[Authentication] Fixed AuthFilter when no roles; added user data in token

Authentication-test/Controllers/ValuesController.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Web.Http;
 using Authentication_test.DBO;
 using iiie.Authentication.Business;
@@ -8,6 +9,12 @@ namespace Authentication_test.Controllers
 {
     public class ValuesController : ApiController
     {
+        [AuthFilter]
+        public IEnumerable<string> Post()
+        {
+            return new[] { "value1", "value2" };
+        }
+
         [AuthFilter((int)UserRoles.Root)]
         public IEnumerable<string> Get()
         {
@@ -17,14 +24,17 @@ namespace Authentication_test.Controllers
         [AuthFilter((int)UserRoles.NotRoot)]
         public string Get(int id)
         {
-            return "value";
+            return UserStorage.BasicUserDbo.Username + " " + UserStorage.BasicUserDbo.TokenData;
         }
 
         [Route("api/login")]
         [HttpGet]
         public string Login(string username)
         {
-            return TokenManager.GetToken(username, "");
+            return TokenManager.GetToken(username, "", new
+            {
+                Date = DateTime.Now
+            });
         }
     }
 }

Authentication/Business/AuthFilter.cs

@@ -32,14 +32,12 @@ namespace iiie.Authentication.Business
         public override void OnActionExecuting(HttpActionContext actionContext)
         {
             base.OnActionExecuting(actionContext);
-            if (!UserRoles.Any())
-                return;
             OpResult<bool> error = null;
             if (UserStorage.BasicUserDbo == null)
             {
                 error = OpResult<bool>.Error(ResultStatus.PermissionError, "User is not recognized. Missing token?", "").Log();
             }
-            else if (!UserRoles.Contains(UserStorage.BasicUserDbo.Role))
+            else if (UserRoles.Any() && !UserRoles.Contains(UserStorage.BasicUserDbo.Role))
             {
                 error = OpResult<bool>.Error(ResultStatus.PermissionError, string.Format("User has role {0}, but only {1} are allowed",
                     UserStorage.BasicUserDbo.Role, string.Join(",", UserRoles.Select(x => x.ToString()))), "Permission denied").Log();

Authentication/Business/JWT/TokenManager.cs

@@ -3,6 +3,7 @@ using System.Configuration;
 using System.IdentityModel.Tokens;
 using System.Security.Claims;
 using System.ServiceModel.Security.Tokens;
+using Newtonsoft.Json;
 
 namespace iiie.Authentication.Business.JWT
 {
@@ -32,8 +33,9 @@ namespace iiie.Authentication.Business.JWT
         /// </summary>
         /// <param name="username">The user username</param>
         /// <param name="salt">The user salt</param>
+        /// <param name="data">Additionnal user data</param>
         /// <returns>The token</returns>
-        public static string GetToken(string username, string salt)
+        public static string GetToken(string username, string salt, object data = null)
         {
             var stringValidator = ConfigurationManager.AppSettings["StringValidator"];
             JwtSecurityToken jst = new JwtSecurityToken("urn:" + stringValidator,
@@ -41,7 +43,8 @@ namespace iiie.Authentication.Business.JWT
                                               new []
                                                {
                                                    new Claim(ClaimTypes.Name, username),
-                                                   new Claim(ClaimTypes.Authentication, salt)
+                                                   new Claim(ClaimTypes.Authentication, salt),
+                                                   new Claim(ClaimTypes.UserData, JsonConvert.SerializeObject(data)) 
                                                }, null, DateTime.Now.AddDays(1),
                                               CreateSigningCredentials());
 

Authentication/Business/JWT/TokenValidationHandler.cs

@@ -11,6 +11,7 @@ using System.Threading.Tasks;
 using iiie.Authentication.DBO;
 using iiie.Logs.DataAccess;
 using iiie.Logs.DBO;
+using Newtonsoft.Json;
 
 namespace iiie.Authentication.Business.JWT
 {
@@ -52,7 +53,7 @@ namespace iiie.Authentication.Business.JWT
         /// <returns>The HTTP response</returns>
         protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         {
-            OpResult<bool> error = null;
+            OpResult<bool> error;
             string token;
 
             if (!TryRetrieveToken(request, out token))
@@ -67,6 +68,7 @@ namespace iiie.Authentication.Business.JWT
 
                 var name = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Name);
                 var salt = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Authentication);
+                var data = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.UserData);
 
                 if (name == null || salt == null)
                 {
@@ -82,6 +84,10 @@ namespace iiie.Authentication.Business.JWT
                     }
                     else
                     {
+                        if (data != null)
+                        {
+                            user.TokenData = JsonConvert.DeserializeObject(data.Value);
+                        }
                         UserStorage.BasicUserDbo = user;
                         return base.SendAsync(request, cancellationToken);
                     }

Authentication/DBO/BasicUserDbo.cs

@@ -7,5 +7,7 @@
         public string Username { get; set; }
 
         public int Role { get; set; }
+
+        public object TokenData { get; set; }
     }
 }