Merge pull request #318 from nofrixion/feature/MOOV-3061-trusted-part…

…y-hmac-auth
nofrixion · Apr 24, 2024 · a783287 · a783287
2 parents ca0f2b0 + e52a461
commit a783287
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/src/NoFrixion.MoneyMoov/Claims/IdentityExtensions.cs b/src/NoFrixion.MoneyMoov/Claims/IdentityExtensions.cs
@@ -46,6 +46,20 @@ public static Guid GetMerchantId(this IIdentity identity)
         return merchantIDClaim?.ToGuid() ?? Guid.Empty;
     }
 
+    public static string ApiAppId(this IIdentity identity)
+    {
+        var verifiedClaim = ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.appid)?.Value;
+
+        return verifiedClaim ?? string.Empty;
+    }
+
+    public static bool IsVerfiedByApiKey(this IIdentity identity)
+    {
+        var verifiedClaim = ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.verfied_by_api_key)?.Value;
+
+        return bool.TryParse(verifiedClaim, out var verifiedByApiKey) && verifiedByApiKey;
+    }
+
     public static bool MerchantIdExists(this IIdentity identity)
     {
         return identity != null && ((ClaimsIdentity)identity).Claims.Any(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.merchantid);
@@ -58,7 +72,10 @@ public static string GetTokenId(this IIdentity identity)
 
     public static bool HasAudience(this IIdentity identity, params string[] audiences)
     {
-        return audiences.Any(audience => ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == "aud")?.Value == audience);
+        return audiences
+            .Where(a => !string.IsNullOrEmpty(a))
+            .Any(audience => ((ClaimsIdentity)identity)?
+                .FindFirst(x => x.Type == "aud")?.Value == audience);
     }
 
     public static User GetUser(this IIdentity identity)

diff --git a/src/NoFrixion.MoneyMoov/Claims/NoFrixionClaimsEnum.cs b/src/NoFrixion.MoneyMoov/Claims/NoFrixionClaimsEnum.cs
@@ -90,5 +90,9 @@ public enum NoFrixionClaimsEnum
 
     two_factor_enabled,
 
-    passkey_added
+    passkey_added,
+
+    verfied_by_api_key,
+
+    appid,
 }
diff --git a/src/NoFrixion.MoneyMoov/Models/Approve/ApproveResultModel.cs b/src/NoFrixion.MoneyMoov/Models/Approve/ApproveResultModel.cs
@@ -32,6 +32,10 @@ public class ApproveResultModel
 
     public string KeyID { get; set; } = string.Empty;
 
+    public bool VerifiedByApiKey { get; set; }
+
+    public string AppID { get; set; } = string.Empty;
+
     public ApproveResultModel()
     { }
 
@@ -54,6 +58,8 @@ public ApproveResultModel(IEnumerable<Claim> claims)
             ChallengeBase64Url = claims.FirstOrDefault(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.approvehash)?.Value ?? string.Empty;
             Signature = claims.FirstOrDefault(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.approvesignature)?.Value ?? string.Empty;
             KeyID = claims.FirstOrDefault(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.approvekeyid)?.Value ?? string.Empty;
+            VerifiedByApiKey = claims.Any(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.verfied_by_api_key);
+            AppID = claims.FirstOrDefault(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.appid)?.Value ?? string.Empty;
         }
     }