From 57519bce7d40ad25a15b2854d3569679d54460b5 Mon Sep 17 00:00:00 2001 From: Majo Mikula Date: Tue, 27 Sep 2022 10:06:19 +0200 Subject: [PATCH] Remove request path from caching of jwt token --- .../GatewayAuthorizationMiddleware.cs | 17 +++++++---------- src/Kros.AspNetCore/Kros.AspNetCore.csproj | 2 +- .../GatewayAuthorizationMiddlewareShould.cs | 17 ++++++++--------- 3 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/Kros.AspNetCore/Authorization/GatewayAuthorizationMiddleware.cs b/src/Kros.AspNetCore/Authorization/GatewayAuthorizationMiddleware.cs index 010f713..d2ad1ef 100644 --- a/src/Kros.AspNetCore/Authorization/GatewayAuthorizationMiddleware.cs +++ b/src/Kros.AspNetCore/Authorization/GatewayAuthorizationMiddleware.cs @@ -72,14 +72,14 @@ private async Task GetUserAuthorizationJwtAsync( IMemoryCache memoryCache, IServiceDiscoveryProvider serviceDiscoveryProvider) { - if (JwtAuthorizationHelper.TryGetTokenValue(httpContext.Request.Headers, out string value)) + if (JwtAuthorizationHelper.TryGetTokenValue(httpContext.Request.Headers, out string token)) { int key = CacheHttpHeadersHelper.TryGetValue( httpContext.Request.Headers, _jwtAuthorizationOptions.CacheKeyHttpHeaders, out string cacheKeyPart) - ? GetKey(httpContext, value, cacheKeyPart) - : GetKey(httpContext, value); + ? GetKey(token, cacheKeyPart) + : GetKey(token); if (!memoryCache.TryGetValue(key, out string jwtToken)) { @@ -89,7 +89,7 @@ private async Task GetUserAuthorizationJwtAsync( httpContext, httpClientFactory, memoryCache, - value, + token, key, authUrl); } @@ -99,7 +99,7 @@ private async Task GetUserAuthorizationJwtAsync( else if (!string.IsNullOrEmpty(_jwtAuthorizationOptions.HashParameterName) && httpContext.Request.Query.TryGetValue(_jwtAuthorizationOptions.HashParameterName, out StringValues hashValue)) { - int key = GetKey(httpContext, hashValue.ToString()); + int key = GetKey(hashValue.ToString()); if (!memoryCache.TryGetValue(key, out string jwtToken)) { var uriBuilder = new UriBuilder(_jwtAuthorizationOptions.GetHashAuthorization(serviceDiscoveryProvider)); @@ -186,11 +186,8 @@ private bool IsCacheAllowed() => _jwtAuthorizationOptions.CacheSlidingExpirationOffset != TimeSpan.Zero || _jwtAuthorizationOptions.CacheAbsoluteExpiration != TimeSpan.Zero; - internal static int GetKey(HttpContext httpContext, StringValues value) - => HashCode.Combine(value, httpContext.Request.Path); - - internal static int GetKey(HttpContext httpContext, StringValues value, string additionalKeyPart) - => HashCode.Combine(value, httpContext.Request.Path, additionalKeyPart); + internal static int GetKey(StringValues value, string additionalKeyPart = null) + => (additionalKeyPart is null) ? HashCode.Combine(value) : HashCode.Combine(value, additionalKeyPart); private void AddUserProfileClaimsToIdentityAndHttpHeaders(HttpContext httpContext, string userJwtToken) => httpContext.Request.Headers[HeaderNames.Authorization] = $"{JwtAuthorizationHelper.AuthTokenPrefix} {userJwtToken}"; diff --git a/src/Kros.AspNetCore/Kros.AspNetCore.csproj b/src/Kros.AspNetCore/Kros.AspNetCore.csproj index 7b77a8a..afc90eb 100644 --- a/src/Kros.AspNetCore/Kros.AspNetCore.csproj +++ b/src/Kros.AspNetCore/Kros.AspNetCore.csproj @@ -2,7 +2,7 @@ net6.0;netcoreapp3.1 - 3.2.1 + 3.3.0 General utilities and helpers for building ASP.NET Core WEB API latest true diff --git a/tests/Kros.AspNetCore.Tests/Authorization/GatewayAuthorizationMiddlewareShould.cs b/tests/Kros.AspNetCore.Tests/Authorization/GatewayAuthorizationMiddlewareShould.cs index b3cd19b..664e968 100644 --- a/tests/Kros.AspNetCore.Tests/Authorization/GatewayAuthorizationMiddlewareShould.cs +++ b/tests/Kros.AspNetCore.Tests/Authorization/GatewayAuthorizationMiddlewareShould.cs @@ -170,7 +170,7 @@ public async void UseCachedJwtToken() var context = new DefaultHttpContext(); var cache = new MemoryCache(new MemoryCacheOptions()); - cache.Set(HashCode.Combine(accessToken, context.Request.Path), "AAAAAA"); + cache.Set(HashCode.Combine(accessToken), "AAAAAA"); context.Request.Headers.Add(HeaderNames.Authorization, "access_token"); await middleware.Invoke(context, httpClientFactoryMock, cache, CreateProvider()); @@ -191,7 +191,7 @@ public async void UseCachedJwtTokenForHash() context.Request.Query = new QueryCollection(QueryHelpers.ParseQuery("?hash=asdf")); var cache = new MemoryCache(new MemoryCacheOptions()); - cache.Set(HashCode.Combine(context.Request.Query["hash"].ToString(), context.Request.Path), "BBQ"); + cache.Set(HashCode.Combine(context.Request.Query["hash"].ToString()), "BBQ"); await middleware.Invoke(context, httpClientFactoryMock, cache, CreateProvider()); @@ -214,7 +214,7 @@ public async void CachesJwtToken() context.Request.Headers.Add(HeaderNames.Authorization, "access_token"); await middleware.Invoke(context, httpClientFactoryMock, cache, CreateProvider()); - cache.Get(HashCode.Combine(accessToken, context.Request.Path)) + cache.Get(HashCode.Combine(accessToken)) .Should() .Be(JwtToken); } @@ -230,7 +230,7 @@ public async void CachesJwtTokenForHash() await middleware.Invoke(context, httpClientFactoryMock, cache, CreateProvider()); - cache.Get(HashCode.Combine(context.Request.Query["hash"].ToString(), context.Request.Path)) + cache.Get(HashCode.Combine(context.Request.Query["hash"].ToString())) .Should() .Be(HashJwtToken); } @@ -251,8 +251,7 @@ public async void JwtTokenWithoutCaching() context.Request.Method = HttpMethod.Get.ToString(); await middleware.Invoke(context, httpClientFactoryMock, cache, CreateProvider()); - var aaa = cache.Get(HashCode.Combine(accessToken, context.Request.Path)); - cache.Get(HashCode.Combine(accessToken, context.Request.Path)) + cache.Get(HashCode.Combine(accessToken)) .Should() .BeNull(); } @@ -387,7 +386,7 @@ public async void JwtTokenDoesNotContainConnectionId(string connectionId) [InlineData(null)] [InlineData("")] [InlineData("connection_id")] - public async void CacheJwtTokenWithConnectionId(string connectionId) + public async void CacheJwtToken(string connectionId) { (var httpClientFactoryMock, var middleware) = CreateMiddleware( HttpStatusCode.OK, @@ -406,8 +405,8 @@ public async void CacheJwtTokenWithConnectionId(string connectionId) context.Request.Headers.Add("any-header", connectionId); int key = connectionId == null - ? GatewayAuthorizationMiddleware.GetKey(context, accessToken) - : GatewayAuthorizationMiddleware.GetKey(context, accessToken, connectionId); + ? GatewayAuthorizationMiddleware.GetKey(accessToken) + : GatewayAuthorizationMiddleware.GetKey(accessToken, connectionId); var memoryCache = new MemoryCache(new MemoryCacheOptions()); memoryCache.Set(key, $"{JwtToken}");