From c61246444bfad923a422105c11d7e4b4993f71d2 Mon Sep 17 00:00:00 2001 From: waltkb <68587968+waltkb@users.noreply.github.com> Date: Mon, 27 Nov 2023 16:22:54 +0100 Subject: [PATCH] Fix bearer auth --- .../id/walt/web/controllers/AuthController.kt | 40 ++++++++++--------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/src/main/kotlin/id/walt/web/controllers/AuthController.kt b/src/main/kotlin/id/walt/web/controllers/AuthController.kt index cf4be32..06f18e9 100644 --- a/src/main/kotlin/id/walt/web/controllers/AuthController.kt +++ b/src/main/kotlin/id/walt/web/controllers/AuthController.kt @@ -23,6 +23,7 @@ import io.ktor.server.request.* import io.ktor.server.response.* import io.ktor.server.sessions.* import io.ktor.util.pipeline.* +import kotlinx.serialization.json.JsonObject import kotlinx.serialization.json.JsonPrimitive import kotlinx.serialization.json.buildJsonObject import kotlinx.uuid.UUID @@ -66,21 +67,18 @@ fun Application.configureSecurity() { install(Authentication) { - bearer { - bearer("authenticated-bearer") { - authenticate { tokenCredential -> - if (securityUserTokenMapping.contains(tokenCredential.token)) { - UserIdPrincipal(securityUserTokenMapping[tokenCredential.token].toString()) - } else { - null - } + bearer("authenticated-bearer") { + authenticate { tokenCredential -> + if (securityUserTokenMapping.contains(tokenCredential.token)) { + UserIdPrincipal(securityUserTokenMapping[tokenCredential.token].toString()) + } else { + null } } } session("authenticated-session") { validate { session -> - //println("Validating: $session, [$securityUserTokenMapping]") if (securityUserTokenMapping.contains(session.token)) { UserIdPrincipal(securityUserTokenMapping[session.token].toString()) } else { @@ -90,7 +88,13 @@ fun Application.configureSecurity() { } challenge { - call.respond(HttpStatusCode.Unauthorized, "Login to continue.") + call.respond( + HttpStatusCode.Unauthorized, JsonObject( + mapOf( + "message" to JsonPrimitive("Login Required") + ) + ) + ) } } } @@ -210,14 +214,14 @@ fun Application.auth() { } } - -fun PipelineContext.getUserId() = call.principal("authenticated-session") - ?: call.principal("authenticated-bearer") - ?: throw UnauthorizedException("Could not retrieve authorized user.") +fun PipelineContext.getUserId() = + call.principal("authenticated-session") + ?: call.principal("authenticated-bearer") + ?: call.principal() // bearer is registered with no name for some reason + ?: throw UnauthorizedException("Could not find user authorization within request.") fun PipelineContext.getUserUUID() = - runCatching { UUID(getUserId().name) } - .getOrNull() ?: throw IllegalArgumentException("Invalid user id") + runCatching { UUID(getUserId().name) }.getOrElse { throw IllegalArgumentException("Invalid user id: $it") } fun PipelineContext.getWalletId() = runCatching { @@ -231,8 +235,8 @@ fun PipelineContext.getWalletService() = WalletServiceManager.getWalletService(getUserUUID(), getWalletId()) fun PipelineContext.getUsersSessionToken(): String? = - call.sessions.get(LoginTokenSession::class)?.token ?: call.request.authorization() - ?.removePrefix("Bearer ") + call.sessions.get(LoginTokenSession::class)?.token + ?: call.request.authorization()?.removePrefix("Bearer ") fun getNftService() = WalletServiceManager.getNftService()