public async Task <string> GenerateJwt(IdentityUser user, CancellationToken ct)
{
var claimsPrincipal = await ClaimsFactory.CreateAsync(user);
var claims = claimsPrincipal.Claims?.ToList() ?? new List <Claim>();
var userClaims = await UserManager.GetClaimsAsync(user);
if (userClaims != null)
{
claims.AddRange(userClaims);
}
var customClaims = user.Claims?.Select(x => x.ToClaim()).ToList();
if (customClaims != null)
{
claims.AddRange(customClaims);
}
claims.Add(new Claim(JwtRegisteredClaimNames.Jti, GuidGenerator.Create().ToString()));
var token = new JwtSecurityToken(
issuer: JwtSettings.Issuer,
audience: JwtSettings.Audience,
claims: claims,
expires: Clock.Now.Add(JwtSettings.ExpirationDays),
signingCredentials: JwtSettings.SigningCredentials);
var jwtHandler = new JwtSecurityTokenHandler
{
MapInboundClaims = false
};
return(jwtHandler.WriteToken(token));
}
public OmsUserManager(ApiUserContext dbContext) : base(new UsuarioStore(dbContext))
{
if (Dbcontext == null)
{
Dbcontext = dbContext;
}
UserValidator = new UserValidator <Usuario, long>(this)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = false,
RequireDigit = false,
RequireLowercase = false,
RequireUppercase = false,
};
//UserTokenProvider = new EmailTokenProvider<ApplicationUser>();
ClaimsIdentityFactory = new ClaimsFactory();
// enable lockout on users
DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(1);
MaxFailedAccessAttemptsBeforeLockout = 6;
UserLockoutEnabledByDefault = true;
}
public UserManager(ClaimsFactory claimsFactory, IdentityDataContext context, IdentityValidator identityValidator)
{
_identityManager = new UserManager <User>(new UserStore <User>(context))
{
ClaimsIdentityFactory = claimsFactory,
UserValidator = identityValidator
};
}
/// <summary>
/// Gets the claims for a user.
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
protected virtual async Task <ClaimsPrincipal> GetClaimsPrincipalAsync(TUser user)
{
var principal = await ClaimsFactory.CreateAsync(user).ConfigureAwait(false);
if (principal == null)
{
throw new InvalidOperationException("ClaimsFactory failed to create a principal");
}
return(principal);
}
/// <summary>
/// 创建登陆成功的结果
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
protected virtual async Task <LoginResult> CreateLoginResultAsync(User user)
{
if (!user.IsActive)
{
return(new LoginResult(LoginResultType.UserIsNotActive));
}
var claimsPrincipal = await ClaimsFactory.CreateAsync(user);
return(new LoginResult(LoginResultType.Success, user, claimsPrincipal));
}
public async override Task SignInAsync(EasyUser user, AuthenticationProperties authenticationProperties, string authenticationMethod = null)
{
var userPrincipal = await ClaimsFactory.CreateAsync(user);
if (authenticationMethod != null)
{
userPrincipal.Identities.First().AddClaim(new Claim(ClaimTypes.AuthenticationMethod, authenticationMethod));
}
await Context.SignInAsync(IdentityConstants.ApplicationScheme,
userPrincipal,
authenticationProperties ?? new AuthenticationProperties());
}
public void IsClaimsFactoryCreatingValidClaims()
{
ClaimsFactory ClaimsFactory = new ClaimsFactory();
var Roles = new List <string>
{
"XunitRole"
};
//Begin tests
// create a claim
var Claims = ClaimsFactory.CreateJwtClaims("Xunit", Roles);
// test the type is Claim
Assert.IsType <List <Claim> >(Claims);
}
public override async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var sub = context.Subject?.GetSubjectId();
if (sub == null)
{
throw new Exception("No sub claim present");
}
var user = await UserManager.FindByIdAsync(sub);
Claim tenantClaim = null;
if (user is IHaveTenantId)
{
tenantClaim = new Claim(_tenantClaimName, ((IHaveTenantId)user).TenantId);
}
if (user == null)
{
Logger?.LogWarning("No user found matching subject Id: {0}", sub);
}
else
{
var principal = await ClaimsFactory.CreateAsync(user);
if (principal == null)
{
throw new Exception("ClaimsFactory failed to create a principal");
}
var claims = principal.Claims.ToList();
if (tenantClaim != null && principal.FindFirst(_tenantClaimName) == null)
{
claims.Add(tenantClaim);
}
if (_externalClaimsService != null)
{
var externalClaims = await _externalClaimsService.GetClaims(claims);
claims.AddRange(externalClaims);
}
context.AddRequestedClaims(claims);
}
}
public void Should_PassValidation_When_AllRulesPass()
{
// Arrange
var claimsValidator = new ClaimsValidator();
var claimsFactory = new ClaimsFactory();
var claims = new UserClaims()
{
Claims = claimsFactory.Create(AccountTypes.Individual)
};
// Act
var result = claimsValidator.Validate(claims);
var isValid = result.IsValid;
// Assert
isValid.Should().Be(true);
}
public IdentityProfileService
(
IIdentityServerInteractionService interaction,
UserManager userManager,
ClaimsFactory claimsFactory,
SecurityPoolManager poolManager,
SignInManager signInManager,
IHttpContextAccessor contextAccessor,
AegisTenantResolver tenantResolver
)
{
_interaction = interaction;
_userManager = userManager;
_claimsFactory = claimsFactory;
_poolManager = poolManager;
_signInManager = signInManager;
_httpContextAccessor = contextAccessor;
_tenantResolver = tenantResolver;
}
/// <summary>
///
/// </summary>
/// <param name="dto"></param>
/// <param name="userAccount"></param>
/// <param name="passwordSalt"></param>
/// <param name="userClaims"></param>
/// <param name="userProfile"></param>
/// <param name="securityQuestions"></param>
/// <param name="securityAnswerSalts"></param>
/// <returns></returns>
private ResponseDto <bool> MapIndividualDtoToModel(RegisterUserDto dto, out UserAccount userAccount, out PasswordSalt passwordSalt, out UserClaims userClaims, out UserProfile userProfile, out IList <SecurityQuestion> securityQuestions, out IList <SecurityAnswerSalt> securityAnswerSalts)
{
var mappingResult = MapUserDtoToModel(dto, out userAccount, out passwordSalt, out userProfile, out securityQuestions, out securityAnswerSalts);
// If mapping failed, return early.
if (!mappingResult.Data)
{
userClaims = null;
return(mappingResult);
}
// Set user claims to be stored in UserClaims table
var claimsFactory = new ClaimsFactory();
userClaims = new UserClaims(claimsFactory.Create(AccountTypes.Individual));
return(new ResponseDto <bool>()
{
Data = true
});
}
/// <summary>
/// The CreateAdmin method.
/// Contains business logic to create an admin user.
/// <para>
/// @author: Jennifer Nguyen, Angelica Salas
/// @updated: 04/26/2018
/// </para>
/// </summary>
/// <param name="registerUserDto"></param>
/// <returns>ResponseDto</returns>
public ResponseDto <RegisterUserDto> CreateAdmin(RegisterUserDto registerUserDto)
{
var createIndividualPreLogicValidationStrategy = new CreateIndividualPreLogicValidationStrategy(registerUserDto);
var securityAnswerSalts = new List <SecurityAnswerSalt>();
var saltGenerator = new SaltGenerator();
var payloadHasher = new PayloadHasher();
var claimsFactory = new ClaimsFactory();
// Validate data transfer object
var result = createIndividualPreLogicValidationStrategy.ExecuteStrategy();
if (result.Error != null)
{
return(new ResponseDto <RegisterUserDto>
{
Data = registerUserDto,
Error = result.Error
});
}
// Map data transfer object to domain models
var userAccount = new UserAccount(username: registerUserDto.UserAccountDto.Username, password: registerUserDto.UserAccountDto.Password, isActive: true, isFirstTimeUser: false, roleType: "private");
var securityQuestions = registerUserDto.SecurityQuestionDtos
.Select(securityQuestionDto => new SecurityQuestion(
securityQuestionDto.Question, securityQuestionDto.Answer))
.ToList();
//Admin User Profile
var displayImagePath = ConfigurationManager.AppSettings["DefaultURLProfileImagePath"];
var userProfile = new UserProfile(displayPicture: displayImagePath, displayName: registerUserDto.UserProfileDto.DisplayName);
// Set user claims to be stored in UserClaims table as administrator
var userClaims = new UserClaims(claimsFactory.Create(AccountTypes.Admin));
// Hash password
var passwordSalt = new PasswordSalt(saltGenerator.GenerateSalt(128));
userAccount.Password = payloadHasher.Sha256HashWithSalt(passwordSalt.Salt, userAccount.Password);
// Hash security answers
for (var i = 0; i < securityQuestions.Count; i++)
{
securityAnswerSalts.Add(new SecurityAnswerSalt {
Salt = saltGenerator.GenerateSalt(128)
});
securityQuestions[i].Answer = payloadHasher.Sha256HashWithSalt(securityAnswerSalts[i].Salt, securityQuestions[i].Answer);
}
var createIndividualPostLogicValdiationStrategy = new CreateIndividualPostLogicValidationStrategy(userAccount, passwordSalt, userClaims, userProfile, securityQuestions, securityAnswerSalts);
var validateResult = createIndividualPostLogicValdiationStrategy.ExecuteStrategy();
if (!validateResult.Data)
{
return(new ResponseDto <RegisterUserDto>
{
Data = registerUserDto,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
// Store user in database
using (var userGateway = new UserGateway())
{
var gatewayResult = userGateway.StoreIndividualUser(userAccount, passwordSalt, userClaims, userProfile, securityQuestions, securityAnswerSalts);
if (gatewayResult.Data == false)
{
return(new ResponseDto <RegisterUserDto>()
{
Data = registerUserDto,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
}
return(new ResponseDto <RegisterUserDto>
{
Data = registerUserDto
});
}
/// <summary>
/// Instantiate domain model equivalent of Dto's
/// <para>
/// @author: Brian Fann
/// @updated: 4/25/18
/// </para>
/// </summary>
/// <param name="dto">Dto to map</param>
/// <param name="param">Parameter Object to map to</param>
/// <returns></returns>
private ResponseDto <bool> MapRestaurantDtoToModels(RegisterRestaurantDto dto, out UserAccount userAccount, out PasswordSalt passwordSalt, out UserClaims userClaims, out UserProfile userProfile, out IList <SecurityQuestion> securityQuestions, out IList <SecurityAnswerSalt> securityAnswerSalts, out RestaurantProfile restaurantProfile, out IList <BusinessHour> businessHours, out IList <FoodPreference> foodPreferences)
{
// Try to map user dto
var mappingResult = MapUserDtoToModel(dto, out userAccount, out passwordSalt, out userProfile, out securityQuestions, out securityAnswerSalts);
if (!mappingResult.Data)
{
restaurantProfile = null;
foodPreferences = null;
businessHours = null;
userClaims = null;
return(mappingResult);
}
restaurantProfile = new RestaurantProfile(
phoneNumber: dto.RestaurantProfileDto.PhoneNumber,
address: dto.RestaurantProfileDto.Address,
details: dto.RestaurantProfileDto.Details);
// Call GeocodeService to get geocoordinates of the restaurant
var geocodeService = new GoogleGeocodeService();
var geocodeResponse = geocodeService.Geocode(restaurantProfile.Address);
var dateTimeService = new DateTimeService();
businessHours = dto.BusinessHourDtos
.Select(businessHourDto => new BusinessHour(
timeZone: dto.TimeZone,
day: businessHourDto.Day,
openTime: dateTimeService.ConvertLocalMeanTimeToUtc(dateTimeService.ConvertTimeToDateTimeUnspecifiedKind(businessHourDto.OpenTime), dto.TimeZone),
closeTime: dateTimeService.ConvertLocalMeanTimeToUtc(dateTimeService.ConvertTimeToDateTimeUnspecifiedKind(businessHourDto.CloseTime), dto.TimeZone)))
.ToList();
foodPreferences = new List <FoodPreference>();
if (dto.FoodPreferences != null)
{
foodPreferences = dto.FoodPreferences.Select(foodPreference => new FoodPreference(foodPreference)).ToList();
}
// Set user claims to be stored in UserClaims table
var claimsFactory = new ClaimsFactory();
userClaims = new UserClaims(claimsFactory.Create(AccountTypes.Restaurant));
if (geocodeResponse.Error != null)
{
return(new ResponseDto <bool>
{
Data = false,
Error = geocodeResponse.Error
});
}
restaurantProfile.GeoCoordinates = new GeoCoordinates(latitude: geocodeResponse.Data.Latitude, longitude: geocodeResponse.Data.Longitude);
// Successful response
return(new ResponseDto <bool>()
{
Data = true
});
}
// Should this be a func?
public virtual async Task <ClaimsIdentity> CreateUserIdentityAsync(TUser user,
CancellationToken cancellationToken = default(CancellationToken))
{
return(await ClaimsFactory.CreateAsync(user));
}
// Should this be a func?
public virtual async Task <ClaimsIdentity> CreateUserIdentityAsync(TUser user,
CancellationToken cancellationToken = default(CancellationToken))
{
// REVIEW: should sign in manager take options instead of using the user manager instance?
return(await ClaimsFactory.CreateAsync(user, Options.ClaimsIdentity));
}
/// <summary> /// Creates a <see cref="ClaimsPrincipal"/> for the specified <paramref name="user"/>, as an asynchronous operation. /// </summary> /// <param name="user">The user to create a <see cref="ClaimsPrincipal"/> for.</param> /// <returns>The task object representing the asynchronous operation, containing the ClaimsPrincipal for the specified user.</returns> public virtual async Task <ClaimsPrincipal> CreateUserPrincipalAsync(TUser user) => await ClaimsFactory.CreateAsync(user);
public override async Task <ClaimsPrincipal> CreateUserPrincipalAsync(ApplicationUser user)
{
return(await ClaimsFactory.CreateAsync(user));
}
