public void InvalidJsonInRefreshTokenRequestTest(JsonTransformationType jsonTransformationType)
{
var tokenGetRequest = new GetTokenRequest
{
ExpiresIn = 600,
ExtPayload = new { sessionId = "qwer123" },
InvalidAfter = 10800,
Method = "password",
Service = "HRBC",
Credentials = new GetTokenRequest.CredentialsType
{
CompanyId = AuthenticationInfoProvider.Current.DefaultCompanyName,
UserId = AuthenticationInfoProvider.Current.DefaultUserLogin,
Password = AuthenticationInfoProvider.Current.DefaultUserPassword
}
};
var tokenGetResponse = (new DefaultManager(_testConnection)).Send <GetTokenResponse>(tokenGetRequest);
PrAssume.That(tokenGetResponse, PrIs.SuccessfulResponse(), "Failed to get a token for token refresh operation.");
var request = new RefreshTokenRequest
{
ExpiresIn = 600,
InvalidAfter = 10800,
Token = tokenGetResponse.Result.Token
};
PerformTest(tokenGetRequest, jsonTransformationType, CommonConstants.TokenRefreshUrl);
}
public Task <BaseResponse <TokenDto> > GetToken(GetTokenRequest request)
{
string hashPassword = PasswordSecurityHelper.GetHashedPassword(request.Password);
SysUser user = _repoUser.FindOne(x => x.Username.Equals(request.Username) && x.Password.Equals(hashPassword));
if (user == null)
{
return(Task.FromResult(new BaseResponse <TokenDto>
{
Data = null,
Errors = "Tài khoản hay mật khẩu không hợp lệ",
ErrorCode = -1
}));
}
user.Token = TokenSecurityHelper.GenerateToken(request.Username, request.Password, "120.0.0.1", "", DateTime.Now.Ticks);
user.TokenExp = DateTime.Now.AddMinutes(30);
user.LastLogin = DateTime.Now;
_repoUser.Update(user);
return(Task.FromResult(new BaseResponse <TokenDto>
{
Data = new TokenDto
{
Token = user.Token,
Username = user.Username,
Expired = user.TokenExp.Value,
Id = user.Id.ToString()
}
}));
}
/// <summary>
/// Returns access tokens for making API requests
/// HTTP Method: post
/// Endpoint: /restapi/oauth/token
/// Rate Limit Group: Auth
/// </summary>
public async Task <TokenInfo> Post(GetTokenRequest getTokenRequest, RestRequestConfig restRequestConfig = null)
{
var dict = new Dictionary <string, string>();
Utils.GetPairs(getTokenRequest).ToList().ForEach(t => dict.Add(t.name, t.value.ToString()));
return(await rc.Post <TokenInfo>(Path(), new FormUrlEncodedContent(dict), null, restRequestConfig));
}
public void DeleteAccessTokenRevokesTheToken()
{
var token = testServer.GetAccessToken();
var token_part = token.Token.Substring(0, 24);
var client = testServer.GetJsonClient();
var url = new DeleteTokenRequest()
{
TokenPart = token_part
}.ToUrl("DELETE");
var service_url = testServer.ListenUrl + url;
client.Delete <AccessTokenDto> (service_url);
// check that the token has been delete from the db
var get_url = new GetTokenRequest()
{
Username = RainyTestServer.TEST_USER
}.ToUrl("GET");
var get_service_url = testServer.ListenUrl + get_url;
List <AccessTokenDto> tokens = client.Get <List <AccessTokenDto> > (get_service_url);
var the_token = tokens.Where(t => token.Token.StartsWith(t.TokenPart));
Assert.That(the_token.Count() == 0);
}
private static string GetOtherCompanyToken()
{
using (var creds = AuthenticationInfoProvider.Current.Manager.GetCompany(new CompanySpecBuilder().HavingUsers(new[] { new UserSpecBuilder() }).NotSelected()))
{
if (_otherCopmanyToken != null)
{
return _otherCopmanyToken;
}
using (var connection = new AuthApiConnection(TestConfig.GetValueFromConfig("AuthCoreURL"))
{
SuppressAuthentication = true
})
{
var getTokenRequest = new GetTokenRequest
{
Service = "HRBC",
Method = "password",
Credentials = new GetTokenRequest.CredentialsType
{
CompanyId = creds.Name,
UserId = creds.Users.Single().Login,
Password = creds.Users.Single().Password
},
ExpiresIn = 600,
InvalidAfter = 10800
};
var response = (new DefaultManager(connection)).Send<GetTokenResponse>(getTokenRequest);
Assume.That(response, PrIs.SuccessfulResponse(), "Failed to get a token");
return _invalidExpiredToken = response.Result.Token;
}
}
}
private static AccessToken GetTokenByWx(string cacheKey, bool isQueryAgin = false)
{
lock (lockObj)
{
AccessToken token = CacheEx.Instance.Get <AccessToken>(cacheKey);
if (!isQueryAgin && token != null && !token.IsExpired)
{
return(token);
}
var accessTokenRepository = GetAccessTokenRepository();
token = accessTokenRepository.Get();
if (token == null || (token != null && token.IsExpired))
{
var res = new GetTokenRequest().Request();
if (res.IsSuccess)
{
token = new AccessToken(res);
CacheEx.Instance.Add(cacheKey, token, token.ExpireTime);
accessTokenRepository.Update(token);
}
}
else
{
CacheEx.Instance.Add(cacheKey, token, token.ExpireTime);
}
return(token);
}
}
public void UpdateTokenDeviceName()
{
string new_device_name = "My home computer";
var token = testServer.GetAccessToken().Token.ToShortToken();
var client = testServer.GetJsonClient();
var url = new UpdateTokenRequest().ToUrl("PUT");
var req = new AccessTokenDto {
TokenPart = token,
DeviceName = new_device_name
};
var service_url = testServer.ListenUrl + url;
client.Put <AccessTokenDto> (service_url, req);
// check that the token has been updated
var get_url = new GetTokenRequest()
{
Username = RainyTestServer.TEST_USER
}.ToUrl("GET");
var get_service_url = testServer.ListenUrl + get_url;
List <AccessTokenDto> tokens = client.Get <List <AccessTokenDto> > (get_service_url);
var updated_token = tokens.First(t => token == t.TokenPart);
Assert.AreEqual(new_device_name, updated_token.DeviceName);
}
private async Task <ClaimsIdentity> GetClaimsIdentity(GetTokenRequest user, Security security)
{
var users = _userRepository.ListUsersAsync();
var usr = users.FirstOrDefault(x => x.Username == user.Username);
if (usr == null)
{
_securityRepository.IncreaseFailedGetTokenAttempts(security);
await SendSecurityEmailNotification();
throw new HttpError(HttpStatusCode.BadRequest, "WrongUsernameOrPassword");
}
var passwordValid = _hashService.Validate(user.Password, usr.Password);
if (!passwordValid)
{
_securityRepository.IncreaseFailedGetTokenAttempts(security);
await SendSecurityEmailNotification();
throw new HttpError(HttpStatusCode.BadRequest, "WrongUsernameOrPassword");
}
return(new ClaimsIdentity(new GenericIdentity(user.Username, "Token"),
new Claim[] { }));
}
public async Task <SigninResultEnum> Signin(CancellationToken token)
{
var request = new GetTokenRequest
{
UserName = UserName,
Password = Password
};
var result = await _service.GetAccessToken(request, token);
if (!result.IsSuccess)
{
var error = result.Error;
switch (error.Type)
{
case "InvalidPassword":
return(SigninResultEnum.InvalidPassword);
case "UserNotFound":
return(SigninResultEnum.UserNotFound);
default:
return(SigninResultEnum.UnknownError);
}
}
var response = result.Ok;
_settingsService.AddOrUpdateValue(Constants.AccessToken, response.AccessToken);
await UpdateUserInfo(token);
return(SigninResultEnum.Ok);
}
/// <summary>
/// Operation: Get Token
/// Http Post /restapi/oauth/token
/// </summary>
public async Task <RingCentral.TokenResponse> Post(GetTokenRequest getTokenRequest)
{
var dict = new System.Collections.Generic.Dictionary <string, string>();
RingCentral.Utils.GetPairs(getTokenRequest)
.ToList().ForEach(t => dict.Add(t.name, t.value.ToString()));
return(await rc.Post <RingCentral.TokenResponse>(this.Path(), new FormUrlEncodedContent(dict)));
}
public GetTokenResponse GetToken(GetTokenRequest request)
{
GetTokenResponse response = new GetTokenResponse();
response.IsTrue = false;
response.Status = 0;
if (request != null)
{
try
{
if (string.IsNullOrEmpty(request.AppId) || string.IsNullOrEmpty(request.Secret) || string.IsNullOrEmpty(request.Session_Id))
{
response.Status = 0;
response.Msg = "请求参数有误,请检查!";
}
else
{
//获取三方APP信息
AppSettingInfo app = SystemFactory.Instance.GetSystemAppConfig(request.AppId, request.Secret);
if (app != null)
{
if (app.AppStatus == AppStatus.Reviewed)
{
//更新Token,同时更新过期时间)
string newToken = SystemFactory.Instance.UpdateTokenInfo(app);
response.IsTrue = true;
response.Access_Token = newToken;
response.Status = 1;
response.Msg = "请求成功!";
response.Expires_In = 7200;
response.CorpCode = app.CorpCode;
response.SubCorpCode = app.SubCorpCode;
response.CorpName = app.CorpName;
}
else
{
response.Msg = "请联系管理员审批系统!";
}
}
else
{
response.Msg = "该APP未在码中心注册,或密钥有误!请重试或联系管理员";
}
}
}
catch (Exception exception)
{
response.Msg = exception.Message;
}
}
else
{
response.Msg = "非法请求,请重试!";
}
return(response);
}
public IHttpActionResult Get([FromBody] GetTokenRequest request)
{
if (CheckUser(request.Username, request.Password))
{
var token = JwtUtil.GenerateToken(request.Username);
return(Json(new { token }));
}
return(Unauthorized());
}
public IActionResult Post([FromBody] GetTokenRequest request)
{
if (IsValid(request.Username, request.Password))
{
return(Ok(Generate(request.Username)));
}
return(BadRequest());
}
/// <summary>
/// Looks up a existing token.
/// </summary>
/// <returns>The token returned by server.</returns>
/// <param name="tokenId">Token id</param>
public Task <Token> GetToken(string tokenId)
{
var request = new GetTokenRequest {
TokenId = tokenId
};
return(gateway(authenticationContext()).GetTokenAsync(request)
.ToTask(response => response.Token));
}
private JsonWebToken GetWebToken(GetTokenRequest request = null)
{
request = request ?? GenerateGetTokenRequest();
var response = (new DefaultManager(_testConnection)).Send <GetTokenResponse>(request);
PrAssert.That(response, PrIs.SuccessfulResponse(), "Failed to get a token");
return(new JsonWebToken(response.Result.Token));
}
public TokenResponse GetToken(GetTokenRequest credentialsLogin)
{
JsonLoginRequest jsonLoginRequest = new JsonLoginRequest(credentialsLogin.ClientId, credentialsLogin.ClientSecret, credentialsLogin.GrantType);
jsonLoginRequest = _repositoryLogin.GetToken(jsonLoginRequest);
TokenResponse response = new TokenResponse();
return(response);
}
public TokenResultEntity GetToken()
{
bool bgetToken = false;
TokenResultEntity result = new TokenResultEntity();
try
{
if (string.IsNullOrEmpty(GlobalTokenHelper.gToken))
{
bgetToken = true;
}
else
{
System.DateTime currentTime = System.DateTime.Now;
System.TimeSpan TS = currentTime - GlobalTokenHelper.gTokenDateTime;
if (TS.TotalSeconds >= GlobalTokenHelper.Expiry - 60)
{
bgetToken = true;
}
}
if (bgetToken == true)
{
var request = new GetTokenRequest()
{
AppId = "SYY",
AppSecret = "0B2223C37F54864403847E762E1F87F3"
};
result = this.Client.InvokeAPI <TokenResultEntity>(request);
if (result == null)
{
result = new TokenResultEntity();
result.Code = 100;
result.ErrMsg = "网络连接异常,请检查网络!";
}
else
{
if (result.Code == 0)
{
GlobalTokenHelper.gToken = result.Access_Token;
GlobalTokenHelper.Expiry = result.Expiry;
GlobalTokenHelper.gTokenDateTime = System.DateTime.Now;
}
}
}
}
catch (Exception ex)
{
result.Code = 9999;
result.ErrMsg = ex.Message;
}
return(result);
}
public TokenResponse GetTokenResponse(GetTokenRequest getTokenRequest)
{
var token = _userRepository.GetToken(getTokenRequest.Username, getTokenRequest.Password);
var tokenResponse = new TokenResponse
{
Token = token
};
return(tokenResponse);
}
public ActionResult GetToken(GetTokenRequest request)
{
// 1. Validar el usuario
var usuario = _accountService.ValidateUser(request.Username, request.Password);
if (usuario == null)
{
// devolver un 401 (no autorizado)
return(StatusCode(401));
}
// 2. Crear la identidad del usuario (que viajará en el JWT)
var identidad = new[]
{
new Claim(ClaimTypes.Name, usuario.Name),
new Claim(ClaimTypes.Email, usuario.Email),
new Claim("DNI", usuario.Dni)
};
// 3. Crear los elementos para la encriptación
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("cibertec12345678"));
var credenciales = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
// 4. Generar el token
// 4.1. Obtener la fecha de expiración del token
var tokenExpirationDate = DateTime.Now.AddSeconds(10);
var token = new JwtSecurityToken(
issuer: "Cibertec",
audience: "app-react",
claims: identidad,
expires: tokenExpirationDate,
signingCredentials: credenciales
);
var jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
// 5. Crear el refresh token
var refreshToken = new RefreshToken
{
ExpiresAt = tokenExpirationDate,
UserId = usuario.Id,
Token = Guid.NewGuid().ToString()
};
// 5.1. Guardar en BD
_cibertecContext.RefreshTokens.Add(refreshToken);
var resultado = _cibertecContext.Commit();
// 6. Retornar el token en un objeto JSON basado en la clase GetTokenResponse
return(Ok(new GetTokenResponse {
AccessToken = jwtToken, RefreshToken = refreshToken.Token, ExpiresIn = 10
}));
}
public string GetToken(GetTokenRequest request)
{
var userRepository = userRepositoryFactory.CreateRepository();
var user = userRepository.FindByName(request.Login);
if (user != null && user.Password.Equals(request.Password))
{
var token = this.tokenFactory.CreateToken(user.Id, request.Login);
return(token.GetToken());
}
return(String.Empty);
}
public AuthorizationToken getToken(String code)
{
GetTokenRequest request = new GetTokenRequest();
request.setCode(code);
request.setGrant_type("authorization_code");
request.setNeed_refresh_token(true);
request.setClient_id(clientPolicy.AppKey);
request.setClient_secret(clientPolicy.SecretKey);
return(this.send <AuthorizationToken>(request));
}
/// <summary>
/// Authenticates user through Token Service.
/// </summary>
/// <param name="credentials">User credentials.</param>
/// <param name="clientIpAddress">The client ip address.</param>
/// <param name="serverIpAddress">The server ip address.</param>
/// <returns>
/// True if user authenticated.
/// </returns>
public async Task <TokenResponseModel> AuthenticateUser(
GetTokenRequest credentials,
string clientIpAddress,
string serverIpAddress
)
{
return(await this.tokenDataProvider.AuthenticateUser(
credentials,
clientIpAddress,
serverIpAddress
));
}
public IApiResponseContextDto <ApplicationUserContext> GetToken(GetTokenRequest request)
{
var result =
ConnectorCalls.Post <GetTokenRequest, ApplicationUserContext>(_connectorClient, request,
@"Authentication/RequestToken");
if (!result.HasErrors())
{
_connectorClient.SetToken(result.Result.Token);
}
return(result);
}
public void GetListOfValidAccesstokens()
{
var client = testServer.GetJsonClient();
var url = new GetTokenRequest().ToUrl("GET");
var service_url = testServer.ListenUrl + url;
var tokens = client.Get <List <AccessTokenDto> > (service_url);
Assert.AreEqual(1, tokens.Count);
testServer.GetAccessToken();
testServer.GetAccessToken();
tokens = client.Get <List <AccessTokenDto> > (service_url);
Assert.AreEqual(3, tokens.Count);
}
public async Task <IActionResult> GetToken([FromBody] GetTokenRequest applicationUser)
{
var security = _securityRepository.GetSecurity();
if (security.ApiAccessDisabled)
{
_logger.LogWarning(
"Api access is denied becasuse to many failed get token attempts. To enable access open manually Security.json file and set property ApiAccessDisabled to false. ");
throw new HttpError(HttpStatusCode.Forbidden);
}
var identityTask = GetClaimsIdentity(applicationUser, security);
var identity = await identityTask;
if (identity == null)
{
_logger.LogInformation(
$"Invalid username ({applicationUser.Username}) or password ({applicationUser.Password})");
_securityRepository.IncreaseFailedGetTokenAttempts(security);
return(BadRequest("Invalid credentials"));
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, applicationUser.Username),
new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()),
new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(_jwtOptions.IssuedAt).ToString(),
ClaimValueTypes.Integer64),
};
// Create the JWT security token and encode it.
var jwt = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims: claims,
notBefore: _jwtOptions.NotBefore,
expires: _jwtOptions.Expiration,
signingCredentials: _jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var response2 = new GetTokenResponse
{
Token = encodedJwt,
ExpiresIn = (int)_jwtOptions.ValidFor.TotalSeconds
};
return(Ok(response2));
}
/// <summary>
/// 获取token值 最长有效期180天
/// </summary>
/// <param name="LoginName">用户名</param>
/// <param name="PassWord">密 码</param>
/// <returns></returns>
public static string GetToken(string LoginName, string PassWord)
{
string url = BaseApi + GetTokenApi;
GetTokenRequest request = new GetTokenRequest();
request.LoginName = LoginName;
request.PassWord = PassWord;
//序列化要请求的参数
string poststr = JsonConvert.SerializeObject(request);
//发请求,获取数据
return(HttpHelper.HttpPost(url, poststr));
}
/// <summary>
/// 获取token接口。
/// </summary>
/// <param name="req"><see cref="GetTokenRequest"/></param>
/// <returns><see cref="GetTokenResponse"/></returns>
public GetTokenResponse GetTokenSync(GetTokenRequest req)
{
JsonResponseModel <GetTokenResponse> rsp = null;
try
{
var strResp = this.InternalRequestSync(req, "GetToken");
rsp = JsonConvert.DeserializeObject <JsonResponseModel <GetTokenResponse> >(strResp);
}
catch (JsonSerializationException e)
{
throw new TencentCloudSDKException(e.Message);
}
return(rsp.Response);
}
public async Task <IActionResult> Post([FromBody] GetTokenRequest request)
{
var claimList = (await IsValid(new UserCredantialsDto {
Username = request.Username, Password = request.Password
}));
if (claimList.Any())
{
return(Ok(Generate(request.Username, claimList.ToList())));
}
return(BadRequest(new GetTokenResponse
{
Token = $"Invalid username or password for {request.Username}"
}));
}
public async Task <IActionResult> Create([FromBody] GetTokenRequest request)
{
var authenticateUserCommand = new AuthenticateUserCommand(
request.Username, request.Password);
await _commandProcessor.SendAsync(authenticateUserCommand);
if (!authenticateUserCommand.IsValidUsernameAndPassword)
{
return(BadRequest(new { Message = "Invalid username or password" }));
}
var user = await _queryProcessor.ExecuteAsync(new GetUserByUsernameQuery(request.Username));
return(new ObjectResult(GenerateToken(user)));
}
public async Task <GetTokenResponse> GetToken(GetTokenRequest request)
{
var parameters = new NameValueCollection
{
{ "username", request.Username },
{ "password", request.Password },
{ "grant_type", request.GrantType },
{ "scope", request.Scope },
{ "refresh_token", request.RefreshToken },
{ "response_type", OidcConstants.ResponseTypes.Token }
};
var response = await GetIdpToken(parameters);
return(GetTokenResponse(response));
}
public void UpdateTokenDeviceName()
{
string new_device_name = "My home computer";
var token = testServer.GetAccessToken ().Token.ToShortToken ();
var client = testServer.GetJsonClient ();
var url = new UpdateTokenRequest ().ToUrl ("PUT");
var req = new AccessTokenDto {
TokenPart = token,
DeviceName = new_device_name };
var service_url = testServer.ListenUrl + url;
client.Put<AccessTokenDto> (service_url, req);
// check that the token has been updated
var get_url = new GetTokenRequest () { Username = RainyTestServer.TEST_USER }.ToUrl ("GET");
var get_service_url = testServer.ListenUrl + get_url;
List<AccessTokenDto> tokens = client.Get<List<AccessTokenDto>> (get_service_url);
var updated_token = tokens.First (t => token == t.TokenPart);
Assert.AreEqual (new_device_name, updated_token.DeviceName);
}
public void GetListOfValidAccesstokens()
{
var client = testServer.GetJsonClient ();
var url = new GetTokenRequest ().ToUrl ("GET");
var service_url = testServer.ListenUrl + url;
var tokens = client.Get<List<AccessTokenDto>> (service_url);
Assert.AreEqual (1, tokens.Count);
testServer.GetAccessToken ();
testServer.GetAccessToken ();
tokens = client.Get<List<AccessTokenDto>> (service_url);
Assert.AreEqual(3, tokens.Count);
}
public void DeleteAccessTokenRevokesTheToken()
{
var token = testServer.GetAccessToken ();
var token_part = token.Token.Substring (0, 24);
var client = testServer.GetJsonClient ();
var url = new DeleteTokenRequest () {
TokenPart = token_part
}.ToUrl ("DELETE");
var service_url = testServer.ListenUrl + url;
client.Delete<AccessTokenDto> (service_url);
// check that the token has been delete from the db
var get_url = new GetTokenRequest () { Username = RainyTestServer.TEST_USER }.ToUrl ("GET");
var get_service_url = testServer.ListenUrl + get_url;
List<AccessTokenDto> tokens = client.Get<List<AccessTokenDto>> (get_service_url);
var the_token = tokens.Where (t => token.Token.StartsWith (t.TokenPart));
Assert.That (the_token.Count () == 0);
}
