/// <summary> /// The MapRequestJwtPayloadToSsoJwtPayload method. /// Maps the information inside a SSO JWT payload to the SsoJwtPayload model. /// <para> /// @author: Jennifer Nguyen /// @updated: 04/09/2018 /// </para> /// </summary> /// <param name="payload"></param> /// <returns>ResponseDto with a SsoTokenPayload</returns> public ResponseDto <SsoTokenPayloadDto> MapRequestJwtPayloadToSsoJwtPayload() { // Convert string token to Json Web Security Token (JwtSecurityToken) var jwt = _tokenService.GetJwtSecurityToken(_ssoToken.Token); // Extract payload from JwtSecurityToken var payload = jwt.Payload; var ssoTokenPayloadDto = new SsoTokenPayloadDto(); // Mapping required information in the payload to a data transfer object foreach (var keyValuePair in payload) { switch (keyValuePair.Key) { case SsoTokenPayloadKeys.USERNAME: ssoTokenPayloadDto.Username = keyValuePair.Value.ToString(); break; case SsoTokenPayloadKeys.PASSWORD: ssoTokenPayloadDto.Password = keyValuePair.Value.ToString(); break; case SsoTokenPayloadKeys.ROLE_TYPE: ssoTokenPayloadDto.RoleType = keyValuePair.Value.ToString().ToLower(); break; case SsoTokenPayloadKeys.APPLICATION: ssoTokenPayloadDto.Application = keyValuePair.Value.ToString().ToLower(); break; case SsoTokenPayloadKeys.IAT: ssoTokenPayloadDto.IssuedAt = keyValuePair.Value.ToString(); break; default: // If there are extra keys in payload, then the token is invalid return(new ResponseDto <SsoTokenPayloadDto>() { Data = null, Error = SsoErrorMessages.INVALID_TOKEN_PAYLOAD }); } } return(new ResponseDto <SsoTokenPayloadDto>() { Data = ssoTokenPayloadDto }); }
public void Should_FailValidation_When_PasswordIsNull() { // Arrange var ssoTokenPayload = new SsoTokenPayloadDto() { Username = "******", Password = null, Application = "getusgrub", RoleType = "public", IssuedAt = "123980213" }; // Act var result = _ssoTokenPayloadDtoValidator.Validate(ssoTokenPayload, ruleSet: "SsoRegistration"); var isValid = result.IsValid; // Assert isValid.Should().Be(false); }
/// <summary> /// Validates whether the payload's credentials are valid. /// <para> /// @author: Brian Fann /// @updated: 4/24/18 /// </para> /// </summary> /// <param name="payload">Payload of token</param> /// <returns>True if credentials are valid, false otherwise</returns> private ResponseDto <bool> ValidateCredentials(SsoTokenPayloadDto payload) { // Validate username and password var loginDto = new LoginDto(payload.Username, payload.Password); var accountValidationStrategy = new LoginPreLogicValidationStrategy(loginDto); var accountResult = accountValidationStrategy.ExecuteStrategy(); if (!accountResult.Data) { StoreInvalidToken(); return(new ResponseDto <bool>() { Data = false, Error = accountResult.Error }); } using (var gateway = new AuthenticationGateway()) { var userAccountResult = gateway.GetUserAccount(payload.Username); if (userAccountResult.Error != null) { return(new ResponseDto <bool>() { Data = false, Error = userAccountResult.Error }); } var userAccount = userAccountResult.Data; var saltResult = gateway.GetUserPasswordSalt(userAccount.Id); // Check if salt exists if (saltResult.Error != null) { return(new ResponseDto <bool>() { Data = false, Error = saltResult.Error }); } // Hash the password and compare it against the database var hashedPassword = new PayloadHasher().Sha256HashWithSalt(saltResult.Data.Salt, payload.Password); var isPasswordMatching = hashedPassword == userAccount.Password; if (!isPasswordMatching) { return(new ResponseDto <bool>() { Data = false, Error = AuthenticationErrorMessages.USERNAME_PASSWORD_ERROR }); } } // Credentials are valid at this point return(new ResponseDto <bool>() { Data = true }); }