change jwt to cookie

leungkimming1 · leungkimming1 · commit 590aa1f65edd · 2022-05-25T16:23:55.000+08:00
diff --git a/API/Controllers/DocumentProcessingController.cs b/API/Controllers/DocumentProcessingController.cs
@@ -1,8 +1,6 @@
 ﻿using API;
 using DocumentProcessing;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System.Diagnostics;
 using System.Globalization;
 using System.Net.Http.Headers;
 using Telerik.Documents.Common.Model;
@@ -23,7 +21,6 @@
 
 [ApiController]
 [Route("documentprocessing")]
-[Authorize]
 public class DocumentProcessingController : ControllerBase {
 
     private readonly IPdfProcessing _pdfProcessing;
diff --git a/API/Controllers/LoginController.cs b/API/Controllers/LoginController.cs
@@ -25,39 +25,46 @@ public LoginController(IConfiguration config,
     }
 
     [HttpGet(Name = "Login")]
-    public async Task<IActionResult> Get() {
+    public async Task<IActionResult> Get(bool force) {
         JwtSecurityToken jwtToken;
         string token;
-        AuthResult authResult;
+        AuthResult authResult = new AuthResult();
+        RefreshTokenResponse refreshTokenDTO = new RefreshTokenResponse() {
+            sRefreshToken = "",
+            TokenExpiry = null,
+            Success = true,
+            Message = ""
+        };
 
         if (HttpContext.User.Identity!.Name == "" || HttpContext.User.Identity.Name == null) {
             throw new InvalidUserException();
         }
 
-        if (jwtUtil.ValidateToken(HttpContext.Request, out jwtToken, out token)) {
+        if (!force && jwtUtil.ValidateToken(HttpContext.Request, out jwtToken, out token)) {
+            refreshTokenDTO.TokenExpiry = jwtToken.ValidTo;
+            refreshTokenDTO.Message = "Not Yet Expired";
             if (HttpContext.User.Identity.Name == jwtToken.Claims
                 .Where(c => c.Type == ClaimTypes.Name)
                 .Select(c => c.Value).SingleOrDefault()) {
                 Array.ForEach(jwtToken.Claims.Where(c => c.Type == ClaimTypes.Role)
                     .ToArray(), c => ((ClaimsIdentity)HttpContext.User.Identity).AddClaim(c));
             }
-            authResult = new AuthResult() {
-                Token = token,
-                Success = true,
-                RefreshToken = ""
-            };
         } else {
             List<Claim>? claims = _service.GetUserClaims(HttpContext.User.Identity.Name);
 
             ClaimsIdentity claimsIdentity = (ClaimsIdentity)HttpContext.User.Identity;
             Array.ForEach(claims.Where(c => c.Type == ClaimTypes.Role).ToArray(),
                 c => claimsIdentity.AddClaim(c));
             authResult = jwtUtil.GenerateJwtToken(HttpContext.User.Identity.Name, claims);
+            HttpContext.Response.Cookies.Append("X-UserRoles", authResult.Token!, 
+                new CookieOptions() { HttpOnly = true });
+            refreshTokenDTO.sRefreshToken = authResult.RefreshToken;
+            refreshTokenDTO.Message = "New Token generated";
         }
 
         AntiforgeryTokenSet? tokens = antiforgery.GetAndStoreTokens(HttpContext);
         HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken!, new CookieOptions() { HttpOnly = false });
 
-        return Ok(authResult);
+        return Ok(refreshTokenDTO);
     }
 }
diff --git a/API/Controllers/ReportController.cs b/API/Controllers/ReportController.cs
@@ -5,6 +5,7 @@
 namespace API {
     [Route("reports")]
     [ApiController]
+    [AccessCodeAuthorize("RA01")]
     [IgnoreAntiforgeryToken]
     public class ReportsController : ReportsControllerBase {
         public ReportsController(IReportServiceConfiguration reportServiceConfiguration)
diff --git a/API/Controllers/RuntimeInfoController.cs b/API/Controllers/RuntimeInfoController.cs
@@ -3,15 +3,12 @@
 using System.Runtime.InteropServices;
 using System.Security.Principal;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Authorization;
 using System.IdentityModel.Tokens.Jwt;
-using Microsoft.AspNetCore.Authentication.Negotiate;
 
 namespace API;
 
 [ApiController]
 [Route("RuntimeInfo")]
-[Authorize(AuthenticationSchemes = NegotiateDefaults.AuthenticationScheme)]
 [IgnoreAntiforgeryToken]
 public class RuntimeInfoController : ControllerBase {
     private IConfiguration _conf { get; set; }
diff --git a/API/Controllers/SystemParameters/SystemParametersController.cs b/API/Controllers/SystemParameters/SystemParametersController.cs
@@ -1,6 +1,4 @@
 ﻿using Common;
-using Microsoft.AspNetCore.Authentication.Negotiate;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Service;
 
diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs
@@ -3,7 +3,6 @@
 using Service;
 using Data;
 using System.Net;
-using Business;
 
 namespace API {
     [ApiController]
diff --git a/API/Jwt/AuthResult.cs b/API/Jwt/AuthResult.cs
@@ -0,0 +1,10 @@
+using System.Collections.Generic;
+
+namespace API {
+    public class AuthResult {
+        public string Token { get; set; }
+        public string RefreshToken { get; set; }
+        public bool Success { get; set; }
+        public List<string> Errors { get; set; }
+    }
+}
diff --git a/API/Jwt/CustomHeaderSwaggerAttribute.cs b/API/Jwt/CustomHeaderSwaggerAttribute.cs
@@ -6,15 +6,14 @@ public class CustomHeaderSwaggerAttribute : IOperationFilter {
         public void Apply(OpenApiOperation operation, OperationFilterContext context) {
             if (operation.Parameters == null)
                 operation.Parameters = new List<OpenApiParameter>();
-
-            operation.Parameters.Add(new OpenApiParameter {
-                Name = "X-UserRoles",
-                In = ParameterLocation.Header,
-                Required = false,
-                Schema = new OpenApiSchema {
-                    Type = "string"
-                }
-            });
+            //operation.Parameters.Add(new OpenApiParameter {
+            //    Name = "X-UserRoles",
+            //    In = ParameterLocation.Header,
+            //    Required = false,
+            //    Schema = new OpenApiSchema {
+            //        Type = "string"
+            //    }
+            //});
             operation.Parameters.Add(new OpenApiParameter {
                 Name = "X-CSRF-TOKEN-HEADER",
                 In = ParameterLocation.Header,
diff --git a/API/Jwt/JWTUtil.cs b/API/Jwt/JWTUtil.cs
@@ -4,6 +4,7 @@
 using Microsoft.IdentityModel.Tokens;
 using Common;
 using Business;
+using Microsoft.Extensions.Primitives;
 
 namespace API {
     public class JWTUtil : IJWTUtil {
@@ -35,7 +36,7 @@ public JWTUtil(IConfiguration config) {
         }
 
         public bool ValidateToken(HttpRequest request, out JwtSecurityToken jwtToken, out string token) {
-            var tokens = request.Headers["X-UserRoles"];
+            StringValues tokens = request.Cookies["X-UserRoles"];
             if (tokens.Any()) {
                 token = tokens[0];
                 try {
@@ -67,7 +68,9 @@ public AuthResult GenerateJwtToken(string user, List<Claim> claims) {
             };
             var token = tokenHandler.CreateToken(tokenDescriptor);
             var jwtToken = tokenHandler.WriteToken(token);
-
+            if (jwtToken.Length > (4096 - 13)) { //limit - cookie key
+                throw new CookieSizeExceedLimitException();
+            }
             var refreshToken = new RefreshToken()
             {
                 JwtId = token.Id,
diff --git a/API/Program.cs b/API/Program.cs
@@ -77,7 +77,6 @@
 // Authentication, authorization, Antiforgery Token
 builder.Services.AddAuthentication(HttpSysDefaults.AuthenticationScheme);
 builder.Services.AddAuthentication(IISServerDefaults.AuthenticationScheme);
-builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme);
 if (!builder.Environment.IsDevelopment()) {
     builder.WebHost.UseHttpSys(options => {
         options.Authentication.Schemes = AuthenticationSchemes.Negotiate | AuthenticationSchemes.NTLM;
diff --git a/Client/Pages/NewUser.razor b/Client/Pages/NewUser.razor
@@ -3,7 +3,7 @@
 @using System.Text.Json
 
 @inject HttpUtil _httpUtil
-
+<h3>Create New User</h3>
 <TelerikForm Model="@_newuser"
                          Width="300px"
                          >
diff --git a/Client/Pages/SearchUser.razor b/Client/Pages/SearchUser.razor
@@ -147,11 +147,10 @@
         <DialogContent>
 
             <TelerikForm Model="@_newpayslip"
-                         Width="auto"
-                         >
+                         Width="auto">
                 <FormButtons></FormButtons>
                 <FormItems>
-                    <FormItem LabelText="Date" Field="@nameof(_newpayslip.Date)" ></FormItem>
+                    <FormItem LabelText="Date" Field="@nameof(_newpayslip.Date)"></FormItem>
                     <FormItem LabelText="Working Days" Field="@nameof(_newpayslip.WorkingDays)"></FormItem>
                     <FormItem LabelText="Bonus" Field="@nameof(_newpayslip.Bonus)"></FormItem>
                     <FormItem Field="@nameof(_newpayslip.IsPaid)">
@@ -190,6 +189,15 @@
     List<SelectedData> SelectedDatas { get; set; } = new List<SelectedData>();
     private GetUserRequest _getUser = new GetUserRequest();
 
+    private bool visible { get; set; } = false;
+    private AddPayslipRequest _newpayslip { get; set; } = new AddPayslipRequest();
+    TelerikGrid<UserInfoDTO> Grid { get; set; }
+    public GetUserRequest getUserRequest { get; set; } = new GetUserRequest();
+    private List<UserInfoDTO> sourceData { get; set; }
+    private GetAllDatasResponse<UserInfoDTO> getAllDatasResponse { get; set; }
+    private GeneralSearchUtil<GetUserRequest, UserInfoDTO> generalSearchUtil { get; set; }
+    private int pageSize = 10;
+
     async Task Payslip(UserInfoDTO user) {
         generalSearchUtil.Message = "";
         generalSearchUtil.Notspinning = false;
@@ -215,8 +223,10 @@
         generalSearchUtil.Notspinning = false;
         var result = await _httpUtil.PostAsJsonAsync("users/AddPayslip", _newpayslip);
         generalSearchUtil.Notspinning = true;
+        int userID=0;
         if (result.IsSuccessStatusCode) {
             AddPayslipResponse response = await result.Content.ReadFromJsonAsync<AddPayslipResponse>();
+            userID = response?.UserId ?? 0;
             generalSearchUtil.Message = "Created for User ID:" + response.UserId
                 + "\r\nSalary:" + response.TotalSalary;
             if (response.LetterSentDate != null) {
@@ -230,31 +240,39 @@
             generalSearchUtil.ShowErrorNotifications(generalSearchUtil.Message);
         }
         visible = false;
+        await EnsureOnlyCurrentRowExpanded(userID);
+    }
+    async Task EnsureOnlyCurrentRowExpanded(int userID) {
+        
+        // use the current grid state to keep filters, sorts, paging and so on
+        var currItem =  getAllDatasResponse.Datas.FirstOrDefault(i=>i.Id == userID) as UserInfoDTO;
+        if (currItem == null) {
+            return;
+        }
+        var state = Grid.GetState();
+        bool isCurrItemExpanded = state.ExpandedItems.Any(x => x.Id == userID);
+        if (isCurrItemExpanded) {
+            state.ExpandedItems.Remove(currItem);
+        } else {
+            state.ExpandedItems.Add(currItem);
+        }
+        await Grid.SetState(state);
     }
-
-    private bool visible { get; set; } = false;
-    private AddPayslipRequest _newpayslip { get; set; } = new AddPayslipRequest();
-    TelerikGrid<UserInfoDTO> Grid { get; set; }
-    public GetUserRequest getUserRequest { get; set; } = new GetUserRequest();
-    private List<UserInfoDTO> sourceData { get; set; }
-    private GetAllDatasResponse<UserInfoDTO> getAllDatasResponse { get; set; }
-    private GeneralSearchUtil<GetUserRequest, UserInfoDTO> generalSearchUtil { get; set; }
-    private int pageSize = 10;
 
     private void OnClear() {
         getUserRequest = new GetUserRequest();
     }
 
     protected override async Task OnInitializedAsync() {
         generalSearchUtil = new GeneralSearchUtil<GetUserRequest, UserInfoDTO>(_httpUtil);
-        SelectedDatas=new List<SelectedData>();
-        SelectedDatas.Add(new SelectedData { Code=true,Description="True"});
-        SelectedDatas.Add(new SelectedData { Code=false,Description="False"});
+        SelectedDatas = new List<SelectedData>();
+        SelectedDatas.Add(new SelectedData { Code = true, Description = "True" });
+        SelectedDatas.Add(new SelectedData { Code = false, Description = "False" });
+       
 
     }
     async Task Search() {
         await generalSearchUtil.RefreshAsync(Grid);
-
     }
 
     private async Task ReadItems(GridReadEventArgs args) {
@@ -264,5 +282,6 @@
         getAllDatasResponse = await generalSearchUtil.SearchAsync(getUserRequest, "users/getuserlist");
         args.Data = getAllDatasResponse.Datas;
         args.Total = getAllDatasResponse.TotalCount;
+
     }
 }
diff --git a/Client/Pages/SystemParameters/SearchDatas.razor b/Client/Pages/SystemParameters/SearchDatas.razor
@@ -168,6 +168,7 @@
         HttpContent jsonContent = JsonContent.Create(systemParameter);
         await _generalSearchUtil.CreateAsync(jsonContent, "systemparameters/addsystemparameter");
         _generalSearchUtil.ShowSuccessNotifications("Create Success.");
+         await Search();
     }
     private async Task UpdateHandler() {
         var systemParameter = _mapper.Map<EditSystemParameterRequest>(_selectedItem);
@@ -176,9 +177,11 @@
         _visible = false;
         if (string.IsNullOrEmpty(_generalSearchUtil.Message)) {
             _generalSearchUtil.ShowSuccessNotifications("Update Success.");
+
         } else {
             _generalSearchUtil.ShowErrorNotifications(_generalSearchUtil.Message);
         }
+        await Search();
     }
     void SelectedData(SystemParametersSearchResponse item) {
         _visible = true;
@@ -191,6 +194,7 @@
         } else {
             _generalSearchUtil.ShowErrorNotifications(_generalSearchUtil.Message);
         }
+         await Search();
     }
 
 
diff --git a/Client/Shared/ErrorHandler.razor b/Client/Shared/ErrorHandler.razor
@@ -0,0 +1,11 @@
+﻿@page "/Error/{ErrorType}"
+@if (ErrorType == ErrorConstant.AuthorizationError.Code) {
+    <label style="align-content:center">You don't has permission for this action, please contact administractor.</label>
+}
+else{
+    <label style="align-content:center">System error, please contact administractor.</label>
+}
+
+@code {
+    [Parameter] public string ErrorType { get; set; }
+}
diff --git a/Client/Shared/MainLayout.razor b/Client/Shared/MainLayout.razor
@@ -84,4 +84,4 @@
          NavigationManager.NavigateTo("runtimeinfo");
     }
     #endregion
-}
+}
diff --git a/Client/Shared/NavMenu/DrawerMenu.cs b/Client/Shared/NavMenu/DrawerMenu.cs
@@ -14,7 +14,7 @@ public static class DrawerMenu {
         new List<DrawerItem>
             {
                 new DrawerItem{ Text = "Home", Icon = "home", Url="/dotnet6EAA", Group = "home"},
-                new DrawerItem{ Text = "Add User", Icon = "dollar", Url="/dotnet6EAA/adduser", Group = "app", Target="_popup"},
+                new DrawerItem{ Text = "Add User", Icon = "dollar", Url="/dotnet6EAA/adduser", Group = "app"},
                 new DrawerItem{ Text = "Search User", Icon = "dollar", Url="/dotnet6EAA/searchuser", Group = "app"},
                 new DrawerItem{ Text = "Report", Icon = "dollar", Url="/dotnet6EAA/Report", Group = "app"},
                 new DrawerItem{ Text = "System Parameters", Icon = "tell-a-friend", Url="/dotnet6EAA/systemparameters/searchdatas", Group = "app"},
diff --git a/Client/Util/HttpUtil.cs b/Client/Util/HttpUtil.cs
diff --git a/Common/Constant/ErrorConstant.cs b/Common/Constant/ErrorConstant.cs
diff --git a/Common/DTOs/RefreshTokenResponse.cs b/Common/DTOs/RefreshTokenResponse.cs
diff --git a/Common/Shared/CustomExceptions.cs b/Common/Shared/CustomExceptions.cs
diff --git a/Data/EF/EFContext.cs b/Data/EF/EFContext.cs
diff --git a/Service/SystemParameters/SystemParametersService.cs b/Service/SystemParameters/SystemParametersService.cs
diff --git a/Service/Users/UserService.cs b/Service/Users/UserService.cs
diff --git a/StoryTest/Support/TestHelper.cs b/StoryTest/Support/TestHelper.cs
