From 6a9657a10dc5ef3c4dfddf222284eec6c933ac83 Mon Sep 17 00:00:00 2001 From: Tim Date: Sat, 19 Apr 2025 19:33:04 +0200 Subject: Add OIDC user-information endpoint --- VPNAuth.Server/Program.cs | 78 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 72 insertions(+), 6 deletions(-) (limited to 'VPNAuth.Server/Program.cs') diff --git a/VPNAuth.Server/Program.cs b/VPNAuth.Server/Program.cs index 822aba7..beae428 100644 --- a/VPNAuth.Server/Program.cs +++ b/VPNAuth.Server/Program.cs @@ -36,6 +36,12 @@ app.MapGet("/accept-auth/{id}", async (HttpContext context, int id) => return; } + if (authRequest.Username != context.GetUser()?.Username) + { + context.Response.StatusCode = StatusCodes.Status403Forbidden; + return; + } + authRequest.Accepted = true; db.SaveChanges(); @@ -80,7 +86,8 @@ app.MapPost("/access-token", async (HttpContext context) => ClientId = authRequest.ClientId, Scopes = authRequest.Scopes, CreationTime = DateTime.Now, - Token = PkceUtils.GenerateToken() + Token = PkceUtils.GenerateToken(), + Username = authRequest.Username }); db.SaveChanges(); @@ -92,7 +99,7 @@ app.MapPost("/access-token", async (HttpContext context) => }); }); -app.MapPost("/user-info", async (HttpContext context) => +app.MapPost("/user-info-settings", async (HttpContext context) => { using var db = new Database(); @@ -103,8 +110,10 @@ app.MapPost("/user-info", async (HttpContext context) => context.Response.StatusCode = StatusCodes.Status401Unauthorized; } - UserInformation? userInformation = db.UserInformation.Where(user => user.Sub == configUser!.Username) - .ToList().FirstOrDefault() ?? db.Add(new UserInformation + UserInformation? userInformation = db.UserInformation + .Where(user => user.Sub == configUser!.Username) + .ToList() + .FirstOrDefault() ?? db.Add(new UserInformation { Sub = configUser!.Username }).Entity; @@ -120,15 +129,72 @@ app.MapPost("/user-info", async (HttpContext context) => if (context.Request.Form.ContainsKey("email")) userInformation.Email = context.Request.Form["email"]!; - + if (context.Request.Form.ContainsKey("picture")) userInformation.Picture = context.Request.Form["picture"]!; - + userInformation.Name = userInformation.GivenName + " " + userInformation.FamilyName; db.SaveChanges(); }); +app.Map("/user-info", (HttpContext context) => +{ + if (context.Request.Method != "GET" && context.Request.Method != "POST") + { + context.Response.StatusCode = StatusCodes.Status405MethodNotAllowed; + return; + } + + var tokenHeader = context.Request.Headers["Authorization"].First()?.Split(" "); + + if (tokenHeader?.Length == 1 || tokenHeader?[0] != "Bearer") + { + context.Response.StatusCode = StatusCodes.Status400BadRequest; + return; + } + + if (tokenHeader.Length >= 2) + { + context.Response.StatusCode = StatusCodes.Status401Unauthorized; + return; + } + + using var db = new Database(); + var tokenDbEntry = db.AccessTokens + .Where(tokenEntry => tokenEntry.Token == tokenHeader[1]) + .ToList() + .FirstOrDefault(); + + if (tokenDbEntry == null) + { + context.Response.StatusCode = StatusCodes.Status403Forbidden; + return; + } + + var userInformation = db.UserInformation + .Where(entry => entry.Sub == tokenDbEntry.Username) + .ToList() + .FirstOrDefault(); + + if (userInformation == null) + { + context.Response.StatusCode = StatusCodes.Status204NoContent; + return; + } + + context.Response.WriteAsJsonAsync(new UserInfo + { + Email = userInformation.Email, + GivenName = userInformation.GivenName, + FamilyName = userInformation.FamilyName, + Name = userInformation.Name, + Picture = userInformation.Picture, + PreferredUsername = userInformation.PreferredUsername, + Sub = userInformation.Sub + }); +}); + app.MapStaticAssets(); app.MapRazorPages() .WithStaticAssets(); -- cgit v1.2.3