ApiSystem: moved from feature/space-management

2023-07-25 16:11:31 +03:00 · 2023-07-25 16:11:31 +03:00 · abdcedbaa8
commit abdcedbaa8
parent 54387f8f98
4 changed files with 119 additions and 12 deletions
--- a/common/services/ASC.ApiSystem/Classes/ApiSystemAuthHandler.cs
+++ b/common/services/ASC.ApiSystem/Classes/ApiSystemAuthHandler.cs
@ -0,0 +1,84 @@
+// (c) Copyright Ascensio System SIA 2010-2022
+//
+// This program is a free software product.
+// You can redistribute it and/or modify it under the terms
+// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
+// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
+// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
+// any third-party rights.
+//
+// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
+// of MERCHANTABILITY or FITNESS FOR A PARTICULAR  PURPOSE. For details, see
+// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
+//
+// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
+//
+// The  interactive user interfaces in modified source and object code versions of the Program must
+// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
+//
+// Pursuant to Section 7(b) of the License you must retain the original Product logo when
+// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
+// trademark law for use of our trademarks.
+//
+// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
+// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
+// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
+
+using System.Security.Authentication;
+using System.Text.Encodings.Web;
+
+using ASC.Web.Core;
+
+using Microsoft.Extensions.Options;
+
+namespace ASC.ApiSystem.Classes;
+
+[Scope]
+public class ApiSystemAuthHandler : CookieAuthHandler
+{
+    private readonly CoreBaseSettings _coreBaseSettings;
+    private readonly AuthContext _authContext;
+    private readonly UserManager _userManager;
+
+    public ApiSystemAuthHandler(
+        IOptionsMonitor<AuthenticationSchemeOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder,
+        ISystemClock clock,
+        SecurityContext securityContext,
+        CookiesManager cookiesManager,
+        IHttpContextAccessor httpContextAccessor,
+        CoreBaseSettings coreBaseSettings,
+        AuthContext authContext,
+        UserManager userManager)
+        : base(options, logger, encoder, clock, securityContext, cookiesManager, httpContextAccessor)
+    {
+        _coreBaseSettings = coreBaseSettings;
+        _authContext = authContext;
+        _userManager = userManager;
+    }
+
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        var baseResult = await base.HandleAuthenticateAsync();
+        if (!baseResult.Succeeded)
+        {
+            return baseResult;
+        }
+
+        if (_coreBaseSettings.Standalone)
+        {
+            if (!_authContext.IsAuthenticated)
+            {
+                return AuthenticateResult.Fail(new AuthenticationException(nameof(HttpStatusCode.Unauthorized)));
+            }
+
+            if (!await _userManager.IsDocSpaceAdminAsync(_authContext.CurrentAccount.ID))
+            {
+                return AuthenticateResult.Fail(new AuthenticationException(nameof(HttpStatusCode.Unauthorized)));
+            }
+        }
+
+        return baseResult;
+    }
+}
--- a/common/services/ASC.ApiSystem/Controllers/PortalController.cs
+++ b/common/services/ASC.ApiSystem/Controllers/PortalController.cs
@ -46,6 +46,9 @@ public class PortalController : ControllerBase
    private readonly TimeZonesProvider _timeZonesProvider;
    private readonly TimeZoneConverter _timeZoneConverter;
    private readonly PasswordHasher _passwordHasher;
+    private readonly CoreBaseSettings _coreBaseSettings;
+    private readonly AuthContext _authContext;
+    private readonly UserManager _userManager;
    private readonly ILogger<PortalController> _log;

    public PortalController(
@ -64,7 +67,10 @@ public class PortalController : ControllerBase
        ILogger<PortalController> option,
        TimeZonesProvider timeZonesProvider,
        TimeZoneConverter timeZoneConverter,
-        PasswordHasher passwordHasher)
+        PasswordHasher passwordHasher,
+        CoreBaseSettings coreBaseSettings,
+        AuthContext authContext,
+        UserManager userManager)
    {
        _configuration = configuration;
        _securityContext = securityContext;
@ -81,6 +87,9 @@ public class PortalController : ControllerBase
        _timeZonesProvider = timeZonesProvider;
        _timeZoneConverter = timeZoneConverter;
        _passwordHasher = passwordHasher;
+        _coreBaseSettings = coreBaseSettings;
+        _authContext = authContext;
+        _userManager = userManager;
        _log = option;
    }

@ -101,7 +110,7 @@ public class PortalController : ControllerBase

    [HttpPost("register")]
    [AllowCrossSiteJson]
-    [Authorize(AuthenticationSchemes = "auth:allowskip:registerportal")]
+    [Authorize(AuthenticationSchemes = "auth:allowskip:registerportal,auth:portal")]
    public async ValueTask<IActionResult> RegisterAsync(TenantModel model)
    {
        if (model == null)
@ -319,7 +328,7 @@ public class PortalController : ControllerBase

    [HttpDelete("remove")]
    [AllowCrossSiteJson]
-    [Authorize(AuthenticationSchemes = "auth:allowskip:default")]
+    [Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
    public async Task<IActionResult> RemoveAsync([FromQuery] TenantModel model)
    {
        (var succ, var tenant) = await _commonMethods.TryGetTenantAsync(model);
@ -355,7 +364,7 @@ public class PortalController : ControllerBase

    [HttpPut("status")]
    [AllowCrossSiteJson]
-    [Authorize(AuthenticationSchemes = "auth:allowskip:default")]
+    [Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
    public async Task<IActionResult> ChangeStatusAsync(TenantModel model)
    {
        (var succ, var tenant) = await _commonMethods.TryGetTenantAsync(model);
@ -426,7 +435,7 @@ public class PortalController : ControllerBase

    [HttpGet("get")]
    [AllowCrossSiteJson]
-    [Authorize(AuthenticationSchemes = "auth:allowskip:default")]
+    [Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
    public async Task<IActionResult> GetPortalsAsync([FromQuery] TenantModel model)
    {
        try
@ -471,7 +480,8 @@ public class PortalController : ControllerBase
                .Distinct()
                .Where(t => t.Status == TenantStatus.Active)
                .OrderBy(t => t.Id)
-                .Select(_commonMethods.ToTenantWrapper);
+                .Select(_commonMethods.ToTenantWrapper)
+                .ToList();

            return Ok(new
            {
--- a/common/services/ASC.ApiSystem/Controllers/SettingsController.cs
+++ b/common/services/ASC.ApiSystem/Controllers/SettingsController.cs
@ -61,7 +61,7 @@ public class SettingsController : ControllerBase
    #region API methods

    [HttpGet("get")]
-    [Authorize(AuthenticationSchemes = "auth:allowskip:default")]
+    [Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
    public async Task<IActionResult> GetSettingsAsync([FromQuery] SettingsModel model)
    {
        (var succ, var tenantId, var error) = await GetTenantAsync(model);
@ -88,7 +88,7 @@ public class SettingsController : ControllerBase
    }

    [HttpPost("save")]
-    [Authorize(AuthenticationSchemes = "auth:allowskip:default")]
+    [Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
    public async Task<IActionResult> SaveSettingsAsync([FromBody] SettingsModel model)
    {
        (var succ, var tenantId, var error) = await GetTenantAsync(model);
--- a/common/services/ASC.ApiSystem/Startup.cs
+++ b/common/services/ASC.ApiSystem/Startup.cs
@ -33,13 +33,15 @@ public class Startup
    private readonly IHostEnvironment _hostEnvironment;
    private readonly DIHelper _diHelper;
    private readonly string _corsOrigin;
+    private readonly bool _standalone;

    public Startup(IConfiguration configuration, IHostEnvironment hostEnvironment)
    {
        _configuration = configuration;
        _hostEnvironment = hostEnvironment;
        _diHelper = new DIHelper();
-        _corsOrigin = _configuration["core:cors"];
+        _corsOrigin = _configuration["core:cors"];
+        _standalone = _configuration["core:base-domain"] == "localhost";
    }

    public void ConfigureServices(IServiceCollection services)
@ -126,9 +128,20 @@ public class Startup
                    .TryAddSingleton(services);
        }

-        services.AddAuthentication()
-            .AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:default", _ => { })
-            .AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:registerportal", _ => { });
+        if (_standalone)
+        {
+            services
+                .AddAuthentication()
+                .AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:default", _ => { })
+                .AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:registerportal", _ => { })
+                .AddScheme<AuthenticationSchemeOptions, ApiSystemAuthHandler>("auth:portal", _ => { });
+        }
+        else
+        {
+            services.AddAuthentication()
+               .AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:default", _ => { })
+               .AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:registerportal", _ => { });
+        }
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)