Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Authentication in work queue api made optional 2022.4 #1901

Merged
merged 1 commit into from Sep 13, 2023
Merged

FIX: Authentication in work queue api made optional 2022.4 #1901

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion backend/Origam.Server/IApplicationBuilderExtensions.cs
View file
Open in desktop
Expand Up @@ -105,7 +105,7 @@ public static void UseWorkQueueApi(this IApplicationBuilder app)
context => context.Request.Path.ToString().StartsWith("/workQueue"),
apiBranch =>
{
apiBranch.UseMiddleware<UserApiTokenAuthenticationMiddleware>();
apiBranch.UseMiddleware<OptionalTokenAuthenticationMiddleware>();
apiBranch.UseMvc(routes =>
{
routes.MapRoute("default", "{controller}/{action=Index}/{id?}");
Expand Down
40 changes: 40 additions & 0 deletions backend/Origam.Server/Middleware/OptionalTokenAuthenticationMiddleware.cs
View file
Open in desktop
@@ -0,0 +1,40 @@
#region license
/*
Copyright 2005 - 2023 Advantage Solutions, s. r. o.

This file is part of ORIGAM (http://www.origam.org).

ORIGAM is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

ORIGAM is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with ORIGAM. If not, see <http://www.gnu.org/licenses/>.
*/
#endregion

using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;

namespace Origam.Server.Middleware;


// Request will continue if not authenticated
class OptionalTokenAuthenticationMiddleware : UserApiTokenAuthenticationMiddleware
{
public OptionalTokenAuthenticationMiddleware(RequestDelegate next, IAuthenticationSchemeProvider schemes) : base(next, schemes)
{
}

protected override async Task HandleUnauthorizedRequest(HttpContext context)
{
await _next(context);
}
}
10 changes: 8 additions & 2 deletions backend/Origam.Server/Middleware/UserApiTokenAuthenticationMiddleware.cs
View file
Open in desktop
Expand Up @@ -37,7 +37,7 @@ namespace Origam.Server.Middleware;
/// </summary>
public class UserApiTokenAuthenticationMiddleware
{
private readonly RequestDelegate _next;
protected readonly RequestDelegate _next;

public UserApiTokenAuthenticationMiddleware(RequestDelegate next,
IAuthenticationSchemeProvider schemes)
Expand Down Expand Up @@ -86,11 +86,17 @@ public async Task Invoke(HttpContext context)
}
else
{
context.Response.StatusCode = 401;
await HandleUnauthorizedRequest(context);
return;
}
await _next(context);
}

protected virtual Task HandleUnauthorizedRequest(HttpContext context)
{
context.Response.StatusCode = 401;
return Task.CompletedTask;
}
}

class OrigamAuthenticationFeatures : IAuthenticateResultFeature, IHttpAuthenticationFeature
Expand Down