From 19cb3ecdbc9ad725b928926fcf45745fdfe8360f Mon Sep 17 00:00:00 2001 From: Sebastian Stehle Date: Mon, 20 Nov 2017 19:39:22 +0100 Subject: [PATCH] Separate config file for authentication. --- .../Authentication/AuthenticationServices.cs | 50 +-------------- .../Authentication/IdentityServerServices.cs | 62 +++++++++++++++++++ .../Config/Domain/InfrastructureServices.cs | 3 - 3 files changed, 64 insertions(+), 51 deletions(-) create mode 100644 src/Squidex/Config/Authentication/IdentityServerServices.cs diff --git a/src/Squidex/Config/Authentication/AuthenticationServices.cs b/src/Squidex/Config/Authentication/AuthenticationServices.cs index 936a1dfcd..068c48503 100644 --- a/src/Squidex/Config/Authentication/AuthenticationServices.cs +++ b/src/Squidex/Config/Authentication/AuthenticationServices.cs @@ -6,12 +6,8 @@ // All rights reserved. // ========================================================================== -using Microsoft.AspNetCore.Authentication; -using Microsoft.AspNetCore.Authentication.Cookies; -using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; -using Squidex.Infrastructure; namespace Squidex.Config.Authentication { @@ -22,52 +18,10 @@ namespace Squidex.Config.Authentication var identityOptions = config.GetSection("identity").Get(); services.AddAuthentication() - .AddCookie() .AddMyGoogleAuthentication(identityOptions) .AddMyMicrosoftAuthentication(identityOptions) - .AddMyApiProtection(identityOptions, config); - } - - public static AuthenticationBuilder AddMyApiProtection(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions, IConfiguration config) - { - var apiScope = Constants.ApiScope; - - var urlsOptions = config.GetSection("urls").Get(); - - if (!string.IsNullOrWhiteSpace(urlsOptions.BaseUrl)) - { - string apiAuthorityUrl; - - if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) - { - apiAuthorityUrl = identityOptions.AuthorityUrl.BuildFullUrl(Constants.IdentityServerPrefix); - } - else - { - apiAuthorityUrl = urlsOptions.BuildUrl(Constants.IdentityServerPrefix); - } - - authBuilder.AddIdentityServerAuthentication(options => - { - options.Authority = apiAuthorityUrl; - options.ApiName = apiScope; - options.ApiSecret = null; - options.RequireHttpsMetadata = identityOptions.RequiresHttps; - }); - - authBuilder.AddOpenIdConnect(options => - { - options.Authority = apiAuthorityUrl; - options.ClientId = Constants.InternalClientId; - options.ClientSecret = Constants.InternalClientSecret; - options.RequireHttpsMetadata = identityOptions.RequiresHttps; - options.SaveTokens = true; - options.Scope.Add(Constants.RoleScope); - options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; - }); - } - - return authBuilder; + .AddMyIdentityServerAuthentication(identityOptions, config) + .AddCookie(); } } } diff --git a/src/Squidex/Config/Authentication/IdentityServerServices.cs b/src/Squidex/Config/Authentication/IdentityServerServices.cs new file mode 100644 index 000000000..10341e861 --- /dev/null +++ b/src/Squidex/Config/Authentication/IdentityServerServices.cs @@ -0,0 +1,62 @@ +// ========================================================================== +// AuthenticationServices.cs +// Squidex Headless CMS +// ========================================================================== +// Copyright (c) Squidex Group +// All rights reserved. +// ========================================================================== + +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Builder; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.DependencyInjection; +using Squidex.Infrastructure; + +namespace Squidex.Config.Authentication +{ + public static class IdentityServerServices + { + public static AuthenticationBuilder AddMyIdentityServerAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions, IConfiguration config) + { + var apiScope = Constants.ApiScope; + + var urlsOptions = config.GetSection("urls").Get(); + + if (!string.IsNullOrWhiteSpace(urlsOptions.BaseUrl)) + { + string apiAuthorityUrl; + + if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) + { + apiAuthorityUrl = identityOptions.AuthorityUrl.BuildFullUrl(Constants.IdentityServerPrefix); + } + else + { + apiAuthorityUrl = urlsOptions.BuildUrl(Constants.IdentityServerPrefix); + } + + authBuilder.AddIdentityServerAuthentication(options => + { + options.Authority = apiAuthorityUrl; + options.ApiName = apiScope; + options.ApiSecret = null; + options.RequireHttpsMetadata = identityOptions.RequiresHttps; + }); + + authBuilder.AddOpenIdConnect(options => + { + options.Authority = apiAuthorityUrl; + options.ClientId = Constants.InternalClientId; + options.ClientSecret = Constants.InternalClientSecret; + options.RequireHttpsMetadata = identityOptions.RequiresHttps; + options.SaveTokens = true; + options.Scope.Add(Constants.RoleScope); + options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; + }); + } + + return authBuilder; + } + } +} diff --git a/src/Squidex/Config/Domain/InfrastructureServices.cs b/src/Squidex/Config/Domain/InfrastructureServices.cs index f02e84e5b..bd462dba7 100644 --- a/src/Squidex/Config/Domain/InfrastructureServices.cs +++ b/src/Squidex/Config/Domain/InfrastructureServices.cs @@ -9,16 +9,13 @@ using System; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.Infrastructure; -using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; using Newtonsoft.Json; using NodaTime; using Squidex.Infrastructure; using Squidex.Infrastructure.Assets; using Squidex.Infrastructure.Assets.ImageSharp; -using Squidex.Infrastructure.Caching; using Squidex.Infrastructure.CQRS.Commands; using Squidex.Infrastructure.CQRS.Events; using Squidex.Infrastructure.Log;