Merge pull request #1 from myusrn/paule96refactorBranch

I refactor a lot of you and our changes

Author: paule96

KK.AspNetCore.EasyAuthAuthentication.sln

@@ -1,4 +1,4 @@
-
+
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
 VisualStudioVersion = 15.0.26124.0

README.md

@@ -106,9 +106,10 @@ For example:
 
 ## Authors
 
-* **Kirsten Kluge** - *Initial work* - [kirkone](https://github.com/kirkone)
-* **paule96** - *Refactoring* - [paule96](https://github.com/paule96)
-* **Christoph Sonntag** - *Made things even more uber* - [Compufreak345](https://github.com/Compufreak345)
+-   **Kirsten Kluge** - _Initial work_ - [kirkone](https://github.com/kirkone)
+-   **paule96** - _Refactoring_ - [paule96](https://github.com/paule96)
+-   **Christoph Sonntag** - _Made things even more uber_ - [Compufreak345](https://github.com/Compufreak345)
+-   **myusrn** - _Dropped some knowledge about making IsInRoles work_ - [myusrn](https://github.com/myusrn)
 
 See also the list of [contributors](https://github.com/kirkone/KK.AspNetCore.EasyAuthAuthentication/graphs/contributors) who participated in this project.
 
@@ -118,4 +119,4 @@ This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md
 
 ## Acknowledgments
 
-* Inspired by this [StackOverflow post](https://stackoverflow.com/a/42402163/6526640) and this [GitHub](https://github.com/lpunderscore/azureappservice-authentication-middleware) repo
+-   Inspired by this [StackOverflow post](https://stackoverflow.com/a/42402163/6526640) and this [GitHub](https://github.com/lpunderscore/azureappservice-authentication-middleware) repo

src/KK.AspNetCore.EasyAuthAuthentication/AuthTokenHeaderNames.cs

@@ -0,0 +1,37 @@
+namespace KK.AspNetCore.EasyAuthAuthentication
+{
+    /// <summary>
+    /// This class contains all header names that are possible to make an authentication.
+    /// The source of the list can find here: https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#retrieve-tokens-in-app-code
+    /// </summary>
+    public static class AuthTokenHeaderNames
+    {
+        #region AzureAd
+        public const string AADIdToken = "X-MS-TOKEN-AAD-ID-TOKEN";
+        public const string AADAccessToken = "X-MS-TOKEN-AAD-ACCESS-TOKEN";
+        public const string AADExpiresOn = "X-MS-TOKEN-AAD-EXPIRES-ON";
+        public const string AADRefreshToken = "X-MS-TOKEN-AAD-REFRESH-TOKEN";
+        #endregion
+        #region Facebook
+        public const string FacebookAccessToken = "X-MS-TOKEN-FACEBOOK-ACCESS-TOKEN";
+        public const string FacebookExpiresOn = "X-MS-TOKEN-FACEBOOK-EXPIRES-ON";
+        #endregion
+        #region Google
+        public const string GoogleIdToken = "X-MS-TOKEN-GOOGLE-ID-TOKEN";
+        public const string GoogleAccessToken = "X-MS-TOKEN-GOOGLE-ACCESS-TOKEN";
+        public const string GoogleExpiresOn = "X-MS-TOKEN-GOOGLE-EXPIRES-ON";
+        public const string GoogleRefreshToken = "X-MS-TOKEN-GOOGLE-REFRESH-TOKEN";
+
+        #endregion
+        #region Microsoft Account
+        public const string MicrosoftAccessToken = "X-MS-TOKEN-MICROSOFTACCOUNT-ACCESS-TOKEN";
+        public const string MicrosoftExpiresOn = "X-MS-TOKEN-MICROSOFTACCOUNT-EXPIRES-ON";
+        public const string MicrosoftAuthenticationToken = "X-MS-TOKEN-MICROSOFTACCOUNT-AUTHENTICATION-TOKEN";
+        public const string MicrosoftRefreshToken = "X-MS-TOKEN-MICROSOFTACCOUNT-REFRESH-TOKEN";
+        #endregion
+        #region Twitter
+        public const string TwitterAccessToken = "X-MS-TOKEN-TWITTER-ACCESS-TOKEN";
+        public const string TwitterAccessTokenSecret = "X-MS-TOKEN-TWITTER-ACCESS-TOKEN-SECRET";
+        #endregion
+    }
+}

src/KK.AspNetCore.EasyAuthAuthentication/AuthenticationTicketBuilder.cs

@@ -0,0 +1,77 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNetCore.Authentication;
+using Newtonsoft.Json.Linq;
+
+namespace KK.AspNetCore.EasyAuthAuthentication
+{
+    public static class AuthenticationTicketBuilder
+    {
+        /// <summary>
+        /// Build a `AuthenticationTicket` from the given payload, the principal name and the provider name
+        /// </summary>
+        /// <param name="claimsPayload">A array of JObjects that have a `type` and a `val` property</param>
+        /// <param name="providerName">The provider name of the current auth provider.</param>
+        /// <returns>A `AuthenticationTicket`</returns>
+        public static AuthenticationTicket Build(IEnumerable<JObject> claimsPayload, string providerName)
+        {
+            var identity = new ClaimsIdentity(
+                createClaims(claimsPayload),
+                // setting ClaimsIdentity.AuthenticationType to value that Azure AD non-EasyAuth setups use
+                AuthenticationTypesNames.Federation
+            );
+
+            addScopeClaim(identity);
+            addProviderNameClaim(identity, providerName);
+            var genericPrincipal = new ClaimsPrincipal(identity);
+
+            return new AuthenticationTicket(genericPrincipal, EasyAuthAuthenticationDefaults.AuthenticationScheme);
+        }
+
+        private static IEnumerable<Claim> createClaims(IEnumerable<JObject> claimsAsJson)
+        {
+            foreach (var claim in claimsAsJson)
+            {
+                var claimType = claim["typ"].ToString();
+                switch (claimType)
+                {
+                    case Schemas.AuthMethod:
+                        foreach (var item in claim["val"].ToString().Split(','))
+                        {
+                            yield return new Claim(ClaimTypes.Authentication, item);
+                        }
+                        break;
+                    case "roles":
+                        foreach (var item in claim["val"].ToString().Split(','))
+                        {
+                            yield return new Claim(ClaimTypes.Role, item);
+                        }
+                        break;
+                    default:
+                        yield return new Claim(claimType, claim["val"].ToString());
+                        break;
+                }
+            }
+        }
+
+        private static void addScopeClaim(ClaimsIdentity identity)
+        {
+            if (!identity.Claims.Any(claim => claim.Type == "scp"))
+            {
+                // We are not sure if we should add this in to match what non-EasyAuth authenticated result would look like
+                // with EasyAuth + Express based application configurations the scope claim will always be `user_impersonation`
+                identity.AddClaim(new Claim("scp", "user_impersonation"));
+            }
+        }
+
+        private static void addProviderNameClaim(ClaimsIdentity identity, string providerName)
+        {
+            if (!identity.Claims.Any(claim => claim.Type == "provider_name"))
+            {
+                identity.AddClaim(new Claim("provider_name", providerName));
+            }
+        }
+    }
+}

src/KK.AspNetCore.EasyAuthAuthentication/AuthenticationTypesNames.cs

@@ -0,0 +1,18 @@
+namespace KK.AspNetCore.EasyAuthAuthentication
+{
+    /// <summary>
+    /// This class contains all Authentication type names.
+    /// Source of this is: https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.authenticationtypes?view=netframework-4.7.2
+    /// </summary>
+    public class AuthenticationTypesNames
+    {
+        public const string Basic = "AuthenticationTypes.Basic";
+        public const string Federation = "AuthenticationTypes.Federation";
+        public const string Kerberos = "AuthenticationTypes.Kerberos";
+        public const string Negotiate = "AuthenticationTypes.Negotiate";
+        public const string Password = "AuthenticationTypes.Password";
+        public const string Signature = "AuthenticationTypes.Signature";
+        public const string Windows = "AuthenticationTypes.Windows";
+        public const string X509 = "AuthenticationTypes.X509";
+    }
+}