auth improvements related to multi-tenancy

2021-05-19 08:46:02 -04:00
parent 943adec3a0
commit 09537ab0e4
23 changed files with 235 additions and 134 deletions
--- a/Oqtane.Server/Security/ClaimsPrincipalFactory.cs
+++ b/Oqtane.Server/Security/ClaimsPrincipalFactory.cs
@ -1,25 +1,23 @@
-using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Options;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Oqtane.Models;
-using Oqtane.Shared;
 using System.Collections.Generic;
 using System.Linq;
 using Oqtane.Repository;
+using Oqtane.Infrastructure;

 namespace Oqtane.Security
 {
    public class ClaimsPrincipalFactory<TUser> : UserClaimsPrincipalFactory<TUser> where TUser : IdentityUser
    {
-        private readonly IdentityOptions _options;
-        private readonly ITenantResolver _tenants;
+        private readonly ITenantManager _tenants;
        private readonly IUserRepository _users;
        private readonly IUserRoleRepository _userRoles;

-        public ClaimsPrincipalFactory(UserManager<TUser> userManager, IOptions<IdentityOptions> optionsAccessor, ITenantResolver tenants, IUserRepository users, IUserRoleRepository userroles) : base(userManager, optionsAccessor)
+        public ClaimsPrincipalFactory(UserManager<TUser> userManager, IOptions<IdentityOptions> optionsAccessor, ITenantManager tenants, IUserRepository users, IUserRoleRepository userroles) : base(userManager, optionsAccessor)
        {
-            _options = optionsAccessor.Value;
            _tenants = tenants;
            _users = users; 
            _userRoles = userroles;
@ -27,33 +25,20 @@ namespace Oqtane.Security

        protected override async Task<ClaimsIdentity> GenerateClaimsAsync(TUser identityuser)
        {
-            var id = await base.GenerateClaimsAsync(identityuser);
+            var identity = await base.GenerateClaimsAsync(identityuser);

            User user = _users.GetUser(identityuser.UserName);
            if (user != null)
            {
-                id.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
                Alias alias = _tenants.GetAlias();
-                List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, alias.SiteId).ToList();
-                foreach (UserRole userrole in userroles)
+                if (alias != null)
                {
-                    id.AddClaim(new Claim(_options.ClaimsIdentity.RoleClaimType, userrole.Role.Name));
-                    // host users are members of every site
-                    if (userrole.Role.Name == RoleNames.Host)
-                    {
-                        if (userroles.Where(item => item.Role.Name == RoleNames.Registered).FirstOrDefault() == null)
-                        {
-                            id.AddClaim(new Claim(_options.ClaimsIdentity.RoleClaimType, RoleNames.Registered));
-                        }
-                        if (userroles.Where(item => item.Role.Name == RoleNames.Admin).FirstOrDefault() == null)
-                        {
-                            id.AddClaim(new Claim(_options.ClaimsIdentity.RoleClaimType, RoleNames.Admin));
-                        }
-                    }
+                    List<UserRole> userroles = _userRoles.GetUserRoles(user.UserId, alias.SiteId).ToList();
+                    identity = UserSecurity.CreateClaimsIdentity(alias, user, userroles);
                }
            }

-            return id;
+            return identity;
        }
    }