diff --git a/DataGateway.Config/Authentication.cs b/DataGateway.Config/Authentication.cs
index 9a8c835e2a..46b7cd8af0 100644
--- a/DataGateway.Config/Authentication.cs
+++ b/DataGateway.Config/Authentication.cs
@@ -3,20 +3,19 @@ namespace Azure.DataGateway.Config
///
/// Authentication configuration.
///
- /// Identity Provider. Default is EasyAuth.
+ /// Identity Provider. Default is StaticWebApps.
/// With EasyAuth, no Audience or Issuer are expected.
///
/// Settings enabling validation of the received JWT token.
/// Required only when Provider is other than EasyAuth.
public record AuthenticationConfig(
- string Provider = AuthenticationConfig.EASYAUTH_PROVIDER_NAME,
+ string Provider,
Jwt? Jwt = null)
{
- public const string EASYAUTH_PROVIDER_NAME = "EasyAuth";
-
+ public const string CLIENT_PRINCIPAL_HEADER = "X-MS-CLIENT-PRINCIPAL";
public bool IsEasyAuthAuthenticationProvider()
{
- return Provider.Equals(EASYAUTH_PROVIDER_NAME);
+ return Enum.GetNames(typeof(EasyAuthType)).Any(x => x.Equals(Provider, StringComparison.OrdinalIgnoreCase));
}
}
@@ -26,4 +25,13 @@ public bool IsEasyAuthAuthenticationProvider()
///
///
public record Jwt(string Audience, string Issuer);
+
+ ///
+ /// Different modes in which the runtime can run.
+ ///
+ public enum EasyAuthType
+ {
+ StaticWebApps,
+ AppService
+ }
}
diff --git a/DataGateway.Service.Tests/Authentication/EasyAuthAuthenticationUnitTests.cs b/DataGateway.Service.Tests/Authentication/EasyAuthAuthenticationUnitTests.cs
index 07b4b88682..857432dc2a 100644
--- a/DataGateway.Service.Tests/Authentication/EasyAuthAuthenticationUnitTests.cs
+++ b/DataGateway.Service.Tests/Authentication/EasyAuthAuthenticationUnitTests.cs
@@ -7,6 +7,7 @@
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;
+using Azure.DataGateway.Config;
using Azure.DataGateway.Service.AuthenticationHelpers;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
@@ -17,7 +18,8 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Primitives;
using Microsoft.VisualStudio.TestTools.UnitTesting;
-using static Azure.DataGateway.Service.AuthenticationHelpers.EasyAuthAuthentication;
+using static Azure.DataGateway.Service.AuthenticationHelpers.AppServiceAuthentication;
+using static Azure.DataGateway.Service.AuthenticationHelpers.StaticWebAppsAuthentication;
namespace Azure.DataGateway.Service.Tests.Authentication
{
@@ -30,19 +32,38 @@ public class EasyAuthAuthenticationUnitTests
{
#region Positive Tests
///
- /// Ensures a valid EasyAuth header/value does NOT result in HTTP 401 Unauthorized response.
+ /// Ensures a valid AppService EasyAuth header/value does NOT result in HTTP 401 Unauthorized response.
/// 403 is okay, as it indicates authorization level failure, not authentication.
/// When an authorization header is sent, it contains an invalid value, if the runtime returns an error
/// then there is improper JWT validation occurring.
///
[DataTestMethod]
- [DataRow(false, DisplayName = "Valid EasyAuth header only")]
- [DataRow(true, DisplayName = "Valid EasyAuth header and authorization header")]
+ [DataRow(false, DisplayName = "Valid AppService EasyAuth header only")]
+ [DataRow(true, DisplayName = "Valid AppService EasyAuth header and authorization header")]
[TestMethod]
- public async Task TestValidEasyAuthToken(bool sendAuthorizationHeader)
+ public async Task TestValidAppServiceEasyAuthToken(bool sendAuthorizationHeader)
{
- string generatedToken = CreateEasyAuthToken();
- HttpContext postMiddlewareContext = await SendRequestAndGetHttpContextState(generatedToken);
+ string generatedToken = CreateAppServiceEasyAuthToken();
+ HttpContext postMiddlewareContext = await SendRequestAndGetHttpContextState(generatedToken, EasyAuthType.AppService);
+ Assert.IsNotNull(postMiddlewareContext.User.Identity);
+ Assert.IsTrue(postMiddlewareContext.User.Identity.IsAuthenticated);
+ Assert.AreEqual(expected: (int)HttpStatusCode.OK, actual: postMiddlewareContext.Response.StatusCode);
+ }
+
+ ///
+ /// Ensures a valid StaticWebApps EasyAuth header/value does NOT result in HTTP 401 Unauthorized response.
+ /// 403 is okay, as it indicates authorization level failure, not authentication.
+ /// When an authorization header is sent, it contains an invalid value, if the runtime returns an error
+ /// then there is improper JWT validation occurring.
+ ///
+ [DataTestMethod]
+ [DataRow(false, DisplayName = "Valid StaticWebApps EasyAuth header only")]
+ [DataRow(true, DisplayName = "Valid StaticWebApps EasyAuth header and authorization header")]
+ [TestMethod]
+ public async Task TestValidStaticWebAppsEasyAuthToken(bool sendAuthorizationHeader)
+ {
+ string generatedToken = CreateStaticWebAppsEasyAuthToken();
+ HttpContext postMiddlewareContext = await SendRequestAndGetHttpContextState(generatedToken, EasyAuthType.StaticWebApps);
Assert.IsNotNull(postMiddlewareContext.User.Identity);
Assert.IsTrue(postMiddlewareContext.User.Identity.IsAuthenticated);
Assert.AreEqual(expected: (int)HttpStatusCode.OK, actual: postMiddlewareContext.Response.StatusCode);
@@ -68,7 +89,7 @@ public async Task TestValidEasyAuthToken(bool sendAuthorizationHeader)
[TestMethod]
public async Task TestInvalidEasyAuthToken(string token, bool sendAuthorizationHeader = false)
{
- HttpContext postMiddlewareContext = await SendRequestAndGetHttpContextState(token, sendAuthorizationHeader);
+ HttpContext postMiddlewareContext = await SendRequestAndGetHttpContextState(token, EasyAuthType.StaticWebApps, sendAuthorizationHeader);
Assert.IsNotNull(postMiddlewareContext.User.Identity);
Assert.IsFalse(postMiddlewareContext.User.Identity.IsAuthenticated);
Assert.AreEqual(expected: (int)HttpStatusCode.Unauthorized, actual: postMiddlewareContext.Response.StatusCode);
@@ -80,7 +101,7 @@ public async Task TestInvalidEasyAuthToken(string token, bool sendAuthorizationH
/// Configures test server with bare minimum middleware
///
/// IHost
- private static async Task CreateWebHostEasyAuth()
+ private static async Task CreateWebHostEasyAuth(EasyAuthType easyAuthType)
{
return await new HostBuilder()
.ConfigureWebHost(webBuilder =>
@@ -90,7 +111,8 @@ private static async Task CreateWebHostEasyAuth()
.ConfigureServices(services =>
{
services.AddAuthentication(defaultScheme: EasyAuthAuthenticationDefaults.AUTHENTICATIONSCHEME)
- .AddEasyAuthAuthentication();
+ .AddEasyAuthAuthentication(easyAuthType);
+
services.AddAuthorization();
})
.ConfigureLogging(o =>
@@ -125,9 +147,9 @@ private static async Task CreateWebHostEasyAuth()
/// The EasyAuth header value(base64 encoded token) to test against the TestServer
/// Whether to add authorization header to header dictionary
///
- private static async Task SendRequestAndGetHttpContextState(string? token, bool sendAuthorizationHeader = false)
+ private static async Task SendRequestAndGetHttpContextState(string? token, EasyAuthType easyAuthType, bool sendAuthorizationHeader = false)
{
- using IHost host = await CreateWebHostEasyAuth();
+ using IHost host = await CreateWebHostEasyAuth(easyAuthType);
TestServer server = host.GetTestServer();
return await server.SendAsync(context =>
@@ -135,7 +157,7 @@ private static async Task SendRequestAndGetHttpContextState(string?
if (token is not null)
{
StringValues headerValue = new(new string[] { $"{token}" });
- KeyValuePair easyAuthHeader = new(EasyAuthAuthentication.EASYAUTHHEADER, headerValue);
+ KeyValuePair easyAuthHeader = new(AuthenticationConfig.CLIENT_PRINCIPAL_HEADER, headerValue);
context.Request.Headers.Add(easyAuthHeader);
}
@@ -153,25 +175,25 @@ private static async Task SendRequestAndGetHttpContextState(string?
/// Creates a mocked EasyAuth token, namely, the value of the header injected by EasyAuth.
///
/// A Base64 encoded string of a serialized EasyAuthClientPrincipal object
- private static string CreateEasyAuthToken()
+ private static string CreateAppServiceEasyAuthToken()
{
- EasyAuthClaim emailClaim = new()
+ AppServiceClaim emailClaim = new()
{
Val = "apple@contoso.com",
Typ = ClaimTypes.Upn
};
- EasyAuthClaim roleClaim = new()
+ AppServiceClaim roleClaim = new()
{
Val = "Anonymous",
Typ = ClaimTypes.Role
};
- List claims = new();
+ List claims = new();
claims.Add(emailClaim);
claims.Add(roleClaim);
- EasyAuthClientPrincipal token = new()
+ AppServiceClientPrincipal token = new()
{
Auth_typ = "aad",
Name_typ = "Apple Banana",
@@ -182,6 +204,26 @@ private static string CreateEasyAuthToken()
string serializedToken = JsonSerializer.Serialize(value: token);
return Convert.ToBase64String(Encoding.UTF8.GetBytes(serializedToken));
}
+
+ ///
+ /// Creates a mocked EasyAuth token, namely, the value of the header injected by EasyAuth.
+ ///
+ /// A Base64 encoded string of a serialized EasyAuthClientPrincipal object
+ private static string CreateStaticWebAppsEasyAuthToken()
+ {
+ List roles = new();
+ roles.Add("anonymous");
+ roles.Add("authenticated");
+
+ StaticWebAppsClientPrincipal token = new()
+ {
+ IdentityProvider = "github",
+ UserRoles = roles
+ };
+
+ string serializedToken = JsonSerializer.Serialize(value: token);
+ return Convert.ToBase64String(Encoding.UTF8.GetBytes(serializedToken));
+ }
#endregion
}
}
diff --git a/DataGateway.Service.Tests/Authorization/AuthorizationHelpers.cs b/DataGateway.Service.Tests/Authorization/AuthorizationHelpers.cs
index c400ebc98e..c9c06d8f92 100644
--- a/DataGateway.Service.Tests/Authorization/AuthorizationHelpers.cs
+++ b/DataGateway.Service.Tests/Authorization/AuthorizationHelpers.cs
@@ -34,6 +34,7 @@ public static AuthorizationResolver InitAuthorizationResolver(RuntimeConfig runt
Mock metadataProvider = new();
TableDefinition sampleTable = CreateSampleTable();
metadataProvider.Setup(x => x.GetTableDefinition(TEST_ENTITY)).Returns(sampleTable);
+ metadataProvider.Setup(x => x.GetDatabaseType()).Returns(DatabaseType.mssql);
string outParam;
Dictionary> _exposedNameToBackingColumnMapping = CreateColumnMappingTable();
diff --git a/DataGateway.Service.Tests/Configuration/AuthenticationConfigValidatorUnitTests.cs b/DataGateway.Service.Tests/Configuration/AuthenticationConfigValidatorUnitTests.cs
index e6fddccecc..fc8175905c 100644
--- a/DataGateway.Service.Tests/Configuration/AuthenticationConfigValidatorUnitTests.cs
+++ b/DataGateway.Service.Tests/Configuration/AuthenticationConfigValidatorUnitTests.cs
@@ -21,7 +21,7 @@ public class AuthenticationConfigValidatorUnitTests
public void ValidateEasyAuthConfig()
{
RuntimeConfig config =
- CreateRuntimeConfigWithAuthN(new AuthenticationConfig());
+ CreateRuntimeConfigWithAuthN(new AuthenticationConfig(EasyAuthType.StaticWebApps.ToString()));
RuntimeConfigValidator configValidator = GetMockConfigValidator(ref config);
diff --git a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthentication.cs b/DataGateway.Service/AuthenticationHelpers/AppServiceAuthentication.cs
similarity index 79%
rename from DataGateway.Service/AuthenticationHelpers/EasyAuthAuthentication.cs
rename to DataGateway.Service/AuthenticationHelpers/AppServiceAuthentication.cs
index 8855f727fa..05b8b63cab 100644
--- a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthentication.cs
+++ b/DataGateway.Service/AuthenticationHelpers/AppServiceAuthentication.cs
@@ -3,6 +3,7 @@
using System.Security.Claims;
using System.Text;
using System.Text.Json;
+using Azure.DataGateway.Config;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
@@ -10,28 +11,27 @@ namespace Azure.DataGateway.Service.AuthenticationHelpers
{
///
/// Helper class which parses EasyAuth's injected headers into a ClaimsIdentity object.
- /// This class provides helper methods for StaticWebApp's Authentication feature: EasyAuth.
+ /// This class provides helper methods for AppService's Authentication feature: EasyAuth.
///
- public static class EasyAuthAuthentication
+ public static class AppServiceAuthentication
{
- public const string EASYAUTHHEADER = "X-MS-CLIENT-PRINCIPAL";
///
/// Representation of authenticated user principal Http header
/// injected by EasyAuth
///
- public struct EasyAuthClientPrincipal
+ public struct AppServiceClientPrincipal
{
public string Auth_typ { get; set; }
public string Name_typ { get; set; }
public string Role_typ { get; set; }
- public IEnumerable Claims { get; set; }
+ public IEnumerable Claims { get; set; }
}
///
/// Representation of authenticated user principal claims
/// injected by EasyAuth
///
- public struct EasyAuthClaim
+ public struct AppServiceClaim
{
public string Typ { get; set; }
public string Val { get; set; }
@@ -53,20 +53,20 @@ public struct EasyAuthClaim
{
ClaimsIdentity? identity = null;
- if (context.Request.Headers.TryGetValue(EasyAuthAuthentication.EASYAUTHHEADER, out StringValues header))
+ if (context.Request.Headers.TryGetValue(AuthenticationConfig.CLIENT_PRINCIPAL_HEADER, out StringValues header))
{
try
{
string encodedPrincipalData = header[0];
byte[] decodedPrincpalData = Convert.FromBase64String(encodedPrincipalData);
string json = Encoding.UTF8.GetString(decodedPrincpalData);
- EasyAuthClientPrincipal principal = JsonSerializer.Deserialize(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+ AppServiceClientPrincipal principal = JsonSerializer.Deserialize(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
identity = new(principal.Auth_typ, principal.Name_typ, principal.Role_typ);
if (principal.Claims != null)
{
- foreach (EasyAuthClaim claim in principal.Claims)
+ foreach (AppServiceClaim claim in principal.Claims)
{
identity.AddClaim(new Claim(type: claim.Typ, value: claim.Val));
}
@@ -77,7 +77,7 @@ public struct EasyAuthClaim
// Logging the parsing failure exception to the console, but not rethrowing
// nor creating a DataGateway exception because the authentication handler
// will create and send a 401 unauthorized response to the client.
- Console.Error.WriteLine("Failure processing the EasyAuth header.");
+ Console.Error.WriteLine("Failure processing the AppService EasyAuth header.");
Console.Error.WriteLine(error.Message);
Console.Error.WriteLine(error.StackTrace);
}
diff --git a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationBuilderExtensions.cs b/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationBuilderExtensions.cs
index 173ff3c880..2b9cec9230 100644
--- a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationBuilderExtensions.cs
+++ b/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationBuilderExtensions.cs
@@ -1,3 +1,4 @@
+using Azure.DataGateway.Config;
using Microsoft.AspNetCore.Authentication;
namespace Azure.DataGateway.Service.AuthenticationHelpers
@@ -13,9 +14,10 @@ public static class EasyAuthAuthenticationBuilderExtensions
/// Add authentication with Static Web Apps.
///
/// Authentication builder.
+ /// EasyAuth provider type. StaticWebApps or AppService
/// The builder, to chain commands.
public static AuthenticationBuilder AddEasyAuthAuthentication(
- this AuthenticationBuilder builder)
+ this AuthenticationBuilder builder, EasyAuthType easyAuthAuthenticationProvider)
{
if (builder is null)
{
@@ -25,8 +27,17 @@ public static AuthenticationBuilder AddEasyAuthAuthentication(
builder.AddScheme(
authenticationScheme: EasyAuthAuthenticationDefaults.AUTHENTICATIONSCHEME,
displayName: EasyAuthAuthenticationDefaults.AUTHENTICATIONSCHEME,
- options => { });
-
+ options =>
+ {
+ if (easyAuthAuthenticationProvider is EasyAuthType.StaticWebApps)
+ {
+ options.EasyAuthProvider = EasyAuthType.StaticWebApps;
+ }
+ else if (easyAuthAuthenticationProvider is EasyAuthType.AppService)
+ {
+ options.EasyAuthProvider = EasyAuthType.AppService;
+ }
+ });
return builder;
}
}
diff --git a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationHandler.cs b/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationHandler.cs
index 942f1b90bb..8ff5ee2eab 100644
--- a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationHandler.cs
+++ b/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationHandler.cs
@@ -1,6 +1,7 @@
using System.Security.Claims;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
+using Azure.DataGateway.Config;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
@@ -14,18 +15,14 @@ namespace Azure.DataGateway.Service.AuthenticationHelpers
/// and utilizes the base class default handler for
/// - AuthenticateAsync: Authenticates the current request.
/// - Forbid Async: Creates 403 HTTP Response.
- /// Usage modelled from Microsoft.Identity.Web.
- /// Ref: https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/AppServicesAuth/AppServicesAuthenticationHandler.cs
///
public class EasyAuthAuthenticationHandler : AuthenticationHandler
{
- private const string EASY_AUTH_HEADER = "X-MS-CLIENT-PRINCIPAL";
-
///
/// Constructor for the EasyAuthAuthenticationHandler.
/// Note the parameters are required by the base class.
///
- /// App service authentication options.
+ /// Easy Auth authentication options.
/// Logger factory.
/// URL encoder.
/// System clock.
@@ -47,16 +44,22 @@ ISystemClock clock
/// An authentication result to ASP.NET Core library authentication mechanisms
protected override Task HandleAuthenticateAsync()
{
- if (Context.Request.Headers[EASY_AUTH_HEADER].Count > 0)
+ if (Context.Request.Headers[AuthenticationConfig.CLIENT_PRINCIPAL_HEADER].Count > 0)
{
- ClaimsIdentity? identity = EasyAuthAuthentication.Parse(Context);
+ ClaimsIdentity? identity = Options.EasyAuthProvider switch
+ {
+ EasyAuthType.StaticWebApps => StaticWebAppsAuthentication.Parse(Context),
+ EasyAuthType.AppService => AppServiceAuthentication.Parse(Context),
+ _ => null
+ };
if (identity is null)
{
- return Task.FromResult(AuthenticateResult.Fail(failureMessage: "Invalid EasyAuth token."));
+ return Task.FromResult(AuthenticateResult.Fail(failureMessage: $"Invalid {Options.EasyAuthProvider} EasyAuth token."));
}
ClaimsPrincipal? claimsPrincipal = new(identity);
+
if (claimsPrincipal is not null)
{
// AuthenticationTicket is Asp.Net Core Abstraction of Authentication information
diff --git a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationOptions.cs b/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationOptions.cs
index 59a06e0381..62b21a26f9 100644
--- a/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationOptions.cs
+++ b/DataGateway.Service/AuthenticationHelpers/EasyAuthAuthenticationOptions.cs
@@ -1,3 +1,4 @@
+using Azure.DataGateway.Config;
using Microsoft.AspNetCore.Authentication;
namespace Azure.DataGateway.Service.AuthenticationHelpers
@@ -12,5 +13,6 @@ namespace Azure.DataGateway.Service.AuthenticationHelpers
///
public class EasyAuthAuthenticationOptions : AuthenticationSchemeOptions
{
+ public EasyAuthType EasyAuthProvider { get; set; }
}
}
diff --git a/DataGateway.Service/AuthenticationHelpers/StaticWebAppsAuthentication.cs b/DataGateway.Service/AuthenticationHelpers/StaticWebAppsAuthentication.cs
new file mode 100644
index 0000000000..595ddac5cb
--- /dev/null
+++ b/DataGateway.Service/AuthenticationHelpers/StaticWebAppsAuthentication.cs
@@ -0,0 +1,70 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Json;
+using Azure.DataGateway.Config;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Primitives;
+
+namespace Azure.DataGateway.Service.AuthenticationHelpers
+{
+ ///
+ /// Helper class which parses EasyAuth's injected headers into a ClaimsIdentity object.
+ /// This class provides helper methods for StaticWebApps' Authentication feature: EasyAuth.
+ ///
+ public class StaticWebAppsAuthentication
+ {
+ ///
+ /// Link for reference of how StaticWebAppsClientPrincipal is defined
+ /// https://docs.microsoft.com/azure/static-web-apps/user-information?tabs=csharp#client-principal-data
+ ///
+ public class StaticWebAppsClientPrincipal
+ {
+ public string? IdentityProvider { get; set; }
+ public string? UserId { get; set; }
+ public string? UserDetails { get; set; }
+ public IEnumerable? UserRoles { get; set; }
+ }
+
+ public static ClaimsIdentity? Parse(HttpContext context)
+ {
+ ClaimsIdentity? identity = null;
+ StaticWebAppsClientPrincipal principal = new();
+ try
+ {
+ if (context.Request.Headers.TryGetValue(AuthenticationConfig.CLIENT_PRINCIPAL_HEADER, out StringValues header))
+ {
+ string data = header[0];
+ byte[] decoded = Convert.FromBase64String(data);
+ string json = Encoding.UTF8.GetString(decoded);
+ principal = JsonSerializer.Deserialize(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true }) ?? new();
+ }
+
+ if (!principal?.UserRoles?.Any() ?? true)
+ {
+ return identity;
+ }
+
+ identity = new(principal!.IdentityProvider);
+ identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, principal.UserId ?? string.Empty));
+ identity.AddClaim(new Claim(ClaimTypes.Name, principal.UserDetails ?? string.Empty));
+ identity.AddClaims(principal.UserRoles!.Select(r => new Claim(ClaimTypes.Role, r)));
+
+ return identity;
+ }
+ catch (Exception error)
+ {
+ // Logging the parsing failure exception to the console, but not rethrowing
+ // nor creating a DataGateway exception because the authentication handler
+ // will create and send a 401 unauthorized response to the client.
+ Console.Error.WriteLine("Failure processing the StaticWebApps EasyAuth header.");
+ Console.Error.WriteLine(error.Message);
+ Console.Error.WriteLine(error.StackTrace);
+ }
+
+ return identity;
+ }
+ }
+}
diff --git a/DataGateway.Service/Authorization/AuthorizationResolver.cs b/DataGateway.Service/Authorization/AuthorizationResolver.cs
index 1b56771589..038e0494d9 100644
--- a/DataGateway.Service/Authorization/AuthorizationResolver.cs
+++ b/DataGateway.Service/Authorization/AuthorizationResolver.cs
@@ -508,6 +508,11 @@ public IEnumerable GetRolesForField(string entityName, string actionName
/// Collection of columns in table definition.
private IEnumerable ResolveTableDefinitionColumns(string entityName)
{
+ if (_metadataProvider.GetDatabaseType() is DatabaseType.cosmos)
+ {
+ return new List();
+ }
+
return _metadataProvider.GetTableDefinition(entityName).Columns.Keys;
}
#endregion
diff --git a/DataGateway.Service/Startup.cs b/DataGateway.Service/Startup.cs
index b73e5c5997..67a90fbdff 100644
--- a/DataGateway.Service/Startup.cs
+++ b/DataGateway.Service/Startup.cs
@@ -333,7 +333,7 @@ private void ConfigureAuthentication(IServiceCollection services)
runtimeConfig.IsEasyAuthAuthenticationProvider())
{
services.AddAuthentication(EasyAuthAuthenticationDefaults.AUTHENTICATIONSCHEME)
- .AddEasyAuthAuthentication();
+ .AddEasyAuthAuthentication((EasyAuthType)Enum.Parse(typeof(EasyAuthType), runtimeConfig.AuthNConfig.Provider, ignoreCase: true));
}
}
diff --git a/DataGateway.Service/hawaii-config.Cosmos.json b/DataGateway.Service/hawaii-config.Cosmos.json
index 38eae70365..40be5b95f3 100644
--- a/DataGateway.Service/hawaii-config.Cosmos.json
+++ b/DataGateway.Service/hawaii-config.Cosmos.json
@@ -25,34 +25,49 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth"
+ "provider": "StaticWebApps"
}
}
},
"entities": {
"Planet": {
- "source": "planet",
+ "source": "graphqldb.planet",
+ "rest": false,
+ "graphql": true,
"permissions": [
{
"role": "anonymous",
- "actions": [ "*" ]
+ "actions": [ "create", "read", "update", "delete" ]
},
{
"role": "authenticated",
- "actions": [ "*" ]
+ "actions": [ "create", "read", "update", "delete" ]
}
]
},
"Character": {
- "source": "planet",
+ "source": "graphqldb.character",
+ "rest": false,
+ "graphql": true,
+ "permissions": [
+ {
+ "role": "authenticated",
+ "actions": [ "create", "read", "update", "delete" ]
+ }
+ ]
+ },
+ "Star": {
+ "source": "graphqldb.star",
+ "rest": false,
+ "graphql": true,
"permissions": [
{
"role": "anonymous",
- "actions": [ "*" ]
+ "actions": [ "create", "read", "update", "delete" ]
},
{
"role": "authenticated",
- "actions": [ "*" ]
+ "actions": [ "create", "read", "update", "delete" ]
}
]
}
diff --git a/DataGateway.Service/hawaii-config.Cosmos.overrides.example.json b/DataGateway.Service/hawaii-config.Cosmos.overrides.example.json
index 8e5c3df511..6da127b02a 100644
--- a/DataGateway.Service/hawaii-config.Cosmos.overrides.example.json
+++ b/DataGateway.Service/hawaii-config.Cosmos.overrides.example.json
@@ -2,7 +2,7 @@
"$schema": "../schemas/hawaii.draft-01.schema.json",
"data-source": {
"database-type": "cosmos",
- "connection-string": "AccountEndpoint=https://localhost:8081/;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==",
+ "connection-string": "AccountEndpoint=https://localhost:8081/;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw=="
},
"cosmos": {
"database": "graphqldb",
@@ -25,7 +25,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth"
+ "provider": "StaticWebApps"
}
}
},
@@ -35,7 +35,7 @@
"permissions": [
{
"role": "anonymous",
- "actions": ["*"]
+ "actions": [ "*" ]
}
]
},
diff --git a/DataGateway.Service/hawaii-config.MsSql.json b/DataGateway.Service/hawaii-config.MsSql.json
index f343f0e653..fa2bdf696d 100644
--- a/DataGateway.Service/hawaii-config.MsSql.json
+++ b/DataGateway.Service/hawaii-config.MsSql.json
@@ -24,11 +24,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/hawaii-config.MsSql.overrides.example.json b/DataGateway.Service/hawaii-config.MsSql.overrides.example.json
index 3f8b7f7b90..9f3c44f6d4 100644
--- a/DataGateway.Service/hawaii-config.MsSql.overrides.example.json
+++ b/DataGateway.Service/hawaii-config.MsSql.overrides.example.json
@@ -24,11 +24,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/hawaii-config.MySql.json b/DataGateway.Service/hawaii-config.MySql.json
index cf83e9c8af..4be8d64465 100644
--- a/DataGateway.Service/hawaii-config.MySql.json
+++ b/DataGateway.Service/hawaii-config.MySql.json
@@ -21,11 +21,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/hawaii-config.MySql.overrides.example.json b/DataGateway.Service/hawaii-config.MySql.overrides.example.json
index 1e0eb89e93..be4d25dd4a 100644
--- a/DataGateway.Service/hawaii-config.MySql.overrides.example.json
+++ b/DataGateway.Service/hawaii-config.MySql.overrides.example.json
@@ -21,11 +21,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/hawaii-config.PostgreSql.json b/DataGateway.Service/hawaii-config.PostgreSql.json
index 3cc0d749f8..1fd3470734 100644
--- a/DataGateway.Service/hawaii-config.PostgreSql.json
+++ b/DataGateway.Service/hawaii-config.PostgreSql.json
@@ -21,11 +21,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/hawaii-config.PostgreSql.overrides.example.json b/DataGateway.Service/hawaii-config.PostgreSql.overrides.example.json
index 03efb7b17d..03226d9433 100644
--- a/DataGateway.Service/hawaii-config.PostgreSql.overrides.example.json
+++ b/DataGateway.Service/hawaii-config.PostgreSql.overrides.example.json
@@ -21,12 +21,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/hawaii-config.json b/DataGateway.Service/hawaii-config.json
index 139a3da016..460ed37178 100644
--- a/DataGateway.Service/hawaii-config.json
+++ b/DataGateway.Service/hawaii-config.json
@@ -21,11 +21,7 @@
"allow-credentials": false
},
"authentication": {
- "provider": "EasyAuth",
- "jwt": {
- "audience": "",
- "issuer": ""
- }
+ "provider": "StaticWebApps"
}
}
},
diff --git a/DataGateway.Service/schema.gql b/DataGateway.Service/schema.gql
index 6a28900a23..cd1f8a7607 100644
--- a/DataGateway.Service/schema.gql
+++ b/DataGateway.Service/schema.gql
@@ -11,5 +11,11 @@ type Planet @model {
name : String,
character: Character,
age : Int,
- dimension : String
-}
+ dimension : String,
+ stars: [Star]
+}
+
+type Star @model {
+ id : ID,
+ name : String
+}