JWT Working like a charm

author: transtrike <transtrike@gmail.com> 2021-02-28 10:31:37 +0200
committer: transtrike <transtrike@gmail.com> 2021-02-28 10:31:37 +0200
commit: e4331fe503547df8f17095540cbd4170bbaf2b25 (patch)
tree: d78b152b918ecd244652d6aaef91dea8f9a2857d /src/Common/DevHive.Common
parent: 83ae76a1b93c91cf7cfb5fc9ea1ef728ee47c839 (diff)
download: DevHive-e4331fe503547df8f17095540cbd4170bbaf2b25.tar
DevHive-e4331fe503547df8f17095540cbd4170bbaf2b25.tar.gz
DevHive-e4331fe503547df8f17095540cbd4170bbaf2b25.zip
2 files changed, 14 insertions, 5 deletions
diff --git a/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs b/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs
index d2f1756..6f844f5 100644
--- a/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs
+++ b/src/Common/DevHive.Common/Jwt/Interfaces/IJwtService.cs
@@ -6,6 +6,6 @@ namespace DevHive.Common.Jwt.Interfaces
 	public interface IJwtService
 	{
 		string GenerateJwtToken(Guid userId, string username, List<string> roleNames);
-		bool ValidateToken(string authToken);
+		bool ValidateToken(Guid userId, string rawToken);
 	}
 }
diff --git a/src/Common/DevHive.Common/Jwt/JwtService.cs b/src/Common/DevHive.Common/Jwt/JwtService.cs
index 677353a..a0c49db 100644
--- a/src/Common/DevHive.Common/Jwt/JwtService.cs
+++ b/src/Common/DevHive.Common/Jwt/JwtService.cs
@@ -2,6 +2,7 @@ using System;
 using System.Buffers.Text;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
 using System.Text;
@@ -52,15 +53,23 @@ namespace DevHive.Common.Jwt
 			return tokenHandler.WriteToken(token);
 		}
 
-		public bool ValidateToken(string authToken)
+		public bool ValidateToken(Guid userId, string rawToken)
 		{
 			var tokenHandler = new JwtSecurityTokenHandler();
 			var validationParameters = GetValidationParameters();
+			string actualToken = rawToken.Remove(0, 7);
 
-			//Validate edge case where user can delete other users
+			IPrincipal principal = tokenHandler.ValidateToken(actualToken, validationParameters, out SecurityToken validatedToken);
+			JwtSecurityToken jwtToken = tokenHandler.ReadJwtToken(actualToken);
 
-			IPrincipal principal = tokenHandler.ValidateToken(authToken.Remove(0, 7), validationParameters, out _);
-			return principal.Identity.IsAuthenticated;
+			if (!principal.Identity.IsAuthenticated)
+				return false;
+			else if (principal.IsInRole("Admin"))
+				return true;
+			else if (jwtToken.Claims.FirstOrDefault(x => x.Type == "ID").Value != userId.ToString())
+				return false;
+			else
+				return true;
 		}
 
 		private TokenValidationParameters GetValidationParameters()
author	transtrike <transtrike@gmail.com>	2021-02-28 10:31:37 +0200
committer	transtrike <transtrike@gmail.com>	2021-02-28 10:31:37 +0200
commit	e4331fe503547df8f17095540cbd4170bbaf2b25 (patch)
tree	d78b152b918ecd244652d6aaef91dea8f9a2857d /src/Common/DevHive.Common
parent	83ae76a1b93c91cf7cfb5fc9ea1ef728ee47c839 (diff)
download	DevHive-e4331fe503547df8f17095540cbd4170bbaf2b25.tar DevHive-e4331fe503547df8f17095540cbd4170bbaf2b25.tar.gz DevHive-e4331fe503547df8f17095540cbd4170bbaf2b25.zip