Gestion des autorisations avec JwtBearer

develop
jboinembalome 4 years ago
parent ebc246b31d
commit b809486cd3
  1. 15
      Controllers/CollaborateursApi.cs
  2. 1
      EPAServeur.csproj
  3. 74
      Startup.cs
  4. 4
      appsettings.json

@ -24,6 +24,7 @@ using EPAServeur.Exceptions;
using IO.Swagger.ClientCollaborateur;
using Microsoft.AspNetCore.Server.Kestrel.Core;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.JwtBearer;
namespace IO.Swagger.Controllers
{
@ -50,7 +51,7 @@ namespace IO.Swagger.Controllers
/// <response code="404">Ressource n&#x27;a pas été trouvée</response>
[HttpGet]
[Route("/api/collaborateurs/{idCollaborateur}")]
//[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
[ValidateModelState]
[SwaggerOperation("GetCollaborateurById")]
[SwaggerResponse(statusCode: 200, type: typeof(CollaborateurDTO), description: "OK")]
@ -72,7 +73,7 @@ namespace IO.Swagger.Controllers
}
catch (CollaborateurNotFoundException)
{
logger.LogError("Le ccollaborateur {id} est introuvable", idCollaborateur);
logger.LogError("Le collaborateur {id} est introuvable", idCollaborateur);
ErreurDTO erreurDTO = new ErreurDTO()
{
Code = "404",
@ -98,7 +99,7 @@ namespace IO.Swagger.Controllers
/// <response code="404">Ressource n&#x27;a pas été trouvée</response>
[HttpGet]
[Route("/api/collaborateurs/mail/{mail}")]
//[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
[ValidateModelState]
[SwaggerOperation("GetCollaborateurByMail")]
[SwaggerResponse(statusCode: 200, type: typeof(CollaborateurDTO), description: "OK")]
@ -116,7 +117,7 @@ namespace IO.Swagger.Controllers
}
catch (CollaborateurNotFoundException)
{
logger.LogError("Le ccollaborateur {mail} est introuvable", mail);
logger.LogError("Le collaborateur {mail} est introuvable", mail);
ErreurDTO erreurDTO = new ErreurDTO()
{
Code = "404",
@ -152,7 +153,7 @@ namespace IO.Swagger.Controllers
/// <response code="403">Acces interdit</response>
[HttpGet]
[Route("/api/collaborateurs")]
//[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
[ValidateModelState]
[SwaggerOperation("GetCollaborateurs")]
[SwaggerResponse(statusCode: 200, type: typeof(List<CollaborateurDTO>), description: "OK")]
@ -195,7 +196,7 @@ namespace IO.Swagger.Controllers
/// <response code="404">Ressource n&#x27;a pas été trouvée</response>
[HttpGet]
[Route("/api/collaborateurs/referent/{idReferent}")]
//[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
[ValidateModelState]
[SwaggerOperation("GetCollaborateursByReferent")]
[SwaggerResponse(statusCode: 200, type: typeof(List<CollaborateurDTO>), description: "OK")]
@ -242,7 +243,7 @@ namespace IO.Swagger.Controllers
/// <response code="404">Ressource n&#x27;a pas été trouvée</response>
[HttpGet]
[Route("/api/collaborateurs/profil/{mail}/")]
//[Authorize(AuthenticationSchemes = BearerAuthenticationHandler.SchemeName)]
//[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Roles = "RH,Assistante,Commercial")]
[ValidateModelState]
[SwaggerOperation("GetProfilCollaborateurByMail")]
[SwaggerResponse(statusCode: 200, type: typeof(ProfilDTO), description: "OK")]

@ -6,6 +6,7 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.9" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="3.1.7" />
<PackageReference Include="MySql.Data.EntityFrameworkCore" Version="8.0.21" />
<PackageReference Include="Newtonsoft.Json" Version="12.0.3" />

@ -2,10 +2,10 @@ using EPAServeur.Context;
using EPAServeur.IServices;
using EPAServeur.Services;
using IO.Swagger.ApiCollaborateur;
using IO.Swagger.Security;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
@ -16,22 +16,75 @@ namespace EPAServeur
{
public class Startup
{
public Startup(IConfiguration configuration)
readonly string AllowCrossClientEPA = "_AllowsCrossOriginClientEPA";
public Startup(IConfiguration configuration, IWebHostEnvironment env)
{
Configuration = configuration;
Environment = env;
}
public IConfiguration Configuration { get; }
public IWebHostEnvironment Environment { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy(name: AllowCrossClientEPA,
builder =>
{
builder.WithOrigins("http://localhost:4200").AllowAnyHeader().AllowAnyMethod();
});
});
services.AddControllers();
services.AddAuthentication(BearerAuthenticationHandler.SchemeName)
.AddScheme<AuthenticationSchemeOptions, BearerAuthenticationHandler>(BearerAuthenticationHandler.SchemeName, null);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
o.Authority = Configuration["Jwt:Authority"];
o.Audience = Configuration["Jwt:Audience"];
if (Environment.IsDevelopment())
{
o.RequireHttpsMetadata = false;
}
o.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = c =>
{
c.NoResult();
c.Response.StatusCode = 500;
c.Response.ContentType = "text/plain";
if (Environment.IsDevelopment())
{
return c.Response.WriteAsync(c.Exception.ToString());
}
return c.Response.WriteAsync("Une erreur s'est produite lors du processus d'authentification.");
},
OnForbidden = c =>
{
c.NoResult();
c.Response.StatusCode = 403;
c.Response.ContentType = "text/plain";
return c.Response.WriteAsync("L'utilisateur n'est pas autorisé à accéder à cette ressource.");
}
};
});
services.AddDbContext<EpContext>();
using(var context = new EpContext())
using (var context = new EpContext())
{
context.Database.EnsureDeleted(); //PENSEZ A ENLEVER CETTE LIGNE ET A NE JAMAIS LA REMETTRE QUAND LE SERVEUR SERA MIS EN PRODUCTION ^^
context.Database.EnsureCreated();
@ -55,13 +108,14 @@ namespace EPAServeur
services.AddScoped<INoteService, NoteService>();
services.AddScoped<IReferentService, ReferentService>();
services.AddScoped<IEngagementService, EngagementService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory logger)
{
string path = Directory.GetCurrentDirectory();
logger.AddFile(path+"Log/loggerfile-{Date}.txt");
logger.AddFile(path + "Log/loggerfile-{Date}.txt");
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
@ -71,12 +125,18 @@ namespace EPAServeur
app.UseRouting();
app.UseCors(AllowCrossClientEPA);
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}

@ -1,4 +1,8 @@
{
"Jwt": {
"Authority": "http://localhost:8080/auth/realms/Apside",
"Audience": "account"
},
"Logging": {
"LogLevel": {
"Default": "Information",

Loading…
Cancel
Save