feature: JwtToWebUser() always call Controller.GetWebUserCallback if provided (#21)

stratdev3 · stratdev3 · commit 0151daf23a29 · 2024-02-15T16:22:04.000+01:00
diff --git a/release.md b/release.md
@@ -18,6 +18,15 @@ Notes :
 - sync `HttpMultipartDataParser` library with upstream
 
 
+## v11.9.0 / _(2024-02-15)_
+Maintenance
+
+### breakingChange
+
+- the `getWebUserCallback` delegate set with `SimpleW.SetToken()`  is new call by `Controller.JwtToWebUser()` to redress `Controller.webuser` on each request.
+
+
+
 ## v11.8.0 / _(2024-02-14)_
 Maintenance
 
diff --git a/src/SimpleW/SimpleW/Controller.cs b/src/SimpleW/SimpleW/Controller.cs
@@ -9,7 +9,12 @@
 
 namespace SimpleW {
 
-    public delegate IWebUser DelegateSetTokenWebUser(Guid id = new Guid());
+    /// <summary>
+    /// Delegate to redress WebUser
+    /// </summary>
+    /// <param name="webuser"></param>
+    /// <returns>IWebUser (NOT NULL)</returns>
+    public delegate IWebUser DelegateSetTokenWebUser(TokenWebUser webuser = null);
 
     /// <summary>
     /// <para>Controller is mandatory base class of all Controllers.</para>
@@ -70,8 +75,7 @@ public void Initialize(SimpleWSession session, HttpRequest request) {
         /// </summary>
         protected IWebUser webuser {
             get {
-                if (!_webuser_set) {
-                    _webuser_set = true;
+                if (_webuser == null) {
                     _webuser = JwtToWebUser(GetJwt());
                 }
                 return _webuser;
@@ -83,15 +87,6 @@ protected IWebUser webuser {
         /// </summary>
         private IWebUser _webuser;
 
-        /// <summary>
-        /// Flag : cache _webuser to avoid multi request
-        ///        as in some edge case JwtToWebUser()
-        ///        can return null (if GetWebUserCallback() return null)
-        ///        that's why we can't check _webuser = null and so
-        ///        use a specific flag
-        /// </summary>
-        private bool _webuser_set;
-
         /// <summary>
         /// Return IWebUser from a jwt token
         /// The token is checked
@@ -101,25 +96,17 @@ protected IWebUser webuser {
         /// <param name="jwt">the string jwt</param>
         /// <returns></returns>
         public static IWebUser JwtToWebUser(string jwt) {
-            // get webuser and update property (to avoid to do it in each controller)
             try {
                 var wu = jwt?.ValidateJwt<TokenWebUser>(TokenKey, TokenIssuer);
-
-                // jwt token is valid and webuser must be refresh
-                if (wu != null) {
-                    return wu.Refresh && GetWebUserCallback != null
-                                ? GetWebUserCallback(wu.Id)
-                                : wu;
-                }
-                // try to get default TokenWebuser if defined in GetWebUserCallback
-                else if (GetWebUserCallback != null) {
-                    return GetWebUserCallback();
-                }
-                else {
-                    return new WebUser();
+                if (GetWebUserCallback != null) {
+                    return GetWebUserCallback(wu);
                 }
+                return wu ?? new WebUser();
             }
             catch {
+                if (GetWebUserCallback != null) {
+                    return GetWebUserCallback();
+                }
                 return new WebUser();
             }
         }
diff --git a/src/SimpleW/SimpleW/SimpleWServer.cs b/src/SimpleW/SimpleW/SimpleWServer.cs
@@ -155,12 +155,13 @@ public void AddDynamicContent(Type controllerType, string path = "/") {
         }
 
         /// <summary>
-        /// Set Token settings and set delegate called by TokenWebUser to refresh webuser
+        /// Set Token settings (passphrase and issuer).
+        /// a delegate can be defined to redress webuser called by Controller.JwtToWebUser().
         /// </summary>
         /// <param name="tokenPassphrase">The String token secret passphrase (min 17 chars).</param>
         /// <param name="issuer">The String issuer.</param>
-        /// <param name="tokenWebUserCallback">The DelegateSetTokenWebUser setTokenWebUser</param>
-        public void SetToken(string tokenPassphrase, string issuer, DelegateSetTokenWebUser tokenWebUserCallback = null) {
+        /// <param name="getWebUserCallback">The DelegateSetTokenWebUser getWebUserCallback</param>
+        public void SetToken(string tokenPassphrase, string issuer, DelegateSetTokenWebUser getWebUserCallback = null) {
 
             if (string.IsNullOrWhiteSpace(tokenPassphrase) || tokenPassphrase.Length <= 16) {
                 throw new ArgumentException($"{nameof(tokenPassphrase)} must be 17 char length minimum");
@@ -169,8 +170,8 @@ public void SetToken(string tokenPassphrase, string issuer, DelegateSetTokenWebU
 
             Controller.TokenIssuer = issuer;
             
-            if (tokenWebUserCallback != null) {
-                Controller.GetWebUserCallback = tokenWebUserCallback;
+            if (getWebUserCallback != null) {
+                Controller.GetWebUserCallback = getWebUserCallback;
             }
         }
 
