public void Receive(AuthenticationTokenReceiveContext context)
{
context.DeserializeTicket(context.Token);
if (context.Ticket == null)
{
context.Response.StatusCode = 400;
context.Response.ContentType = "application/json";
context.Response.ReasonPhrase = "invalid token";
return;
}
if (context.Ticket.Properties.ExpiresUtc <= DateTime.UtcNow)
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
context.Response.ReasonPhrase = "unauthorized";
return;
}
context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(1);
context.SetTicket(context.Ticket);
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var allowedOrigin = context.OwinContext.Get <string>(OwinContextKeys.CLIENT_ALLOWED_ORIGIN);
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string hashedTokenId = HashGenerator.GetHash(context.Token);
ApplicationDbContext appDbContext = context.OwinContext.Get <ApplicationDbContext>();
ApplicationUserManager applicationUserManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
AuthRepository _repo = new AuthRepository(appDbContext, applicationUserManager);
var refreshToken = await _repo.FindRefreshToken(hashedTokenId);
if (refreshToken != null)
{
//Get protectedTicket from refreshToken class
//context.DeserializeTicket(refreshToken.ProtectedTicket);
TicketSerializer serializer = new TicketSerializer();
context.SetTicket(serializer.Deserialize(Encoding.Default.GetBytes(refreshToken.ProtectedTicket)));
var result = await _repo.RemoveRefreshToken(hashedTokenId);
}
}
public override async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var url = string.Format(_tokenValidationEndpoint, context.Token);
var response = await _client.GetAsync(url);
if (response.StatusCode != HttpStatusCode.OK)
{
return;
}
var jsonString = await response.Content.ReadAsStringAsync();
var dictionary = JsonConvert.DeserializeObject <Dictionary <string, object> >(jsonString);
var claims = new List <Claim>();
foreach (var item in dictionary)
{
var values = item.Value as IEnumerable <object>;
if (values == null)
{
claims.Add(new Claim(item.Key, item.Value.ToString()));
}
else
{
foreach (var value in values)
{
claims.Add(new Claim(item.Key, value.ToString()));
}
}
}
context.SetTicket(new AuthenticationTicket(new ClaimsIdentity(claims, _authenticationType), new AuthenticationProperties()));
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
Guid sessionTokenId;
if (!Guid.TryParseExact(context.Token, "N", out sessionTokenId))
{
return;
}
var sessionToken = await GetSessionToken(context.OwinContext, sessionTokenId);
if (object.Equals(sessionToken, null))
{
context.Response.Headers.Add("Refresh-Token-Expired", new[] { string.Format("token: {0}", sessionTokenId.ToString("N")) });
context.Response.Headers.Add("Access-Control-Expose-Headers", new[] { "Refresh-Token-Expired" });
return;
}
//TODO external provider password verification
context.OwinContext.Set("scope", SaaSScopeWorkerFactory.StringToScope(sessionToken.Scope));
context.OwinContext.Set("systemId", sessionToken.SystemId);
context.OwinContext.Set("sessionToken", sessionToken);
//context.DeserializeTicket(token.ProtectedTicket);
var ticket = AccessTokenFormat.Unprotect(sessionToken.ProtectedTicket);
var issued = DateTime.UtcNow;
var expires = issued.Add(Startup.OAuthServerOptions.AccessTokenExpireTimeSpan);
ticket.Properties.IssuedUtc = issued;
ticket.Properties.ExpiresUtc = expires;
context.SetTicket(ticket);
}
/// <summary>
/// Authenticates a refresh token.
/// </summary>
/// <param name="context">The authentication context.</param>
/// <returns/>
public void ReceiveRefreshToken(AuthenticationTokenReceiveContext context)
{
this.options.Logger.Debug("Received refresh token");
var clientId = context.OwinContext.GetOAuthContext().ClientId;
var redirectUri = context.OwinContext.GetOAuthContext().RedirectUri;
var tcs = new TaskCompletionSource <AuthenticationTicket>();
Task.Run(
async() =>
{
try
{
var principal = await this.options.TokenManager.AuthenticateRefreshTokenAsync(clientId, context.Token);
if (principal.Identity.IsAuthenticated)
{
var client = principal.Identity.Claims.First(x => x.Type == ClaimType.Client);
var redirect = principal.Identity.Claims.First(x => x.Type == ClaimType.RedirectUri);
var scope = principal.Identity.Claims.FirstOrDefault(x => x.Type == ClaimType.Scope);
/* Override the validation parameters.
* This is because OWIN thinks the principal.Identity.Name should
* be the same as the client_id from ValidateClientAuthentication method,
* but we need to use the user id in Sentinel.
*/
var props = new AuthenticationProperties();
props.Dictionary.Add("client_id", client.Value);
props.RedirectUri = redirectUri;
props.ExpiresUtc = DateTimeOffset.UtcNow.Add(this.options.RefreshTokenLifetime);
// Re-authenticate user to get new claims
var user = await this.options.UserManager.AuthenticateUserAsync(principal.Identity.Name);
// Make sure the user has the correct claims
user.Identity.RemoveClaim(x => x.Type == ClaimType.Client);
user.Identity.RemoveClaim(x => x.Type == ClaimType.RedirectUri);
user.Identity.AddClaim(ClaimType.Client, client.Value);
user.Identity.AddClaim(ClaimType.RedirectUri, redirect.Value);
if (scope != null)
{
foreach (var s in scope.Value.Split(' '))
{
user.Identity.AddClaim(ClaimType.Scope, s);
}
}
tcs.SetResult(new AuthenticationTicket(user.Identity.AsClaimsIdentity(), props));
}
else
{
tcs.SetResult(null);
}
}
catch (Exception ex)
{
tcs.SetException(ex);
}
}).ConfigureAwait(false);
var result = tcs.Task.Result;
if (result != null)
{
context.SetTicket(result);
}
this.options.Logger.Debug("Finished processing refresh token");
}
/// <summary>
/// Realiza o processo de refresh do token.
/// </summary>
/// <param name="context">Contexto da aplicação.</param>
public void Receive(AuthenticationTokenReceiveContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
using (var usuario = new APIUsuarioBO())
{
// Define o client info baseado nos headers do contexto.
var clientInfo = string.Empty;
if (context.Request != null && context.Request.Headers != null)
{
clientInfo = !string.IsNullOrEmpty(context.Request.Headers["ClientInfo"]) ? context.Request.Headers["ClientInfo"] : string.Empty;
}
// Consulta o token do usuário, caso o token seja diferente de nulo e o client info não bata com os dados de identificação do token, retorna.
var token = usuario.ConsultarToken(context.Token);
if (token != null && !clientInfo.Equals(token.DadosIndentificacao, StringComparison.InvariantCultureIgnoreCase))
{
return;
}
// Se o token continua nulo, consulta o token utilizando o client info, que contém o nome do usuário.
if (token == null)
{
token = usuario.ConsultarToken(clientInfo, null);
}
else if (clientInfo.Equals(token.DadosIndentificacao, StringComparison.InvariantCultureIgnoreCase))
{
token.Token = null;
}
// Se o objeto token continua null, gera exception, loga e retorna.
if (token == null)
{
//throw new NullReferenceException("Objeto Token é nulo após tentativa de recuperação.");
LogUtil.Debug(string.Format("##RefreshToken.Receive.ERROR## MSG: {0}, CLIENT_INFO {1}, TOKEN {2}", "Objeto Token é nulo após tentativa de recuperação.", clientInfo, context.Token));
return;
}
if (!string.IsNullOrEmpty(token.Token))
{
return;
}
// Se o token não é nulo, atualiza o token no storage e no contexto, e redefine o ticket.
// O processo é o mesmo de criação do token, o token não será gravado em banco neste momento, a variável AtualizarToken da API controller gerencia esse processo na
// próxima requisição.
token.DataExpiracao = DateTime.Now.Add(TimeSpan.FromHours(token.APIUsuario.HorasExpiracaoToken));
usuario.Salvar(token);
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
var oAuthIdentity = usuario.CriarIdentity(token.APIUsuario, userManager.UserTokenProvider);
var ticket = new AuthenticationTicket(oAuthIdentity, ApplicationOAuthProvider.CreateProperties(token.APIUsuario));
ticket.Properties.ExpiresUtc = token.DataExpiracao;
ticket.Properties.IssuedUtc = DateTime.Now;
context.SetTicket(ticket);
}
}
/// <summary>ReceiveRefreshToken</summary>
/// <param name="context">AuthenticationTokenReceiveContext</param>
private void ReceiveRefreshToken(AuthenticationTokenReceiveContext context)
{
//context.DeserializeTicket(context.Token);
// --------------------------------------------------
if (ASPNETIdentityConfig.EnableRefreshToken)
{
// EnableRefreshToken == true
AuthenticationTicket ticket;
TicketSerializer serializer = new TicketSerializer();
IEnumerable <byte[]> values = null;
List <byte[]> list = null;
switch (ASPNETIdentityConfig.UserStoreType)
{
case EnumUserStoreType.Memory:
if (RefreshTokenProvider.RefreshTokens.TryRemove(context.Token, out ticket))
{
context.SetTicket(ticket);
}
break;
case EnumUserStoreType.SqlServer:
case EnumUserStoreType.ODPManagedDriver:
case EnumUserStoreType.PostgreSQL: // DMBMS
using (IDbConnection cnn = DataAccess.CreateConnection())
{
cnn.Open();
switch (ASPNETIdentityConfig.UserStoreType)
{
case EnumUserStoreType.SqlServer:
values = cnn.Query <byte[]>(
"SELECT [Value] FROM [RefreshTokenDictionary] WHERE [Key] = @Key", new { Key = context.Token });
list = values.AsList();
if (list.Count != 0)
{
ticket = serializer.Deserialize(values.AsList()[0]);
context.SetTicket(ticket);
cnn.Execute(
"DELETE FROM [RefreshTokenDictionary] WHERE [Key] = @Key", new { Key = context.Token });
}
break;
case EnumUserStoreType.ODPManagedDriver:
values = cnn.Query <byte[]>(
"SELECT \"Value\" FROM \"RefreshTokenDictionary\" WHERE \"Key\" = :Key", new { Key = context.Token });
list = values.AsList();
if (list.Count != 0)
{
ticket = serializer.Deserialize(values.AsList()[0]);
context.SetTicket(ticket);
cnn.Execute(
"DELETE FROM \"RefreshTokenDictionary\" WHERE \"Key\" = :Key", new { Key = context.Token });
}
break;
case EnumUserStoreType.PostgreSQL:
values = cnn.Query <byte[]>(
"SELECT \"value\" FROM \"refreshtokendictionary\" WHERE \"key\" = @Key", new { Key = context.Token });
list = values.AsList();
if (list.Count != 0)
{
ticket = serializer.Deserialize(values.AsList()[0]);
context.SetTicket(ticket);
cnn.Execute(
"DELETE FROM \"refreshtokendictionary\" WHERE \"key\" = @Key", new { Key = context.Token });
}
break;
}
}
break;
}
}
else
{
// EnableRefreshToken == false
}
}