cleanup the long development

Co-authored-by: Kirsten Kluge <live@kirk.one>

Author: paule96

src/KK.AspNetCore.EasyAuthAuthentication/EasyAuthAuthenticationExtensions.cs

@@ -29,7 +29,7 @@ public static AuthenticationBuilder AddEasyAuth(this AuthenticationBuilder build
         /// <param name="authenticationScheme">The schema for the Easy Auth handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static AuthenticationBuilder AddEasyAuth(this AuthenticationBuilder builder, string authenticationScheme)
-            => builder.AddEasyAuth(authenticationScheme, configureOptions: (d) => {});
+            => builder.AddEasyAuth(authenticationScheme, configureOptions: (d) => { });
 
         /// <summary>
         /// Adds the <see cref="EasyAuthAuthenticationHandler"/> for authentication.
@@ -86,26 +86,25 @@ public static AuthenticationBuilder AddEasyAuth(
             string displayName)
         {
             var options = new EasyAuthAuthenticationOptions
-            {
-                AuthEndpoint = configuration.GetValue<string>("easyAuthOptions:AuthEndpoint"),                
+            {                
                 ProviderOptions = configuration
-                .GetSection("easyAuthOptions:providerOptions")
-                .GetChildren()
-                .Select(d =>
-                {
-                    var name = d.GetValue<string>("ProviderName");
-                    var providerOptions = new ProviderOptions(name);
-                    d.Bind(providerOptions);
-                    return providerOptions;
-                }).ToList()
-            };
-            if (string.IsNullOrWhiteSpace(options.AuthEndpoint))
-            {
-                throw new ArgumentNullException("The 'AuthEndpoint' in the configuraiton for easy auth can't be empty! please add the setting to your configuration providers.");
-            }
+                    .GetSection("easyAuthOptions:providerOptions")
+                    .GetChildren()
+                    .Select(d =>
+                    {
+                        var name = d.GetValue<string>("ProviderName");
+                        var providerOptions = new ProviderOptions(name);
+                        d.Bind(providerOptions);
+                        return providerOptions;
+                    }).ToList(),
+                LocalProviderOption = configuration
+                    .GetSection("easyAuthOptions:localProviderOption")
+                    .Get<LocalProviderOption>()
+                    
+            };            
             return builder.AddEasyAuth(authenticationScheme, displayName, o =>
             {
-                o.AuthEndpoint = options.AuthEndpoint;
+                o.LocalProviderOption = options.LocalProviderOption;
                 o.ProviderOptions = options.ProviderOptions;
             });
         }
@@ -119,9 +118,9 @@ public static AuthenticationBuilder AddEasyAuth(
         /// <param name="configureOptions">A callback to configure <see cref="EasyAuthAuthenticationOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static AuthenticationBuilder AddEasyAuth(
-            this AuthenticationBuilder builder, 
-            string authenticationScheme, 
-            string displayName, 
+            this AuthenticationBuilder builder,
+            string authenticationScheme,
+            string displayName,
             Action<EasyAuthAuthenticationOptions> configureOptions)
         {
             var allAuthServicesToRegister = AppDomain.CurrentDomain.GetAssemblies().SelectMany(x => x.GetTypes())

src/KK.AspNetCore.EasyAuthAuthentication/EasyAuthAuthenticationHandler.cs

@@ -28,8 +28,7 @@ public class EasyAuthAuthenticationHandler : AuthenticationHandler<EasyAuthAuthe
         private static Func<IHeaderDictionary, ClaimsPrincipal, HttpRequest, EasyAuthAuthenticationOptions, bool> CanUseEasyAuthJson =
             (headers, user, request, options) =>
                 IsContextUserNotAuthenticated(user)
-                && !IsHeaderSet(headers, AuthTokenHeaderNames.AADIdToken)
-                && request.Path != "/" + $"{options.AuthEndpoint}";
+                && !IsHeaderSet(headers, AuthTokenHeaderNames.AADIdToken);
 
         private readonly IEnumerable<IEasyAuthAuthentificationService> authenticationServices;
         private readonly IConfiguration appConfiguration;
@@ -87,7 +86,12 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
             }
             else if (CanUseEasyAuthJson(this.Context.Request.Headers, this.Context.User, this.Context.Request, this.Options))
             {
-                return await EasyAuthWithAuthMeService.AuthUser(this.Logger, this.Context, this.Options);
+                var service = new LocalAuthMeService(this.Logger,
+                    this.Context.Request.Scheme,
+                    this.Context.Request.Host.ToString(),
+                    this.Context.Request.Cookies,
+                    this.Context.Request.Headers);
+                return await service.AuthUser(this.Context, this.Options.LocalProviderOption);
             }
             else
             {

src/KK.AspNetCore.EasyAuthAuthentication/EasyAuthAuthenticationOptions.cs

@@ -1,4 +1,4 @@
-namespace KK.AspNetCore.EasyAuthAuthentication
+namespace KK.AspNetCore.EasyAuthAuthentication
 {
     using System;
     using System.Collections;
@@ -13,17 +13,14 @@
     /// </summary>
     public class EasyAuthAuthenticationOptions : AuthenticationSchemeOptions
     {
-        /// <summary>
-        /// The endpoint where to look for the <c>JSON</c> with the authentification information.
-        /// </summary>
-        /// <value>A relative path to the <c>wwwroot</c> folder.</value>
-        public string AuthEndpoint { get; set; } = ".auth/me";
 
         /// <summary>
         /// A list of all provider options that should be used by easy auth.
         /// </summary>
         public IList<ProviderOptions> ProviderOptions { get; set; } = new List<ProviderOptions>();
 
+        public LocalProviderOption? LocalProviderOption { get; set; } = null;
+
         /// <summary>
         /// Adds a new options object to the provider pipeline.
         /// It will replace exsisting options for the same provider. So be shure what you do.

src/KK.AspNetCore.EasyAuthAuthentication/Interfaces/IEasyAuthAuthentificationService.cs

@@ -21,15 +21,15 @@ public interface IEasyAuthAuthentificationService
         /// Try to create a <see cref="AuthenticateResult"/> out of the <see cref="HttpContext"/> from the incomming request.
         /// </summary>
         /// <param name="context">The <see cref="HttpContext"/> of the http request.</param>        
-        /// <returns>If the user can be authentificated it will returend a full <see cref="AuthenticateResult"/>. If not this will return a <see cref="AuthenticateResult.Fail(string)"/> result. (only the <see cref="EasyAuthWithAuthMeService"/> can return this.</returns>
+        /// <returns>If the user can be authentificated it will returend a full <see cref="AuthenticateResult"/>. If not this will return a <see cref="AuthenticateResult.Fail(string)"/> result. (only the <see cref="LocalAuthMeService"/> can return this.</returns>
         AuthenticateResult AuthUser(HttpContext context);
 
         /// <summary>
         /// Try to create a <see cref="AuthenticateResult"/> out of the <see cref="HttpContext"/> from the incomming request.
         /// </summary>
         /// <param name="context">The <see cref="HttpContext"/> of the http request.</param>
         /// <param name="options">The <see cref="ProviderOptions"/> that can change the behavior of the <see cref="AuthUser(HttpContext, ProviderOptions)"/> method.</param>
-        /// <returns>If the user can be authentificated it will returend a full <see cref="AuthenticateResult"/>. If not this will return a <see cref="AuthenticateResult.Fail(string)"/> result. (only the <see cref="EasyAuthWithAuthMeService"/> can return this.</returns>
+        /// <returns>If the user can be authentificated it will returend a full <see cref="AuthenticateResult"/>. If not this will return a <see cref="AuthenticateResult.Fail(string)"/> result. (only the <see cref="LocalAuthMeService"/> can return this.</returns>
         AuthenticateResult AuthUser(HttpContext context, ProviderOptions options);
     }
 }

src/KK.AspNetCore.EasyAuthAuthentication/Models/LocalProviderOption.cs

@@ -0,0 +1,61 @@
+namespace KK.AspNetCore.EasyAuthAuthentication.Models
+{
+    using System;
+    using System.Collections.Generic;
+    using System.Text;
+    using KK.AspNetCore.EasyAuthAuthentication.Services;
+
+    public class LocalProviderOption
+    {
+        public LocalProviderOption()
+        {
+            this.AuthEndpoint = string.Empty;
+            this.NameClaimType =string.Empty;
+            this.RoleClaimType = string.Empty;
+        }
+        public LocalProviderOption(string authEndpoint, string nameClaimType, string roleClaimType)
+        {
+            this.AuthEndpoint = authEndpoint;
+            this.NameClaimType = nameClaimType;
+            this.RoleClaimType = roleClaimType;
+        }
+        /// <summary>
+        /// The endpoint where to look for the <c>JSON</c> with the authentification information.
+        /// </summary>
+        /// <value>A relative path to the <c>wwwroot</c> folder.</value>
+        public string AuthEndpoint { get; set; }
+        public string NameClaimType { get; set; }
+        public string RoleClaimType { get; set; }
+
+        /// <summary>
+        /// That would change the defined options of the current provider options object.
+        /// </summary>
+        /// <param name="options">The provider options model with the new options.</param>
+        public void ChangeModel(LocalProviderOption? options)
+        {
+            if (options == null)
+            {
+                return;
+            }
+            else
+            {
+                if (!string.IsNullOrWhiteSpace(options.NameClaimType))
+                {
+                    this.NameClaimType = options.NameClaimType;
+                }
+
+                if (!string.IsNullOrWhiteSpace(options.RoleClaimType))
+                {
+                    this.RoleClaimType = options.RoleClaimType;
+                }
+
+                if (!string.IsNullOrWhiteSpace(options.AuthEndpoint))
+                {
+                    this.AuthEndpoint = options.AuthEndpoint;
+                }
+            }
+        }
+
+        public ProviderOptions GetProviderOptions() => new ProviderOptions(typeof(LocalAuthMeService).Name, this.NameClaimType, this.RoleClaimType);
+    }
+}

…on/Services/EasyAuthWithAuthMeService.cs …ntication/Services/LocalAuthMeService.cssrc/KK.AspNetCore.EasyAuthAuthentication/Services/EasyAuthWithAuthMeService.cs renamed to src/KK.AspNetCore.EasyAuthAuthentication/Services/LocalAuthMeService.cs src/KK.AspNetCore.EasyAuthAuthentication/Services/EasyAuthWithAuthMeService.cs renamed to src/KK.AspNetCore.EasyAuthAuthentication/Services/LocalAuthMeService.cs

@@ -5,6 +5,7 @@ namespace KK.AspNetCore.EasyAuthAuthentication.Services
     using System.Linq;
     using System.Net;
     using System.Net.Http;
+    using System.Security.Claims;
     using System.Threading.Tasks;
     using KK.AspNetCore.EasyAuthAuthentication.Models;
     using Microsoft.AspNetCore.Authentication;
@@ -13,32 +14,30 @@ namespace KK.AspNetCore.EasyAuthAuthentication.Services
     using Newtonsoft.Json;
     using Newtonsoft.Json.Linq;
 
-    internal class EasyAuthWithAuthMeService
+    internal class LocalAuthMeService
     {
-        private EasyAuthWithAuthMeService(
+        public LocalAuthMeService(
             ILogger logger,
             string httpSchema,
             string host,
             IRequestCookieCollection cookies,
-            IHeaderDictionary headers,
-            EasyAuthAuthenticationOptions options)
+            IHeaderDictionary headers)
         {
             this.HttpSchema = httpSchema;
             this.Host = host;
             this.Cookies = cookies;
             this.Headers = headers;
-            this.Options = options;
             this.Logger = logger;
         }
 
+        private readonly LocalProviderOption defaultOptions = new LocalProviderOption(".auth/me.json", ClaimTypes.Name, ClaimTypes.Role);
+
         private string Host { get; }
 
         private IRequestCookieCollection Cookies { get; }
 
         private IHeaderDictionary Headers { get; }
 
-        private EasyAuthAuthenticationOptions Options { get; }
-
         private ILogger Logger { get; }
 
         private string HttpSchema { get; }
@@ -51,22 +50,15 @@ private EasyAuthWithAuthMeService(
         /// <param name="context">The http context with the missing user claim.</param>
         /// <param name="options">The <c>EasyAuthAuthenticationOptions</c> to use.</param>
         /// <returns>An <see cref="AuthenticateResult" />.</returns>
-        public static async Task<AuthenticateResult> AuthUser(ILogger logger, HttpContext context, EasyAuthAuthenticationOptions options)
+        public async Task<AuthenticateResult> AuthUser(HttpContext context, LocalProviderOption? options)
         {
+            this.defaultOptions.ChangeModel(options);
             try
             {
-                var authService = new EasyAuthWithAuthMeService(
-                    logger,
-                    context.Request.Scheme,
-                    context.Request.Host.ToString(),
-                    context.Request.Cookies,
-                    context.Request.Headers,
-                    options);
-
-                var ticket = await authService.CreateUserTicket();
-                logger.LogInformation("Set identity to user context object.");
+                var ticket = await this.CreateUserTicket();
+                this.Logger.LogInformation("Set identity to user context object.");
                 context.User = ticket.Principal;
-                logger.LogInformation("identity build was a success, returning ticket");
+                this.Logger.LogInformation("identity build was a success, returning ticket");
                 return AuthenticateResult.Success(ticket);
             }
             catch (Exception ex)
@@ -84,7 +76,6 @@ private async Task<AuthenticationTicket> CreateUserTicket()
 
             // build up identity from json...
             var ticket = this.BuildIdentityFromEasyAuthMeJson((JObject)payload[0]);
-
             this.Logger.LogInformation("Set identity to user context object.");
             return ticket;
         }
@@ -98,7 +89,7 @@ private AuthenticationTicket BuildIdentityFromEasyAuthMeJson(JObject payload)
             return AuthenticationTicketBuilder.Build(
                     JsonConvert.DeserializeObject<IEnumerable<AADClaimsModel>>(payload["user_claims"].ToString()),
                     providerName,
-                    this.Options.ProviderOptions.First(d => d.ProviderName == typeof(EasyAuthWithAuthMeService).Name)
+                    this.defaultOptions.GetProviderOptions()
                 );
         }
 
@@ -108,6 +99,7 @@ private async Task<JArray> GetAuthMe(HttpClientHandler handler, HttpRequestMessa
             using (var client = new HttpClient(handler))
             {
                 var response = await client.SendAsync(httpRequest);
+                
                 if (!response.IsSuccessStatusCode)
                 {
                     this.Logger.LogDebug("auth endpoint was not successful. Status code: {0}, reason {1}", response.StatusCode, response.ReasonPhrase);
@@ -132,7 +124,7 @@ private async Task<JArray> GetAuthMe(HttpClientHandler handler, HttpRequestMessa
 
         private HttpRequestMessage CreateAuthRequest(ref CookieContainer cookieContainer)
         {
-            this.Logger.LogInformation($"identity not found, attempting to fetch from auth endpoint '/{this.Options.AuthEndpoint}'");
+            this.Logger.LogInformation($"identity not found, attempting to fetch from auth endpoint '/{this.defaultOptions.AuthEndpoint}'");
 
             var uriString = $"{this.HttpSchema}://{this.Host}";
 
@@ -152,13 +144,13 @@ private HttpRequestMessage CreateAuthRequest(ref CookieContainer cookieContainer
 
             // fetch value from endpoint
             string authMeEndpoint;
-            if (this.Options.AuthEndpoint.StartsWith("http"))
+            if (this.defaultOptions.AuthEndpoint.StartsWith("http"))
             {
-                authMeEndpoint = this.Options.AuthEndpoint; // enable pulling from places like storage account private blob container
+                authMeEndpoint = this.defaultOptions.AuthEndpoint; // enable pulling from places like storage account private blob container
             }
             else
             {
-                authMeEndpoint = $"{uriString}/{this.Options.AuthEndpoint}"; // localhost relative path, e.g. wwwroot/.auth/me.json
+                authMeEndpoint = $"{uriString}/{this.defaultOptions.AuthEndpoint}"; // localhost relative path, e.g. wwwroot/.auth/me.json
             }
 
             var request = new HttpRequestMessage(HttpMethod.Get, authMeEndpoint);

test/KK.AspNetCore.EasyAuthAuthentication.Test/EasyAuthAuthenticationHandlerTest.cs

@@ -146,6 +146,7 @@ public async Task DontCallTheFallBackIfTheRequestUrlEqualsTheAuthEndPoint()
             var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
+            options.LocalProviderOption = new LocalProviderOption(".auth/me", string.Empty, string.Empty);
 
 
             var services = new ServiceCollection().AddOptions()
@@ -159,7 +160,7 @@ public async Task DontCallTheFallBackIfTheRequestUrlEqualsTheAuthEndPoint()
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
             var context = new DefaultHttpContext();            
 
-            context.Request.Path = "/" + options.AuthEndpoint;
+            context.Request.Path = "/" + options.LocalProviderOption.AuthEndpoint;
             // Act
             await handler.InitializeAsync(schema, context);
             var result = await handler.AuthenticateAsync();