tgstation-server/_authentication_context_claims_transformation_8cs_source.html

using System;

using System.Collections.Generic;

using System.Security.Claims;

using System.Threading.Tasks;


using Microsoft.AspNetCore.Authentication;


using Tgstation.Server.Api.Rights;

using Tgstation.Server.Host.Models;


namespace Tgstation.Server.Host.Security

{


    sealed class AuthenticationContextClaimsTransformation : IClaimsTransformation

    {

        readonly IAuthenticationContext authenticationContext;


        public AuthenticationContextClaimsTransformation(IAuthenticationContext authenticationContext)

        {

            this.authenticationContext = authenticationContext ?? throw new ArgumentNullException(nameof(authenticationContext));

        }


        public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)

        {

            ArgumentNullException.ThrowIfNull(principal);


            if (!authenticationContext.Valid)

                throw new InvalidOperationException("Expected a valid authentication context here!");


            var enumerator = Enum.GetValues(typeof(RightsType));

            var claims = new List<Claim>();

            if (authenticationContext.User.Require(x => x.Enabled))

                claims.Add(

                    new Claim(

                        ClaimTypes.Role,

                        TgsAuthorizeAttribute.UserEnabledRole));


            foreach (RightsType rightType in enumerator)

            {

                // if there's a bad condition, do a weird thing and add all the roles

                // we need it so we can get to TgsAuthorizeAttribute where we can properly decide between BadRequest and Forbid

                var rightAsULong = (RightsHelper.IsInstanceRight(rightType) && authenticationContext.InstancePermissionSet == null)

                    ? ~0UL

                    : authenticationContext.GetRight(rightType);

                var rightEnum = RightsHelper.RightToType(rightType);

                var right = (Enum)Enum.ToObject(rightEnum, rightAsULong);

                foreach (Enum enumeratedRight in Enum.GetValues(rightEnum))

                    if (right.HasFlag(enumeratedRight))

                        claims.Add(

                            new Claim(

                                ClaimTypes.Role,

                                RightsHelper.RoleName(rightType, enumeratedRight)));

            }


            principal.AddIdentity(new ClaimsIdentity(claims));


            return Task.FromResult(principal);

        }


    }


}

IClaimsTransformation

Tgstation.Server.Api.Rights.RightsHelper
Helper for RightsTypes.
Definition RightsHelper.cs:12

Tgstation.Server.Api.Rights.RightsHelper.IsInstanceRight
static bool IsInstanceRight(RightsType rightsType)
Check if a given rightsType  is meant for an Models.Instance.

Tgstation.Server.Api.Rights.RightsHelper.RightToType
static Type RightToType(RightsType rightsType)
Map a given rightsType  to its respective Enum Type.

Tgstation.Server.Api.Rights.RightsHelper.RoleName
static string RoleName(RightsType rightsType, Enum right)
Gets the role claim name used for a given rightsType  and right .
Definition RightsHelper.cs:65

Tgstation.Server.Host.Security.AuthenticationContextClaimsTransformation
A IClaimsTransformation that maps Claims using an IAuthenticationContext.
Definition AuthenticationContextClaimsTransformation.cs:17

Tgstation.Server.Host.Security.AuthenticationContextClaimsTransformation.AuthenticationContextClaimsTransformation
AuthenticationContextClaimsTransformation(IAuthenticationContext authenticationContext)
Initializes a new instance of the AuthenticationContextClaimsTransformation class.
Definition AuthenticationContextClaimsTransformation.cs:27

Tgstation.Server.Host.Security.AuthenticationContextClaimsTransformation.TransformAsync
Task< ClaimsPrincipal > TransformAsync(ClaimsPrincipal principal)
Definition AuthenticationContextClaimsTransformation.cs:33

Tgstation.Server.Host.Security.AuthenticationContextClaimsTransformation.authenticationContext
readonly IAuthenticationContext authenticationContext
The IAuthenticationContext for the AuthenticationContextClaimsTransformation.
Definition AuthenticationContextClaimsTransformation.cs:21

Tgstation.Server.Host.Security.TgsAuthorizeAttribute
Helper for using the AuthorizeAttribute with the Api.Rights system.
Definition TgsAuthorizeAttribute.cs:17

Tgstation.Server.Host.Security.TgsAuthorizeAttribute.UserEnabledRole
const string UserEnabledRole
Role used to indicate access to the server is allowed.
Definition TgsAuthorizeAttribute.cs:21

Tgstation.Server.Host.Security.IAuthenticationContext
For creating and accessing authentication contexts.
Definition IAuthenticationContext.cs:12

Tgstation.Server.Host.Security.IAuthenticationContext.Valid
bool Valid
If the IAuthenticationContext is for a valid login.
Definition IAuthenticationContext.cs:16

Tgstation.Server.Host.Security.IAuthenticationContext.User
User User
The authenticated user.
Definition IAuthenticationContext.cs:31

Tgstation.Server.Host.Security.IAuthenticationContext.GetRight
ulong GetRight(RightsType rightsType)
Get the value of a given rightsType .

Tgstation.Server.Api.Rights
Definition AdministrationRights.cs:4

Tgstation.Server.Api.Rights.ConfigurationRights.List
@ List
User may list files if the Models.Instance allows it.

Tgstation.Server.Api.Rights.RightsType
RightsType
The type of rights a model uses.
Definition RightsType.cs:7

Tgstation.Server.Host.Models
Definition ChatBot.cs:9

Tgstation.Server.Host.Security
Definition AuthenticationContext.cs:8