Add Credential Endpoints

Author: mckaragoz

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Program.cs

@@ -11,6 +11,7 @@
 using CodeBeam.UltimateAuth.Sample.UAuthHub.Components;
 using CodeBeam.UltimateAuth.Security.Argon2;
 using CodeBeam.UltimateAuth.Server.Authentication;
+using CodeBeam.UltimateAuth.Server.Defaults;
 using CodeBeam.UltimateAuth.Server.Extensions;
 using CodeBeam.UltimateAuth.Sessions.InMemory;
 using CodeBeam.UltimateAuth.Tokens.InMemory;

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Program.cs

@@ -9,6 +9,7 @@
 using CodeBeam.UltimateAuth.Sample.BlazorServer.Components;
 using CodeBeam.UltimateAuth.Security.Argon2;
 using CodeBeam.UltimateAuth.Server.Authentication;
+using CodeBeam.UltimateAuth.Server.Defaults;
 using CodeBeam.UltimateAuth.Server.Extensions;
 using CodeBeam.UltimateAuth.Sessions.InMemory;
 using CodeBeam.UltimateAuth.Tokens.InMemory;

src/CodeBeam.UltimateAuth.Core/Contracts/Authority/AccessContext.cs

@@ -1,14 +1,47 @@
 using CodeBeam.UltimateAuth.Core.Domain;
+using System.Collections;
 
 namespace CodeBeam.UltimateAuth.Core.Contracts
 {
     public sealed class AccessContext
     {
-        public string? TenantId { get; init; }
+        // Actor
         public UserKey? ActorUserKey { get; init; }
-        public string Action { get; init; } = default!;
+        public string? ActorTenantId { get; init; }
+        public bool IsAuthenticated { get; init; }
+        public bool IsSystemActor { get; init; }
+
+        // Target
         public string? Resource { get; init; }
         public string? ResourceId { get; init; }
-        public IReadOnlyDictionary<string, object>? Attributes { get; init; }
+        public string? ResourceTenantId { get; init; }
+
+        public string Action { get; init; } = default!;
+        public IReadOnlyDictionary<string, object> Attributes { get; init; } = EmptyAttributes.Instance;
+
+        public bool IsCrossTenant => ActorTenantId != null && ResourceTenantId != null && !string.Equals(ActorTenantId, ResourceTenantId, StringComparison.Ordinal);
+        public bool IsSelfAction => ActorUserKey != null && ResourceId != null && string.Equals(ActorUserKey.Value, ResourceId, StringComparison.Ordinal);
+        public bool HasActor => ActorUserKey != null;
+        public bool HasTarget => ResourceId != null;
+    }
+
+    internal sealed class EmptyAttributes : IReadOnlyDictionary<string, object>
+    {
+        public static readonly EmptyAttributes Instance = new();
+
+        private EmptyAttributes() { }
+
+        public IEnumerable<string> Keys => Array.Empty<string>();
+        public IEnumerable<object> Values => Array.Empty<object>();
+        public int Count => 0;
+        public object this[string key] => throw new KeyNotFoundException();
+        public bool ContainsKey(string key) => false;
+        public bool TryGetValue(string key, out object value)
+        {
+            value = default!;
+            return false;
+        }
+        public IEnumerator<KeyValuePair<string, object>> GetEnumerator() => Enumerable.Empty<KeyValuePair<string, object>>().GetEnumerator();
+        IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
     }
 }

src/CodeBeam.UltimateAuth.Server/Auth/Context/DefaultAccessContextFactory.cs

@@ -0,0 +1,32 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Server.Auth
+{
+    internal sealed class DefaultAccessContextFactory : IAccessContextFactory
+    {
+        public AccessContext Create(AuthFlowContext authFlow, string action, string resource, string? resourceId = null, string? resourceTenantId = null, IReadOnlyDictionary<string, object>? attributes = null)
+        {
+            if (string.IsNullOrWhiteSpace(action))
+                throw new ArgumentException("Action is required.", nameof(action));
+
+            if (string.IsNullOrWhiteSpace(resource))
+                throw new ArgumentException("Resource is required.", nameof(resource));
+
+            return new AccessContext
+            {
+                ActorUserKey = authFlow.UserKey,
+                ActorTenantId = authFlow.TenantId,
+                IsAuthenticated = authFlow.IsAuthenticated,
+                IsSystemActor = false,
+
+                Resource = resource,
+                ResourceId = resourceId,
+                ResourceTenantId = resourceTenantId ?? authFlow.TenantId,
+
+                Action = action,
+
+                Attributes = attributes ?? EmptyAttributes.Instance
+            };
+        }
+    }
+}

…ucture/Auth/DefaultAuthContextFactory.cs …uth/Context/DefaultAuthContextFactory.cssrc/CodeBeam.UltimateAuth.Server/Infrastructure/Auth/DefaultAuthContextFactory.cs renamed to src/CodeBeam.UltimateAuth.Server/Auth/Context/DefaultAuthContextFactory.cs src/CodeBeam.UltimateAuth.Server/Infrastructure/Auth/DefaultAuthContextFactory.cs renamed to src/CodeBeam.UltimateAuth.Server/Auth/Context/DefaultAuthContextFactory.cs

@@ -1,9 +1,8 @@
 using CodeBeam.UltimateAuth.Core.Abstractions;
 using CodeBeam.UltimateAuth.Core.Contracts;
-using CodeBeam.UltimateAuth.Server.Auth;
 using CodeBeam.UltimateAuth.Server.Extensions;
 
-namespace CodeBeam.UltimateAuth.Server.Infrastructure.Auth
+namespace CodeBeam.UltimateAuth.Server.Auth
 {
     internal sealed class DefaultAuthContextFactory : IAuthContextFactory
     {

src/CodeBeam.UltimateAuth.Server/Auth/Context/DefaultAuthFlow.cs

@@ -9,10 +9,7 @@ internal sealed class DefaultAuthFlow : IAuthFlow
         private readonly IAuthFlowContextFactory _factory;
         private readonly DefaultAuthFlowContextAccessor _accessor;
 
-        public DefaultAuthFlow(
-            IHttpContextAccessor http,
-            IAuthFlowContextFactory factory,
-            IAuthFlowContextAccessor accessor)
+        public DefaultAuthFlow(IHttpContextAccessor http, IAuthFlowContextFactory factory, IAuthFlowContextAccessor accessor)
         {
             _http = http;
             _factory = factory;

src/CodeBeam.UltimateAuth.Server/Auth/Context/IAccessContextFactory.cs

@@ -0,0 +1,9 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Server.Auth
+{
+    public interface IAccessContextFactory
+    {
+        AccessContext Create(AuthFlowContext authFlow, string action, string resource, string? resourceId = null, string? resourceTenantId = null, IReadOnlyDictionary<string, object>? attributes = null);
+    }
+}

src/CodeBeam.UltimateAuth.Server/Authentication/UAuthAuthenticationExtension.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Authentication;
+using CodeBeam.UltimateAuth.Server.Defaults;
+using Microsoft.AspNetCore.Authentication;
 
 namespace CodeBeam.UltimateAuth.Server.Authentication;
 

src/CodeBeam.UltimateAuth.Server/Authentication/UAuthAuthenticationHandler.cs

@@ -2,6 +2,7 @@
 using CodeBeam.UltimateAuth.Core.Contracts;
 using CodeBeam.UltimateAuth.Core.Domain;
 using CodeBeam.UltimateAuth.Core.Extensions;
+using CodeBeam.UltimateAuth.Server.Defaults;
 using CodeBeam.UltimateAuth.Server.Infrastructure;
 using CodeBeam.UltimateAuth.Server.Services;
 using Microsoft.AspNetCore.Authentication;

src/CodeBeam.UltimateAuth.Server/Defaults/UAuthActions.cs

@@ -0,0 +1,39 @@
+namespace CodeBeam.UltimateAuth.Server.Defaults
+{
+    public static class UAuthActions
+    {
+        public static class Users
+        {
+            public const string Create = "users.create";
+            public const string Delete = "users.delete";
+            public const string ChangeStatus = "users.status.change";
+        }
+
+        public static class UserProfiles
+        {
+            public const string GetSelf = "users.profile.get.self";
+            public const string UpdateSelf = "users.profile.update.self";
+            public const string GetAdmin = "users.profile.get.admin";
+            public const string UpdateAdmin = "users.profile.update.admin";
+        }
+
+        public static class UserIdentifiers
+        {
+            public const string Get = "users.identifiers.get";
+            public const string Change = "users.identifiers.change";
+            public const string Verify = "users.identifiers.verify";
+            public const string Delete = "users.identifiers.delete";
+        }
+
+        public static class Credentials
+        {
+            public const string List = "credentials.list";
+            public const string Add = "credentials.add";
+            public const string Change = "credentials.change";
+            public const string Revoke = "credentials.revoke";
+            public const string Activate = "credentials.activate";
+            public const string Delete = "credentials.delete";
+        }
+
+    }
+}