fix a number of auth tests failing due to cooke challenge not returni…

…ng a 401, now it always returns a 401 unless it's for oauth
sillsdev · May 29, 2024 · 8c03571 · 8c03571
1 parent d15d01a
commit 8c03571
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/backend/LexBoxApi/Auth/AuthKernel.cs b/backend/LexBoxApi/Auth/AuthKernel.cs
@@ -87,9 +87,11 @@ public static void AddLexBoxAuth(IServiceCollection services,
                             context.Request.Headers.Authorization.ToString().StartsWith("Bearer") &&
                             context.RequestServices.GetService<IOptions<OpenIdOptions>>()?.Value.Enable == true)
                         {
+                            //todo this breaks CanUseBearerAuth test
                             //fow now this will use oauth
                             return OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
                         }
+
                         if (context.Request.IsJwtRequest())
                         {
                             return JwtBearerDefaults.AuthenticationScheme;
@@ -100,6 +102,7 @@ public static void AddLexBoxAuth(IServiceCollection services,
                         {
                             return CookieAuthenticationDefaults.AuthenticationScheme;
                         }
+
                         if (context.Request.IsJwtOverBasicAuth(out var jwt))
                         {
                             context.Features.Set(new JwtOverBasicAuthFeature(jwt));
@@ -114,8 +117,23 @@ public static void AddLexBoxAuth(IServiceCollection services,
                 configuration.Bind("Authentication:Cookie", options);
                 options.LoginPath = "/login";
                 options.Cookie.Name = AuthCookieName;
-                // options.ForwardChallenge = JwtBearerDefaults.AuthenticationScheme;
                 options.ForwardForbid = JwtBearerDefaults.AuthenticationScheme;
+                options.Events = new()
+                {
+                    OnRedirectToLogin = context =>
+                    {
+                        if (context.Request.Path.StartsWithSegments("/api/oauth") &&
+                            context.Response.StatusCode == StatusCodes.Status200OK)
+                        {
+                            context.Response.Redirect(context.RedirectUri);
+                        }
+                        else
+                        {
+                            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                        }
+                        return Task.CompletedTask;
+                    }
+                };
             })
             .AddJwtBearer(options =>
             {
@@ -157,6 +175,7 @@ public static void AddLexBoxAuth(IServiceCollection services,
                     googleOptions.ClientId = googleConfig.ClientId;
                     googleOptions.ClientSecret = googleConfig.ClientSecret;
                 }
+
                 googleOptions.CallbackPath = "/api/login/signin-google";
                 googleOptions.Events.OnTicketReceived = async context =>
                 {