Add Mfa (wip)

nager · Jun 14, 2024 · 3b40c73 · 3b40c73
1 parent d2affe4
commit 3b40c73
Show file tree

Hide file tree

Showing 21 changed files with 1,247 additions and 986 deletions.
diff --git a/src/Backend/Nager.AuthenticationService.MssqlRepository/MssqlUserRepository.cs b/src/Backend/Nager.AuthenticationService.MssqlRepository/MssqlUserRepository.cs
@@ -71,6 +71,9 @@ public async Task<bool> UpdateAsync(
             existingItem.EmailAddress = entity.EmailAddress;
             existingItem.RolesData = entity.RolesData;
             existingItem.PasswordHash = entity.PasswordHash;
+            existingItem.IsLocked = entity.IsLocked;
+            existingItem.MfaSecret = entity.MfaSecret;
+            existingItem.MfaActive = entity.MfaActive;
 
             await this._databaseContext.SaveChangesAsync(cancellationToken);
 

diff --git a/....AuthenticationService.MssqlRepository/Nager.AuthenticationService.MssqlRepository.csproj b/....AuthenticationService.MssqlRepository/Nager.AuthenticationService.MssqlRepository.csproj
@@ -7,13 +7,13 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.0">
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.6" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.6">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.0" />
-    <PackageReference Include="Nager.Authentication.Abstraction" Version="1.2.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.6" />
+    <PackageReference Include="Nager.Authentication.Abstraction" Version="2.0.1" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Backend/Nager.AuthenticationService.WebApi/Nager.AuthenticationService.WebApi.csproj b/src/Backend/Nager.AuthenticationService.WebApi/Nager.AuthenticationService.WebApi.csproj
@@ -8,9 +8,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.0" />
-    <PackageReference Include="Nager.Authentication.AspNet" Version="1.2.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.6" />
+    <PackageReference Include="Nager.Authentication.AspNet" Version="2.0.1" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Backend/Nager.AuthenticationService.WebApi/Program.cs b/src/Backend/Nager.AuthenticationService.WebApi/Program.cs
@@ -12,18 +12,26 @@
 using Nager.AuthenticationService.WebApi;
 using System.Text;
 
-var users = new UserInfoWithPassword[]
+var builder = WebApplication.CreateBuilder(args);
+
+var initialUser1EmailAddress = builder.Configuration["Authentication:InitialUser:EmailAddress"];
+var initialUser1Password = builder.Configuration["Authentication:InitialUser:Password"];
+
+if (string.IsNullOrEmpty(initialUser1EmailAddress) || string.IsNullOrEmpty(initialUser1Password))
+{
+    throw new Exception("InitialUser config missing");
+}
+
+var initialUsers = new UserInfoWithPassword[]
 {
     new UserInfoWithPassword
     {
-        EmailAddress = "[email protected]",
-        Password = "password",
-        Roles = new [] { "administrator" }
+        EmailAddress = initialUser1EmailAddress,
+        Password = initialUser1Password,
+        Roles = ["administrator"]
     }
 };
 
-var builder = WebApplication.CreateBuilder(args);
-
 builder.Services.AddMemoryCache();
 
 builder.Services.AddDbContextPool<DatabaseContext>(options =>
@@ -79,6 +87,35 @@
     //var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
     //configuration.IncludeXmlComments(xmlPath);
 
+    configuration.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
+    {
+        Description = @"JWT Authorization header using the Bearer scheme. 
+                      Enter 'Bearer' [space] and then your token in the text input below.
+                      Example: 'Bearer 12345abcdef'",
+        Name = "Authorization",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.ApiKey,
+        Scheme = "Bearer"
+    });
+
+    configuration.AddSecurityRequirement(new OpenApiSecurityRequirement()
+    {
+        {
+            new OpenApiSecurityScheme
+            {
+                Reference = new OpenApiReference
+                {
+                    Type = ReferenceType.SecurityScheme,
+                    Id = "Bearer"
+                },
+                Scheme = "oauth2",
+                Name = "Bearer",
+                In = ParameterLocation.Header
+            },
+            Array.Empty<string>()
+        }
+    });
+
     foreach (var filePath in Directory.GetFiles(AppContext.BaseDirectory, "*.xml", SearchOption.TopDirectoryOnly))
     {
         configuration.IncludeXmlComments(filePath);
@@ -127,7 +164,7 @@
     var services = serviceScope.ServiceProvider;
 
     var userManagementService = services.GetRequiredService<IUserManagementService>();
-    await InitialUserHelper.CreateUsersAsync(users, userManagementService);
+    await InitialUserHelper.CreateUsersAsync(initialUsers, userManagementService);
 }
 
 app.UseForwardedHeaders();
@@ -146,7 +183,7 @@
 
                 var basePath = "auth";
                 var serverUrl = $"{proto}://{host}/{basePath}";
-                swagger.Servers = new List<OpenApiServer> { new OpenApiServer { Url = serverUrl } };
+                swagger.Servers = [new OpenApiServer { Url = serverUrl }];
             }
         });
     });
@@ -172,4 +209,17 @@
 app.MapFallbackToFile("index.html");
 app.MapControllers();
 
+//using (var serviceScope = app.Services.CreateScope())
+//{
+//    var services = serviceScope.ServiceProvider;
+
+//    var userManagementService = services.GetRequiredService<IUserRepository>();
+//    var xxx = await userManagementService.GetAsync(o => o.EmailAddress.Equals("[email protected]"));
+
+//    var userAccountService = services.GetRequiredService<IUserAccountService>();
+//    await userAccountService.GetMfaInformationAsync("[email protected]");
+
+//}
+
+
 app.Run();
diff --git a/src/Backend/Nager.AuthenticationService.WebApi/appsettings.Development.json b/src/Backend/Nager.AuthenticationService.WebApi/appsettings.Development.json
@@ -1,7 +1,7 @@
 {
   "Logging": {
     "LogLevel": {
-      "Default": "Information",
+      "Default": "Trace",
       "Microsoft.AspNetCore": "Warning"
     }
   }

diff --git a/src/Backend/Nager.AuthenticationService.WebApi/appsettings.json b/src/Backend/Nager.AuthenticationService.WebApi/appsettings.json
@@ -15,6 +15,10 @@
       "Issuer": "Issuer.PLEASE.CHANGE.ME",
       "Audience": "Audience.PLEASE.CHANGE.ME",
       "SigningKey": "The.SigningKey.ForUserData.PLEASE.CHANGE.ME"
+    },
+    "InitialUser": {
+      "EmailAddress": "[email protected]",
+      "Password": "password"
     }
   }
 }