XMLHttpRequest response type switch #144

mini-software · Apr 22, 2024 · 39f1fa3 · 39f1fa3
1 parent a95e3ac
commit 39f1fa3
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 10 deletions.
diff --git a/src/Frontend/src/axios/service.ts b/src/Frontend/src/axios/service.ts
@@ -6,7 +6,8 @@ const service = axios.create({
   baseURL: ViteEnv.VITE_APP_BASE_API,  
   timeout: 50000 ,
   headers: {
-    'Content-Type': 'application/json'
+    'Content-Type': 'application/json',
+    'X-Requested-With': 'XMLHttpRequest',
   }
 });  
 

diff --git a/src/MiniAuth.IdentityAuth/MiniAuthIdentityServiceExtensions.cs b/src/MiniAuth.IdentityAuth/MiniAuthIdentityServiceExtensions.cs
@@ -1,20 +1,16 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.StaticFiles;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using Microsoft.Extensions.FileProviders;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using MiniAuth.IdentityAuth.Models;
+using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
-using System.Reflection;
-using static System.Net.Mime.MediaTypeNames;
 
 namespace MiniAuth.Identity
 {
@@ -29,7 +25,6 @@ public static IServiceCollection AddMiniIdentityAuth(this IServiceCollection ser
                 options.UseSqlite(connectionString);
             });
 
-            // if services AddAuthentication not already added then call AddAuthentication
             if (services.All(o => o.ServiceType != typeof(IAuthenticationService)))
             {
                 services.AddAuthorization(options =>
@@ -64,8 +59,31 @@ public static IServiceCollection AddMiniIdentityAuth(this IServiceCollection ser
                 options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
                 options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
             })
-            .AddIdentityCookies(o => {
-                o.ApplicationCookie.Configure(o => o.LoginPath = "/miniauth/login.html");
+            .AddMiniAuthIdentityCookies(o =>
+            {
+                o.ApplicationCookie.Configure(o =>
+                {
+                    o.LoginPath = "/miniauth/login.html";
+                    o.Events = new CookieAuthenticationEvents
+                    {
+                        OnRedirectToLogin = ctx =>
+                        {
+                            if (ctx.Request.Headers["X-Requested-With"] == "XMLHttpRequest")
+                            {
+#if DEBUG   
+                                Debug.WriteLine($"IsXMLHttpRequest Path: {ctx.Request.Path}");
+#endif
+                                ctx.Response.StatusCode = 401;
+                            }
+                            else
+                            {
+                                ctx.Response.Redirect(ctx.RedirectUri);
+                            }
+
+                            return Task.CompletedTask;
+                        }
+                    };
+                });
             });
             //.AddCookie(IdentityConstants.ApplicationScheme, o =>
             //{
@@ -124,7 +142,28 @@ public static IServiceCollection AddMiniIdentityAuth(this IServiceCollection ser
 
             return new IdentityBuilder(typeof(TUser), typeof(TRole), services);
         }
-
+        private static IdentityCookiesBuilder AddMiniAuthIdentityCookies(this AuthenticationBuilder builder, Action<IdentityCookiesBuilder> configureCookies)
+        {
+            var cookieBuilder = new IdentityCookiesBuilder();
+            cookieBuilder.ApplicationCookie = builder.AddMiniAuthApplicationCookie();
+            cookieBuilder.ExternalCookie = builder.AddExternalCookie();
+            cookieBuilder.TwoFactorRememberMeCookie = builder.AddTwoFactorRememberMeCookie();
+            cookieBuilder.TwoFactorUserIdCookie = builder.AddTwoFactorUserIdCookie();
+            configureCookies?.Invoke(cookieBuilder);
+            return cookieBuilder;
+        }
+        private static OptionsBuilder<CookieAuthenticationOptions> AddMiniAuthApplicationCookie(this AuthenticationBuilder builder)
+        {
+            builder.AddCookie(IdentityConstants.ApplicationScheme, o =>
+            {
+                o.LoginPath = new PathString("/Account/Login");
+                o.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync
+                };
+            });
+            return new OptionsBuilder<CookieAuthenticationOptions>(builder.Services, IdentityConstants.ApplicationScheme);
+        }
         private sealed class PostConfigureSecurityStampValidatorOptions : IPostConfigureOptions<SecurityStampValidatorOptions>
         {
             public PostConfigureSecurityStampValidatorOptions(TimeProvider timeProvider)