Mise en place de l'authentification Keycloak

2026-04-13 22:33:56 +02:00
parent 70f693d85b
commit 6202b8b829
25 changed files with 531 additions and 21 deletions
--- a/ChessCubing.App/Components/UserAccessBar.razor
+++ b/ChessCubing.App/Components/UserAccessBar.razor
@@ -0,0 +1,85 @@
+@using System.Security.Claims
+@inject NavigationManager Navigation
+
+<AuthorizeView>
+    <Authorized Context="authState">
+        <div class="user-access-bar">
+            <div class="user-access-copy">
+                <span class="micro-label">Compte Keycloak</span>
+                <strong>@BuildDisplayName(authState.User)</strong>
+                <span class="user-access-meta">@BuildMeta(authState.User)</span>
+            </div>
+            <div class="user-access-actions">
+                <a class="button ghost small" href="@LogoutHref">Se deconnecter</a>
+            </div>
+        </div>
+    </Authorized>
+    <NotAuthorized>
+        <div class="user-access-bar">
+            <div class="user-access-copy">
+                <span class="micro-label">Compte Keycloak</span>
+                <strong>Connexion requise pour lancer et reprendre les matchs</strong>
+                <span class="user-access-meta">Chaque compte conserve son propre etat de match dans ce navigateur.</span>
+            </div>
+            <div class="user-access-actions">
+                <a class="button primary small" href="@LoginHref">Se connecter</a>
+            </div>
+        </div>
+    </NotAuthorized>
+</AuthorizeView>
+
+@code {
+    private string LoginHref => BuildAuthHref("login", CurrentReturnUrl);
+    private string LogoutHref => BuildAuthHref("logout", "/");
+
+    private string CurrentReturnUrl
+    {
+        get
+        {
+            var relativePath = Navigation.ToBaseRelativePath(Navigation.Uri);
+            if (string.IsNullOrWhiteSpace(relativePath))
+            {
+                return "/";
+            }
+
+            return relativePath.StartsWith("/", StringComparison.Ordinal)
+                ? relativePath
+                : $"/{relativePath}";
+        }
+    }
+
+    private static string BuildAuthHref(string action, string returnUrl)
+        => $"authentication/{action}?returnUrl={Uri.EscapeDataString(returnUrl)}";
+
+    private static string BuildDisplayName(ClaimsPrincipal user)
+        => user.Identity?.Name
+            ?? user.FindFirst("name")?.Value
+            ?? user.FindFirst("preferred_username")?.Value
+            ?? "Utilisateur connecte";
+
+    private static string BuildMeta(ClaimsPrincipal user)
+    {
+        var details = new List<string>();
+        var email = user.FindFirst("email")?.Value;
+        if (!string.IsNullOrWhiteSpace(email))
+        {
+            details.Add(email);
+        }
+
+        var roles = user.FindAll("role")
+            .Select(claim => claim.Value)
+            .Where(value => !string.IsNullOrWhiteSpace(value))
+            .Distinct(StringComparer.OrdinalIgnoreCase)
+            .OrderBy(value => value, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+        if (roles.Length > 0)
+        {
+            details.Add($"Roles : {string.Join(", ", roles)}");
+        }
+
+        return details.Count > 0
+            ? string.Join(" | ", details)
+            : "Session authentifiee via Keycloak.";
+    }
+}