First working process from first run to successful login

Author: Kaliumhexacyanoferrat

Modules/Authentication.Web/Concern/WebAuthenticationBuilder.cs

@@ -11,6 +11,8 @@ public sealed class WebAuthenticationBuilder : IConcernBuilder
 
         private SessionConfig? _SessionConfig;
 
+        private LoginConfig? _LoginConfig;
+
         private SetupConfig? _SetupConfig;
 
         #region Functionality
@@ -33,11 +35,19 @@ public WebAuthenticationBuilder EnableSetup(SetupConfig setupConfig)
             return this;
         }
 
+        public WebAuthenticationBuilder Login(LoginConfig loginConfig)
+        {
+            _LoginConfig = loginConfig;
+            return this;
+        }
+
         public IConcern Build(IHandler parent, Func<IHandler, IHandler> contentFactory)
         {
             var sessionConfig = _SessionConfig ?? throw new BuilderMissingPropertyException("Sessions");
 
-            return new WebAuthenticationConcern(parent, contentFactory, _AllowAnonymous, sessionConfig, _SetupConfig);
+            var loginConfig = _LoginConfig ?? throw new BuilderMissingPropertyException("Login");
+
+            return new WebAuthenticationConcern(parent, contentFactory, _AllowAnonymous, sessionConfig, loginConfig, _SetupConfig);
         }
 
         #endregion

Modules/Authentication.Web/Concern/WebAuthenticationConcern.cs

@@ -1,12 +1,13 @@
-using GenHTTP.Api.Content;
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+using GenHTTP.Api.Content;
 using GenHTTP.Api.Content.Authentication;
 using GenHTTP.Api.Protocol;
 using GenHTTP.Api.Routing;
+
 using GenHTTP.Modules.Basics;
-using Microsoft.AspNetCore.Razor.Language.Intermediate;
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
 
 namespace GenHTTP.Modules.Authentication.Web.Concern
 {
@@ -24,6 +25,10 @@ public sealed class WebAuthenticationConcern : IConcern, IRootPathAppender, IHan
 
         private SessionConfig SessionConfig { get; }
 
+        private LoginConfig LoginConfig { get; }
+
+        private IHandler LoginHandler { get; }
+
         private SetupConfig? SetupConfig { get; }
 
         private IHandler? SetupHandler { get; }
@@ -33,14 +38,17 @@ public sealed class WebAuthenticationConcern : IConcern, IRootPathAppender, IHan
         #region Initialization
 
         public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> contentFactory, bool allowAnonymous,
-                                        SessionConfig sessionConfig, SetupConfig? setupConfig)
+                                        SessionConfig sessionConfig, LoginConfig loginConfig, SetupConfig? setupConfig)
         {
             Parent = parent;
             Content = contentFactory(this);
 
             AllowAnonymous = allowAnonymous;
             SessionConfig = sessionConfig;
 
+            LoginConfig = loginConfig;
+            LoginHandler = loginConfig.Handler.Build(this);
+
             SetupConfig = setupConfig;
             SetupHandler = setupConfig?.Handler.Build(this);
         }
@@ -55,6 +63,9 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
 
         public async ValueTask<IResponse?> HandleAsync(IRequest request)
         {
+            Login.SetConfig(request, LoginConfig);
+            SessionHandling.SetConfig(request, SessionConfig);
+
             var segment = request.Target.Current;
 
             if ((SetupConfig != null) && (SetupHandler != null))
@@ -77,7 +88,7 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
                         return await SetupHandler.HandleAsync(request);
                     }
                 }
-                else if (segment?.Value == SetupConfig.Route) 
+                else if (segment?.Value == SetupConfig.Route)
                 {
                     // do not allow setup to be called again
                     return await Redirect.To("{web-auth}", true)
@@ -95,10 +106,46 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
                 if (authenticatedUser != null)
                 {
                     // we're logged in
-                    return await Content.HandleAsync(request);
+                    request.SetUser(authenticatedUser);
+
+                    // deny login and registration (todo)
+
+                    var response = await Content.HandleAsync(request);
+
+                    if (response != null)
+                    {
+                        // refresh the token, so the user will not be logged out eventually
+                        SessionConfig.WriteToken(response, token);
+                    }
+
+                    return response;
                 }
             }
 
+            // handle login and registration (todo)
+            if (segment?.Value == LoginConfig.Route)
+            {
+                request.Target.Advance();
+
+                var loginResponse = await LoginHandler.HandleAsync(request);
+
+                if (loginResponse != null)
+                {
+                    // establish the session if the user was authenticated
+                    var authenticatedUser = request.GetUser<IUser>();
+
+                    if (authenticatedUser != null)
+                    {
+                        var generatedToken = await SessionConfig.StartSession(request, authenticatedUser);
+
+                        // actually tell the client about the token
+                        SessionConfig.WriteToken(loginResponse, generatedToken);
+                    }
+                }
+
+                return loginResponse;
+            }
+
             if (AllowAnonymous)
             {
                 var response = await Content.HandleAsync(request);
@@ -111,14 +158,22 @@ public WebAuthenticationConcern(IHandler parent, Func<IHandler, IHandler> conten
 
                 return null;
             }
-
-            // enforce login (todo)
-
-            return null;
+            else
+            {
+                // enforce login
+                return await Redirect.To("{login}/", true)
+                                     .Build(this)
+                                     .HandleAsync(request);
+            }
         }
 
         public void Append(PathBuilder path, IRequest request, IHandler? child = null)
         {
+            if (child == LoginHandler)
+            {
+                path.Preprend(LoginConfig.Route);
+            }
+
             if (SetupConfig != null)
             {
                 if (child == SetupHandler)
@@ -135,6 +190,11 @@ public void Append(PathBuilder path, IRequest request, IHandler? child = null)
                 return this;
             }
 
+            if (segment == "{login}")
+            {
+                return LoginHandler;
+            }
+
             if (segment == "{setup}")
             {
                 return SetupHandler;

Modules/Authentication.Web/Controllers/LoginController.cs

@@ -0,0 +1,50 @@
+using System.Threading.Tasks;
+
+using GenHTTP.Api.Content;
+using GenHTTP.Api.Content.Templating;
+using GenHTTP.Api.Protocol;
+using GenHTTP.Modules.Basics;
+using GenHTTP.Modules.Controllers;
+using GenHTTP.Modules.IO;
+using GenHTTP.Modules.Razor;
+
+namespace GenHTTP.Modules.Authentication.Web.Controllers
+{
+    
+    public class LoginController
+    {
+
+        public IHandlerBuilder Index()
+        {
+            // ToDo: already logged in
+            return RenderLogin();
+        }
+
+        [ControllerAction(RequestMethod.POST)]
+        public async Task<IHandlerBuilder> Index(string user, string password, IRequest request)
+        {
+            var loginConfig = Login.GetConfig(request);
+
+            var result = await loginConfig.PerformLogin!(request, user, password);
+
+            if (result.Status == LoginStatus.Success)
+            {
+                request.SetUser(result.AuthenticatedUser!);
+
+                return Redirect.To("{web-auth}/", true);
+            }
+            else
+            {
+                return RenderLogin();
+            }
+        }
+
+        private static IHandlerBuilder RenderLogin()
+        {
+            return ModRazor.Page(Resource.FromAssembly("EnterAccount.cshtml"), (r, h) => new BasicModel(r, h))
+                           .Title("Login");
+        }
+
+    }
+
+}

Modules/Authentication.Web/Controllers/SetupController.cs

@@ -1,11 +1,13 @@
-using GenHTTP.Api.Content;
+using System.Threading.Tasks;
+
+using GenHTTP.Api.Content;
 using GenHTTP.Api.Content.Templating;
 using GenHTTP.Api.Protocol;
+
 using GenHTTP.Modules.Basics;
 using GenHTTP.Modules.Controllers;
 using GenHTTP.Modules.IO;
 using GenHTTP.Modules.Razor;
-using System.Threading.Tasks;
 
 namespace GenHTTP.Modules.Authentication.Web.Controllers
 {
@@ -20,11 +22,11 @@ public IHandlerBuilder Index()
         }
 
         [ControllerAction(RequestMethod.POST)]
-        public async Task<IHandlerBuilder> Index(string username, string password, IRequest request)
+        public async Task<IHandlerBuilder> Index(string user, string password, IRequest request)
         {
             var setupConfig = Setup.GetConfig(request);
 
-            var result = await setupConfig.PerformSetup!(request, username, password);
+            var result = await setupConfig.PerformSetup!(request, user, password);
 
             return Redirect.To("{web-auth}/", true);
         }

Modules/Authentication.Web/GenHTTP.Modules.Authentication.Web.csproj

@@ -47,6 +47,7 @@
 
     <ProjectReference Include="..\..\API\GenHTTP.Api.csproj" />
 
+    <ProjectReference Include="..\Authentication\GenHTTP.Modules.Authentication.csproj" />
     <ProjectReference Include="..\Controllers\GenHTTP.Modules.Controllers.csproj" />
     <ProjectReference Include="..\Razor\GenHTTP.Modules.Razor.csproj" />
 

Modules/Authentication.Web/Login.cs

@@ -0,0 +1,59 @@
+using System;
+using System.Threading.Tasks;
+
+using GenHTTP.Api.Content;
+using GenHTTP.Api.Content.Authentication;
+using GenHTTP.Api.Protocol;
+
+using GenHTTP.Modules.Authentication.Web.Controllers;
+using GenHTTP.Modules.Controllers;
+
+namespace GenHTTP.Modules.Authentication.Web
+{
+
+    public enum LoginStatus
+    {
+        Success
+    }
+
+    public record class LoginResult
+    (
+
+        LoginStatus Status,
+
+        IUser? AuthenticatedUser
+
+    );
+
+    public record class LoginConfig
+    (
+
+        IHandlerBuilder Handler,
+
+        string Route,
+
+        Func<IRequest, string, string, ValueTask<LoginResult>>? PerformLogin
+
+    );
+
+    public static class Login
+    {
+        private const string CONFIG_KEY = "__AUTH_WEB_LOGINCONFIG";
+
+        public static LoginConfig BuiltIn(Func<IRequest, string, string, ValueTask<LoginResult>> performLogin, string route = "login")
+        {
+            return new LoginConfig(Controller.From<LoginController>(), route, performLogin);
+        }
+
+        public static LoginConfig Custom(IHandlerBuilder handler, string route = "login")
+        {
+            return new LoginConfig(handler, route, null);
+        }
+
+        public static LoginConfig GetConfig(IRequest request) => (LoginConfig)request.Properties[CONFIG_KEY];
+
+        public static void SetConfig(IRequest request, LoginConfig config) => request.Properties[CONFIG_KEY] = config;
+
+    }
+
+}

Modules/Authentication.Web/SessionHandling.cs

@@ -12,28 +12,32 @@ public record class SessionConfig
 
         Func<IRequest, ValueTask<string?>> ReadToken,
 
-        Action<IResponseBuilder, string> WriteToken,
+        Action<IResponse, string> WriteToken,
 
         Action<IResponse> ClearToken,
 
-        Func<string, ValueTask<IUser?>> VerifyToken
+        Func<string, ValueTask<IUser?>> VerifyToken,
+
+        Func<IRequest, IUser, ValueTask<string>> StartSession
 
     );
 
     public static class SessionHandling
     {
+        private const string CONFIG_KEY = "__AUTH_WEB_SESSIONCONFIG";
+
         private const string COOKIE_NAME = "wa_session";
 
         private const ulong COOKIE_TIMEOUT = 2592000; // 30d
 
-        public static SessionConfig BuiltIn(Func<string, ValueTask<IUser?>> verifyToken)
+        public static SessionConfig BuiltIn(Func<string, ValueTask<IUser?>> verifyToken, Func<IRequest, IUser, ValueTask<string>> startSession)
         {
-            return new(ReadToken, WriteToken, ClearToken, verifyToken);
+            return new(ReadToken, WriteToken, ClearToken, verifyToken, startSession);
         }
 
-        public static SessionConfig Custom(Func<IRequest, ValueTask<string?>> readToken, Action<IResponseBuilder, string> writeToken, Action<IResponse> clearToken, Func<string, ValueTask<IUser?>> verifyToken)
+        public static SessionConfig Custom(Func<IRequest, ValueTask<string?>> readToken, Action<IResponse, string> writeToken, Action<IResponse> clearToken, Func<string, ValueTask<IUser?>> verifyToken, Func<IRequest, IUser, ValueTask<string>> startSession)
         {
-            return new(readToken, writeToken, clearToken, verifyToken);
+            return new(readToken, writeToken, clearToken, verifyToken, startSession);
         }
 
         private static ValueTask<string?> ReadToken(IRequest request)
@@ -46,16 +50,20 @@ public static SessionConfig Custom(Func<IRequest, ValueTask<string?>> readToken,
             return new();
         }
 
-        private static void WriteToken(IResponseBuilder response, string value)
+        private static void WriteToken(IResponse response, string value)
         {
-            response.Cookie(new(COOKIE_NAME, value, COOKIE_TIMEOUT));
+            response.SetCookie(new(COOKIE_NAME, value, COOKIE_TIMEOUT));
         }
 
         private static void ClearToken(IResponse response)
         {
             response.SetCookie(new(COOKIE_NAME, string.Empty, 0));
         }
 
+        public static SessionConfig GetConfig(IRequest request) => (SessionConfig)request.Properties[CONFIG_KEY];
+
+        public static void SetConfig(IRequest request, SessionConfig config) => request.Properties[CONFIG_KEY] = config;
+
     }
 
 }