/// <inheritdoc />
public async Task <string> CreateJwtTokenAsync(long organizationId)
{
var oidcClaims = await GetOidcUserClaimsAsync();
var user = await _userService.TryCreateDefaultUserAsync(oidcClaims);
if (user != null)
{
var allUserClaims = new List <Claim>();
allUserClaims.AddRange(oidcClaims);
allUserClaims.AddRange(GetUserAuthorizationClaims(user));
if (organizationId != 0)
{
allUserClaims.AddRange(GetOrganizationClaims(organizationId));
allUserClaims.AddRange(await GetPermissionsClaimsAsync(allUserClaims));
if (!allUserClaims.Any(claim => claim.Type == PermissionsHelper.Claims.UserRole))
{
throw new UnauthorizedAccessException();
}
}
return(JwtAuthorizationHelper.CreateJwtTokenFromClaims(allUserClaims, _apiJwtAuthorizationOptions.JwtSecret));
}
throw new UnauthorizedAccessException(Properties.Resources.AuthorizationServiceForbiddenRequest);
}
public void TryGetTokenValueReturnsNullToken()
{
IHeaderDictionary headers = new HeaderDictionary();
bool contains = JwtAuthorizationHelper.TryGetTokenValue(headers, out string token);
contains.Should().BeFalse();
token.Should().BeNull();
}
public void CreateDifferentJwtTokensForDifferentClaims()
{
var claims1 = CreateClaims(11, "*****@*****.**");
var jwt1 = JwtAuthorizationHelper
.CreateJwtTokenFromClaims(claims1, "top_secreat_password", new DateTime(2200, 1, 1));
var claims2 = CreateClaims(22, "*****@*****.**");
var jwt2 = JwtAuthorizationHelper
.CreateJwtTokenFromClaims(claims2, "top_secreat_password", new DateTime(2200, 1, 1));
jwt1.Should().NotBe(jwt2);
}
public void TryGetTokenValueReturnsCorrectToken(
string token,
bool removePrefix,
bool expectedContains,
string expectedToken)
{
IHeaderDictionary headers = new HeaderDictionary();
headers.Add(HeaderNames.Authorization, token);
bool contains = JwtAuthorizationHelper.TryGetTokenValue(headers, out token, removePrefix);
contains.Should().Be(expectedContains);
token.Should().Be(expectedToken);
}
public void CreateJwtTokensFromClaims()
{
var claims = CreateClaims(11, "*****@*****.**");
var jwt = JwtAuthorizationHelper
.CreateJwtTokenFromClaims(claims, "top_secreat_password", new DateTime(2200, 1, 1));
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(jwt) as JwtSecurityToken;
tokenS.Claims.First(claim => claim.Type == UserClaimTypes.Email).Value
.Should().Be("*****@*****.**");
tokenS.Claims.First(claim => claim.Type == UserClaimTypes.UserId).Value
.Should().Be("11");
}
/// <inheritdoc />
public async Task <string> CreateJwtTokenAsync()
{
var oidcClaims = await GetOidcUserClaimsAsync();
var user = await _userService.TryCreateDefaultUserAsync(oidcClaims);
if (user != null)
{
var allUserClaims = new List <Claim>();
allUserClaims.AddRange(oidcClaims);
allUserClaims.AddRange(GetUserAuthorizationClaims(user));
return(JwtAuthorizationHelper.CreateJwtTokenFromClaims(allUserClaims, _apiJwtAuthorizationOptions.JwtSecret));
}
throw new UnauthorizedAccessException(Properties.Resources.AuthorizationServiceForbiddenRequest);
}
