[ENHANCEMENT]Logging out by user card (#486)

* Create draft PR for #468

* user can now deauthenitcate reading same token when currently authenticated

Co-authored-by: PTKu <PTKu@users.noreply.github.com>
Co-authored-by: Peter <61538034+PTKu@users.noreply.github.com>

Author: github-actions[bot]

src/TcOpen.Inxton/src/Security/AuthenticationService.cs

@@ -78,9 +78,22 @@ public void ChangeToken(string userName, string token)
             }
         }
 
-        private User ExternalAuthorization_AuthorizationRequest(string token)
+        private IUser ExternalAuthorization_AuthorizationRequest(string token)
         {
-            return this.AuthenticateUser(token);
+            var userName = TcOpen.Inxton.Local.Security.SecurityManager.Manager.Principal.Identity.Name;
+            var currentUser = _users.FirstOrDefault(u => u.Username.Equals(userName));
+
+            // De authenticate when the token matches the token of currently authenticated user.
+            if (currentUser != null && this.CalculateHash(token, string.Empty) == currentUser.AuthenticationToken)
+            {
+                this.DeAuthenticateCurrentUser();
+                return null;
+            }
+            else
+            {
+                var authenticatedUser = this.AuthenticateUser(token);
+                return authenticatedUser;
+            }            
         }
 
         public IRepository<UserData> UserRepository { get; private set; }
@@ -163,7 +176,7 @@ public User AuthenticateUser(string token)
             }
 
             VerifyRolesHash(userData);
-
+       
             return AuthenticateUser(userData);
         }
 

src/TcOpen.Inxton/tests/TcOpen.Inxton.Local.Security/TcOpen.Inxton.Security.Tests/AuthenticationServiceTests.cs

@@ -351,6 +351,37 @@ public void AuthenticateWithToken()
             Assert.AreEqual(roles[0], actual.Roles[0]);           
         }
 
+        [Test()]
+        public void DeAuthenticateWithToken()
+        {
+            //-- Arrange
+            var userName = "UserTokenAuthenticationDeauthWithToken";
+            var password = "token";
+            var roles = new string[] { "Tester" };
+            var token = "usersToken-UserTokenAuthenticationDeauthWithToken";
+
+            authService.ExternalAuthorization = new ExternalAuthenticator() { Token = token };
+
+            authService.UserRepository.Create(userName, new UserData(userName, password, roles.ToList()));
+
+            authService.AuthenticateUser(userName, password);
+
+            authService.ExternalAuthorization.RequestTokenChange(token);
+
+            authService.DeAuthenticateCurrentUser();
+
+            var actual = authService.ExternalAuthorization.RequestAuthorization(token);
+
+            Assert.AreEqual(userName, actual.UserName);
+            Assert.AreEqual(1, roles.Length);
+            Assert.AreEqual(roles[0], actual.Roles[0]);
+
+            actual = authService.ExternalAuthorization.RequestAuthorization(token);
+
+            Assert.IsNull(actual);
+            Assert.AreEqual(typeof(AnonymousIdentity), TcOpen.Inxton.Local.Security.SecurityManager.Manager.Principal.Identity.GetType());            
+        }
+
         [Test()]
         public void AuthenticateWithInexistingToken()
         {
@@ -372,10 +403,13 @@ public void AuthenticateWithInexistingToken()
 
             authService.DeAuthenticateCurrentUser();
 
-            externalAuthorization.Token = "fjalsdjl";
+
+            var inexistingToken = "fjalsdjl";
+
+            externalAuthorization.Token = inexistingToken;
 
 
-            authService.ExternalAuthorization.RequestAuthorization(token);
+            authService.ExternalAuthorization.RequestAuthorization(inexistingToken);
 
             AppPrincipal customPrincipal = Thread.CurrentPrincipal as AppPrincipal;
 
@@ -440,6 +474,7 @@ public void AddExistingToken()
 
         }
 
+
         public class ExternalAuthenticator : ExternalAuthorization
         {