Ejemplo n.º 1
0
        private static string CreateExpiredToken()
        {
            var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProviderReader.Name);

            jwtProvider.CreatePayloadFilter = (jwtPayload, session) =>
                                              jwtPayload["exp"] = DateTime.UtcNow.AddSeconds(-1).ToUnixTime().ToString();

            var token = jwtProvider.CreateJwtBearerToken(new AuthUserSession
            {
                UserAuthId  = "1",
                DisplayName = "Test",
                Email       = "*****@*****.**"
            });

            jwtProvider.CreatePayloadFilter = null;
            return(token);
        }
Ejemplo n.º 2
0
        public static IAuthSession GetSession(this IRequest httpReq, bool reload = false)
        {
            if (httpReq == null)
            {
                return(null);
            }

            object oSession = null;

            if (!reload)
            {
                httpReq.Items.TryGetValue(RequestItemsSessionKey, out oSession);
            }

            if (oSession != null)
            {
                return((IAuthSession)oSession);
            }

            using (var cache = httpReq.GetCacheClient())
            {
                var sessionId = httpReq.GetSessionId();
                var session   = cache.Get <IAuthSession>(SessionFeature.GetSessionKey(sessionId));
                if (session == null)
                {
                    session           = AuthenticateService.CurrentSessionFactory();
                    session.Id        = sessionId;
                    session.CreatedAt = session.LastModified = DateTime.UtcNow;
                    session.OnCreated(httpReq);

                    var authEvents = HostContext.TryResolve <IAuthEvents>();
                    if (authEvents != null)
                    {
                        authEvents.OnCreated(httpReq, session);
                    }
                }

                if (httpReq.Items.ContainsKey(RequestItemsSessionKey))
                {
                    httpReq.Items.Remove(RequestItemsSessionKey);
                }

                httpReq.Items.Add(RequestItemsSessionKey, session);
                return(session);
            }
        }
Ejemplo n.º 3
0
        public void Register(IAppHost appHost)
        {
            hasRegistered = true;
            AuthenticateService.Init(sessionFactory, authProviders);

            var unitTest = appHost == null;

            if (unitTest)
            {
                return;
            }

            if (HostContext.StrictMode)
            {
                var sessionInstance = sessionFactory();
                if (TypeSerializer.HasCircularReferences(sessionInstance))
                {
                    throw new StrictModeException($"User Session {sessionInstance.GetType().Name} cannot have circular dependencies", "sessionFactory",
                                                  StrictModeCodes.CyclicalUserSession);
                }
            }

            foreach (var registerService in ServiceRoutes)
            {
                appHost.RegisterService(registerService.Key, registerService.Value);
            }

            var sessionFeature = RegisterPlugins.OfType <SessionFeature>().First();

            sessionFeature.SessionExpiry          = SessionExpiry;
            sessionFeature.PermanentSessionExpiry = PermanentSessionExpiry;

            appHost.LoadPlugin(RegisterPlugins.ToArray());

            if (IncludeAuthMetadataProvider && appHost.TryResolve <IAuthMetadataProvider>() == null)
            {
                appHost.Register <IAuthMetadataProvider>(new AuthMetadataProvider());
            }

            authProviders.OfType <IAuthPlugin>().Each(x => x.Register(appHost, this));

            AuthenticateService.HtmlRedirect               = HtmlRedirect;
            AuthenticateService.HtmlRedirectReturnParam    = HtmlRedirectReturnParam;
            AuthenticateService.HtmlRedirectReturnPathOnly = HtmlRedirectReturnPathOnly;
            AuthenticateService.AuthResponseDecorator      = AuthResponseDecorator;
        }
Ejemplo n.º 4
0
        public static IAuthSession CreateNewSession(IRequest httpReq, string sessionId)
        {
            var session = AuthenticateService.CurrentSessionFactory();

            session.Id        = sessionId ?? CreateSessionIds(httpReq);
            session.CreatedAt = session.LastModified = DateTime.UtcNow;
            session.OnCreated(httpReq);

            var authEvents = HostContext.TryResolve <IAuthEvents>();

            if (authEvents != null)
            {
                authEvents.OnCreated(httpReq, session);
            }

            return(session);
        }
Ejemplo n.º 5
0
        public static bool Authenticate(IRequest req, object requestDto = null, IAuthSession session = null, IAuthProvider[] authProviders = null)
        {
            if (HostContext.HasValidAuthSecret(req))
            {
                return(true);
            }

            session ??= (req ?? throw new ArgumentNullException(nameof(req))).GetSession();
            authProviders ??= AuthenticateService.GetAuthProviders();
            var authValidate = HostContext.GetPlugin <AuthFeature>()?.OnAuthenticateValidate;
            var ret          = authValidate?.Invoke(req);

            if (ret != null)
            {
                return(false);
            }

            req.PopulateFromRequestIfHasSessionId(requestDto);

            if (!req.Items.ContainsKey(Keywords.HasPreAuthenticated))
            {
                var mockResponse = new BasicRequest().Response;
                req.Items[Keywords.HasPreAuthenticated] = true;
                foreach (var authWithRequest in authProviders.OfType <IAuthWithRequest>())
                {
                    authWithRequest.PreAuthenticateAsync(req, mockResponse).Wait();
                    if (mockResponse.IsClosed)
                    {
                        return(false);
                    }
                }
                foreach (var authWithRequest in authProviders.OfType <IAuthWithRequestSync>())
                {
                    authWithRequest.PreAuthenticate(req, mockResponse);
                    if (mockResponse.IsClosed)
                    {
                        return(false);
                    }
                }
            }

            return(session != null && (authProviders.Length > 0
                ? authProviders.Any(x => session.IsAuthorized(x.Provider))
                : session.IsAuthenticated));
        }
Ejemplo n.º 6
0
    public static int GetCount(string FilePath, int portalID, string userName, int userModuleID, string secureToken)
    {
        AuthenticateService objService = new AuthenticateService();
        int numFiles = 0;

        if (objService.IsPostAuthenticatedView(portalID, userModuleID, userName, secureToken))
        {
            if (FilePath == "/")
            {
                FilePath = HttpContext.Current.Server.MapPath("~/");
            }
            string[] files;

            files    = Directory.GetFiles(FilePath);
            numFiles = files.Length;
        }
        return(numFiles);
    }
Ejemplo n.º 7
0
        public override async Task ExecuteAsync(IRequest req, IResponse res, object requestDto)
        {
            if (AuthenticateService.AuthProviders == null)
            {
                throw new InvalidOperationException(
                          "The AuthService must be initialized by calling AuthService.Init to use an authenticate attribute");
            }

            if (HostContext.HasValidAuthSecret(req))
            {
                return;
            }

            var authProviders = AuthenticateService.GetAuthProviders(this.Provider);

            if (authProviders.Length == 0)
            {
                await res.WriteError(req, requestDto, $"No registered Auth Providers found matching {this.Provider ?? "any"} provider").ConfigAwait();

                res.EndRequest();
                return;
            }

            req.PopulateFromRequestIfHasSessionId(requestDto);

            await PreAuthenticateAsync(req, authProviders).ConfigAwait();

            if (res.IsClosed)
            {
                return;
            }

            var session = req.GetSession();

            if (session == null || !authProviders.Any(x => session.IsAuthorized(x.Provider)))
            {
                if (this.DoHtmlRedirectIfConfigured(req, res, true))
                {
                    return;
                }

                await AuthProvider.HandleFailedAuth(authProviders[0], session, req, res).ConfigAwait();
            }
        }
Ejemplo n.º 8
0
        public void Does_validate_multiple_audiences()
        {
            var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProviderReader.Name);

            string CreateJwtWithAudiences(params string[] audiences)
            {
                var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
                var body   = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
                {
                    UserAuthId      = "1",
                    DisplayName     = "Test",
                    Email           = "*****@*****.**",
                    IsAuthenticated = true,
                },
                                                              issuer: jwtProvider.Issuer,
                                                              expireIn: jwtProvider.ExpireTokensIn,
                                                              audiences: audiences);

                var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());

                return(jwtToken);
            }

            jwtProvider.Audiences = new List <string> {
                "foo", "bar"
            };
            var jwtNoAudience = CreateJwtWithAudiences();

            Assert.That(jwtProvider.IsJwtValid(jwtNoAudience));

            var jwtWrongAudience = CreateJwtWithAudiences("qux");

            Assert.That(!jwtProvider.IsJwtValid(jwtWrongAudience));

            var jwtPartialAudienceMatch = CreateJwtWithAudiences("bar", "qux");

            Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch));

            jwtProvider.Audience = "foo";
            Assert.That(!jwtProvider.IsJwtValid(jwtPartialAudienceMatch));

            jwtProvider.Audience = null;
            Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
        }
Ejemplo n.º 9
0
        public void Register(IAppHost appHost)
        {
            AuthenticateService.Init(sessionFactory, authProviders);
            AuthenticateService.HtmlRedirect = HtmlRedirect;

            var unitTest = appHost == null;

            if (unitTest)
            {
                return;
            }

            foreach (var registerService in ServiceRoutes)
            {
                appHost.RegisterService(registerService.Key, registerService.Value);
            }

            RegisterPlugins.ForEach(x => appHost.LoadPlugin(x));
        }
Ejemplo n.º 10
0
        public static RegisterService GetRegistrationService(
            IUserAuthRepository userAuthRepository,
            AuthUserSession oAuthUserSession = null,
            BasicRequest request             = null)
        {
            if (request == null)
            {
                request = new BasicRequest();
            }
            if (oAuthUserSession == null)
            {
                oAuthUserSession = request.ReloadSession();
            }

            oAuthUserSession.Id = request.Response.CreateSessionId(request);
            request.Items[SessionFeature.RequestItemsSessionKey] = oAuthUserSession;

            var mockAppHost = new BasicAppHost();

            mockAppHost.Container.Register <IAuthRepository>(userAuthRepository);

            var authService = new AuthenticateService
            {
                Request = request,
            };

            authService.SetResolver(mockAppHost);
            mockAppHost.Register(authService);

            var registrationService = new RegisterService
            {
                AuthRepo = userAuthRepository,
                Request  = request,
                RegistrationValidator =
                    new RegistrationValidator {
                    UserAuthRepo = RegistrationServiceTests.GetStubRepo()
                },
            };

            registrationService.SetResolver(mockAppHost);

            return(registrationService);
        }
Ejemplo n.º 11
0
        public void Authenticate()
        {
            User result = null;

            using (var db = new MainAuthExampleContext(_options))
            {
                if (!db.Users.Where(u => u.Username.Equals("user1")).Any())
                {
                    db.Users.Add(new UserAuthenticationsEntity {
                        Username = "******", Password = "******"
                    });
                    db.SaveChanges();
                }

                var authService = new AuthenticateService(db);
                result = authService.Authenticate(new AnonymousUser("user1", "pass1"));
            }
            Assert.Equal(new Employee("user1"), result);
        }
Ejemplo n.º 12
0
        public void Can_validate_valid_token()
        {
            var authClient = GetClient();
            var jwt        = authClient.Send(new Authenticate
            {
                provider = "credentials",
                UserName = Username,
                Password = Password,
            }).BearerToken;

            var jwtProvider = AuthenticateService.GetJwtAuthProvider();

            Assert.That(jwtProvider.IsJwtValid(jwt));

            var jwtPayload = jwtProvider.GetValidJwtPayload(jwt);

            Assert.That(jwtPayload, Is.Not.Null);
            Assert.That(jwtPayload["preferred_username"], Is.EqualTo(Username));
        }
Ejemplo n.º 13
0
        public virtual string GetConsumerId(IRequest request)
        {
            if (AuthenticateService.GetAuthProviders() == null)
            {
                throw new InvalidOperationException(
                          "AuthService not initialized. This is required for generating default ConsumerId for RateLimitting.");
            }

            IAuthSession userSession = request.GetSession();

            // TODO This will need more love to authorize user rather than just verify authentication (not necessarily here but in general)
            if (!IsUserAuthenticated(userSession))
            {
                log.Error($"User {userSession?.UserName ?? "<unknown>"} not authenticated for request {request.AbsoluteUri}");
                throw new AuthenticationException("You must be authenticated to access this service");
            }

            return(userSession.UserAuthId?.ToLowerInvariant());
        }
Ejemplo n.º 14
0
        public object Any(CreateJwt request)
        {
            var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name);

            if (request.JwtExpiry != null)
            {
                jwtProvider.CreatePayloadFilter = (jwtPayload, session) =>
                                                  jwtPayload["exp"] = request.JwtExpiry.Value.ToUnixTime().ToString();
            }

            var jwtSession = request.ConvertTo <AuthUserSession>();
            var token      = jwtProvider.CreateJwtBearerToken(jwtSession);

            jwtProvider.CreatePayloadFilter = null;

            return(new CreateJwtResponse
            {
                Token = token
            });
        }
Ejemplo n.º 15
0
    public static void CopyFile(string filePath, string fromPath, string toPath, int portalID, string userName, int userModuleID, string secureToken)
    {
        AuthenticateService objService = new AuthenticateService();

        if (objService.IsPostAuthenticatedView(portalID, userModuleID, userName, secureToken))
        {
            string fullFilePath = GetAbsolutePath(filePath);
            string fullFromPath = GetAbsolutePath(fromPath);
            string fullToPath   = GetAbsolutePath(toPath);
            try
            {
                //public static void TransferFile(string filePath, string toPath, int action, int mode, string fullFilePath, string fullFromPath, string fullToPath)
                FileManagerHelper.TransferFile(filePath, toPath, (int)Action.COPY, (int)TransferMode.NORMALTONORMAL, fullFilePath, fullFromPath, fullToPath);
            }
            catch (Exception ex)
            {
                fb.ProcessException(ex);
            }
        }
    }
Ejemplo n.º 16
0
        public static bool IsAuthenticated(this IRequest req)
        {
            //Sync with [Authenticate] impl
            if (HostContext.HasValidAuthSecret(req))
            {
                return(true);
            }

            var authProviders = AuthenticateService.GetAuthProviders();

            AuthenticateAttribute.PreAuthenticate(req, authProviders);
            if (req.Response.IsClosed)
            {
                return(false);
            }

            var session = req.GetSession();

            return(session != null && authProviders.Any(x => session.IsAuthorized(x.Provider)));
        }
Ejemplo n.º 17
0
    public static string UnzipFiles(string FilePath, int FolderID, int portalID, string userName, int userModuleID, string secureToken)
    {
        StringBuilder       sb         = new StringBuilder();
        AuthenticateService objService = new AuthenticateService();

        if (objService.IsPostAuthenticatedView(portalID, userModuleID, userName, secureToken))
        {
            string        absolutePath  = GetAbsolutePath(FilePath);
            FileInfo      file          = new FileInfo(absolutePath);
            string        folderName    = file.Name;
            string        newFolderPath = FileManagerHelper.GetFilePathWithoutExtension(absolutePath);
            DirectoryInfo dir           = new DirectoryInfo(newFolderPath);
            if (!dir.Exists)
            {
                string path = string.Empty;
                FileManagerHelper.UnZipFiles(absolutePath, newFolderPath, ref path, SageFrame.Common.RegisterModule.Common.Password, false, userModuleID, fb.GetPortalID);
                Folder folder = new Folder();
                folder.PortalId        = fb.GetPortalID;
                folder.ParentID        = FolderID;
                folder.FolderPath      = FileManagerHelper.ReplaceBackSlash(FileManagerHelper.GetFilePathWithoutExtension(FilePath));
                folder.StorageLocation = 0;
                folder.UniqueId        = Guid.NewGuid();
                folder.VersionGuid     = Guid.NewGuid();
                folder.IsActive        = 1;
                folder.IsRoot          = false;
                folder.AddedBy         = fb.GetUsername;
                try
                {
                    int folderID = FileManagerController.AddFolderReturnFolderID(folder);
                    RecurseThroughDirectory(dir, folderID, userModuleID, ref sb);
                }
                catch (Exception ex)
                {
                    fb.ProcessException(ex);
                }
            }
            CacheHelper.Clear("FileManagerFileList");
            CacheHelper.Clear("FileManagerFolders");
        }
        return(sb.ToString());
    }
Ejemplo n.º 18
0
        public static void AuthenticateIfBasicAuth(IRequest req, IResponse res)
        {
            //Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
            SessionFeature.AddSessionIdToRequestFilter(req, res, null);             //Required to get req.GetSessionId()

            var userPass = req.GetBasicAuthUserAndPassword();

            if (userPass != null)
            {
                AuthenticateService authService = req.TryResolve <AuthenticateService>();

                //authService.Request = new HttpRequestContext(req, res, null);
                //var response = authService.Post(new Authenticate
                authService.Post(new Authenticate
                {
                    provider = "credentials",
                    UserName = userPass.Value.Key,
                    Password = userPass.Value.Value
                });
            }
        }
Ejemplo n.º 19
0
        public async Task InvalidUser_FailsLogin()
        {
            // Arrange
            AccountLoginModel model = new AccountLoginModel {
                Email    = SOME_EMAIL,
                Password = SOME_PASSWORD
            };
            UserLoginResponse userRepoResult = new UserLoginResponse {
                UserIsValid = false
            };

            // Setup mock
            Mock <IUserRepository> userRepositoryMock = SetupUserRepositoryMock(userRepoResult);

            // Act
            AuthenticateService service = new AuthenticateService(userRepositoryMock.Object);
            AuthenticateResult  results = await service.AuthenticateUser(model);

            // Assert
            results.Identity.Should().Be(null);
        }
Ejemplo n.º 20
0
        /// <summary>
        /// Method to Fetch API Version
        /// </summary>
        /// <param name="dataAccessToken"></param>
        /// <returns></returns>
        public string GetAPIVersion(string dataAccessToken)
        {
            string apiVersion = string.Empty;
            string encryptedDataAccessToken        = string.Empty;
            AuthenticateService integrationService = new AuthenticateService();

            try
            {
                apiVersion = integrationService.GetAPIVersion(Constants.CONSUMER_SECRET_TOKEN, UtilityService.DecryptedText(dataAccessToken), Constants.VERSION_5);
            }
            catch (DovicoException e)
            {
                logger.Log(LogLevel.Error, e);
            }
            catch (Exception e)
            {
                logger.Log(LogLevel.Error, e);
            }

            return(apiVersion);
        }
Ejemplo n.º 21
0
        public Task <ActionResult> Register(RegisterViewModel viewModel)
        {
            return(CreateActionResultAsync(async() =>
            {
                if (!ModelState.IsValid)
                {
                    return View();
                }

                var dtoAccount =
                    Mapper.Map <RegisterViewModel, AccountDTO>(viewModel);

                AccountService.Create(dtoAccount);

                var claims = await AuthenticateService.Authenticate(dtoAccount);

                SignIn(claims);

                return RedirectToAction("Index", "Home");
            }));
        }
Ejemplo n.º 22
0
    public static string ReadFiles(string FullPath, int portalID, string userName, int userModuleID, string secureToken)
    {
        string html = string.Empty;
        AuthenticateService objService = new AuthenticateService();

        if (objService.IsPostAuthenticatedView(portalID, userModuleID, userName, secureToken))
        {
            try
            {
                int index = 0;
                index = HttpContext.Current.Request.ApplicationPath == "/" ? 0 : 1;
                string originalFile = string.Concat(HttpContext.Current.Server.MapPath("~/"), FullPath.Substring(FullPath.IndexOf("/", index)).Replace("/", "\\"));
                html = GetXMLString(originalFile, portalID, userName, userModuleID, secureToken);
            }
            catch (Exception e)
            {
                throw e;
            }
        }
        return(html);
    }
Ejemplo n.º 23
0
        public async Task Login_InValid_Returns_False()
        {
            // Arrange
            var userList = new List <User>();
            var mockUser = userList.AsQueryable().BuildMock();

            _Repo.Setup(x => x.Get(It.IsAny <Expression <Func <User, bool> > >())).Returns(mockUser.Object);

            var request = new SignInRequest {
                Username = "******", Password = "******"
            };

            var tokenBuilder    = new Mock <ITokenBuilderService>();
            var passwordService = new Mock <IPasswordService>();
            var authService     = new AuthenticateService(_Repo.Object, tokenBuilder.Object, passwordService.Object);
            // Act
            var results = await authService.Authenticate(request);

            // Assert
            Assert.IsFalse(results.Success);
        }
Ejemplo n.º 24
0
        /// <summary>
        /// Configure ServiceStack Authentication plugin.
        /// </summary>
        /// <param name="container">The container.</param>
        private void ConfigureAuth(Container container)
        {
            Plugins.Add(new AuthFeature(() => new AuthUserSession(),
                                        new IAuthProvider[]
            {
                new BasicAuthProvider(AppSettings),
                new ApiKeyAuthProvider(AppSettings),
            }));

            var authRepo = new OrmLiteAuthRepository(container.Resolve <IDbConnectionFactory>());

            container.Register <IAuthRepository>(c => authRepo);
            authRepo.InitSchema();

            5.Times(x => authRepo.CreateUserAuth(new UserAuth {
                UserName = $"user{x}",
                Email    = $"user{x}@email.com",
            }, "test"));

            AfterInitCallbacks.Add(host =>
            {
                var authProvider = (ApiKeyAuthProvider)
                                   AuthenticateService.GetAuthProvider(ApiKeyAuthProvider.Name);
                using (var db = host.TryResolve <IDbConnectionFactory>().Open())
                {
                    var userWithKeysIds = db.Column <string>(db.From <ApiKey>()
                                                             .SelectDistinct(x => x.UserAuthId)).Map(int.Parse);

                    var userIdsMissingKeys = db.Column <string>(db.From <UserAuth>()
                                                                .Where(x => userWithKeysIds.Count == 0 || !userWithKeysIds.Contains(x.Id))
                                                                .Select(x => x.Id));

                    foreach (var userId in userIdsMissingKeys)
                    {
                        var apiKeys = authProvider.GenerateNewApiKeys(userId.ToString());
                        authRepo.StoreAll(apiKeys);
                    }
                }
            });
        }
Ejemplo n.º 25
0
    public static void CreateFolder(int FolderID, string filePath, string folderName, int fileType, int portalID, string userName, int userModuleID, string secureToken)
    {
        AuthenticateService objService = new AuthenticateService();

        if (objService.IsPostAuthenticatedView(portalID, userModuleID, userName, secureToken))
        {
            string        absolutePath = FileManagerHelper.ReplaceBackSlash(Path.Combine(HttpContext.Current.Request.PhysicalApplicationPath.ToString(), filePath));
            DirectoryInfo dir          = new DirectoryInfo(absolutePath);
            if (!dir.Exists)
            {
                dir.Create();
                try
                {
                    CacheHelper.Clear("FileManagerFolders");
                }
                catch (Exception ex)
                {
                    fb.ProcessException(ex);
                }
            }
        }
    }
Ejemplo n.º 26
0
        public static string PostToUrl(string url, string accessToken, string accessTokenSecret, Dictionary <string, string> args, string acceptType = MimeTypes.Json)
        {
            var oAuthProvider = (OAuthProvider)AuthenticateService.GetAuthProvider("twitter");
            var uri           = new Uri(url);
            var webReq        = (HttpWebRequest)WebRequest.Create(uri);

            webReq.Accept = acceptType;
            webReq.Method = HttpMethods.Post;

            string data = null;

            if (args != null)
            {
                var sb = new StringBuilder();
                foreach (var arg in args)
                {
                    if (sb.Length > 0)
                    {
                        sb.Append("&");
                    }
                    sb.AppendFormat("{0}={1}", arg.Key, OAuthUtils.PercentEncode(arg.Value));
                }
                data = sb.ToString();
            }

            webReq.Headers[HttpRequestHeader.Authorization] = OAuthAuthorizer.AuthorizeRequest(
                oAuthProvider, accessToken, accessTokenSecret, "POST", uri, data);

            if (data != null)
            {
                webReq.ContentType = MimeTypes.FormUrlEncoded;
                using (var writer = new StreamWriter(webReq.GetRequestStream()))
                    writer.Write(data);
            }

            using (var webRes = webReq.GetResponse())
                return(webRes.ReadToEnd());
        }
Ejemplo n.º 27
0
        public object Any(CreateRefreshJwt request)
        {
            var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name);

            var jwtHeader = new JsonObject
            {
                { "typ", "JWTR" }, //RefreshToken
                { "alg", jwtProvider.HashAlgorithm }
            };

            var keyId = jwtProvider.GetKeyId(Request);

            if (keyId != null)
            {
                jwtHeader["kid"] = keyId;
            }

            var now        = DateTime.UtcNow;
            var jwtPayload = new JsonObject
            {
                { "sub", request.UserAuthId ?? "1" },
                { "iat", now.ToUnixTime().ToString() },
                { "exp", (request.JwtExpiry ?? DateTime.UtcNow.AddDays(1)).ToUnixTime().ToString() },
            };

            if (jwtProvider.Audience != null)
            {
                jwtPayload["aud"] = jwtProvider.Audience;
            }

            var hashAlgoritm = jwtProvider.GetHashAlgorithm();
            var refreshToken = JwtAuthProvider.CreateJwt(jwtHeader, jwtPayload, hashAlgoritm);

            return(new CreateRefreshJwtResponse
            {
                Token = refreshToken
            });
        }
Ejemplo n.º 28
0
        protected async Task HandleDeleteButton()
        {
            var options = new ModalOptions()
            {
                DisableBackgroundCancel = true,
                HideCloseButton         = true
            };

            var modal  = Modal.Show <DeleteUserConfirmation>("Delete User", options);
            var result = await modal.Result;

            if (!result.Cancelled && User != null)
            {
                await AuthenticateService.LogoutUser();

                var succeeded = await UserService.DeleteUserAsync(User.Id);

                if (succeeded)
                {
                    NavigationManager.NavigateTo("/");
                }
            }
        }
Ejemplo n.º 29
0
    public static string UnzipFiles(string FilePath, int FolderID, int portalID, string userName, int userModuleID, string secureToken)
    {
        StringBuilder       sb         = new StringBuilder();
        AuthenticateService objService = new AuthenticateService();

        if (objService.IsPostAuthenticatedView(portalID, userModuleID, userName, secureToken))
        {
            string        absolutePath  = GetAbsolutePath(FilePath);
            FileInfo      file          = new FileInfo(absolutePath);
            string        folderName    = file.Name;
            string        newFolderPath = FileManagerHelper.GetFilePathWithoutExtension(absolutePath);
            DirectoryInfo dir           = new DirectoryInfo(newFolderPath);
            if (!dir.Exists)
            {
                string path = string.Empty;
                FileManagerHelper.UnZipFiles(absolutePath, newFolderPath, ref path, SageFrame.Common.RegisterModule.Common.Password, false, userModuleID, fb.GetPortalID);
                Folder folder = new Folder();
            }
            CacheHelper.Clear("FileManagerFileList");
            CacheHelper.Clear("FileManagerFolders");
        }
        return(sb.ToString());
    }
Ejemplo n.º 30
0
        public void Can_not_access_Secure_service_with_invalidated_token()
        {
            var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name);

            var token = jwtProvider.CreateJwtBearerToken(new AuthUserSession
            {
                UserAuthId  = "1",
                DisplayName = "Test",
                Email       = "*****@*****.**"
            });

            var client = GetClientWithBearerToken(token);

            var request = new Secured {
                Name = "test"
            };
            var response = client.Send(request);

            Assert.That(response.Result, Is.EqualTo(request.Name));

            jwtProvider.InvalidateTokensIssuedBefore = DateTime.UtcNow.AddSeconds(1);

            try
            {
                response = client.Send(request);
                Assert.Fail("Should throw");
            }
            catch (WebServiceException ex)
            {
                Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
                Assert.That(ex.ErrorCode, Is.EqualTo(typeof(TokenException).Name));
            }
            finally
            {
                jwtProvider.InvalidateTokensIssuedBefore = null;
            }
        }
Ejemplo n.º 31
0
 public bool Authenticate(string username, string password)
 {
     //Run auth through the auth svc to get an identity
     AuthenticateService authsvc = new AuthenticateService();
     try {
         authsvc.Url = String.Format("http://{0}/FrontDeskServices/authsvc.asmx",
             TestConfig.AuthenticationAddress);
         Authentication.ServiceTicket tik = authsvc.Authenticate(username, password);
         FrontDesk.Services.ServiceTicket ticket = new FrontDesk.Services.ServiceTicket();
         ticket.HostAddress = tik.HostAddress;
         ticket.Username = tik.Username;
         ticket.Ident = tik.Ident;
         m_ident = AuthorizedIdent.Create(ticket);
         if (m_ident != null) {
             m_logger.Log("Authentication for: " + username +
                 " succeeded.");
             return true;
         }
         else {
             m_logger.Log("Authentication for: " + username +
                 " failed.", TestLogger.LogType.ERROR);
             return false;
         }
     } catch (Exception er) {
         m_logger.Log("Error during authentication: MESSAGE: " + er.Message,
             TestLogger.LogType.ERROR);
         return false;
     }
 }