public HackneyTokenDomain ValidateHackneyJwtToken(HackneyTokenDomain hackneyTokenDomain) { try { var timeIssued = DateTimeOffset.FromUnixTimeSeconds(hackneyTokenDomain.Iat); // If not hackney email, fail if (!hackneyTokenDomain.Email.Contains("@hackney.gov.uk")) { throw new Exception("Invalid token"); } // By default the token expires in one week. If more or less then reject token if ((timeIssued.AddDays(7).AddMinutes(10) < DateTimeOffset.UtcNow) || (timeIssued.AddDays(7) > DateTimeOffset.UtcNow.AddDays(7).AddMinutes(10))) { throw new Exception("Invalid token"); } return(hackneyTokenDomain); } catch (Exception e) { if (Debugger.IsAttached) { Console.WriteLine(e); } throw new ApiException("Invalid token. Please check and try again", StatusCodes.Status401Unauthorized); } }
public HackneyTokenDomain ValidateHackneyJwtToken(string hackneyToken) { var tokenHandler = new JwtSecurityTokenHandler(); try { tokenHandler.ValidateToken(hackneyToken, new TokenValidationParameters { ValidateIssuer = true, ValidateIssuerSigningKey = false, ValidateAudience = false, ValidIssuer = "Hackney", IssuerSigningKey = null, ValidateLifetime = false, SignatureValidator = delegate(string token, TokenValidationParameters parameters) { var jwt = new JwtSecurityToken(token); return(jwt); }, // set clock skew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later) ClockSkew = Debugger.IsAttached ? TimeSpan.Zero : TimeSpan.FromMinutes(10) }, out var validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; var hackneyAuthDomain = new HackneyTokenDomain { Sub = jwtToken.Claims.First(x => x.Type == "sub").Value, Email = jwtToken.Claims.First(x => x.Type == "email").Value, Iss = jwtToken.Claims.First(x => x.Type == "iss").Value, Name = jwtToken.Claims.First(x => x.Type == "name").Value, Groups = jwtToken.Claims.Where(x => x.Type == "groups").Select(x => x.Value).ToList(), Iat = int.Parse(jwtToken.Claims.First(x => x.Type == "iat").Value) }; switch (Debugger.IsAttached) { // Check if id token is expired in production case false: { var timeIssued = DateTimeOffset.FromUnixTimeSeconds(hackneyAuthDomain.Iat); // If not hackney email, fail if (!hackneyAuthDomain.Email.Contains("@hackney.gov.uk")) { throw new Exception("Invalid token"); } // By default the token expires in one week. If more or less then reject token if ((timeIssued.AddDays(7).AddMinutes(10) < DateTimeOffset.UtcNow) || (timeIssued.AddDays(7) > DateTimeOffset.UtcNow.AddDays(7).AddMinutes(10))) { throw new Exception("Invalid token"); } break; } } return(hackneyAuthDomain); } catch (Exception e) { if (Debugger.IsAttached) { Console.WriteLine(e); } throw new ApiException("Invalid token. Please check and try again", StatusCodes.Status401Unauthorized); } }
public async Task <AppUserDomain> GetOrCreateUser(HackneyTokenDomain hackneyTokenDomain) { var user = await _userManager.FindByEmailAsync(hackneyTokenDomain.Email).ConfigureAwait(false); switch (user) { case null: { var userEntity = new User { Email = hackneyTokenDomain.Email, EmailConfirmed = false, LockoutEnabled = false, NormalizedEmail = hackneyTokenDomain.Email.ToUpperInvariant(), NormalizedUserName = hackneyTokenDomain.Email.ToUpperInvariant(), PasswordHash = null, PhoneNumber = null, PhoneNumberConfirmed = false, TwoFactorEnabled = false, UserName = hackneyTokenDomain.Email, Name = hackneyTokenDomain.Name }; var result = await _userManager.CreateAsync(userEntity).ConfigureAwait(false); if (result.Succeeded) { var defaultRoles = new List <string> { RolesEnum.Broker.GetDisplayName() }; var newUserRoles = new List <string>(); foreach (var userRole in defaultRoles) { if (await _roleManager.RoleExistsAsync(userRole).ConfigureAwait(false)) { newUserRoles.Add(userRole); } } if (newUserRoles.Count > 0) { await _userManager.AddToRolesAsync(userEntity, newUserRoles).ConfigureAwait(false); } return(userEntity?.ToDomain()); } var validationErrorCollection = new ValidationErrorCollection(); foreach (var error in result.Errors) { validationErrorCollection.Add(new ValidationError { Message = error.Description, ControlID = error.Code, ID = error.Code }); } throw new ApiException($"User creation failed", (int)StatusCodes.Status400BadRequest, validationErrorCollection); } } return(user.ToDomain()); }