize()
+ public ActionResult Authorize()
{
return Ok();
}
[HttpGet("[action]")]
- [Authorize(Roles = "user,admin")]
- public ActionResult BothUserAndAdmin()
+ [UserAuthorize]
+ public new ActionResult User()
{
return Ok();
}
[HttpGet("[action]")]
- [Authorize(Roles = "admin")]
- public ActionResult OnlyAdmin()
+ [AdminAuthorize]
+ public ActionResult Admin()
{
return Ok();
}
diff --git a/Timeline/Services/JwtService.cs b/Timeline/Services/JwtService.cs
index f721971b..e970bbd4 100644
--- a/Timeline/Services/JwtService.cs
+++ b/Timeline/Services/JwtService.cs
@@ -126,7 +126,7 @@ namespace Timeline.Services
Version = version
};
}
- catch (SecurityTokenException e)
+ catch (Exception e)
{
throw new JwtTokenVerifyException("Validate token failed caused by a SecurityTokenException. See inner exception.", e);
}
diff --git a/Timeline/Services/PasswordService.cs b/Timeline/Services/PasswordService.cs
index 8eab526e..106080f1 100644
--- a/Timeline/Services/PasswordService.cs
+++ b/Timeline/Services/PasswordService.cs
@@ -24,6 +24,8 @@ namespace Timeline.Services
bool VerifyPassword(string hashedPassword, string providedPassword);
}
+ //TODO! Use exceptions!!!
+
/// <summary>
/// Copied from https://github.com/aspnet/AspNetCore/blob/master/src/Identity/Extensions.Core/src/PasswordHasher.cs
/// Remove V2 format and unnecessary format version check.
diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs
index ec8e5091..01d05903 100644
--- a/Timeline/Services/UserService.cs
+++ b/Timeline/Services/UserService.cs
@@ -153,16 +153,14 @@ namespace Timeline.Services
private readonly IJwtService _jwtService;
private readonly IPasswordService _passwordService;
- private readonly IQCloudCosService _cosService;
- public UserService(ILogger<UserService> logger, IMemoryCache memoryCache, DatabaseContext databaseContext, IJwtService jwtService, IPasswordService passwordService, IQCloudCosService cosService)
+ public UserService(ILogger<UserService> logger, IMemoryCache memoryCache, DatabaseContext databaseContext, IJwtService jwtService, IPasswordService passwordService)
{
_logger = logger;
_memoryCache = memoryCache;
_databaseContext = databaseContext;
_jwtService = jwtService;
_passwordService = passwordService;
- _cosService = cosService;
}
private string GenerateCacheKeyByUserId(long id) => $"user:{id}";
generated by cgit v1.2.3 (git 2.46.0) at 2025-09-29 07:35:59 +0000