Update UserAccess microservice to read Employee Code from token when retreiving App token. Update dadeschools Authorization policy to work offline

DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Providers/UserAccessProvider.cs

@@ -13,7 +13,7 @@ using Newtonsoft.Json;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text;
-using DamageAssesment.Api.UsersAccess.Services;
+
 
 namespace DamageAssesment.Api.UsersAccess.Providers
 {
@@ -337,56 +337,71 @@ namespace DamageAssesment.Api.UsersAccess.Providers
 
         }
 
-        public async Task<(bool IsSuccess, TokenResponse TokenResponse, string ErrorMessage)> AuthenticateAsync(string employecode)
+        private string DecodeJwtToken(string token)
         {
-
-            if (employecode != null)
+            try
             {
-                //implementation for dadeschools authentication
-                // var employees = await employeeServiceProvider.getEmployeesAsync();
-                // var employee = employees.Where(e=> e.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault();
-                var user = userAccessDbContext.Users.Where(x => x.IsActive == true && x.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault();
+                var handler = new JwtSecurityTokenHandler();
+                var jsonToken = handler.ReadToken(token);
+                var tokenS = handler.ReadToken(token) as JwtSecurityToken;
 
-                if (user != null)
-                {
+                if (tokenS == null)
+                    return null;
 
-                    var r = await GetRolesAsync();
-                    var role = r.Roles.Where(x => x.Id == user.RoleId).SingleOrDefault();
+                var payload = tokenS.Payload.SerializeToJson();
+                return payload;
+            }
+            catch
+            {
+                return null;
+            }
+        }
 
-                    var authClaims = new List<Claim> {
+        public async Task<(bool IsSuccess, TokenResponse TokenResponse, string ErrorMessage)> AuthenticateAsync()
+        {
+            var dadeschoolsToken = GetToken();
+            var decodedToken = DecodeJwtToken(dadeschoolsToken);
+            var tokenObject = decodedToken == null ? null : JObject.Parse(decodedToken);
+
+            if (tokenObject == null)
+                return (false, null, "JWT authentication is required");
+
+            var employecode = (string)tokenObject["sub"];
+            var user = userAccessDbContext.Users.Where(x => x.IsActive == true && x.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault();
+            if (user != null)
+            {
+                var r = await GetRolesAsync();
+                var role = r.Roles.Where(x => x.Id == user.RoleId).SingleOrDefault();
+
+                var authClaims = new List<Claim> {
                                new Claim(ClaimTypes.Name, user.EmployeeCode),
                                new Claim(ClaimTypes.Role, role.Name),
                                new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
 
                               };
 
-                    /// Generate Token
-                    var tokenhandler = new JwtSecurityTokenHandler();
-                    var tokenkey = Encoding.UTF8.GetBytes(jwtSettings.securitykey);
-                    var tokendesc = new SecurityTokenDescriptor
-                    {
-                        Audience = "",
-                        NotBefore = DateTime.Now,
-                        Subject = new ClaimsIdentity(authClaims),
-                        Expires = DateTime.Now.AddDays(3),
-                        SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(tokenkey), SecurityAlgorithms.HmacSha256)
-                    };
-                    var token = tokenhandler.CreateToken(tokendesc);
-                    string finaltoken = tokenhandler.WriteToken(token);
-
-                    var response = new TokenResponse() { jwttoken = finaltoken, refreshtoken = await tokenServiceProvider.GenerateToken(mapper.Map<Db.User, Models.User>(user)) };
-                    return (true, response, "Authentication success and token issued.");
-                }
-                else
+                /// Generate Token
+                var tokenhandler = new JwtSecurityTokenHandler();
+                var tokenkey = Encoding.UTF8.GetBytes(jwtSettings.securitykey);
+                var tokendesc = new SecurityTokenDescriptor
                 {
-                    return (false, null, "user inactive or not exist.");
-                }
-            }
+                    Audience = "",
+                    NotBefore = DateTime.Now,
+                    Subject = new ClaimsIdentity(authClaims),
+                    Expires = DateTime.Now.AddDays(3),
+                    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(tokenkey), SecurityAlgorithms.HmacSha256)
+                };
+                var token = tokenhandler.CreateToken(tokendesc);
+                string finaltoken = tokenhandler.WriteToken(token);
 
+                var response = new TokenResponse() { jwttoken = finaltoken, refreshtoken = await tokenServiceProvider.GenerateToken(mapper.Map<Db.User, Models.User>(user)) };
+                return (true, response, "Authentication success and token issued.");
+            }
             else
             {
-                return (false, null, "Credentials are required to authenticate.");
+                return (false, null, "user inactive or not exist.");
             }
+
         }
         public async Task<(bool IsSuccess, IEnumerable<Models.Role> Roles, string ErrorMessage)> GetRolesAsync()
         {