From 62c14b8cb87135d2c2bbb86b6bbb480be6a91bbd Mon Sep 17 00:00:00 2001 From: Syndamia Date: Fri, 11 Dec 2020 21:06:18 +0200 Subject: Added very simple and insecure roles --- API/Controllers/UserController.cs | 5 ++++- API/Migrations/DevHiveContextModelSnapshot.cs | 6 ++++++ API/Service/UserService.cs | 11 +++-------- 3 files changed, 13 insertions(+), 9 deletions(-) (limited to 'API') diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs index 8c7a3c3..5b47f1c 100644 --- a/API/Controllers/UserController.cs +++ b/API/Controllers/UserController.cs @@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Authorization; namespace API.Controllers { + [Authorize] [ApiController] [Route("/api/[controller]")] public class UserController: ControllerBase @@ -20,6 +21,7 @@ namespace API.Controllers this._service = new UserService(context, mapper); } + [AllowAnonymous] [HttpPost] [Route("login")] public async Task Login([FromBody] UserDTO userDTO) @@ -29,6 +31,7 @@ namespace API.Controllers //Create + [AllowAnonymous] [HttpPost] public async Task Create([FromBody] UserDTO userDTO) { @@ -36,8 +39,8 @@ namespace API.Controllers } //Read - [Authorize] [HttpGet] + [Authorize(Roles = "Admin")] public async Task GetById(int id) { return await this._service.GetUserById(id); diff --git a/API/Migrations/DevHiveContextModelSnapshot.cs b/API/Migrations/DevHiveContextModelSnapshot.cs index eb9d6a4..56b50d9 100644 --- a/API/Migrations/DevHiveContextModelSnapshot.cs +++ b/API/Migrations/DevHiveContextModelSnapshot.cs @@ -126,6 +126,9 @@ namespace API.Migrations b.Property("ProfilePicture") .HasColumnType("text"); + b.Property("Role") + .HasColumnType("text"); + b.Property("SecurityStamp") .HasColumnType("text"); @@ -146,6 +149,9 @@ namespace API.Migrations .IsUnique() .HasDatabaseName("UserNameIndex"); + b.HasIndex("UserName") + .IsUnique(); + b.ToTable("AspNetUsers"); }); diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs index 5d59f61..48f6c6e 100644 --- a/API/Service/UserService.cs +++ b/API/Service/UserService.cs @@ -18,8 +18,6 @@ namespace API.Service private readonly UserDbRepository _userDbRepository; private readonly IMapper _userMapper; - private static Random rnd = new Random(); // FOR TESTING PURPOSES ONLY - public UserService(DevHiveContext context, IMapper mapper) { this._userDbRepository = new UserDbRepository(context); @@ -33,18 +31,15 @@ namespace API.Service User user = this._userMapper.Map(userDTO); - - - - // Key generation - var key = Encoding.ASCII.GetBytes(")H@McQfTB?E(H+Mb8x/A?D(Gr4u7x!A%WnZr4t7weThWmZq4KbPeShVm*G-KaPdSz%C*F-Ja6w9z$C&F"); //Startup.Configuration.GetSection("AppSettings").GetValue("Secret", "bruh")); + // Temporary, TODO: get key from appsettings + var key = Encoding.ASCII.GetBytes(")H@McQfTB?E(H+Mb8x/A?D(Gr4u7x!A%WnZr4t7weThWmZq4KbPeShVm*G-KaPdSz%C*F-Ja6w9z$C&F"); var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { - new Claim(ClaimTypes.Name, user.Id.ToString()) + new Claim(ClaimTypes.Role, user.Role) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) -- cgit v1.2.3