-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie Authentication #896
Open
handesirikci0rso
wants to merge
142
commits into
develop
Choose a base branch
from
feature/auth-with-cookies
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
142 commits
Select commit
Hold shift + click to select a range
89b61ff
cookie set up and trial
handesirikci0rso 7490241
testing
handesirikci0rso 53c8777
sending cookies working version
handesirikci0rso 690f12d
unnecessary files removed
handesirikci0rso 0088a30
prettier
handesirikci0rso 5c548da
remove log messages
handesirikci0rso f6411e4
message
handesirikci0rso 770ca3f
message
handesirikci0rso 20bf098
message
handesirikci0rso 9e79a6c
message
handesirikci0rso c848a28
message
handesirikci0rso 9a46389
message
handesirikci0rso 4e73803
message
handesirikci0rso 4c1b9a2
message
handesirikci0rso 4c4ae1b
message
handesirikci0rso ec24467
message
handesirikci0rso f103ff9
message
handesirikci0rso 37ebb8b
ignore
handesirikci0rso d250b74
updated gitignore
handesirikci0rso 41ecf9c
undo reormatting
handesirikci0rso 8447ffd
undo formatting
handesirikci0rso a755850
refactor startup
handesirikci0rso 0f0fdb5
move bool var to app settings
handesirikci0rso 93f943c
mes
handesirikci0rso 0e7fcaf
var made priv
handesirikci0rso 5f8505a
add claims before creating user
handesirikci0rso b4f6f70
customclaimfactory added
handesirikci0rso b2c3f5f
logs removed
handesirikci0rso 4fce7ec
claims
handesirikci0rso aae87e9
sign in with cookies used
handesirikci0rso dbf5e81
lockedout case
handesirikci0rso 79a3058
always cookie usage
handesirikci0rso f073ebf
expiry time added
handesirikci0rso db7ddbf
waiting for task complete
handesirikci0rso d842a29
refresh enabled by cookies
handesirikci0rso f5d99b5
async wait changed
handesirikci0rso e67cdbc
interface implemented for testing purposes
handesirikci0rso bf39117
unit tests corrected
handesirikci0rso 081c289
unused import removed
handesirikci0rso df62eff
dependency injection added
handesirikci0rso 3c0cbe3
refactor
handesirikci0rso a5d4143
logout added
handesirikci0rso a850fb5
integration test
handesirikci0rso c50adb4
session cookie
handesirikci0rso 4bce3d6
cookie set header
handesirikci0rso d89e329
refactor and endpoint changes
handesirikci0rso 5f333d1
custom middleware for testing purposes
handesirikci0rso 2ef137b
redirection responses changed
handesirikci0rso fb1e434
authentication integration tests fixed
handesirikci0rso 759faae
integration tests auth with cookies
handesirikci0rso 04a6887
return type changes
handesirikci0rso 3959693
refactor
handesirikci0rso 02fe347
cleanup
handesirikci0rso 376f8de
token messages changed to cookie messages
handesirikci0rso 291c8fa
translateions added
handesirikci0rso f97e4a9
jwt file removed
handesirikci0rso 851b768
exception init
handesirikci0rso 9028c5f
cleanup
handesirikci0rso a574ade
refactor
handesirikci0rso faa6d17
refactor
handesirikci0rso 5c12052
unussed import removed
handesirikci0rso d1d0417
unussed var removed
handesirikci0rso 37d3582
refactor
handesirikci0rso 9a0f617
refactor
handesirikci0rso 7f1833d
refactor
handesirikci0rso 15b651b
refactor
handesirikci0rso 05a2d60
cleanup
handesirikci0rso 05ba504
cleanup
handesirikci0rso dc77a1c
Merge branch 'develop' into feature/auth-with-cookies
handesirikci0rso 64df158
try
handesirikci0rso ad0bfb0
Merge branch 'feature/auth-with-cookies' of https://github.com/orso-c…
handesirikci0rso edb33b7
try
handesirikci0rso a1f72e6
try
handesirikci0rso ed1283b
try
handesirikci0rso 33af4f4
try
handesirikci0rso 47fc2c5
try
handesirikci0rso 191ac77
try
handesirikci0rso 54923d1
try
handesirikci0rso 8eabd57
try
handesirikci0rso 4385055
try
handesirikci0rso 1a89ccc
try
handesirikci0rso 1939fb2
try
handesirikci0rso 31fbce4
should not change wrong password person changed
handesirikci0rso a5a5f05
set role try
handesirikci0rso 222c75c
set role try
handesirikci0rso c52a502
set role try
handesirikci0rso bb0bcb1
try
handesirikci0rso 34137bf
try
handesirikci0rso 7989b6a
try
handesirikci0rso 13de90a
token gen remove
handesirikci0rso 905d9f6
sonar issue try
handesirikci0rso e9c8826
sonar issue either throw or log
handesirikci0rso ecdd117
log sonar issue
handesirikci0rso 02651a3
log sonar issue
handesirikci0rso 7af5095
improve unit tests
handesirikci0rso 8673a65
improve unit tests
handesirikci0rso f70c1cc
improve unit tests
handesirikci0rso 652fcdc
improve unit tests
handesirikci0rso adee82a
unit test fix
handesirikci0rso bdb8da9
unit test fix
handesirikci0rso ac3b12c
unit test fix
handesirikci0rso 9ac4f31
unit test fix
handesirikci0rso 3f3cdaf
unit test fix
handesirikci0rso d2c0f7f
unit test fix
handesirikci0rso 0417187
unit test fix
handesirikci0rso c5ffab5
new tests
handesirikci0rso 4655e91
new tests
handesirikci0rso 5ae27db
new tests
handesirikci0rso 4f0a33a
new tests
handesirikci0rso d30e24e
new tests
handesirikci0rso 0e421da
new tests
handesirikci0rso 7326f36
new tests
handesirikci0rso bf06073
new tests
handesirikci0rso d1213fd
new tests
handesirikci0rso 83779e0
gitignore clear
handesirikci0rso 0501814
unused response type removed
handesirikci0rso bde5a73
auth controller simplified
handesirikci0rso bcc2473
file place change
handesirikci0rso 9f53762
service call replaced
handesirikci0rso 05a6dfd
config
handesirikci0rso 34f5674
config
handesirikci0rso b9f5d02
config
handesirikci0rso 8a508e8
config
handesirikci0rso 4d1f447
config
handesirikci0rso 88c1beb
config
handesirikci0rso 593c033
config
handesirikci0rso 7022db9
config
handesirikci0rso cb14af5
config
handesirikci0rso 66fdf29
config
handesirikci0rso 885383e
config
handesirikci0rso 50bee65
config
handesirikci0rso b571a48
config
handesirikci0rso 2467d0f
config
handesirikci0rso 30234ca
config
handesirikci0rso c6b09c5
config
handesirikci0rso 92052a1
config
handesirikci0rso 9b7330b
config
handesirikci0rso 2ab6677
config
handesirikci0rso fd1b4f1
config
handesirikci0rso 7d55998
diff
handesirikci0rso aedc58d
diff
handesirikci0rso 02ef089
diff
handesirikci0rso File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -357,4 +357,4 @@ healthchecksdb | |
c:azurite | ||
|
||
#snyk | ||
.dccache | ||
.dccache |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,8 +17,8 @@ | |
using HotChocolate.Types.Pagination; | ||
using MediatR; | ||
using MicroElements.Swashbuckle.FluentValidation.AspNetCore; | ||
using Microsoft.AspNetCore.Authentication.JwtBearer; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.AspNetCore.Authentication.Cookies; | ||
using Microsoft.AspNetCore.Builder; | ||
using Microsoft.AspNetCore.Hosting; | ||
using Microsoft.AspNetCore.Identity; | ||
|
@@ -101,7 +101,6 @@ | |
using Orso.Arpa.Domain.UserDomain.Enums; | ||
using Orso.Arpa.Domain.UserDomain.Model; | ||
using Orso.Arpa.Domain.UserDomain.Repositories; | ||
using Orso.Arpa.Domain.VenueDomain.Model; | ||
using Orso.Arpa.Infrastructure.Authentication; | ||
using Orso.Arpa.Infrastructure.Authorization; | ||
using Orso.Arpa.Infrastructure.Authorization.AuthorizationRequirements; | ||
|
@@ -119,6 +118,7 @@ | |
using SixLabors.ImageSharp.Web.Providers; | ||
using Yoh.Text.Json.NamingPolicies; | ||
using User = Orso.Arpa.Domain.UserDomain.Model.User; | ||
using Microsoft.AspNetCore.Http; | ||
|
||
namespace Orso.Arpa.Api | ||
{ | ||
|
@@ -154,6 +154,7 @@ public void ConfigureServices(IServiceCollection services) | |
_ = services.AddApplicationInsightsTelemetry(); | ||
} | ||
_ = services.AddMediatR(typeof(LoginUser.Handler).Assembly); | ||
|
||
_ = services.AddGenericMediatorHandlers(); | ||
_ = services.AddAutoMapper( | ||
typeof(LoginDtoMappingProfile).Assembly, | ||
|
@@ -373,6 +374,7 @@ private void ConfigureSwagger(IServiceCollection services) | |
private void RegisterServices(IServiceCollection services) | ||
{ | ||
_ = services.AddScoped<IJwtGenerator, JwtGenerator>(); | ||
_ = services.AddScoped<CustomCookieAuthenticationEvents>(); | ||
_ = services.AddScoped<IUserAccessor, UserAccessor>(); | ||
_ = services.AddScoped<ITokenAccessor, TokenAccessor>(); | ||
_ = services.AddScoped<IDataSeeder, DataSeeder>(); | ||
|
@@ -408,6 +410,7 @@ private void RegisterServices(IServiceCollection services) | |
_ = services.AddScoped<IMyProjectService, MyProjectService>(); | ||
_ = services.AddScoped<INewsService, NewsService>(); | ||
_ = services.AddScoped<IClubService, ClubService>(); | ||
_ = services.AddScoped<ICookieSignIn, CookieSignIn>(); | ||
services.AddScoped<IRoomService, RoomService>(); | ||
services.AddScoped<IRoomEquipmentService, RoomEquipmentService>(); | ||
services.AddScoped<IRoomSectionService, RoomSectionService>(); | ||
|
@@ -452,6 +455,34 @@ private void ConfigureAuthentication(IServiceCollection services) | |
.AddRoleManager<RoleManager<Role>>() | ||
.AddUserManager<ArpaUserManager>(); | ||
|
||
JwtConfiguration jwtConfig = AddConfiguration<JwtConfiguration>(services); | ||
|
||
|
||
_ = identityBuilder.Services.AddAuthentication(options => | ||
{ | ||
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme; | ||
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme; | ||
options.DefaultSignInScheme = IdentityConstants.ExternalScheme; | ||
options.DefaultSignOutScheme = IdentityConstants.ExternalScheme; | ||
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; | ||
}) | ||
.AddCookie(options => | ||
{ | ||
options.EventsType = typeof(CustomCookieAuthenticationEvents); | ||
options.Cookie.Name = "sessionCookie"; | ||
options.Cookie.Path = "/"; | ||
options.Cookie.HttpOnly = true; | ||
options.ExpireTimeSpan = TimeSpan.FromMinutes(jwtConfig.AccessTokenExpiryInMinutes); | ||
options.Cookie.MaxAge = TimeSpan.FromMinutes(jwtConfig.AccessTokenExpiryInMinutes); | ||
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter; | ||
}) | ||
.AddIdentityCookies(); | ||
|
||
services.ConfigureApplicationCookie(o => | ||
{ | ||
o.EventsType = typeof(CustomCookieAuthenticationEvents); | ||
}); | ||
|
||
IdentityConfiguration identityConfig = AddConfiguration<IdentityConfiguration>(services); | ||
|
||
_ = services.Configure<IdentityOptions>(opts => | ||
|
@@ -469,11 +500,15 @@ private void ConfigureAuthentication(IServiceCollection services) | |
_ = services.Configure<EmailConfirmationTokenProviderOptions>(opt => | ||
opt.TokenLifespan = TimeSpan.FromDays(identityConfig.EmailConfirmationTokenExpiryInDays)); | ||
|
||
JwtConfiguration jwtConfig = AddConfiguration<JwtConfiguration>(services); | ||
_ = services.Configure<CookiePolicyOptions>(options => | ||
{ | ||
options.MinimumSameSitePolicy = SameSiteMode.Strict; | ||
options.ConsentCookie.IsEssential = true; | ||
options.CheckConsentNeeded = context => false; | ||
options.Secure = _hostingEnvironment.IsDevelopment() | ||
? CookieSecurePolicy.None : CookieSecurePolicy.Always; | ||
}); | ||
|
||
_ = services | ||
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) | ||
.AddJwtBearerConfiguration(jwtConfig); | ||
} | ||
|
||
private void ConfigureCors(IServiceCollection services) | ||
|
@@ -530,20 +565,20 @@ public virtual void Configure(IApplicationBuilder app, IWebHostEnvironment env) | |
{ | ||
_ = app.UseIpRateLimiting(); | ||
|
||
_ = app.UseRouting(); | ||
|
||
_ = app.UseRequestLocalization(); | ||
|
||
_ = app.UseErrorResponseLocalizationMiddleware(); | ||
_ = app.UseCookiePolicy(); | ||
|
||
_ = app.UseMiddleware<ErrorHandlingMiddleware>(); | ||
_ = app.UseErrorResponseLocalizationMiddleware(); | ||
|
||
_ = app.UseMiddleware<EnableRequestBodyRewindMiddleware>(); | ||
|
||
_ = app.UseMiddleware<SecurityHeaderMiddleware>(); | ||
|
||
ConfigureSecurityHeaders(app, env); | ||
|
||
_ = app.UseRouting(); | ||
|
||
_ = app.UseCors("CorsPolicy"); | ||
|
||
_ = app.UseHealthChecks("/health"); | ||
|
@@ -557,6 +592,8 @@ public virtual void Configure(IApplicationBuilder app, IWebHostEnvironment env) | |
_ = app.UseDefaultFiles(); // use index.html | ||
_ = app.UseStaticFiles(); | ||
|
||
_ = app.UseMiddleware<ErrorHandlingMiddleware>(); | ||
VILLAN3LL3 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
AddSwagger(app); | ||
|
||
_ = app.UseEndpoints(endpoints => | ||
|
@@ -622,10 +659,8 @@ protected virtual void EnsureDatabaseMigrations(IApplicationBuilder app) | |
IDataSeeder dataSeeder = services.GetRequiredService<IDataSeeder>(); | ||
dataSeeder.SeedDataAsync().Wait(); | ||
} | ||
catch (Exception ex) | ||
catch (Exception) | ||
{ | ||
ILogger<Startup> logger = services.GetRequiredService<ILogger<Startup>>(); | ||
logger.LogError(ex, "An error occured during database migration"); | ||
throw; | ||
} | ||
} | ||
|
@@ -639,12 +674,12 @@ protected void PreloadTranslationsFromDb(IApplicationBuilder app) | |
ILocalizerCache localizerCache = services.GetRequiredService<ILocalizerCache>(); | ||
_ = localizerCache.LoadTranslations(); | ||
} | ||
catch (Exception ex) | ||
catch (Exception) | ||
{ | ||
ILogger<Startup> logger = services.GetRequiredService<ILogger<Startup>>(); | ||
logger.LogError(ex, "Error during localization of data"); | ||
throw; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. what happens if the throw is removed when this error occurs? |
||
} | ||
} | ||
} | ||
|
||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could it be helpful to have the whole cookie config collected in one place (own method?)