public void ImplementStrategy(string accountId, string newPasswordPlain)
{
Account account = null;
try
{
//Get account from db
account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault();
//Password
string salt = _passwordSaltGenerator.Generate();
string passHashed = _passwordHashHelper.GenerateHash(salt + newPasswordPlain);
//Update account data
UpdateDefinition <Account> updDef = Builders <Account> .Update
.Set(x => x.PasswordStatus, PasswordStatus.Set)
.Set(x => x.PasswordLastChanged, DateTime.Now)
.Set(x => x.Salt, salt)
.Set(x => x.Password, passHashed);
_accountRepo.UpdateOne(x => x.AccountId == accountId, updDef);
}
catch (Exception ex)
{
//Log error
_logger.LogError("UserAssignedPasswordSetStrategy.ImplementStrategy", "Exception was thrown", new
{
AccountId = accountId,
Account = account,
Exception = ex
});
throw;
}
}
public async Task <TokenResult> Execute(string refreshToken)
{
try
{
//1.Validate and extract refresh token
if (!_refreshTokenExtracter.TryExractToken(refreshToken, out List <Claim> refreshTokenClaims))
{
throw new InvalidTokenException("Jwt token is corrupted or expired");
}
string rTokenJti = refreshTokenClaims.Single(c => c.Type == JwtRegisteredClaimNames.Jti).Value;
//2.Check if refresh token is revoked. If it is throw a security exception
if (await _revokedTokenRepo.Exists(rTokenJti))
{
throw new TokenRevokedException($"Token {rTokenJti} already revoked");
}
//3.Generate short token
var key = _symmetricKeyProvider.GetKey();
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//Create stoken claims using some claims from parent rtoken
var shortTokenClaims = refreshTokenClaims.Where(c => c.Type == ClaimTypes.Name || c.Type == ClaimTypes.Role).Select(c => new Claim(c.Type, c.Value)).ToList();
//Add token Jti claim
string jti = _tokenIdGenerator.Generate();
shortTokenClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, jti));
//Add RefreshTokenId of the rtoken to the stoken claims as RefreshTokenId claim
shortTokenClaims.Add(new Claim("rtokenjti", rTokenJti));
JwtSecurityToken jwtTokenOptions = new JwtSecurityToken(
issuer: _shortTokenConfig.ValidIssuer,
audience: _shortTokenConfig.ValidAudience,
claims: shortTokenClaims,
expires: DateTime.Now.AddMinutes(_shortTokenConfig.ExpiresInMin),
signingCredentials: creds
);
string shortToken = new JwtSecurityTokenHandler().WriteToken(jwtTokenOptions);
return(new TokenResult(null, shortToken, jwtTokenOptions.ValidTo));
}
catch (Exception ex)
{
//Log error
_logger.LogError("GenerateShortTokenCommand.Execute", "Exception was thrown", new
{
Exception = ex
});
throw;
}
}
public async Task ImplementConfirmation(string accountId)
{
Account account = null;
try
{
// Get account from db.
account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault();
// Generate confirmation code and it's hash
string emailConfirmCodePlain = _emailConfirmCodeGenerator.Generate();
string emailConirmCodeHashed = _hashHelper.GenerateHash(emailConfirmCodePlain);
// Will be saved in db.
ConfirmEmailRequest confirmEmailRequest = new ConfirmEmailRequest()
{
Id = Guid.NewGuid().ToString("n"),
AccountId = account.AccountId,
Code = emailConirmCodeHashed,
Email = account.Email,
CreateDate = DateTime.Now,
Status = ConfirmEmailRequestStatus.NotResolved
};
_requestRepo.InsertOne(confirmEmailRequest);
// Will be sent to user's email.
EmailConfirmationByLinkRequestEvent confMail = new EmailConfirmationByLinkRequestEvent()
{
CorrelationId = Guid.NewGuid().ToString(),
Issuer = "AuthServer.UserSystem.Services.Strategies.ConfirmLinkEmailConfirmationStrategy",
IssuerSystem = "AuthServer.UserSystem",
EventDate = DateTime.Now,
Username = account.Username,
Email = account.Email,
ConfirmationUrl = string.Format(_confirmLinkUrl, emailConfirmCodePlain)
};
await Publish(confMail);
}
catch (Exception ex)
{
// Log error.
_logger.LogError("ConfirmLinkEmailConfirmationStrategy.ImplementConfirmation", "Exception was thrown.", new
{
Account = account,
Exception = ex
});
throw;
}
}
public void ImplementStrategy(string accountId, string newPasswordPlain)
{
Account account = null;
try
{
// Get account from db.
account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault();
if (account.EmailStatus != EmailStatus.Confirmed)
{
return;
}
// Prepare the password.
string passwordPlain = _passwordGenerator.Generate();
string salt = _passwordSaltGenerator.Generate();
string passHashed = _passwordHashHelper.GenerateHash(account.Salt + passwordPlain);
// Update account data.
UpdateDefinition <Account> updDef = Builders <Account> .Update
.Set(x => x.PasswordStatus, PasswordStatus.Set)
.Set(x => x.PasswordLastChanged, DateTime.Now)
.Set(x => x.Salt, salt)
.Set(x => x.Password, passHashed);
_accountRepo.UpdateOne(x => x.AccountId == accountId, updDef);
// Publish event that may be used, for example, to email the password to the user.
Publish(new DirectPasswordSetEvent()
{
Email = account.Email,
Username = account.Username,
PasswordPlain = passwordPlain
});
}
catch (Exception ex)
{
// Log error.
_logger.LogError("DirectPasswordSetStrategy.ImplementStrategy", "Exception was thrown", new
{
AccountId = accountId,
Account = account,
Exception = ex
});
throw;
}
}
public async Task Execute(string accountId, PasswordChangeModel model, IValidator validator)
{
try
{
//Validate input
_validationStrategy.Validate(model, validator);
if (validator.HasErrors)
{
return;
}
//Validate old password and find account
Account account = await _accountRepo.Find(x => x.AccountId == accountId && x.AccountStatus != AccountStatus.Inactive).SingleOrDefaultAsync();
if (account == null ||
account.PasswordStatus == PasswordStatus.Empty ||
!_secretHashHelper.ValidateSecret(account.Salt + model.OldPassword, account.Password))
{
validator.AddError("Wrong old password", "OldPassword");
return;
}
//Generate new salt
string newSalt = _passwordSaltGenerator.Generate();
//Generate new hashed password
string newHashedPass = _secretHashHelper.GenerateHash(newSalt + model.NewPassword);
//Save in db
_accountRepo.UpdateOne(x => x.AccountId == accountId, CreateUpdateDef(newHashedPass, newSalt));
//Raise a PasswordChanged event
PasswordChangedEvent passwordChangedEvent = CreatePasswordChangedEvent(account);
await Publish(passwordChangedEvent);
return;
}
catch (Exception ex)
{
await _logger.LogErrorAsync("ChangeAccountPasswordCommand.Execute", "Exception occurred", new
{
Exception = ex
});
throw;
}
}
public static string GenerateString(this ISecretGenerator generator, int length = 128)
{
byte[] randomData = generator.Generate((length / 4 * 3) + 1);
return(Convert.ToBase64String(randomData).Substring(0, length).Replace('/', '-').Replace('+', '_'));
}
public async Task <TokenResult> Execute(string accountId, List <Claim> claims, TokenAdditionalData additionalData, DateTime?customExpireDate = null)
{
try
{
SymmetricSecurityKey key = _symmetricKeyProvider.GetKey();
SigningCredentials creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//Generate and add token Jti claim. Will be used in short tokens to identify the creator refresh token
string tokenJti = _tokenIdGenerator.Generate();
claims.Add(new Claim(JwtRegisteredClaimNames.Jti, tokenJti));
//Set expire date
DateTime expireDate;
if (customExpireDate != null)
{
expireDate = customExpireDate.Value;
}
else
{
expireDate = DateTime.Now.AddMinutes(_rTokenConfig.ExpiresInMin);
}
JwtSecurityToken jwtTokenOptions = new JwtSecurityToken(
issuer: _rTokenConfig.ValidIssuer,
audience: _rTokenConfig.ValidAudience,
claims: claims,
expires: expireDate,
signingCredentials: creds
);
//Generate token string
string token = new JwtSecurityTokenHandler().WriteToken(jwtTokenOptions);
//Create token db record
AccountRTokenInfo accountRTokenInfo = new AccountRTokenInfo()
{
TokenId = tokenJti,
AccountId = accountId,
ExpireDate = expireDate,
Status = AccountRTokenStatus.Active,
CreateDate = DateTime.Now,
DeviceInfo = additionalData.DeviceInfo,
RequesterIPv4 = additionalData.RequesterIPv4,
RequesterIPv6 = additionalData.RequesterIPv6
};
//Save token db record
await _accountRTokenRepo.InsertOneAsync(accountRTokenInfo);
return(new TokenResult(tokenJti, token, jwtTokenOptions.ValidTo));
}
catch (Exception ex)
{
//Log error
_logger.LogError("GenerateRefreshTokenCommand.Execute", "Exception was thrown", new
{
Exception = ex
});
throw;
}
}