From 7438d97cab3b9f71102a8542304a9a4d1750dd15 Mon Sep 17 00:00:00 2001 From: Kamilla Nyborg Date: Tue, 3 Oct 2023 21:01:35 +0200 Subject: [PATCH 1/3] Add auth --- .../Controllers/BookingRequestController.cs | 1 + .../kabinizer-api/Controllers/PeriodController.cs | 1 + kabinizer-back-end/kabinizer-api/Program.cs | 9 ++++++++- kabinizer-back-end/kabinizer-api/kabinizer-api.csproj | 2 ++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs index 036b30d..1940459 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs @@ -2,6 +2,7 @@ using kabinizer_api.Model; using kabinizer_data; using kabinizer_data.Entities; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.ComponentModel.DataAnnotations; diff --git a/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs b/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs index c29ac2e..865bbf1 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs @@ -1,5 +1,6 @@ using kabinizer_api.Model; using kabinizer_data; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace kabinizer_api.Controllers; diff --git a/kabinizer-back-end/kabinizer-api/Program.cs b/kabinizer-back-end/kabinizer-api/Program.cs index 1c0647a..6eb2a6e 100644 --- a/kabinizer-back-end/kabinizer-api/Program.cs +++ b/kabinizer-back-end/kabinizer-api/Program.cs @@ -1,9 +1,15 @@ using kabinizer_data; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; +using Microsoft.Identity.Web; var builder = WebApplication.CreateBuilder(args); // Add services to the container. + +builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("EntraID")); + builder.Services.AddControllers(); builder.Services.AddDbContext(o => @@ -20,9 +26,10 @@ app.UseHttpsRedirection(); +app.UseAuthentication(); app.UseAuthorization(); -app.MapControllers(); +app.MapControllers().RequireAuthorization(); // Migrate db using (var scope = app.Services.CreateScope()) diff --git a/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj b/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj index 51d3c4a..8111960 100644 --- a/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj +++ b/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj @@ -5,6 +5,7 @@ enable enable kabinizer_api + ae423604-4603-4f57-a55b-f051618b4e17 @@ -13,6 +14,7 @@ all runtime; build; native; contentfiles; analyzers; buildtransitive + From e0b6fda13b2ff433007dc567d4d6e0b862a2abba Mon Sep 17 00:00:00 2001 From: Kamilla Nyborg Date: Tue, 3 Oct 2023 21:02:52 +0200 Subject: [PATCH 2/3] Remove unused --- .../kabinizer-api/Controllers/BookingRequestController.cs | 1 - kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs | 1 - 2 files changed, 2 deletions(-) diff --git a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs index 1940459..036b30d 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs @@ -2,7 +2,6 @@ using kabinizer_api.Model; using kabinizer_data; using kabinizer_data.Entities; -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.ComponentModel.DataAnnotations; diff --git a/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs b/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs index 865bbf1..c29ac2e 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/PeriodController.cs @@ -1,6 +1,5 @@ using kabinizer_api.Model; using kabinizer_data; -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace kabinizer_api.Controllers; From 2287b026e85e1ce435ea34444c194d20b2cdc7e8 Mon Sep 17 00:00:00 2001 From: Kamilla Nyborg Date: Tue, 3 Oct 2023 21:22:24 +0200 Subject: [PATCH 3/3] Get user id from token --- .../Controllers/BookingRequestController.cs | 22 ++++++++++++++----- .../BookingRequest/CreateBookingRequestDto.cs | 2 +- .../kabinizer-api/Model/BookingRequest.cs | 2 +- kabinizer-back-end/kabinizer-api/Program.cs | 8 ++++--- .../kabinizer-api/Services/ITokenService.cs | 6 +++++ .../kabinizer-api/Services/TokenService.cs | 17 ++++++++++++++ 6 files changed, 47 insertions(+), 10 deletions(-) create mode 100644 kabinizer-back-end/kabinizer-api/Services/ITokenService.cs create mode 100644 kabinizer-back-end/kabinizer-api/Services/TokenService.cs diff --git a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs index 036b30d..ac789c4 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs @@ -1,5 +1,6 @@ using kabinizer_api.Dtos.BookingRequest; using kabinizer_api.Model; +using kabinizer_api.Services; using kabinizer_data; using kabinizer_data.Entities; using Microsoft.AspNetCore.Mvc; @@ -12,16 +13,19 @@ namespace kabinizer_api.Controllers; public class BookingRequestController : ControllerBase { private readonly EntityContext _entityContext; + private readonly ITokenService _tokenService; - public BookingRequestController(EntityContext entityContext) + public BookingRequestController(EntityContext entityContext, ITokenService tokenService) { _entityContext = entityContext; + _tokenService = tokenService; } [HttpGet] public IEnumerable GetBookingRequests() { - return _entityContext.BookingRequests.Select(BookingRequest.FromEntity); + var currentUserId = _tokenService.GetUserId(); + return _entityContext.BookingRequests.Where(b => b.UserId == currentUserId).Select(BookingRequest.FromModel); } [HttpGet] @@ -31,16 +35,16 @@ public IEnumerable GetBookingRequestsByUserId(Guid userId) return _entityContext.BookingRequests .Where(e => e.UserId == userId) .ToList() - .Select(BookingRequest.FromEntity); + .Select(BookingRequest.FromModel); } [HttpPost] public void AddBookingRequests([Required] IEnumerable r) { - // TODO: Use authenticated user + var currentUserId = _tokenService.GetUserId(); IEnumerable bookingRequestEntities = - r.Select(e => new BookingRequestEntity(e.UserId, e.FromDate, e.ToDate)); + r.Select(e => new BookingRequestEntity(currentUserId, e.FromDate, e.ToDate)); _entityContext.BookingRequests.AddRange(bookingRequestEntities); _entityContext.SaveChanges(); @@ -49,7 +53,15 @@ public void AddBookingRequests([Required] IEnumerable r [HttpDelete] public bool DeleteBookingRequest([Required] Guid bookingRequestId) { + var currentUserId = _tokenService.GetUserId(); + BookingRequestEntity entityToRemove = _entityContext.BookingRequests.Single(br => br.Id == bookingRequestId); + + if (entityToRemove.UserId != currentUserId) + { + throw new Exception("You cannot remove a booking request for another user"); + } + _entityContext.BookingRequests.Remove(entityToRemove); _entityContext.SaveChanges(); return true; diff --git a/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs b/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs index dc3bd79..130c96f 100644 --- a/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs +++ b/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs @@ -1,3 +1,3 @@ namespace kabinizer_api.Dtos.BookingRequest; -public record CreateBookingRequestDto(Guid UserId, DateOnly FromDate, DateOnly ToDate); \ No newline at end of file +public record CreateBookingRequestDto(DateOnly FromDate, DateOnly ToDate); \ No newline at end of file diff --git a/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs b/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs index 61fa857..5908ab0 100644 --- a/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs +++ b/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs @@ -4,7 +4,7 @@ namespace kabinizer_api.Model; public record BookingRequest(Guid Id, Guid UserId, DateOnly FromDate, DateOnly ToDate) { - public static BookingRequest FromEntity(BookingRequestEntity e) + public static BookingRequest FromModel(BookingRequestEntity e) { return new BookingRequest(e.Id, e.UserId, DateOnly.FromDateTime(e.FromDate), DateOnly.FromDateTime(e.ToDate)); } diff --git a/kabinizer-back-end/kabinizer-api/Program.cs b/kabinizer-back-end/kabinizer-api/Program.cs index 6eb2a6e..22432e7 100644 --- a/kabinizer-back-end/kabinizer-api/Program.cs +++ b/kabinizer-back-end/kabinizer-api/Program.cs @@ -1,3 +1,4 @@ +using kabinizer_api.Services; using kabinizer_data; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; @@ -6,15 +7,16 @@ var builder = WebApplication.CreateBuilder(args); // Add services to the container. - builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("EntraID")); -builder.Services.AddControllers(); - builder.Services.AddDbContext(o => o.UseSqlServer(builder.Configuration.GetConnectionString("KabinizerConnection"))); +builder.Services.AddScoped(); + +builder.Services.AddControllers(); + builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); diff --git a/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs b/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs new file mode 100644 index 0000000..38fa658 --- /dev/null +++ b/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs @@ -0,0 +1,6 @@ +namespace kabinizer_api.Services; + +public interface ITokenService +{ + Guid GetUserId(); +} \ No newline at end of file diff --git a/kabinizer-back-end/kabinizer-api/Services/TokenService.cs b/kabinizer-back-end/kabinizer-api/Services/TokenService.cs new file mode 100644 index 0000000..9eb7449 --- /dev/null +++ b/kabinizer-back-end/kabinizer-api/Services/TokenService.cs @@ -0,0 +1,17 @@ +namespace kabinizer_api.Services; + +public class TokenService : ITokenService +{ + private readonly IHttpContextAccessor _httpContextAccessor; + + public TokenService(IHttpContextAccessor httpContextAccessor) + { + _httpContextAccessor = httpContextAccessor; + } + + public Guid GetUserId() + { + var guid = _httpContextAccessor.HttpContext.User.Claims.First(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier").Value; + return new Guid(guid); + } +}