diff options
| author | Syndamia <kamen.d.mladenov@protonmail.com> | 2020-12-11 21:06:18 +0200 |
|---|---|---|
| committer | Syndamia <kamen.d.mladenov@protonmail.com> | 2020-12-11 21:06:18 +0200 |
| commit | 62c14b8cb87135d2c2bbb86b6bbb480be6a91bbd (patch) | |
| tree | fdf73e647b448e179d87edcfc0beb450f390d7ee | |
| parent | 09aeb13a95ab573b05813ba563c322e854540c3e (diff) | |
| download | DevHive-62c14b8cb87135d2c2bbb86b6bbb480be6a91bbd.tar DevHive-62c14b8cb87135d2c2bbb86b6bbb480be6a91bbd.tar.gz DevHive-62c14b8cb87135d2c2bbb86b6bbb480be6a91bbd.zip | |
Added very simple and insecure roles
| -rw-r--r-- | API/Controllers/UserController.cs | 5 | ||||
| -rw-r--r-- | API/Migrations/DevHiveContextModelSnapshot.cs | 6 | ||||
| -rw-r--r-- | API/Service/UserService.cs | 11 | ||||
| -rw-r--r-- | Data/Models/Classes/User.cs | 4 | ||||
| -rw-r--r-- | Data/Models/DTOs/UserDTO.cs | 3 |
5 files changed, 18 insertions, 11 deletions
diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs index 8c7a3c3..5b47f1c 100644 --- a/API/Controllers/UserController.cs +++ b/API/Controllers/UserController.cs @@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Authorization; namespace API.Controllers { + [Authorize] [ApiController] [Route("/api/[controller]")] public class UserController: ControllerBase @@ -20,6 +21,7 @@ namespace API.Controllers this._service = new UserService(context, mapper); } + [AllowAnonymous] [HttpPost] [Route("login")] public async Task<IActionResult> Login([FromBody] UserDTO userDTO) @@ -29,6 +31,7 @@ namespace API.Controllers //Create + [AllowAnonymous] [HttpPost] public async Task<IActionResult> Create([FromBody] UserDTO userDTO) { @@ -36,8 +39,8 @@ namespace API.Controllers } //Read - [Authorize] [HttpGet] + [Authorize(Roles = "Admin")] public async Task<IActionResult> GetById(int id) { return await this._service.GetUserById(id); diff --git a/API/Migrations/DevHiveContextModelSnapshot.cs b/API/Migrations/DevHiveContextModelSnapshot.cs index eb9d6a4..56b50d9 100644 --- a/API/Migrations/DevHiveContextModelSnapshot.cs +++ b/API/Migrations/DevHiveContextModelSnapshot.cs @@ -126,6 +126,9 @@ namespace API.Migrations b.Property<string>("ProfilePicture") .HasColumnType("text"); + b.Property<string>("Role") + .HasColumnType("text"); + b.Property<string>("SecurityStamp") .HasColumnType("text"); @@ -146,6 +149,9 @@ namespace API.Migrations .IsUnique() .HasDatabaseName("UserNameIndex"); + b.HasIndex("UserName") + .IsUnique(); + b.ToTable("AspNetUsers"); }); diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs index 5d59f61..48f6c6e 100644 --- a/API/Service/UserService.cs +++ b/API/Service/UserService.cs @@ -18,8 +18,6 @@ namespace API.Service private readonly UserDbRepository _userDbRepository; private readonly IMapper _userMapper; - private static Random rnd = new Random(); // FOR TESTING PURPOSES ONLY - public UserService(DevHiveContext context, IMapper mapper) { this._userDbRepository = new UserDbRepository(context); @@ -33,18 +31,15 @@ namespace API.Service User user = this._userMapper.Map<User>(userDTO); - - - - // Key generation - var key = Encoding.ASCII.GetBytes(")H@McQfTB?E(H+Mb8x/A?D(Gr4u7x!A%WnZr4t7weThWmZq4KbPeShVm*G-KaPdSz%C*F-Ja6w9z$C&F"); //Startup.Configuration.GetSection("AppSettings").GetValue("Secret", "bruh")); + // Temporary, TODO: get key from appsettings + var key = Encoding.ASCII.GetBytes(")H@McQfTB?E(H+Mb8x/A?D(Gr4u7x!A%WnZr4t7weThWmZq4KbPeShVm*G-KaPdSz%C*F-Ja6w9z$C&F"); var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { - new Claim(ClaimTypes.Name, user.Id.ToString()) + new Claim(ClaimTypes.Role, user.Role) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) diff --git a/Data/Models/Classes/User.cs b/Data/Models/Classes/User.cs index 525d725..50ceb1e 100644 --- a/Data/Models/Classes/User.cs +++ b/Data/Models/Classes/User.cs @@ -59,7 +59,9 @@ namespace Data.Models.Classes this._profilePicture = value; } } - + + public string Role { get; set; } + // public List<User> Friends { get; set; } /// <summary> diff --git a/Data/Models/DTOs/UserDTO.cs b/Data/Models/DTOs/UserDTO.cs index d6d3d15..f80c66c 100644 --- a/Data/Models/DTOs/UserDTO.cs +++ b/Data/Models/DTOs/UserDTO.cs @@ -6,5 +6,6 @@ namespace Data.Models.DTOs public string Email { get; set; } public string FirstName { get; set; } public string LastName { get; set; } + public string Role { get; set;} } -}
\ No newline at end of file +} |