Verbesserung Auth, Webhook-Handling & Codacy-Integration
- BasicAuthenticationAttribute: AllowAnonymous-Handling ergänzt, Fehlerbehandlung für ungültige Header verbessert, WWW-Authenticate-Header korrigiert, Credential-Handling robuster gestaltet. - WiseController: Webhook akzeptiert jetzt JSON und Text, asynchrone Verarbeitung, robustere Deserialisierung, <AllowAnonymous> auf Klassenebene. - WiseWebhookExampleProcessor: OpenAPI/Swagger-Doku erweitert (application/json & text/plain, Beispiele, flexiblere Schemas). - SwaggerConfig: Unsichtbares Zeichen entfernt. - .gitignore: Codacy-spezifische Anweisungen ausgeschlossen. - codacy.instructions.md: Neue Datei mit KI-Verhaltensregeln für Codacy-Analysen hinzugefügt.
This commit is contained in:
@@ -1,36 +1,47 @@
|
||||
Imports System.Net
|
||||
Imports System.Net.Http
|
||||
Imports System.Net.Http
|
||||
Imports System.Security.Principal
|
||||
Imports System.Threading
|
||||
Imports System.Web.Http
|
||||
Imports System.Web.Http.Controllers
|
||||
Imports System.Web.Http.Filters
|
||||
Imports System.Text
|
||||
Imports VERAG_PROG_ALLGEMEIN
|
||||
|
||||
|
||||
Imports System.Net
|
||||
Imports System.Web.Http.Filters
|
||||
|
||||
Public Class BasicAuthenticationAttribute
|
||||
Inherits AuthorizationFilterAttribute
|
||||
|
||||
Public Overrides Sub OnAuthorization(ByVal actionContext As HttpActionContext)
|
||||
' Check for AllowAnonymous attribute on method or controller
|
||||
If actionContext.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() OrElse
|
||||
actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() Then
|
||||
Return
|
||||
End If
|
||||
|
||||
Dim authHeader = actionContext.Request.Headers.Authorization
|
||||
|
||||
If authHeader IsNot Nothing Then
|
||||
Dim authenticationToken = actionContext.Request.Headers.Authorization.Parameter
|
||||
Dim decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
|
||||
Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
|
||||
Dim userName = usernamePasswordArray(0)
|
||||
Dim password = usernamePasswordArray(1)
|
||||
'Dim hashedPW = BCrypt.Net.BCrypt.HashPassword(password)
|
||||
|
||||
|
||||
|
||||
Dim isValid = getCredentials(userName, password)
|
||||
|
||||
If isValid Then
|
||||
Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
|
||||
Thread.CurrentPrincipal = principal
|
||||
'actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, "User " & userName & " successfully authenticated")
|
||||
Dim authenticationToken = authHeader.Parameter
|
||||
Dim decodedAuthenticationToken As String = ""
|
||||
Try
|
||||
decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
|
||||
Catch
|
||||
HandleUnathorized(actionContext)
|
||||
Return
|
||||
End Try
|
||||
|
||||
Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
|
||||
If usernamePasswordArray.Length >= 2 Then
|
||||
Dim userName = usernamePasswordArray(0)
|
||||
Dim password = usernamePasswordArray(1)
|
||||
|
||||
Dim isValid = getCredentials(userName, password)
|
||||
|
||||
If isValid Then
|
||||
Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
|
||||
Thread.CurrentPrincipal = principal
|
||||
Return
|
||||
End If
|
||||
End If
|
||||
End If
|
||||
|
||||
@@ -38,28 +49,20 @@ Public Class BasicAuthenticationAttribute
|
||||
End Sub
|
||||
|
||||
Private Shared Sub HandleUnathorized(ByVal actionContext As HttpActionContext)
|
||||
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized)
|
||||
actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='Data' location = 'http://localhost:")
|
||||
actionContext.Response = New HttpResponseMessage(HttpStatusCode.Unauthorized)
|
||||
actionContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=""Data""")
|
||||
End Sub
|
||||
|
||||
Private Shared Function getCredentials(user As String, password As String) As Boolean
|
||||
|
||||
Dim SQL As New VERAG_PROG_ALLGEMEIN.SQL
|
||||
Dim authenticated As Boolean = False
|
||||
|
||||
' Using SQL.DLookup as per previous context usage
|
||||
Dim hashedPassword = SQL.DLookup("hashedPassword", "tblRESTAuthentication", "username='" & user & "' AND type = 'REST'", "ADMIN", "")
|
||||
If hashedPassword <> "" Then
|
||||
authenticated = BCrypt.Net.BCrypt.Verify(password, hashedPassword)
|
||||
End If
|
||||
|
||||
Return authenticated
|
||||
|
||||
End Function
|
||||
End Class
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user