private static void AssertDoesGetAccessTokenUsingRefreshTokenCookie(IJsonServiceClient client)
{
var authResponse = client.Post(new Authenticate {
provider = "credentials",
UserName = Username,
Password = Password
});
var initialAccessToken = client.GetTokenCookie();
var initialRefreshToken = client.GetRefreshTokenCookie();
Assert.That(initialAccessToken, Is.Not.Null);
Assert.That(initialRefreshToken, Is.Not.Null);
var request = new Secured {
Name = "test"
};
var response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
var jwtAuthProvider = AuthenticateService.GetRequiredJwtAuthProvider();
jwtAuthProvider.InvalidateJwtIds.Add(jwtAuthProvider.LastJwtId());
// JwtAuthProvider.PrintDump(initialAccessToken);
// JwtAuthProvider.PrintDump(initialRefreshToken);
response = client.Send(request);
Assert.That(response.Result, Is.EqualTo(request.Name));
var latestAccessToken = client.GetTokenCookie();
Assert.That(latestAccessToken, Is.Not.EqualTo(initialAccessToken));
}
public object Any(InvalidateLastAccessToken request)
{
var jwtAuthProvider = AuthenticateService.GetRequiredJwtAuthProvider();
jwtAuthProvider.InvalidateJwtIds.Add(jwtAuthProvider.LastJwtId());
return(new EmptyResponse());
}
public object Any(CreateJwt request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (request.JwtExpiry != null)
{
jwtAuthProvider.CreatePayloadFilter = (jwtPayload, session) =>
jwtPayload["exp"] = request.JwtExpiry.Value.ToUnixTime().ToString();
}
var jwtSession = request.ConvertTo <AuthUserSession>();
var token = jwtAuthProvider.CreateJwtBearerToken(jwtSession);
jwtAuthProvider.CreatePayloadFilter = null;
return(new CreateJwtResponse
{
Token = token
});
}
public object Any(CreateRefreshJwt request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
var jwtHeader = new JsonObject
{
{ "typ", "JWTR" }, //RefreshToken
{ "alg", jwtAuthProvider.HashAlgorithm }
};
var keyId = jwtAuthProvider.GetKeyId(Request);
if (keyId != null)
{
jwtHeader["kid"] = keyId;
}
var now = DateTime.UtcNow;
var jwtPayload = new JsonObject
{
{ "sub", request.UserAuthId ?? "1" },
{ "iat", now.ToUnixTime().ToString() },
{ "exp", (request.JwtExpiry ?? DateTime.UtcNow.AddDays(1)).ToUnixTime().ToString() },
};
if (jwtAuthProvider.Audience != null)
{
jwtPayload["aud"] = jwtAuthProvider.Audience;
}
var hashAlgorithm = jwtAuthProvider.GetHashAlgorithm();
var refreshToken = JwtAuthProvider.CreateJwt(jwtHeader, jwtPayload, hashAlgorithm);
return(new CreateRefreshJwtResponse
{
Token = refreshToken
});
}
public object Any(GetAccessToken request)
{
var jwtAuthProvider = (MyJwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
if (string.IsNullOrEmpty(request.RefreshToken))
{
throw new ArgumentNullException(nameof(request.RefreshToken));
}
JsonObject jwtPayload;
try
{
jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split(CharConstants.DOT));
}
catch (ArgumentException)
{
throw;
}
catch (Exception ex)
{
throw new ArgumentException(ex.Message);
}
jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload);
if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request))
{
throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken));
}
var userId = jwtPayload[TokenConstants.SUB];
CustomUserSession session;
if (AuthRepository is IUserAuthRepository userRepo)
{
var userAuth = userRepo.GetUserAuth(userId);
if (userAuth == null)
{
throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request));
}
if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth))
{
throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request));
}
session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId()) as CustomUserSession;
PopulateSession(userRepo, userAuth, session, userId);
}
else
{
throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource");
}
var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session);
return(new GetAccessTokenResponse
{
AccessToken = accessToken
});
}