kamacharovs / aiof-auth Goto Github PK
View Code? Open in Web Editor NEWAll in one finance authentication API
License: MIT License
All in one finance authentication API
License: MIT License
Cannot enable a disabled Client
Reproduction steps
Root cause analysis
The root cause of this is the query filter applied to on the context level. A disabled client is not returned because the query filter is applied on the get
level (when you try to get a client to see if they exist, also why we see the 404 returned).
Move TokenType
enum from TokenRequest.cs
to Constants.cs
. All this is in the aiof.auth.data
project
Source
aiof-auth/aiof.auth.data/TokenRequest.cs
Lines 72 to 77 in 638a8de
Destination
Right after the TokenStatus
enum in Constants.cs
aiof-auth/aiof.auth.data/Constants.cs
Lines 116 to 121 in 638a8de
Overview
Add support for multiple roles for a user in the JWT. This will include a database changes - schema, etc.
For example, the roles
object in the JWT should look like this
{
"iss": "https://www.jerriepelser.com",
"aud": "blog-readers",
"sub": "123456",
"exp": 1499863217,
"roles": [ "Admin", "SuperUser" ]
}
Use it as [Authorize(Roles = "")]
public class ValuesController : Controller
{
[Authorize(Roles = "Admin")]
[HttpGet("ping/admin")]
public string PingAdmin()
{
return "Pong";
}
}
Current
The User and Client entities have a RoleId reference (as a foreign key) to the Role entity. This is a one-to-one relationship
Solution
Remove the current relationship between the User, Client and Role entities. Create 2 new entities - UserRole and ClientRole. These will store a one-to-many relationship between a UserId / ClientId and RoleId
Task breakdown
When all tasks are completed, then this will reach the definition of done
UserRole
entity that stores UserId
and RoleId
. Foreign keys from User
and Role
entitiesClientRole
entity that stores ClientId
and RoleId
. Foreign keys from Client
and Role
entitiesUserRole
and ClientRole
entities and PostgreSQL tablesRoleId
from User
entityRoleId
from Client
entityGeneral improvements to the aiof-auth
microservice
aiof-asset
Use FluentValidator RuleSets for TokenRequestValidator. There are a few scenarios that we generate token through
aiof-auth/aiof.auth.data/Validators/TokenRequestValidator.cs
Lines 7 to 49 in 638a8de
An example of how FluentValidator RuleSets are used is in aiof-asset
microservice
public AssetDtoValidator(AssetContext context)
{
ValidatorOptions.Global.CascadeMode = CascadeMode.Stop;
_context = context ?? throw new ArgumentNullException(nameof(context));
RuleSet(Constants.AddRuleSet, () => { SetAddRules(); });
RuleSet(Constants.AddStockRuleSet, () => { SetAddRules(); });
RuleSet(Constants.UpdateRuleSet, () => { SetUpdateRules(); });
RuleSet(Constants.UpdateStockRuleSet, () => { SetUpdateRules(); });
}
public void SetAddRules()
{
RuleFor(x => x.Name)
.NotEmpty()
.MaximumLength(100);
RuleFor(x => x.TypeName)
.NotEmpty()
.SetValidator(new AssetTypeValidator(_context));
RuleFor(x => x.Value)
.NotNull()
.GreaterThanOrEqualTo(CommonValidator.MinimumValue)
.LessThan(CommonValidator.MaximumValue)
.WithMessage(CommonValidator.ValueMessage);
}
Set a rule set for each scenario - email & password, api key and token.
public void SetEmailPasswordRuleSet() { }
public void SetApiKeyRuleSet() { }
public void SetTokenRuleSet() { }
For each, we'll then set the .TokenType
to the appropriate one and return true. At this point, there is no further logic other than that. However, in the future we might have additional logic to validate each request
Move TokenType
enum from TokenRequest.cs
to Constants.cs
. All this is in the aiof.auth.data
project
Source
aiof-auth/aiof.auth.data/TokenRequest.cs
Lines 72 to 77 in 638a8de
Destination
Right after the TokenStatus
enum in Constants.cs
aiof-auth/aiof.auth.data/Constants.cs
Lines 116 to 121 in 638a8de
There is a missing OrderBy
that makes Entity Framework throw a warning log message when generating a JWT for a user.
This warning is appearing even though the following query is setup via LINQ:
public async Task<IUserRefreshToken> GetRefreshTokenAsync(int userId)
{
return await GetRefreshTokensQuery()
.Where(x => x.UserId == userId
&& x.Revoked == null)
.OrderByDescending(x => x.Expires)
.Take(1)
.FirstOrDefaultAsync();
}
In this specific example, it essentially checks if there are any existing refresh tokens. If not (the call from this function is null), then create one. Else, return the token
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.