From 8f97d7cf387696b34ebcfd6aecc8e9356e66e694 Mon Sep 17 00:00:00 2001 From: Khwezi Mngoma Date: Thu, 4 Jun 2026 08:47:18 +0200 Subject: [PATCH] Refactored authentication --- .../appsettings.json | 2 +- LiteCharms.Features.Tests/http/authentik/app.http | 4 ++-- .../Api/Configuration/AuthentikSettings.cs | 2 ++ LiteCharms.Features/Extensions/Api.cs | 15 +++++---------- LiteCharms.Features/Hasher/HashService.cs | 2 +- 5 files changed, 11 insertions(+), 14 deletions(-) diff --git a/LiteCharms.Features.MidrandBooks.Seed/appsettings.json b/LiteCharms.Features.MidrandBooks.Seed/appsettings.json index b394b55..b7a0751 100644 --- a/LiteCharms.Features.MidrandBooks.Seed/appsettings.json +++ b/LiteCharms.Features.MidrandBooks.Seed/appsettings.json @@ -1,6 +1,6 @@ { "FeatureManagement": { - "CategorySeederService": true, + "CategorySeederService": false, "CustomerSeederService": false, "ProductsSeederService": false }, diff --git a/LiteCharms.Features.Tests/http/authentik/app.http b/LiteCharms.Features.Tests/http/authentik/app.http index 93b1bc2..9105f67 100644 --- a/LiteCharms.Features.Tests/http/authentik/app.http +++ b/LiteCharms.Features.Tests/http/authentik/app.http @@ -1,6 +1,6 @@ -## Authentik Token Request +### Authentik Token Request (Service Account Explicit) POST {{authority}} Content-Type: application/x-www-form-urlencoded Accept-Encoding: identity -grant_type={{grantType}}&client_id={{clientId}}&client_secret={{clientSecret}}&username={{username}}&password={{password}}&scope={{scope}} \ No newline at end of file +grant_type={{grantType}}&client_id={{clientId}}&username={{username}}&password={{password}}&scope={{scope}} diff --git a/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs b/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs index e570cff..113d0dd 100644 --- a/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs +++ b/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs @@ -4,6 +4,8 @@ public sealed class AuthentikSettings { public string? Authority { get; set; } + public string? IntrospectionUrl { get; set; } + public string? ApiResourceName { get; set; } public string? ApiResourceSecret { get; set; } diff --git a/LiteCharms.Features/Extensions/Api.cs b/LiteCharms.Features/Extensions/Api.cs index b53dc32..3883519 100644 --- a/LiteCharms.Features/Extensions/Api.cs +++ b/LiteCharms.Features/Extensions/Api.cs @@ -22,22 +22,17 @@ public static class Api .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options => { options.Authority = authOptions.Authority; + options.IntrospectionEndpoint = authOptions.IntrospectionUrl; options.ClientId = authOptions.ApiResourceName; options.ClientSecret = authOptions.ApiResourceSecret; + options.NameClaimType = "sub"; options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata; - options.EnableCaching = false; - options.CacheDuration = TimeSpan.FromMinutes(10); + options.DiscoveryPolicy.ValidateEndpoints = false; + options.EnableCaching = false; }); - if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue)) - { - services.AddAuthorizationBuilder() - .AddPolicy("ApiScope", policy => - policy.RequireClaim(authOptions.RequiredClaimName, authOptions.RequiredClaimNameValue)); - } - else - services.AddAuthorization(); + services.AddAuthorization(); return services; } diff --git a/LiteCharms.Features/Hasher/HashService.cs b/LiteCharms.Features/Hasher/HashService.cs index 660c9e5..b6b79e0 100644 --- a/LiteCharms.Features/Hasher/HashService.cs +++ b/LiteCharms.Features/Hasher/HashService.cs @@ -4,7 +4,7 @@ namespace LiteCharms.Features.Hasher; public sealed partial class HashService(IHashids hasher) : IService { - [GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z")] + [GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)] private static partial Regex HexHashRegex { get; } [GeneratedRegex(@"\A[0-9a-fA-F]{32}\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]