deleting password

2025-07-19 14:10:01 +02:00 · 2025-07-19 14:10:01 +02:00 · 2519fc77d2
commit 2519fc77d2
parent 36d8cc9a4d
15 changed files with 237 additions and 47 deletions
--- a/Femto.Api/Auth/SessionAuthenticationHandler.cs
+++ b/Femto.Api/Auth/SessionAuthenticationHandler.cs
@ -4,6 +4,7 @@ using Femto.Api.Sessions;
 using Femto.Common;
 using Femto.Modules.Auth.Application;
 using Femto.Modules.Auth.Application.Dto;
+using Femto.Modules.Auth.Contracts;
 using Femto.Modules.Auth.Models;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Options;
@ -26,10 +27,10 @@ internal class SessionAuthenticationHandler(

        if (user is null)
            user = await this.TryAuthenticateWithRememberMeToken();
-        
+
        if (user is null)
            return AuthenticateResult.NoResult();
-        
+
        var claims = new List<Claim>
        {
            new(ClaimTypes.Name, user.Username),
@ -41,7 +42,11 @@ internal class SessionAuthenticationHandler(

        var identity = new ClaimsIdentity(claims, this.Scheme.Name);
        var principal = new ClaimsPrincipal(identity);
-        currentUserContext.CurrentUser = new CurrentUser(user.Id, user.Username);
+        currentUserContext.CurrentUser = new CurrentUser(
+            user.Id,
+            user.Username,
+            user.Roles.Contains(Role.SuperUser)
+        );

        return AuthenticateResult.Success(new AuthenticationTicket(principal, this.Scheme.Name));
    }
@ -99,21 +104,23 @@ internal class SessionAuthenticationHandler(
         * if it is valid, create a new weak session, return the user
         * if it is almost expired, refresh it
         */
-        
+
        var rememberMeToken = this.Context.GetRememberMeToken();

        if (rememberMeToken is null)
            return null;
-        
-        var (user, newRememberMeToken) = await authService.GetUserWithRememberMeToken(rememberMeToken);
+
+        var (user, newRememberMeToken) = await authService.GetUserWithRememberMeToken(
+            rememberMeToken
+        );

        if (user is null)
            return null;
-        
+
        var session = await authService.CreateWeakSession(user.Id);

        this.Context.SetSession(session, user);
-        
+
        if (newRememberMeToken is not null)
            this.Context.SetRememberMeToken(newRememberMeToken);