4 anos atrás · cb897df7f0
--- a/TEAMModelOS.SDK/Extension/JwtAuthExtension.cs
+++ b/TEAMModelOS.SDK/Extension/JwtAuthExtension.cs
@@ -15,13 +15,14 @@ namespace TEAMModelOS.SDK.Extension
 
				 {
			
 
				     public static class JwtAuthExtension
			
 
				     {
			
 
				-        public static string CreateAuthToken(string issuer, string userID, string salt, string[] roles = null, string[] permissions = null, int expire = 1)
			
 
				+        public static string CreateAuthToken(string issuer, string userID, string salt, string schoolID = "",  string[] roles = null, string[] permissions = null, int expire = 1)
			
 
				         {
			
 
				             // 設定要加入到 JWT Token 中的聲明資訊(Claims)
			
 
				             var claims = new List<Claim>();
			
 
				             // 在 RFC 7519 規格中(Section#4)，總共定義了 7 個預設的 Claims
			
 
				             claims.Add(new Claim(JwtRegisteredClaimNames.Iss, issuer)); //發行者
			
 
				-            claims.Add(new Claim(JwtRegisteredClaimNames.Sub, userID)); // 用戶ID            
			
 
				+            claims.Add(new Claim(JwtRegisteredClaimNames.Sub, userID)); // 用戶ID   
			
 
				+            claims.Add(new Claim(JwtRegisteredClaimNames.Azp, schoolID)); // 學校簡碼，如果有的話
			
 
				             claims.Add(new Claim(JwtRegisteredClaimNames.Exp, DateTimeOffset.UtcNow.AddHours(expire).ToUnixTimeSeconds().ToString())); // 到期的時間，必須為數字
			
 
				 
			
 
				             // 擴充 "roles" 加入登入者的角色，角色類型 (USER、HABOOK) 
			
--- a/TEAMModelOS/Controllers/Client/Filter/AuthTokenAttribute.cs
+++ b/TEAMModelOS/Controllers/Client/Filter/AuthTokenAttribute.cs
@@ -46,7 +46,7 @@ namespace TEAMModelOS.Controllers.Client
 
				                         var roles = jwt.Claims.Where(c => c.Type == "roles");
			
 
				                         foreach (var role in roles)
			
 
				                         {
			
 
				-                            if (_roles.Contains(role.Value, StringComparison.OrdinalIgnoreCase))
			
 
				+                            if (_roles.Contains(role.Value, StringComparison.Ordinal))
			
 
				                             {
			
 
				                                 pass = true;
			
 
				                                 break;
			
@@ -58,7 +58,7 @@ namespace TEAMModelOS.Controllers.Client
 
				                         var permissions = jwt.Claims.Where(c => c.Type == "permissions");
			
 
				                         foreach (var permission in permissions)
			
 
				                         {                            
			
 
				-                            if (_permissions.Contains(permission.Value, StringComparison.OrdinalIgnoreCase))
			
 
				+                            if (_permissions.Contains(permission.Value, StringComparison.Ordinal))
			
 
				                             {
			
 
				                                 pass = true;
			
 
				                                 break;