Gestion des autorisations avec JwtBearer

Controllers/CollaborateursApi.cs

@@ -24,6 +24,7 @@ using EPAServeur.Exceptions;
 using IO.Swagger.ClientCollaborateur;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 
 namespace IO.Swagger.Controllers
 { 
@@ -50,7 +51,7 @@ namespace IO.Swagger.Controllers
         /// <response code="404">Ressource n&#x27;a pas été trouvée</response>
         [HttpGet]
         [Route("/api/collaborateurs/{idCollaborateur}")]
-        //[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
+        //[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
         [ValidateModelState]
         [SwaggerOperation("GetCollaborateurById")]
         [SwaggerResponse(statusCode: 200, type: typeof(CollaborateurDTO), description: "OK")]
@@ -72,7 +73,7 @@ namespace IO.Swagger.Controllers
             }
 			catch (CollaborateurNotFoundException)
             {
-                logger.LogError("Le ccollaborateur {id} est introuvable", idCollaborateur);
+                logger.LogError("Le collaborateur {id} est introuvable", idCollaborateur);
                 ErreurDTO erreurDTO = new ErreurDTO()
                 {
                     Code = "404",
@@ -98,7 +99,7 @@ namespace IO.Swagger.Controllers
         /// <response code="404">Ressource n&#x27;a pas été trouvée</response>
         [HttpGet]
         [Route("/api/collaborateurs/mail/{mail}")]
-        //[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
+        //[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
         [ValidateModelState]
         [SwaggerOperation("GetCollaborateurByMail")]
         [SwaggerResponse(statusCode: 200, type: typeof(CollaborateurDTO), description: "OK")]
@@ -116,7 +117,7 @@ namespace IO.Swagger.Controllers
             }
             catch (CollaborateurNotFoundException)
             {
-                logger.LogError("Le ccollaborateur {mail} est introuvable", mail);
+                logger.LogError("Le collaborateur {mail} est introuvable", mail);
                 ErreurDTO erreurDTO = new ErreurDTO()
                 {
                     Code = "404",
@@ -152,7 +153,7 @@ namespace IO.Swagger.Controllers
         /// <response code="403">Acces interdit</response>
         [HttpGet]
         [Route("/api/collaborateurs")]
-        //[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
+        [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
         [ValidateModelState]
         [SwaggerOperation("GetCollaborateurs")]
         [SwaggerResponse(statusCode: 200, type: typeof(List<CollaborateurDTO>), description: "OK")]
@@ -195,7 +196,7 @@ namespace IO.Swagger.Controllers
         /// <response code="404">Ressource n&#x27;a pas été trouvée</response>
         [HttpGet]
         [Route("/api/collaborateurs/referent/{idReferent}")]
-        //[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
+        //[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
         [ValidateModelState]
         [SwaggerOperation("GetCollaborateursByReferent")]
         [SwaggerResponse(statusCode: 200, type: typeof(List<CollaborateurDTO>), description: "OK")]
@@ -242,7 +243,7 @@ namespace IO.Swagger.Controllers
         /// <response code="404">Ressource n&#x27;a pas été trouvée</response>
         [HttpGet]
         [Route("/api/collaborateurs/profil/{mail}/")]
-        //[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
+        //[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
         [ValidateModelState]
         [SwaggerOperation("GetProfilCollaborateurByMail")]
         [SwaggerResponse(statusCode: 200, type: typeof(ProfilDTO), description: "OK")]

EPAServeur.csproj

@@ -6,6 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.9" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.7" />
     <PackageReference Include="MySql.Data.EntityFrameworkCore" Version="8.0.21" />
     <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />

Startup.cs

@@ -2,10 +2,10 @@ using EPAServeur.Context;
 using EPAServeur.IServices;
 using EPAServeur.Services;
 using IO.Swagger.ApiCollaborateur;
-using IO.Swagger.Security;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -14,69 +14,129 @@ using System.IO;
 
 namespace EPAServeur
 {
-	public class Startup
+    public class Startup
-	{
+    {
-		public Startup(IConfiguration configuration)
+        readonly string AllowCrossClientEPA = "_AllowsCrossOriginClientEPA";
-		{
+
-			Configuration = configuration;
+        public Startup(IConfiguration configuration, IWebHostEnvironment env)
-		}
+        {
-
+            Configuration = configuration;
-		public IConfiguration Configuration { get; }
+            Environment = env;
-
+        }
-		// This method gets called by the runtime. Use this method to add services to the container.
+
-		public void ConfigureServices(IServiceCollection services)
+        public IConfiguration Configuration { get; }
-		{
+        public IWebHostEnvironment Environment { get; }
-			services.AddControllers();
+
-			services.AddAuthentication(BearerAuthenticationHandler.SchemeName)
+        // This method gets called by the runtime. Use this method to add services to the container.
-				.AddScheme<AuthenticationSchemeOptions, BearerAuthenticationHandler>(BearerAuthenticationHandler.SchemeName, null);
+        public void ConfigureServices(IServiceCollection services)
-
+        {
-			services.AddDbContext<EpContext>();
+            services.AddCors(options =>
-			using(var context = new EpContext())
+            {
-			{
+                options.AddPolicy(name: AllowCrossClientEPA,
-				context.Database.EnsureDeleted(); //PENSEZ A ENLEVER CETTE LIGNE ET A NE JAMAIS LA REMETTRE QUAND LE SERVEUR SERA MIS EN PRODUCTION ^^
+                                  builder =>
-				context.Database.EnsureCreated();
+                                  {
-				context.SaveChanges();
+                                      builder.WithOrigins("http://localhost:4200").AllowAnyHeader().AllowAnyMethod();
-				context.AjoutInformationsDeBase();
+                                  });
-				context.AjoutChamps();
+            });
-				context.AjouterNotes();
+
-			}
+            services.AddControllers();
-			//faire using, check si kekchoz exkist puis appeler les m<EFBFBD>thodes de cr<EFBFBD>ation si il n'y a rien
+
-
+            services.AddAuthentication(options =>
-			//API Collaborateurs
+             {
-			services.AddScoped<ICollaborateurApi, CollaborateurApi>();
+                 options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-			services.AddScoped<IAgenceApi, AgenceApi>();
+                 options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-			services.AddScoped<IReferentApi, ReferentApi>();
+             }).AddJwtBearer(o =>
-
+             {
-
+                 o.Authority = Configuration["Jwt:Authority"];
-
+                 o.Audience = Configuration["Jwt:Audience"];
-			//Services
+
-			services.AddScoped<ICollaborateurService, CollaborateurService>();
+                 if (Environment.IsDevelopment())
-			services.AddScoped<IFormationService, FormationService>();
+                 {
-			services.AddScoped<INoteService, NoteService>();
+                     o.RequireHttpsMetadata = false;
-			services.AddScoped<IReferentService, ReferentService>();
+                 }
-			services.AddScoped<IEngagementService, EngagementService>();
+
-		}
+                 o.Events = new JwtBearerEvents()
-
+                 {
-		// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
+                     OnAuthenticationFailed = c =>
-		public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory logger)
+                     {
-		{
+                         c.NoResult();
-			string path = Directory.GetCurrentDirectory();
+
-			logger.AddFile(path+"Log/loggerfile-{Date}.txt");
+                         c.Response.StatusCode = 500;
-			if (env.IsDevelopment())
+                         c.Response.ContentType = "text/plain";
-			{
+
-				app.UseDeveloperExceptionPage();
+                         if (Environment.IsDevelopment())
-			}
+                         {
-
+                             return c.Response.WriteAsync(c.Exception.ToString());
-			app.UseHttpsRedirection();
+                         }
-
+
-			app.UseRouting();
+                         return c.Response.WriteAsync("Une erreur s'est produite lors du processus d'authentification.");
-
+                     },
-			app.UseAuthorization();
+                     OnForbidden = c =>
-
+                     {
-			app.UseEndpoints(endpoints =>
+                         c.NoResult();
-			{
+
-				endpoints.MapControllers();
+                         c.Response.StatusCode = 403;
-			});
+                         c.Response.ContentType = "text/plain";
-		}
+
-	}
+                         return c.Response.WriteAsync("L'utilisateur n'est pas autorisé à accéder à cette ressource.");
+                     }
+                 };
+             });
+
+            services.AddDbContext<EpContext>();
+            using (var context = new EpContext())
+            {
+                context.Database.EnsureDeleted(); //PENSEZ A ENLEVER CETTE LIGNE ET A NE JAMAIS LA REMETTRE QUAND LE SERVEUR SERA MIS EN PRODUCTION ^^
+                context.Database.EnsureCreated();
+                context.SaveChanges();
+                context.AjoutInformationsDeBase();
+                context.AjoutChamps();
+                context.AjouterNotes();
+            }
+            //faire using, check si kekchoz exkist puis appeler les m<EFBFBD>thodes de cr<EFBFBD>ation si il n'y a rien
+
+            //API Collaborateurs
+            services.AddScoped<ICollaborateurApi, CollaborateurApi>();
+            services.AddScoped<IAgenceApi, AgenceApi>();
+            services.AddScoped<IReferentApi, ReferentApi>();
+
+
+
+            //Services
+            services.AddScoped<ICollaborateurService, CollaborateurService>();
+            services.AddScoped<IFormationService, FormationService>();
+            services.AddScoped<INoteService, NoteService>();
+            services.AddScoped<IReferentService, ReferentService>();
+            services.AddScoped<IEngagementService, EngagementService>();
+
+        }
+
+        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
+        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory logger)
+        {
+            string path = Directory.GetCurrentDirectory();
+            logger.AddFile(path + "Log/loggerfile-{Date}.txt");
+            if (env.IsDevelopment())
+            {
+                app.UseDeveloperExceptionPage();
+            }
+
+            app.UseHttpsRedirection();
+
+            app.UseRouting();
+
+            app.UseCors(AllowCrossClientEPA);
+
+            app.UseAuthentication();
+
+            app.UseAuthorization();
+
+
+            app.UseEndpoints(endpoints =>
+            {
+                endpoints.MapControllers();
+            });
+
+        }
+    }
 }

appsettings.json

@@ -1,4 +1,8 @@
 {
+  "Jwt": {
+    "Authority": "http://localhost:8080/auth/realms/Apside",
+    "Audience": "account"
+  },
   "Logging": {
     "LogLevel": {
       "Default": "Information",