Added additional identity claim checks for merhcant tokens. (#470)

Author: sipsorcery

src/NoFrixion.MoneyMoov/Claims/IdentityExtensions.cs

@@ -62,13 +62,36 @@ public static bool IsVerfiedByApiKey(this IIdentity identity)
         return bool.TryParse(verifiedClaim, out var verifiedByApiKey) && verifiedByApiKey;
     }
 
-    public static bool IsVerfiedMerchantToken(this IIdentity identity)
+    /// <summary>
+    /// Returns true if the request was authenticated with a merchant JWT bearer token.
+    /// </summary>
+    public static bool IsMerchantTokenBearer(this IIdentity identity)
     {
-        var verifiedClaim = ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.verified_merchant_token)?.Value;
+        var verifiedClaim = ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.merchant_token_bearer)?.Value;
 
         return bool.TryParse(verifiedClaim, out var verifiedMerchantToken) && verifiedMerchantToken;
     }
 
+    /// <summary>
+    /// Returns true if a merchant token authenticated request was from a whitelisted source IP address.
+    /// </summary>
+    public static bool IsMerchantTokenIPAddressWhiteLised(this IIdentity identity)
+    {
+        var ipAddressWhitelistClaim = ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.merchant_token_whitelisted_ipaddress)?.Value;
+
+        return bool.TryParse(ipAddressWhitelistClaim, out var isRquestIPAddressWhiteListed) && isRquestIPAddressWhiteListed;
+    }
+
+    /// <summary>
+    /// Returns true if a merchant token authenticated request was authenticated with an HMAC or public key signature.
+    /// </summary>
+    public static bool IsMerchantTokenSigned(this IIdentity identity)
+    {
+        var isSignedClaim = ((ClaimsIdentity)identity)?.FindFirst(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.merchant_token_signed)?.Value;
+
+        return bool.TryParse(isSignedClaim, out var isSigned) && isSigned;
+    }
+
     public static bool MerchantIdExists(this IIdentity identity)
     {
         return identity != null && ((ClaimsIdentity)identity).Claims.Any(x => x.Type == ClaimsConstants.NOFRIXION_CLAIMS_NAMESPACE + NoFrixionClaimsEnum.merchantid);

src/NoFrixion.MoneyMoov/Claims/NoFrixionClaimsEnum.cs

@@ -101,7 +101,17 @@ public enum NoFrixionClaimsEnum
     use_permissions,
 
     /// <summary>
-    /// The token was successfully authenticated by the merchant token middleware.
+    /// If set indicates the request was authenticated with a JWT bearer token.
     /// </summary>
-    verified_merchant_token
+    merchant_token_bearer,
+
+    /// <summary>
+    /// If set indicates the request was was received from a source address on the merchant token's IP address whitelist.
+    /// </summary>
+    merchant_token_whitelisted_ipaddress,
+
+    /// <summary>
+    /// If set indicates the request was authenticated by a signed (HMAC or public key) merchant token.
+    /// </summary>
+    merchant_token_signed
 }