Fix mising username in json mode

- set the source for the user name to ClaimTypes.Upn

Co-authored-by: Norbert Baum <mail@norbert-baum.de>

+semver: fix

Author: kirkone

src/KK.AspNetCore.EasyAuthAuthentication/AuthenticationTicketBuilder.cs

@@ -12,17 +12,21 @@ internal static class AuthenticationTicketBuilder
         /// Build a `AuthenticationTicket` from the given payload, the principal name and the provider name.
         /// </summary>
         /// <param name="claimsPayload">A array of JObjects that have a `type` and a `val` property.</param>
+        /// <param name="userid">The user ID of the current user.</param>
         /// <param name="providerName">The provider name of the current auth provider.</param>
         /// <returns>A `AuthenticationTicket`.</returns>
-        public static AuthenticationTicket Build(IEnumerable<JObject> claimsPayload, string providerName)
+        public static AuthenticationTicket Build(IEnumerable<JObject> claimsPayload, string userid, string providerName)
         {
             // setting ClaimsIdentity.AuthenticationType to value that Azure AD non-EasyAuth setups use
             var identity = new ClaimsIdentity(
                 CreateClaims(claimsPayload),
-                AuthenticationTypesNames.Federation
+                AuthenticationTypesNames.Federation,
+                ClaimTypes.Upn,
+                ClaimTypes.Role
             );
 
             AddScopeClaim(identity);
+            AddUserIdClaim(identity, userid);
             AddProviderNameClaim(identity, providerName);
             var genericPrincipal = new ClaimsPrincipal(identity);
 
@@ -74,5 +78,13 @@ private static void AddProviderNameClaim(ClaimsIdentity identity, string provide
                 identity.AddClaim(new Claim("provider_name", providerName));
             }
         }
+        
+        private static void AddUserIdClaim(ClaimsIdentity identity, string userid)
+        {
+            if (!identity.Claims.Any(claim => claim.Type == ClaimTypes.Upn))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Upn, userid));
+            }
+        }
     }
-}
+}

src/KK.AspNetCore.EasyAuthAuthentication/Services/EasyAuthWithAuthMeService.cs

@@ -91,14 +91,17 @@ private async Task<AuthenticationTicket> CreateUserTicket()
 
         private AuthenticationTicket BuildIdentityFromEasyAuthMeJson(JObject payload)
         {
-            var name = payload["user_id"].Value<string>(); // X-MS-CLIENT-PRINCIPAL-NAME
-            this.Logger.LogDebug($"payload was fetched from easyauth me json, name: {name}");
-
-            var identity = new GenericIdentity(name, AuthenticationTypesNames.Federation); // setting ClaimsIdentity.AuthenticationType to value that azuread non-easyauth setups use
+            var userid = payload["user_id"].Value<string>();
+            this.Logger.LogDebug($"payload was fetched from easyauth me json, name: {userid}");
+            var providerName = payload["provider_name"].Value<string>();
+            this.Logger.LogDebug($"payload was fetched from easyauth me json, provider: {providerName}");
 
             this.Logger.LogInformation("building claims from payload...");
-            var providerName = payload["provider_name"].Value<string>();
-            return AuthenticationTicketBuilder.Build(payload["user_claims"].Children<JObject>(), providerName);
+            return AuthenticationTicketBuilder.Build(
+                    payload["user_claims"].Children<JObject>(),
+                    userid,
+                    providerName
+                );
         }
 
         private async Task<JArray> GetAuthMe(HttpClientHandler handler, HttpRequestMessage httpRequest)
@@ -179,4 +182,4 @@ private HttpClientHandler CreateHandler(ref CookieContainer cookieContainer)
             return handler;
         }
     }
-}
+}

src/KK.AspNetCore.EasyAuthAuthentication/Services/EasyAuthWithHeaderService.cs

@@ -45,20 +45,21 @@ public static AuthenticateResult AuthUser(ILogger logger, HttpContext context)
 
         private AuthenticationTicket BuildIdentityFromEasyAuthRequestHeaders()
         {
-            var name = this.Headers[PrincipalNameHeader][0];
-            this.Logger.LogDebug($"payload was fetched from EasyAuth headers, name: {name}");
+            var userid = this.Headers[PrincipalNameHeader][0];
+            this.Logger.LogDebug($"payload was fetched from EasyAuth headers, name: {userid}");
+            var providerName = this.Headers[PrincipalIdpHeaderName][0];
+            this.Logger.LogDebug($"payload was fetched from easyauth me json, provider: {providerName}");
 
             this.Logger.LogInformation("building claims from payload...");
             var xMsClientPrincipal = JObject.Parse(
-                                        Encoding.UTF8.GetString(
-                                            Convert.FromBase64String(this.Headers[PrincipalObjectHeader][0])
-                                        )
-                                    );
+                        Encoding.UTF8.GetString(
+                            Convert.FromBase64String(this.Headers[PrincipalObjectHeader][0])
+                        )
+                    );
 
             var claims = xMsClientPrincipal["claims"].Children<JObject>();
-            var providerName = this.Headers[PrincipalIdpHeaderName][0];
 
-            return AuthenticationTicketBuilder.Build(claims, providerName);
+            return AuthenticationTicketBuilder.Build(claims, userid, providerName);
         }
     }
-}
+}