soroushdes/meezi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): read role claim under mapped name so Owner/Manager gates work
CI/CD / CI · API (dotnet build + test) (push) Successful in 43s
Details
CI/CD / CI · Admin API (dotnet build) (push) Successful in 32s
Details
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m4s
Details
CI/CD / CI · Admin Web (tsc) (push) Successful in 36s
Details
CI/CD / CI · Website (tsc) (push) Successful in 45s
Details
CI/CD / CI · Koja (tsc) (push) Successful in 49s
Details
CI/CD / Deploy · all services (push) Successful in 1m27s
Details

Browse Source 
ROOT CAUSE of demo-seed/billing/etc. returning 403 for real owners: .NET's JWT
handler remaps the short "role" claim to ClaimTypes.Role on inbound, so
TenantMiddleware's FindFirst("role") returned null and tenant.Role (EmployeeRole?)
stayed null. EnsureManager/EnsureOwner then rejected even a valid Owner token with
MANAGER_REQUIRED / OWNER_REQUIRED, while reads (no role gate) worked and
[Authorize(Roles=...)] worked (it reads the remapped claim). Now reads the role
under both MeeziClaimTypes.Role ("role") and ClaimTypes.Role. Same fix applied to
the AuthController whoami role. Fixes demo seed, subscription billing, and every
other tenant.Role-gated action.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-02 11:18:10 +03:30
parent 24da1e0522
commit bab3453e41
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Meezi.API/Controllers/AuthController.cs
+4 -1
View File
@@ -198,7 +198,10 @@ public class AuthController : ControllerBase
ExpiresAt: expiresAt,
UserId: userId,
CafeId: User.FindFirstValue(MeeziClaimTypes.CafeId) ?? string.Empty,
Role: User.FindFirstValue(MeeziClaimTypes.Role) ?? string.Empty,
// .NET remaps the short "role" claim to ClaimTypes.Role on inbound; read both.
Role: User.FindFirstValue(MeeziClaimTypes.Role)
?? User.FindFirstValue(System.Security.Claims.ClaimTypes.Role)
?? string.Empty,
PlanTier: User.FindFirstValue(MeeziClaimTypes.PlanTier) ?? string.Empty,
Language: User.FindFirstValue(MeeziClaimTypes.Language) ?? string.Empty,
Actor: User.FindFirstValue(MeeziClaimTypes.Actor) ?? MeeziActorKinds.Merchant,
src/Meezi.API/Middleware/TenantMiddleware.cs
+6 -1
View File
@@ -92,7 +92,12 @@ public class TenantMiddleware
{
scopedMerchant.CafeId = cafeId;
var roleClaim = context.User.FindFirst(MeeziClaimTypes.Role)?.Value;
// .NET's JWT handler remaps the short "role" claim to ClaimTypes.Role
// on inbound, so FindFirst("role") returns null and tenant.Role would
// stay null — making EnsureManager/EnsureOwner reject even a real owner.
// Read both the raw claim and the mapped one.
var roleClaim = context.User.FindFirst(MeeziClaimTypes.Role)?.Value
?? context.User.FindFirst(System.Security.Claims.ClaimTypes.Role)?.Value;
if (Enum.TryParse<EmployeeRole>(roleClaim, ignoreCase: true, out var role))
scopedMerchant.Role = role;