Authentication based on API key

acoumb · acoumb · commit 656d580a7d99 · 2022-06-06T15:36:43.000+03:00
diff --git a/src/Umbraco.Forms.Integrations.Automation.Zapier/Configuration/ZapierSettings.cs b/src/Umbraco.Forms.Integrations.Automation.Zapier/Configuration/ZapierSettings.cs
@@ -11,9 +11,13 @@ public ZapierSettings()
 
         public ZapierSettings(NameValueCollection appSettings)
         {
-            UserGroup = appSettings[Constants.UmbracoFormsIntegrationsAutomationZapierUserGroup];
+            UserGroupAlias = appSettings[Constants.UmbracoFormsIntegrationsAutomationZapierUserGroupAlias];
+
+            ApiKey = appSettings[Constants.UmbracoFormsIntegrationsAutomationZapierApiKey];
         }
 
-        public string UserGroup { get; set; }
+        public string UserGroupAlias { get; set; }
+
+        public string ApiKey { get; set; }
     }
 }
diff --git a/src/Umbraco.Forms.Integrations.Automation.Zapier/Constants.cs b/src/Umbraco.Forms.Integrations.Automation.Zapier/Constants.cs
@@ -3,13 +3,17 @@ namespace Umbraco.Forms.Integrations.Automation.Zapier
 {
     public class Constants
     {
-        public const string UmbracoFormsIntegrationsAutomationZapierUserGroup = "Umbraco.Forms.Integrations.Automation.Zapier.UserGroup";
+        public const string UmbracoFormsIntegrationsAutomationZapierUserGroupAlias = "Umbraco.Forms.Integrations.Automation.Zapier.UserGroupAlias";
+
+        public const string UmbracoFormsIntegrationsAutomationZapierApiKey = "Umbraco.Forms.Integrations.Automation.Zapier.ApiKey";
 
         public static class ZapierAppConfiguration
         {
             public const string UsernameHeaderKey = "X-USERNAME";
 
             public const string PasswordHeaderKey = "X-PASSWORD";
+
+            public const string ApiKeyHeaderKey = "X-APIKEY";
         }
 
         public static class Configuration
diff --git a/src/Umbraco.Forms.Integrations.Automation.Zapier/Controllers/ZapierFormAuthorizedApiController.cs b/src/Umbraco.Forms.Integrations.Automation.Zapier/Controllers/ZapierFormAuthorizedApiController.cs
@@ -40,6 +40,7 @@ public bool IsUserValid()
         {
             string username = string.Empty;
             string password = string.Empty;
+            string apiKey = string.Empty;
 
 #if NETCOREAPP
             if (Request.Headers.TryGetValue(Constants.ZapierAppConfiguration.UsernameHeaderKey,
@@ -48,18 +49,24 @@ public bool IsUserValid()
             if (Request.Headers.TryGetValue(Constants.ZapierAppConfiguration.PasswordHeaderKey,
                     out var passwordValues))
                 password = passwordValues.First();
+            if (Request.Headers.TryGetValue(Constants.ZapierAppConfiguration.ApiKeyHeaderKey,
+                    out var apiKeyValues))
+                apiKey = apiKeyValues.First();
 #else
             if (Request.Headers.TryGetValues(Constants.ZapierAppConfiguration.UsernameHeaderKey,
                     out var usernameValues))
                 username = usernameValues.First();
             if (Request.Headers.TryGetValues(Constants.ZapierAppConfiguration.PasswordHeaderKey,
                     out var passwordValues))
                 password = passwordValues.First();
+            if (Request.Headers.TryGetValues(Constants.ZapierAppConfiguration.ApiKeyHeaderKey,
+                    out var apiKeyValues))
+                apiKey = apiKeyValues.First();
 #endif
 
-            if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) return false;
+            if (string.IsNullOrEmpty(apiKey) && (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))) return false;
 
-            var isAuthorized = _userValidationService.Validate(username, password, Options.UserGroup).GetAwaiter()
+            var isAuthorized = _userValidationService.Validate(username, password, Options.ApiKey).GetAwaiter()
                 .GetResult();
             if (!isAuthorized) return false;
 
diff --git a/src/Umbraco.Forms.Integrations.Automation.Zapier/Services/IUserValidationService.cs b/src/Umbraco.Forms.Integrations.Automation.Zapier/Services/IUserValidationService.cs
@@ -4,6 +4,6 @@ namespace Umbraco.Forms.Integrations.Automation.Zapier.Services
 {
     public interface IUserValidationService
     {
-        Task<bool> Validate(string username, string password, string userGroup);
+        Task<bool> Validate(string username, string password, string apiKey);
     }
 }
diff --git a/src/Umbraco.Forms.Integrations.Automation.Zapier/Services/UserValidationService.cs b/src/Umbraco.Forms.Integrations.Automation.Zapier/Services/UserValidationService.cs
@@ -1,10 +1,15 @@
 ﻿using System.Linq;
 using System.Threading.Tasks;
 
+using Umbraco.Forms.Integrations.Automation.Zapier.Configuration;
+
 #if NETCOREAPP
+using Microsoft.Extensions.Options;
+
 using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Core.Services;
 #else
+using System.Configuration;
 using Umbraco.Core.Services;
 #endif
 
@@ -14,23 +19,31 @@ public class UserValidationService : IUserValidationService
     {
         private readonly IUserService _userService;
 
+        private readonly ZapierSettings _zapierSettings;
 
 #if NETCOREAPP
         private readonly IBackOfficeUserManager _backOfficeUserManager;
 
-        public UserValidationService(IBackOfficeUserManager backOfficeUserManager, IUserService userService)
+        public UserValidationService(IOptions<ZapierSettings> options, IBackOfficeUserManager backOfficeUserManager, IUserService userService)
         {
             _backOfficeUserManager = backOfficeUserManager;
+
+            _zapierSettings = options.Value;
         }
 #else
         public UserValidationService(IUserService userService)
         {
             _userService = userService;
+
+            _zapierSettings = new ZapierSettings(ConfigurationManager.AppSettings);
         }
 #endif
 
-        public async Task<bool> Validate(string username, string password, string userGroup)
+        public async Task<bool> Validate(string username, string password, string apiKey)
         {
+            if (!string.IsNullOrEmpty(apiKey))
+                return apiKey == _zapierSettings.ApiKey;
+
 #if NETCOREAPP
             var isUserValid =
                 await _backOfficeUserManager.ValidateCredentialsAsync(username, password);
@@ -40,11 +53,11 @@ public async Task<bool> Validate(string username, string password, string userGr
 
             if (!isUserValid) return false;
 
-            if (!string.IsNullOrEmpty(userGroup))
+            if (!string.IsNullOrEmpty(_zapierSettings.UserGroupAlias))
             {
                 var user = _userService.GetByUsername(username);
 
-                return user != null && user.Groups.Any(p => p.Name == userGroup);
+                return user != null && user.Groups.Any(p => p.Alias == _zapierSettings.UserGroupAlias);
             }
 
             return true;

Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,13 @@ public ZapierSettings()`
`11`	`11`
`12`	`12`	`public ZapierSettings(NameValueCollection appSettings)`
`13`	`13`	`{`
`14`		`- UserGroup = appSettings[Constants.UmbracoFormsIntegrationsAutomationZapierUserGroup];`
	`14`	`+ UserGroupAlias = appSettings[Constants.UmbracoFormsIntegrationsAutomationZapierUserGroupAlias];`
	`15`	`+`
	`16`	`+ ApiKey = appSettings[Constants.UmbracoFormsIntegrationsAutomationZapierApiKey];`
`15`	`17`	`}`
`16`	`18`
`17`		`- public string UserGroup { get; set; }`
	`19`	`+ public string UserGroupAlias { get; set; }`
	`20`	`+`
	`21`	`+ public string ApiKey { get; set; }`
`18`	`22`	`}`
`19`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,13 +3,17 @@ namespace Umbraco.Forms.Integrations.Automation.Zapier`
`3`	`3`	`{`
`4`	`4`	`public class Constants`
`5`	`5`	`{`
`6`		`- public const string UmbracoFormsIntegrationsAutomationZapierUserGroup = "Umbraco.Forms.Integrations.Automation.Zapier.UserGroup";`
	`6`	`+ public const string UmbracoFormsIntegrationsAutomationZapierUserGroupAlias = "Umbraco.Forms.Integrations.Automation.Zapier.UserGroupAlias";`
	`7`	`+`
	`8`	`+ public const string UmbracoFormsIntegrationsAutomationZapierApiKey = "Umbraco.Forms.Integrations.Automation.Zapier.ApiKey";`
`7`	`9`
`8`	`10`	`public static class ZapierAppConfiguration`
`9`	`11`	`{`
`10`	`12`	`public const string UsernameHeaderKey = "X-USERNAME";`
`11`	`13`
`12`	`14`	`public const string PasswordHeaderKey = "X-PASSWORD";`
	`15`	`+`
	`16`	`+ public const string ApiKeyHeaderKey = "X-APIKEY";`
`13`	`17`	`}`
`14`	`18`
`15`	`19`	`public static class Configuration`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,6 @@ namespace Umbraco.Forms.Integrations.Automation.Zapier.Services`
`4`	`4`	`{`
`5`	`5`	`public interface IUserValidationService`
`6`	`6`	`{`
`7`		`- Task<bool> Validate(string username, string password, string userGroup);`
	`7`	`+ Task<bool> Validate(string username, string password, string apiKey);`
`8`	`8`	`}`
`9`	`9`	`}`