diff --git a/Notesnook.API/Controllers/UsersController.cs b/Notesnook.API/Controllers/UsersController.cs
index 797c8d7..eee1418 100644
--- a/Notesnook.API/Controllers/UsersController.cs
+++ b/Notesnook.API/Controllers/UsersController.cs
@@ -58,7 +58,7 @@ namespace Notesnook.API.Controllers
try
{
UserResponse response = await UserService.GetUserAsync(userId);
- if (!response.Success) return BadRequest(response);
+ if (!response.Success) return BadRequest();
return Ok(response);
}
catch (Exception ex)
diff --git a/Notesnook.API/Extensions/AuthorizationResultTransformer.cs b/Notesnook.API/Extensions/AuthorizationResultTransformer.cs
index d1c1585..e5497b6 100644
--- a/Notesnook.API/Extensions/AuthorizationResultTransformer.cs
+++ b/Notesnook.API/Extensions/AuthorizationResultTransformer.cs
@@ -17,8 +17,11 @@ You should have received a copy of the Affero GNU General Public License
along with this program. If not, see .
*/
+using System;
using System.Linq;
using System.Net;
+using System.Net.WebSockets;
+using System.Text;
using System.Text.Json;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
@@ -42,12 +45,9 @@ namespace Notesnook.API.Extensions
AuthorizationPolicy authorizationPolicy,
PolicyAuthorizationResult policyAuthorizationResult)
{
- var isWebsocket = httpContext.Request.Headers.Upgrade == "websocket";
-
- if (!isWebsocket && policyAuthorizationResult.Forbidden && policyAuthorizationResult.AuthorizationFailure != null)
+ if (policyAuthorizationResult.Forbidden && policyAuthorizationResult.AuthorizationFailure != null)
{
var error = string.Join("\n", policyAuthorizationResult.AuthorizationFailure.FailureReasons.Select((r) => r.Message));
-
if (!string.IsNullOrEmpty(error))
{
httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
@@ -55,17 +55,8 @@ namespace Notesnook.API.Extensions
await httpContext.Response.WriteAsync(JsonSerializer.Serialize(new { error }));
return;
}
-
- await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
- }
- else if (isWebsocket)
- {
- await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, PolicyAuthorizationResult.Success());
- }
- else
- {
- await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
}
+ await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
}
}
}
\ No newline at end of file
diff --git a/Notesnook.API/Hubs/SyncV2Hub.cs b/Notesnook.API/Hubs/SyncV2Hub.cs
index 27390cd..4c937ee 100644
--- a/Notesnook.API/Hubs/SyncV2Hub.cs
+++ b/Notesnook.API/Hubs/SyncV2Hub.cs
@@ -44,7 +44,7 @@ namespace Notesnook.API.Hubs
Task PushCompleted();
}
- [Authorize("Sync")]
+ [Authorize]
public class SyncV2Hub : Hub
{
private ISyncItemsRepositoryAccessor Repositories { get; }
diff --git a/Notesnook.API/Startup.cs b/Notesnook.API/Startup.cs
index f70dd03..76cf0de 100644
--- a/Notesnook.API/Startup.cs
+++ b/Notesnook.API/Startup.cs
@@ -137,9 +137,13 @@ namespace Notesnook.API
options.DiscoveryPolicy.RequireHttps = false;
options.TokenRetriever = new Func(req =>
{
+ if (req.Path == "/hubs/sync/v2")
+ {
+ var fromQuery = TokenRetrieval.FromQueryString(); //needed for signalr and ws/wss conections to be authed via jwt
+ return fromQuery(req);
+ }
var fromHeader = TokenRetrieval.FromAuthorizationHeader();
- var fromQuery = TokenRetrieval.FromQueryString(); //needed for signalr and ws/wss conections to be authed via jwt
- return fromHeader(req) ?? fromQuery(req);
+ return fromHeader(req);
});
options.Events.OnTokenValidated = (context) =>