From d0c1c706831cec7dc2b607b35da95706b60e9e58 Mon Sep 17 00:00:00 2001 From: Dmitry A Date: Sat, 19 Oct 2019 09:02:13 +0300 Subject: [PATCH 1/3] authorization in swagge --- TourCalcWebApp/Controllers/AuthController.cs | 3 +-- TourCalcWebApp/Exceptions/HttpException.cs | 20 ++++++++++---------- TourCalcWebApp/Startup.cs | 16 ++++++++++++++++ TourCalcWebApp/TourCalcWebApp.csproj | 1 + 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/TourCalcWebApp/Controllers/AuthController.cs b/TourCalcWebApp/Controllers/AuthController.cs index 13314d72..6e516916 100644 --- a/TourCalcWebApp/Controllers/AuthController.cs +++ b/TourCalcWebApp/Controllers/AuthController.cs @@ -15,8 +15,6 @@ using TourCalcWebApp.Auth; using TourCalcWebApp.Exceptions; -// For more information on enabling MVC for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860 - namespace TourCalcWebApp.Controllers { [Route("api/[controller]")] @@ -53,6 +51,7 @@ public string GenerateRandomKey(int lengthInBytes) /// /// Should be 'code' or 'admin' /// code or admin key + /// ECDSA crypto service /// JWT Token [HttpGet("token/{scope}/{key}")] public string GetToken(string scope, string key, [FromServices] IECDsaCryptoKey signerKey) diff --git a/TourCalcWebApp/Exceptions/HttpException.cs b/TourCalcWebApp/Exceptions/HttpException.cs index d35bb9bd..2f39eace 100644 --- a/TourCalcWebApp/Exceptions/HttpException.cs +++ b/TourCalcWebApp/Exceptions/HttpException.cs @@ -1,8 +1,5 @@ using System; -using System.Collections.Generic; -using System.Linq; using System.Net; -using System.Threading.Tasks; namespace TourCalcWebApp.Exceptions { @@ -23,34 +20,37 @@ public static HttpException NotAuthenticated(string msg) return new HttpException(401, msg); } + + + public HttpException(int httpStatusCode) { - this.StatusCode = httpStatusCode; + StatusCode = httpStatusCode; } public HttpException(HttpStatusCode httpStatusCode) { - this.StatusCode = (int)httpStatusCode; + StatusCode = (int)httpStatusCode; } - private HttpException(int httpStatusCode, string message) : base(message) + public HttpException(int httpStatusCode, string message) : base(message) { - this.StatusCode = httpStatusCode; + StatusCode = httpStatusCode; } public HttpException(HttpStatusCode httpStatusCode, string message) : base(message) { - this.StatusCode = (int)httpStatusCode; + StatusCode = (int)httpStatusCode; } public HttpException(int httpStatusCode, string message, Exception inner) : base(message, inner) { - this.StatusCode = httpStatusCode; + StatusCode = httpStatusCode; } public HttpException(HttpStatusCode httpStatusCode, string message, Exception inner) : base(message, inner) { - this.StatusCode = (int)httpStatusCode; + StatusCode = (int)httpStatusCode; } public int StatusCode { get; } diff --git a/TourCalcWebApp/Startup.cs b/TourCalcWebApp/Startup.cs index c141edfb..11b0871c 100644 --- a/TourCalcWebApp/Startup.cs +++ b/TourCalcWebApp/Startup.cs @@ -16,6 +16,11 @@ using Microsoft.OpenApi.Models; using Swashbuckle.AspNetCore.Swagger; using TourCalcWebApp.Exceptions; +using Swashbuckle.AspNetCore.SwaggerGen; +using Microsoft.AspNetCore.Authorization; +using System.Collections.Generic; +using System.Linq; +using Swashbuckle.AspNetCore.Filters; namespace TourCalcWebApp { @@ -41,6 +46,17 @@ public void ConfigureServices(IServiceCollection services) services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "Tourcalc API", Version = "v1" }); + c.AddSecurityDefinition("Bearer", + new ApiKeyScheme + { + In = "header", + Description = "Please enter into field the word 'Bearer' following by space and JWT", + Name = "Authorization", + Type = "apiKey" + }); + c.AddSecurityRequirement(new Dictionary> { + { "Bearer", Enumerable.Empty() }, + }); // Set the comments path for the Swagger JSON and UI. var xmlFile = $"{System.Reflection.Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); diff --git a/TourCalcWebApp/TourCalcWebApp.csproj b/TourCalcWebApp/TourCalcWebApp.csproj index b968b09c..3e5780f6 100644 --- a/TourCalcWebApp/TourCalcWebApp.csproj +++ b/TourCalcWebApp/TourCalcWebApp.csproj @@ -34,6 +34,7 @@ + From 4b6cecbdb69637a957f1fe55cd3cc3a405798e8a Mon Sep 17 00:00:00 2001 From: Dmitry A Date: Sat, 19 Oct 2019 09:07:08 +0300 Subject: [PATCH 2/3] swagger auth docs --- TourCalcWebApp/Startup.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/TourCalcWebApp/Startup.cs b/TourCalcWebApp/Startup.cs index 11b0871c..85b1b9de 100644 --- a/TourCalcWebApp/Startup.cs +++ b/TourCalcWebApp/Startup.cs @@ -46,6 +46,7 @@ public void ConfigureServices(IServiceCollection services) services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "Tourcalc API", Version = "v1" }); + // https://stackoverflow.com/questions/43447688/setting-up-swagger-asp-net-core-using-the-authorization-headers-bearer c.AddSecurityDefinition("Bearer", new ApiKeyScheme { From 7c1d6e73b33a6b8db35630558dd1677e88da5fb9 Mon Sep 17 00:00:00 2001 From: Dmitry A Date: Sat, 19 Oct 2019 09:16:25 +0300 Subject: [PATCH 3/3] error code --- TourCalcWebApp/Controllers/AuthController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TourCalcWebApp/Controllers/AuthController.cs b/TourCalcWebApp/Controllers/AuthController.cs index 6e516916..a2f827ed 100644 --- a/TourCalcWebApp/Controllers/AuthController.cs +++ b/TourCalcWebApp/Controllers/AuthController.cs @@ -105,7 +105,7 @@ private AuthData Authorize(string scope, string accessCode) auth.IsMaster = true; } else { - throw HttpException.NotAuthenticated($"Wrong Master Key. Should be '{Guid.NewGuid()}'"); + throw HttpException.NotAuthenticated($"Wrong Master Key"); } } /*else if (scope == "user")