public IActionResult Post(AccessTokenDTO auth)
{
string tmp = string.Empty;
try
{
TokenValidationService tm = new TokenValidationService(
_refreshService,
_configuration,
_tSLogger,
_tokenService,
_tokenServiceDbContext,
_encryptionService);
tmp = tm.VerifyToken(auth);
}
catch (InvalidTokenException exToken)
{
return(Unauthorized(new UnauthorizedError(exToken.Message)));
}
catch (Exception ex)
{
return(Unauthorized(new UnauthorizedError(ex.Message)));
}
return(Ok(tmp));
}
internal KeycloakAuthorization(AccessTokenDTO authorization)
{
Guard.Argument(authorization, nameof(authorization)).NotNull();
Guard.Argument(authorization.Access_token, nameof(authorization.Access_token)).NotNull();
Guard.Argument(authorization.Expires_in, nameof(authorization.Expires_in)).Positive();
AccessToken = authorization.Access_token;
Expires = DateTimeOffset.Now.AddSeconds(authorization.Expires_in);
}
private OidcLoginData ParseOidcInfo(HttpWebResponse webResponse)
{
AccessTokenDTO jsonResponse = ParseAccessTokenJsonFromResponse(webResponse);
long accessTokenExpirationInMillis = GetAccessTokenExpirationInMillis(jsonResponse.ExpiresIn);
OidcLoginData oidcLoginData = OidcLoginData.GetOidcLoginDataInstance();
oidcLoginData.AccessToken = jsonResponse.AccessToken;
oidcLoginData.RefreshToken = jsonResponse.RefreshToken;
oidcLoginData.AccessTokenExpiration = accessTokenExpirationInMillis;
return(oidcLoginData);
}
private AccessTokenDTO ParseAccessTokenJsonFromResponse(HttpWebResponse webResponse)
{
AccessTokenDTO accessTokenDTO = null;
string json;
using (StreamReader readStream = new StreamReader(webResponse.GetResponseStream(), Encoding.UTF8))
{
json = readStream.ReadToEnd();
JsonSerializerSettings settings = new JsonSerializerSettings();
settings.TypeNameHandling = TypeNameHandling.None;
accessTokenDTO = JsonConvert.DeserializeObject <AccessTokenDTO>(json, settings);
}
return(accessTokenDTO);
}
public string VerifyToken(AccessTokenDTO auth)
{
try
{
string SecretKey = config["Secretkey"];
ResponseDTO authorizationVm = new ResponseDTO(auth.Authorization, false, SecretKey, JWTToken);
var handler = new TokenVerificationHandler();
handler.SetNext(new TokenTimeVerificationHandler()).SetNext(new TokenRevocationHandler());
handler.Handle(authorizationVm);
return(TokenConstants.ValidToken);
}
catch
{
throw new InvalidTokenException(TokenConstants.InvalidToken);
}
}
public async Task <AccessTokenDTO> RefeshAccessToken()
{
try
{
var request = CreateRefreshAccessTokenRequest();
var client = _clientFactory.CreateClient("lis");
var response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var responseData = await response.Content.ReadAsStringAsync();
var result = JsonConvert.DeserializeObject <LisResponse>(responseData);
if (result?.Answer?.Id_user != null)
{
var cookies = response.Headers.GetValues("Set-Cookie");
var accessTokenCookie = cookies.FirstOrDefault(x => x.StartsWith(AccessTokenCookieName));
var refreshTokenCookie = cookies.FirstOrDefault(x => x.StartsWith(RefreshTokenCookieName));
var accessTokenParts = accessTokenCookie.Split(new char[] { '=', ';' });
var refreshTokenParts = refreshTokenCookie.Split(new char[] { '=', ';' });
var retVal = new AccessTokenDTO()
{
AccessToken = accessTokenParts[1],
AccessTokenExpiration = DateTime.Parse(accessTokenParts[3]),
AccessTokenSourceCookie = accessTokenCookie,
RefreshToken = refreshTokenParts[1],
RefreshTokenExpiration = DateTime.Parse(refreshTokenParts[3]),
RefreshTokenSourceCookie = refreshTokenCookie,
};
return(retVal);
}
}
throw new ApiSecurityException(ApiSecurityErrors.AuthenticationError);
}
catch (Exception)
{
throw new ApiSecurityException(ApiSecurityErrors.AuthenticationError);
}
}
private async Task <AccessTokenDTO> GenerateAccessToken(string username, string password)
{
try
{
var request = CreateGenerateAccessTokenRequest(username, password);
var client = _clientFactory.CreateClient("lis");
var response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var responseData = await response.Content.ReadAsStringAsync();
if (responseData.Contains("success"))
{
var cookies = response.Headers.GetValues("Set-Cookie");
var accessTokenCookie = cookies.FirstOrDefault(x => x.StartsWith(AccessTokenCookieName));
var refreshTokenCookie = cookies.FirstOrDefault(x => x.StartsWith(RefreshTokenCookieName));
var accessTokenParts = accessTokenCookie.Split(new char[] { '=', ';' });
var refreshTokenParts = refreshTokenCookie.Split(new char[] { '=', ';' });
var retVal = new AccessTokenDTO()
{
AccessToken = accessTokenParts[1],
AccessTokenExpiration = DateTime.Parse(accessTokenParts[3]),
AccessTokenSourceCookie = accessTokenCookie,
RefreshToken = refreshTokenParts[1],
RefreshTokenExpiration = DateTime.Parse(refreshTokenParts[3]),
RefreshTokenSourceCookie = refreshTokenCookie,
};
return(retVal);
}
}
throw new ApiSecurityException(ApiSecurityErrors.AuthenticationError);
}
catch (Exception)
{
throw new ApiSecurityException(ApiSecurityErrors.AuthenticationError);
}
}
public void TestAuthenticateAccessTokenFromRefreshToken()
{
ITSLogger log = new TSLogger();
AccessTokenDTO accessDTO = new AccessTokenDTO();
AuthorizationGrantRequestDTO authorizationGrantRequestDTO = new AuthorizationGrantRequestDTO
{
Client_Id = Guid.Parse("29bfd4b1-81c0-4db3-a615-4422d08f9792"),
Code = null,
Grant_Type = AuthorizationGrantType.refresh_token,
UserName = null,
Scope = null,
Password = null,
Redirect_Uri = null,
Refresh_Token = HttpUtility.UrlEncode("pgsoAvSXD3xYPV+/pSAe3khYZWOFidHPxpltwNDP4Xw="),
State = null
};
IAuthenticationService tm = new AuthenticationService(new RefreshToken(), configuration, log, new JWTToken(log, new EncryptionService(), configuration), context, new EncryptionService());
accessDTO.Authorization = accessDTO.Authorization = tm.Authenticate(authorizationGrantRequestDTO).access_token;
TokenValidationService tokenValidationService = new TokenValidationService(new RefreshToken(), configuration, log, new JWTToken(log, new EncryptionService(), configuration), context, new EncryptionService());
Assert.AreEqual(TokenConstants.ValidToken, tokenValidationService.VerifyToken(accessDTO));
}
public static AccessTokenDTO GetAuth()
{
AccessTokenDTO outmodel = MemoryCacheUtil.Get <AccessTokenDTO>("login_info");
if (outmodel == null)
{
var interfaceUrl = AppConfig.GetConfig("CRMWebAPIUrl").TrimEnd('/') + "/api/Login";
string query = string.Format("grant_type=client_credentials&client_id=idcas&client_secret=35601B332BFE17E5E13BD4DA62BD9FE8");
try
{
var result = HttpHelper.Post(interfaceUrl, query, "", "text/plain");
outmodel = JsonConvert.DeserializeObject <AccessTokenDTO>(result);
MemoryCacheUtil.Set("login_info", outmodel, 7200);
}
catch (Exception ex)
{
_logger.Error("获取访问令牌异常", ex);
}
}
return(outmodel);
}
/// <summary>
/// Initializes a new instance of the <see cref="KeycloakAuthorizationMapper"/> class
/// </summary>
/// <param name="data">A <see cref="AccessTokenDTO"/> instance containing data used to construct <see cref="KeycloakAuthorization"/> instance</param>
internal KeycloakAuthorizationMapper(AccessTokenDTO data)
{
Guard.Argument(data, nameof(data)).NotNull();
_data = data;
}
public IActionResult Facebook([FromBody] AccessTokenDTO model)
{
var client = _clientFactory.CreateClient();
// 1.generate an app access token
var appAccessTokenResponse = client.GetAsync($"https://graph.facebook.com/oauth/access_token?client_id={_appSettings.FacebookAppId}&client_secret={_appSettings.FacebookAppSecret}&grant_type=client_credentials");
var responseString = appAccessTokenResponse.Result.Content.ReadAsStringAsync().Result;
AccessTokenDTO appAccessToken = JsonConvert.DeserializeObject <AccessTokenDTO>(responseString);
// 2. validate the user access token
var userAccessTokenValidationResponse = client.GetAsync($"https://graph.facebook.com/debug_token?input_token={model.AccessToken}&access_token={appAccessToken.AccessToken}");
var userAccessResponseString = userAccessTokenValidationResponse.Result.Content.ReadAsStringAsync().Result;
var userAccessTokenValidation = JsonConvert.DeserializeObject <FacebookUserAccessTokenValidation>(userAccessResponseString);
if (!userAccessTokenValidation.Data.IsValid)
{
return(BadRequest(new { code = false, message = "Invalid facebook token." }));
}
// 3. we've got a valid token so we can request user data from fb
var userInfoResponse = client.GetAsync($"https://graph.facebook.com/v2.8/me?fields=id,email,first_name,last_name,name,gender,locale,birthday,picture&access_token={model.AccessToken}");
var userInfoResponseString = userInfoResponse.Result.Content.ReadAsStringAsync().Result;
var userInfo = JsonConvert.DeserializeObject <ExternalLoginDTO>(userInfoResponseString);
// 4. ready to create the local user account (if necessary) and jwt
var user = _userService.FindByEmail(userInfo.Email);
if (user == null)
{
var appUser = new User
{
Email = userInfo.Email,
};
_userService.CreateExternalUser(appUser);
}
// generate the jwt for the local user...
var localUser = _userService.FindByEmail(userInfo.Email);
if (localUser == null)
{
return(BadRequest(new { code = false, message = "Failed to create local user account." }));
}
_externalLoginService.CreateOrUpdate(localUser, userInfo, ExternalLogin.FACEBOOK);
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, localUser.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// return basic user info (without password) and token to store client side
return(Ok(new
{
status = true,
userData = new
{
Id = localUser.Id,
Email = localUser.Email,
Phone = localUser.Phone,
ReferralCode = localUser.ReferralCode,
Token = tokenString
}
}));
}
public ExchangeRefreshTokenResponseDTO(AccessTokenDTO accessToken, string refreshToken)
{
AccessToken = accessToken;
RefreshToken = refreshToken;
}
public async Task SetUpAccessToken(int userId, [FromBody] AccessTokenDTO token)
{
await _synchronizationService.SetUpUserToken(userId, token.Token);
}
public async Task <AccessTokenCheckDTO> CheckIfTokenValid([FromBody] AccessTokenDTO token)
{
return(await _synchronizationService.CheckIfTokenValid(token.Token));
}
