From b5aa1a6bc0e8025137e96082e3438493f40cd1ad Mon Sep 17 00:00:00 2001
From: "Shkar T. Noori" <shkarface@gmail.com>
Date: Tue, 11 Apr 2023 23:42:08 +0300
Subject: [PATCH] Allow overriding forbid handler

---
 src/GatewayAuth/Abstractions.cs |  7 +++++++
 src/GatewayAuth/Handler.cs      | 13 +++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/GatewayAuth/Abstractions.cs b/src/GatewayAuth/Abstractions.cs
index d378ebb..58616b0 100644
--- a/src/GatewayAuth/Abstractions.cs
+++ b/src/GatewayAuth/Abstractions.cs
@@ -1,7 +1,14 @@
 using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
 
 namespace DIT.Authentication.GatewayAuth.Abstractions;
 
+public interface IForbidResponseHandler
+{
+    Task HandleForbiddenAsync(HttpContext context, AuthenticationProperties properties);
+}
+
 public interface ISignatureValidator
 {
 
diff --git a/src/GatewayAuth/Handler.cs b/src/GatewayAuth/Handler.cs
index 4c261a0..f2dd8ee 100644
--- a/src/GatewayAuth/Handler.cs
+++ b/src/GatewayAuth/Handler.cs
@@ -4,6 +4,7 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using DIT.Authentication.GatewayAuth.Abstractions;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -14,9 +15,11 @@ public class GatewayAuthHandler : AuthenticationHandler<GatewayAuthOptions>
 
     private readonly IClaimsProvider _claimsProvider;
     private readonly ISignatureValidator _signatureValidator;
+    private readonly IForbidResponseHandler? _forbidResponseHandler;
 
     public GatewayAuthHandler(
         IClaimsProvider claimsProvider,
+        IServiceProvider serviceProvider,
         UrlEncoder encoder,
         IOptionsMonitor<GatewayAuthOptions> options,
         ILoggerFactory logger,
@@ -25,6 +28,8 @@ public class GatewayAuthHandler : AuthenticationHandler<GatewayAuthOptions>
     {
         _claimsProvider = claimsProvider;
         _signatureValidator = signatureValidator;
+
+        _forbidResponseHandler = serviceProvider.GetService<IForbidResponseHandler>();
     }
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@@ -59,6 +64,14 @@ public class GatewayAuthHandler : AuthenticationHandler<GatewayAuthOptions>
         }
     }
 
+    protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
+    {
+        if (_forbidResponseHandler != null)
+            return _forbidResponseHandler.HandleForbiddenAsync(Context, properties);
+
+        return base.HandleForbiddenAsync(properties);
+    }
+
     private static bool ExtractSignatureValue(string signatureHeader, [NotNullWhen(true)] out string? signature)
     {
         const string signaturePrefix = "signature=";