User Management Endpoints & Orchestrator Basics

Author: mckaragoz

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessAuthority.cs

@@ -4,7 +4,7 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions
 {
     public interface IAccessAuthority
     {
-        AccessDecision Decide(AccessContext context, IEnumerable<IAccessPolicy> policies);
+        AccessDecision Decide(AccessContext context, IEnumerable<IAccessPolicy> runtimePolicies);
     }
 
 }

src/CodeBeam.UltimateAuth.Core/Contracts/Authority/AccessContext.cs

@@ -4,7 +4,8 @@ namespace CodeBeam.UltimateAuth.Core.Contracts
 {
     public sealed class AccessContext
     {
-        public UserKey? UserKey { get; init; }
+        public string? TenantId { get; init; }
+        public UserKey? ActorUserKey { get; init; }
         public string Action { get; init; } = default!;
         public string? Resource { get; init; }
         public string? ResourceId { get; init; }

src/CodeBeam.UltimateAuth.Core/Contracts/Common/DeleteMode.cs

@@ -0,0 +1,8 @@
+namespace CodeBeam.UltimateAuth.Core.Contracts
+{
+    public enum DeleteMode
+    {
+        Soft,
+        Hard
+    }
+}

src/CodeBeam.UltimateAuth.Core/Domain/AuthFlowType.cs

@@ -21,6 +21,7 @@ public enum AuthFlowType
         PermissionQuery,
 
         UserManagement,
+        UserProfile,
         CredentialManagement,
         AuthorizationManagement,
 

src/CodeBeam.UltimateAuth.Server/Endpoints/Abstractions/IUserProfileAdminEndpointHandler.cs

@@ -0,0 +1,11 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+using Microsoft.AspNetCore.Http;
+
+namespace CodeBeam.UltimateAuth.Server.Endpoints
+{
+    public interface IUserProfileAdminEndpointHandler
+    {
+        Task<IResult> GetAsync(UserKey userKey, HttpContext ctx);
+        Task<IResult> UpdateAsync(UserKey userKey, HttpContext ctx);
+    }
+}

src/CodeBeam.UltimateAuth.Server/Endpoints/Abstractions/IUserProfileEndpointHandler.cs

@@ -0,0 +1,10 @@
+using Microsoft.AspNetCore.Http;
+
+namespace CodeBeam.UltimateAuth.Server.Endpoints
+{
+    public interface IUserProfileEndpointHandler
+    {
+        Task<IResult> GetAsync(HttpContext ctx);
+        Task<IResult> UpdateAsync(HttpContext ctx);
+    }
+}

src/CodeBeam.UltimateAuth.Server/Endpoints/UAuthEndpointRegistrar.cs

@@ -106,7 +106,7 @@ public void MapEndpoints(RouteGroupBuilder rootGroup, UAuthServerOptions options
                     => await h.CheckPermissionAsync(ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.PermissionQuery));
             }
 
-            if (options.EnableUsersEndpoints)
+            if (options.EnableUserLifecycleEndpoints)
             {
                 var users = group.MapGroup("/users");
 
@@ -116,11 +116,33 @@ public void MapEndpoints(RouteGroupBuilder rootGroup, UAuthServerOptions options
                 users.MapPost("/status", async ([FromServices] IUserEndpointHandler h, HttpContext ctx)
                     => await h.ChangeStatusAsync(ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.UserManagement));
 
-                // Intended post here
+                // Post is intended here
                 users.MapPost("/delete", async ([FromServices] IUserEndpointHandler h, HttpContext ctx)
                     => await h.DeleteAsync(ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.UserManagement));
             }
 
+            if (options.EnableUserProfileEndpoints)
+            {
+                var userProfile = group.MapGroup("/users");
+
+                userProfile.MapGet("/me", async ([FromServices] IUserProfileEndpointHandler h, HttpContext ctx)
+                    => await h.GetAsync(ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.UserProfile));
+
+                userProfile.MapPut("/me", async ([FromServices] IUserProfileEndpointHandler h, HttpContext ctx)
+                    => await h.UpdateAsync(ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.UserInfo));
+            }
+
+            if (options.EnableAdminChangeUserProfileEndpoints)
+            {
+                var admin = group.MapGroup("/admin/users");
+
+                admin.MapGet("/{userKey}/profile", async ([FromServices] IUserProfileAdminEndpointHandler h, UserKey userKey, HttpContext ctx)
+                    => await h.GetAsync(userKey, ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.UserManagement));
+
+                admin.MapPut("/{userKey}/profile", async ([FromServices] IUserProfileAdminEndpointHandler h, UserKey userKey, HttpContext ctx)
+                    => await h.UpdateAsync(userKey, ctx)).WithMetadata(new AuthFlowMetadata(AuthFlowType.UserManagement));
+            }
+
             if (options.EnableCredentialsEndpoints)
             {
                 var credentials = group.MapGroup("/credentials");

src/CodeBeam.UltimateAuth.Server/Infrastructure/Orchestrator/UAuthAccessOrchestrator.cs

@@ -21,7 +21,7 @@ public async Task ExecuteAsync(AccessContext context, IAccessCommand command, Ca
 
             _executed = true;
 
-            var policies = command.GetPolicies(context);
+            var policies = command.GetPolicies(context) ?? Array.Empty<IAccessPolicy>();
             var decision = _authority.Decide(context, policies);
 
             if (!decision.IsAllowed)
@@ -33,5 +33,4 @@ public async Task ExecuteAsync(AccessContext context, IAccessCommand command, Ca
             await command.ExecuteAsync(ct);
         }
     }
-
 }

src/CodeBeam.UltimateAuth.Server/Options/UAuthServerOptions.cs

@@ -108,10 +108,14 @@ public void ReplaceSessionCookieManager<T>() where T : class, IUAuthCookieManage
         public bool? EnableSessionEndpoints { get; set; } = true;
         public bool? EnableUserInfoEndpoints { get; set; } = true;
 
-        public bool EnableUsersEndpoints { get; set; } = true;
+        public bool EnableUserLifecycleEndpoints { get; set; } = true;
+        public bool EnableUserProfileEndpoints { get; set; } = true;
+        public bool EnableAdminChangeUserProfileEndpoints { get; set; } = false;
         public bool EnableCredentialsEndpoints { get; set; } = true;
         public bool EnableAuthorizationEndpoints { get; set; } = true;
 
+        public UserIdentifierOptions UserIdentifiers { get; set; } = new();
+
         /// <summary>
         /// If true, server will add anti-forgery headers
         /// and require proper request metadata.
@@ -141,7 +145,7 @@ public void ReplaceSessionCookieManager<T>() where T : class, IUAuthCookieManage
         public Action<IServiceCollection>? ConfigureServices { get; set; }
 
 
-        internal Dictionary<UAuthMode, Action<UAuthServerOptions>> ModeConfigurations { get; } = new();
+        internal Dictionary<UAuthMode, Action<UAuthServerOptions>> ModeConfigurations { get; set; } = new();
 
 
         internal UAuthServerOptions Clone()
@@ -163,19 +167,23 @@ internal UAuthServerOptions Clone()
                 AuthResponse = AuthResponse.Clone(),
                 Hub = Hub.Clone(),
                 SessionResolution = SessionResolution.Clone(),
+                UserIdentifiers = UserIdentifiers.Clone(),
 
                 EnableLoginEndpoints = EnableLoginEndpoints,
                 EnablePkceEndpoints = EnablePkceEndpoints,
                 EnableTokenEndpoints = EnableTokenEndpoints,
                 EnableSessionEndpoints = EnableSessionEndpoints,
                 EnableUserInfoEndpoints = EnableUserInfoEndpoints,
-                EnableUsersEndpoints = EnableUsersEndpoints,
+                EnableUserLifecycleEndpoints = EnableUserLifecycleEndpoints,
+                EnableUserProfileEndpoints = EnableUserProfileEndpoints,
+                EnableAdminChangeUserProfileEndpoints = EnableAdminChangeUserProfileEndpoints,
                 EnableCredentialsEndpoints = EnableCredentialsEndpoints,
                 EnableAuthorizationEndpoints = EnableAuthorizationEndpoints,
 
                 EnableAntiCsrfProtection = EnableAntiCsrfProtection,
                 EnableLoginRateLimiting = EnableLoginRateLimiting,
 
+                ModeConfigurations = ModeConfigurations,
                 OnConfigureEndpoints = OnConfigureEndpoints,
                 ConfigureServices = ConfigureServices,
                 CustomCookieManagerType = CustomCookieManagerType

src/CodeBeam.UltimateAuth.Server/Options/UserIdentifierOptions.cs

@@ -0,0 +1,29 @@
+namespace CodeBeam.UltimateAuth.Server.Options
+{
+    public sealed class UserIdentifierOptions
+    {
+        public bool AllowUsernameChange { get; set; } = true;
+        public bool AllowMultipleUsernames { get; set; } = false;
+        public bool AllowMultipleEmail { get; set; } = true;
+        public bool AllowMultiplePhone { get; set; } = true;
+
+        public bool RequireEmailVerification { get; set; } = false;
+        public bool RequirePhoneVerification { get; set; } = false;
+
+        public bool AllowAdminOverride { get; set; } = true;
+        public bool AllowUserOverride { get; set; } = true;
+
+        internal UserIdentifierOptions Clone() => new()
+        {
+            AllowUsernameChange = AllowUsernameChange,
+            AllowMultipleUsernames = AllowMultipleUsernames,
+            AllowMultipleEmail = AllowMultipleEmail,
+            AllowMultiplePhone = AllowMultiplePhone,
+            RequireEmailVerification = RequireEmailVerification,
+            RequirePhoneVerification = RequirePhoneVerification,
+            AllowAdminOverride = AllowAdminOverride,
+            AllowUserOverride = AllowUserOverride
+        };
+    }
+
+}