public JsonResult Members(List <Person> persons) { string token = Request.Headers.Get("Authorization") ?? ""; List <MessageHandler> messageHandlers = new List <MessageHandler>(); try { TokenValidation tokenValidation = DBContext.IsTokenValid(token); if (tokenValidation.Validate) { if (tokenValidation.Type == UserType.Admin) { foreach (Person person in persons) { string message = DBOperations.InsertNewMembers(person); messageHandlers.Add(MessageHandler.GetMessageHandler(message.StartsWith("Success") ? "Success" : "Error", message)); } } else { messageHandlers.Add(MessageHandler.GetMessageHandler("Error", "Hack attack")); } } else { messageHandlers.Add(MessageHandler.GetMessageHandler("Error", "Invalid/Expired Token")); } } catch (Exception ex) { messageHandlers.Add(MessageHandler.GetMessageHandler("Error", ex.Message)); } return(Json(messageHandlers)); }
public static TokenValidation ValidateToken(string validToken) { try { System.Data.IDbConnection _Mydb = Supreme_Mobile.Models.GeneralService.DapperConnection(); var loginResult = _Mydb.Query <ValidTokenResultModel>(";Exec Supreme_AuthenticateToken @TokenID", new { TokenID = validToken }).SingleOrDefault(); MyUsersModel userModel = new MyUsersModel(); userModel.UserID = loginResult.UserID; userModel.UserName = loginResult.UserName; userModel.SecurityStamp = loginResult.SecurityStamp; GeneralService logger = new GeneralService(); logger.LogWrite("Token: " + validToken + " - " + JsonConvert.SerializeObject(userModel).ToString()); var validation = TokenManager.ValidateToken(ConfirmLoginTokenPurpose, userModel, validToken); return(validation); } catch (Exception ee) { var result = new TokenValidation(); result.Errors.Add(TokenValidationStatus.Expired); GeneralService.WriteErrorLog(ref ee); return(result); } }
public JsonResult Member(string userId) { string token = Request.Headers.Get("Authorization") ?? ""; TokenValidation tokenValidation = DBContext.IsTokenValid(token); if (tokenValidation.Validate) { if (tokenValidation.Type == UserType.Admin) { try { string result = DBOperations.DeleteMember(userId); return(Json(MessageHandler.GetMessageHandler("Success", result))); } catch (Exception ex) { return(Json(MessageHandler.GetMessageHandler("Error", ex.Message))); } } else { return(Json(MessageHandler.GetMessageHandler("Error", "Hack attack"))); } } else { return(Json(MessageHandler.GetMessageHandler("Error", "Invalid/Expired Token"))); } }
public IActionResult SaveNotificationSettings(TokenDto tokenDto) { var token = tokenDto.Token; Dictionary <string, string> validatedTokenClaims; try { validatedTokenClaims = TokenValidation.ValidateToken(token); } catch (ArgumentException) { return(BadRequest(new { text = "Validation failed" })); } var userId = int.Parse(validatedTokenClaims["userId"]); var sound = bool.Parse(validatedTokenClaims["sound"]); var connection = bool.Parse(validatedTokenClaims["connection"]); var newChat = bool.Parse(validatedTokenClaims["newchat"]); var newMessage = bool.Parse(validatedTokenClaims["newmessage"]); var notificationId = _context.Users.Single(user => user.UserId == userId).NotificationSettingsId; var notificationEntity = _context.NotificationSettings.SingleOrDefault(settings => settings.NotificationSettingsId == notificationId); if (notificationEntity != null) { notificationEntity.Sound = sound; notificationEntity.ConnectionChanged = connection; notificationEntity.NewChatReceived = newChat; notificationEntity.NewMessageReceived = newMessage; _context.NotificationSettings.Update(notificationEntity); _context.SaveChanges(); } return(Ok("success")); }
// GET: api/Login public IHttpActionResult Get() { var headers = Request.Headers; if (headers.Contains("token-jwt")) { string token = headers.GetValues("token-jwt").First(); TokenValidation validation = new TokenValidation(); string userValidated = validation.ValidateToken(token); if (userValidated != null) { TokenData data = JsonConvert.DeserializeObject <TokenData>(userValidated); Player g2 = null; try { g2 = db.Gamers.FirstOrDefault(g => g.ID == data.ID); } catch { } return(Ok(g2)); } else { return(BadRequest()); } } else { return(BadRequest()); } }
public async Task <IActionResult> GetAllChatsWithLastMessage(TokenDto tokenDto) { var token = tokenDto.Token; Dictionary <string, string> validatedTokenClaims; try { validatedTokenClaims = TokenValidation.ValidateToken(token); } catch (ArgumentException) { return(BadRequest(new { text = "Validation failed" })); } var userId = int.Parse(validatedTokenClaims["userId"]); var chatsOfUser = _context.ChatUsers.Where(user => user.UserId == userId).ToList(); var userChatsToReturn = new List <UserChatDTO>(); for (var i = 0; i < chatsOfUser.Count; i++) { var friendId = _context.ChatUsers .Single(user => user.ChatId == chatsOfUser[i].ChatId && user.UserId != userId).UserId; var friend = _context.Users.Find(friendId); //Trying to use LastOrDefault resulted in a crash, using this workaround for now var msgList = await _context.Messages.Where(message => message.ChatId == chatsOfUser[i].ChatId).ToListAsync(); Message?lastMsg = msgList.Count > 0 ? msgList[^ 1] : null;
public IActionResult AddChat(TokenDto tokenDto) { var token = tokenDto.Token; Dictionary <string, string> validatedTokenClaims; try { validatedTokenClaims = TokenValidation.ValidateToken(token); } catch (ArgumentException) { return(BadRequest(new { text = "Validation failed" })); } var curUserId = int.Parse(validatedTokenClaims["userId"]); var emailToAdd = validatedTokenClaims["emailToAdd"]; var match = _context.Users.SingleOrDefault(u => u.Login.Email.Equals(emailToAdd)); if (match == null) { return(BadRequest(new { text = "No one with such email exists bro..." })); } //Checking if user is not adding himself if (match.UserId == curUserId) { return(BadRequest(new { text = "You cannot add yourself,pls.." })); } var curUser = _context.Users.Find(curUserId); var chatsCurrentUserHas = _context.ChatUsers.Where(user => user.UserId == curUserId).ToList(); // Loop looking for occurrences, when we already have a same chat ID with the user that we are about to add foreach (var t in chatsCurrentUserHas) { var userListPerChat = ChatUserForASpecificChatFinder(t.ChatId); if (userListPerChat.Any(user => user.UserId == match.UserId)) { return(BadRequest(new { text = "You already have this guy..." })); } } if (curUser != null) { var chatUser = _chatWorker.AddChat(new List <User>() { curUser, match }); var newChatDto = new AddChatDto { ChatId = chatUser.ChatId, UserName = chatUser.User.UserName, FriendImageUrl = chatUser.User.ImageUrl }; return(Ok(newChatDto)); } return(BadRequest(new{ text = "Email not found" })); }
public ActionResult GenerateTokenFor(GenerateTokenViewModel model) { CallService(() => { TempData["ElectionId"] = model.SelectedElectionId; TempData["WahlkreisId"] = model.SelectedWahlkreisId; TempData["Amount"] = model.Amount; if (!model.Password.Equals("ichdarfdasschon")) { throw new Exception("Sie dürfen mit diesem Passwort keine Token generieren."); } var election = Service.GetElection(model.SelectedElectionId); var wahlkreis = Service.GetWahlkreis(model.SelectedWahlkreisId); var infoToken = string.Format("Bundestagswahl: {0}\nWahlkreis: {1}\n\nErstellte Token:", election.Date.ToShortDateString(), wahlkreis.Name); for (var i = 0; i < model.Amount; i++) { infoToken += string.Format("\n {0}", TokenValidation.GenerateTokenString(model.SelectedElectionId, model.SelectedWahlkreisId)); } GetMessageBag().Info.Add(infoToken); }); return(RedirectToAction("GenerateToken")); }
public async Task <ResultWrapper <InviteOutDto> > CreateInvite(InviteDto newInvite, TokenDto token) { if (!TokenValidation.ValidateToken(token, _unitOfWork)) { List <ErrorResult> errors = new List <ErrorResult>(); errors.Add(new ErrorResult(401, "Invalid token.")); _unitOfWork.tokenRepo.Remove(_unitOfWork.tokenRepo.Find(tk => tk.token.Equals(token.AccessToken)).FirstOrDefault()); return(new ResultWrapper <InviteOutDto>(null, errors)); } var invite = GetInvite(newInvite); if (invite != null) { invite.State = newInvite.State; } else { invite = Mapper.Map <Invite>(newInvite); _unitOfWork.InviteRepo.AddAsync(invite); } await _unitOfWork.InviteRepo.SaveAsync(); var eventI = await _unitOfWork.EventRepo.GetAsync(invite.EventId); var user = await _unitOfWork.UserRepo.GetAsync(invite.UserId); return(new ResultWrapper <InviteOutDto>(ConvertInviteToOutInvite(user, eventI, invite.State), null)); }
private async Task OnExecutingAsync(HttpRequest request, Microsoft.Azure.WebJobs.ExecutionContext context) { // Extract token from header, return 'Unauthorized' error if the token is null. string token = string.Empty; if (request.Headers.ContainsKey("Authorization") && request.Headers["Authorization"][0].StartsWith("Bearer ")) { token = request.Headers["Authorization"][0].Substring("Bearer ".Length); } else { request.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; throw new HttpRequestException("Unauthorized"); } // Get Azure AD env settings var config = new ConfigurationBuilder() .SetBasePath(context.FunctionAppDirectory) .AddJsonFile("local.settings.json", optional: true, reloadOnChange: true) .AddEnvironmentVariables() .Build(); _instance = config["AzureAd:Instance"]; _tenantId = config["AzureAd:TenantId"]; _clientId = config["AzureAd:ClientId"]; // Validate token (authorization) string audience = $"api://{_clientId}"; _userClaim = await TokenValidation.VerifyUserHasAnyAcceptedScope(token, _instance, _tenantId, _clientId, audience, _allowedScopes, new CancellationToken()); }
public void Setup() { // Build service colection to create identity UserManager and RoleManager. IServiceCollection serviceCollection = new ServiceCollection(); // Add ASP.NET Core Identity database in memory. sqliteConnection = new SqliteConnection("DataSource=:memory:"); serviceCollection.AddDbContext <ApplicationIdentityDbContext>(options => options.UseSqlite(sqliteConnection)); identityDbContext = serviceCollection.BuildServiceProvider().GetService <ApplicationIdentityDbContext>(); identityDbContext.Database.OpenConnection(); identityDbContext.Database.EnsureCreated(); // Add Identity using in memory database to create UserManager and RoleManager. serviceCollection.AddApplicationIdentity(); // Get UserManager and RoleManager. userManager = serviceCollection.BuildServiceProvider().GetService <UserManager <ApplicationUser> >(); roleManager = serviceCollection.BuildServiceProvider().GetService <RoleManager <ApplicationRole> >(); // Get token validation settings. var builder = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true); IConfigurationRoot configuration = builder.Build(); var tokenValidationSection = configuration.GetSection("TokenValidation"); serviceCollection.Configure <TokenValidation>(tokenValidationSection); tokenValidationSettings = serviceCollection.BuildServiceProvider().GetService <IOptions <TokenValidation> >().Value; }
public void ValidateIdTokenClaimsShouldReturnMaxAgePassedWhenMaxAgePassed() { var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoxNDUxNjUxNjYyfQ.novjze9SAX5QF-EKhdelob4UAhB_ZNEC-VzrcDRqXCk"; var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, 2600); Assert.AreEqual(TokenValidationResult.MaxAgePassed, result); }
public void ValidateIdTokenClaimsShouldReturnIdTokenExpiredWhenExpValueHasPassed() { var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MTQ1MTY1MTY2MiwiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3fQ.4MhPMtGMKBbzGrpT3TC4DUzR__sBsz2J6UqXdPksJLw"; var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, maxAge); Assert.AreEqual(TokenValidationResult.IdTokenExpired, result); }
public void ValidateIdTokenClaimsShouldReturnInvalidIssuerWhenIssuerNotMatching() { var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3fQ.8M6GM8GlMxSH_T8mYiQXZyEx0h6h4OYm0QN0H07ixwI"; var result = TokenValidation.ValidateIdTokenClaims(token, clientId, "notissuer", nonce, maxAge); Assert.AreEqual(TokenValidationResult.InvalidIssuer, result); }
public void ValidateIdTokenClaimsShouldReturnInvalidAudWhenClientIdNotInAudArray() { var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOlsibm90Y2xpZW50aWQiXSwiYXpwIjoieC1jbGllbnRpZC14IiwiaXNzIjoiaHR0cDovL21vYmlsZWNvbm5lY3QuaW8iLCJleHAiOjIxNDc0ODM2NDcsImF1dGhfdGltZSI6MjE0NzQ4MzY0N30.Is8A9klSQZYEs0MAScdyq_EqcpCy6r_56yzizktclNQ"; var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, maxAge); Assert.AreEqual(TokenValidationResult.InvalidAudAndAzp, result); }
public void ValidateIdTokenClaimsShouldReturnValidWhenAllClaimsValidWithAudArray() { var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOlsieC1jbGllbnRpZC14Il0sImF6cCI6IngtY2xpZW50aWQteCIsImlzcyI6Imh0dHA6Ly9tb2JpbGVjb25uZWN0LmlvIiwiZXhwIjoyMTQ3NDgzNjQ3LCJhdXRoX3RpbWUiOjIxNDc0ODM2NDd9.sPMj1GIchXKcVTXXRDb5tJeUFds7JkuREYYIuoBvpCM"; var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, maxAge); Assert.AreEqual(TokenValidationResult.Valid, result); }
public void ValidateIdTokenSignatureShouldNotValidateWhenKeysetNull() { var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InRlc3QifQ.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.PKN_cBANpXLegnmu6My4yhqcdbZaRVRLlseQJ4y1gMyFzLfRfYFHhbQC4xrIaN6ryxIsgJvFZ-047WfMwyptIhcP87exuYt6253k9gddndmjJtLuT9d5DB9bjiKkK49IdVsu91xyT1bXBHiWnZ-alFgnC4NfsCN3ec9TAynlivhzlBwghfdc6T8V27ewHWKg1ds0ZZbLQYZ0PtuLd0PW_SEOAnajVICBN7xm0rgxf9CTgOs5mBnKVCgPu1sJ-6bdcfA2VpLGLleuDHb9J9t6kbMytEMUjs4eDjdgxlogIUBOvY4MWfuu4l85GPZPMJ29aGmvAbns9e5Pufm8nO9DEA"; TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, null); Assert.AreEqual(TokenValidationResult.JWKSError, actual); }
public void ValidateAccessTokenShouldReturnExpiredIfExistsAndExpired() { var json = "{\"access_token\":\"zmxncbvlaksjdhfgeteywteuiroqp\",\"time_received\":\"2016-01-01T12:34:22\",\"expires_in\":3600}"; var tokenResponse = JsonConvert.DeserializeObject <RequestTokenResponseData>(json); var result = TokenValidation.ValidateAccessToken(tokenResponse); Assert.AreEqual(TokenValidationResult.AccessTokenExpired, result); }
public void ValidateIdTokenShouldNotValidateWhenClaimInvalid() { var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}"; var idToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXkiLCJhenAiOiJ4LWNsaWVudGlkLXkiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3LCJpYXQiOjE0NzEwMDc2NzR9.byu8aDef11sJPpPD9WM_j5uv92CsQEJLJ23SVCwrmf-btdyViTe5q1Q0X1hjVzv6FcCQLlrdJj1ib4sky6It1kVEEDk_E7w8KHH1CmmApghWh2lozJRlg8LQTQXgvfnUPeSLsoGBDYWI502aUhyy9V_zm9M0F3Vi0GWmDVZeXIvUlqdGd1YdzO0cmEfc9nyQSchimVmc-0etCGJn8qehvCZa_x96_u-qJeUiOb_7NypECoVDv8UzAZ48P5Dq-iDCYP6jCmOjdZ36b4JO6co1OnYp4cGONqZTQadVDewAfskKtGkspm6XUdil0WDct1DMuPnDuH1eweQtYopxtHRsjw"; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdToken(idToken, clientId, issuer, nonce, maxAge, jwks, _allValidationSupportedVersion); Assert.AreEqual(TokenValidationResult.InvalidAudAndAzp, actual); }
public void ValidateAccessTokenShouldReturnMissingIfNotExists() { // This test will stop working at 01/19/2038 @ 3:14am (UTC) (but so will all unix timestamps) var json = "{\"access_token\":\"\",\"expires_in\":2147483647}"; var tokenResponse = JsonConvert.DeserializeObject <RequestTokenResponseData>(json); var result = TokenValidation.ValidateAccessToken(tokenResponse); Assert.AreEqual(TokenValidationResult.AccessTokenMissing, result); }
public void ValidateIdTokenSignatureShouldNotValidateWhenNoMatchingKey() { var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\",\"kid\":\"test1\",},{\"e\":\"AQAB\",\"n\":\"sj_E_-OM6We6kM3Zl8LFQCbp4J1GA_RArvFo8Y0jLXR1xK20nJ0UIhCR1u4a3WD9dSwDRmcDa-3nT_1g5mzMOjBBO1I0VFDG61LyTkrbHhaz-VtRKjMcZMaVPHGC-nRogg92984s-ahO-Q4hkE05tiO96u3xj4S8_A3bsMIQCLQRYKS9_ovl_HxEJne3NFRkSZiiTym5g0H_nOrl2RlBYfV7GPst8Vzq45Mn1uDtCHocSeM3zunLG8TNOz0t6U_s0hAd0gKukoxgaGc1JDSsRWNs8r9SPniRMclKkcMWpdZQbLdT9ARsEB7i6w4x4C1p9i75PloXhwE-EOZ9kCeOtw\",\"kty\":\"RSA\",\"kid\":\"nottest\"}]}"; var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InRlc3QifQ.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.PKN_cBANpXLegnmu6My4yhqcdbZaRVRLlseQJ4y1gMyFzLfRfYFHhbQC4xrIaN6ryxIsgJvFZ-047WfMwyptIhcP87exuYt6253k9gddndmjJtLuT9d5DB9bjiKkK49IdVsu91xyT1bXBHiWnZ-alFgnC4NfsCN3ec9TAynlivhzlBwghfdc6T8V27ewHWKg1ds0ZZbLQYZ0PtuLd0PW_SEOAnajVICBN7xm0rgxf9CTgOs5mBnKVCgPu1sJ-6bdcfA2VpLGLleuDHb9J9t6kbMytEMUjs4eDjdgxlogIUBOvY4MWfuu4l85GPZPMJ29aGmvAbns9e5Pufm8nO9DEA"; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks); Assert.AreEqual(TokenValidationResult.NoMatchingKey, actual); }
public void ValidateIdTokenSignatureShouldNotValidateWhenSignatureMissing() { var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}"; var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0."; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks); Assert.AreEqual(TokenValidationResult.InvalidSignature, actual); }
public void ValidateIdTokenShouldNotValidateWhenNoIdToken() { var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}"; var idToken = ""; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdToken(idToken, clientId, issuer, nonce, maxAge, jwks, _allValidationSupportedVersion); Assert.AreEqual(TokenValidationResult.IdTokenMissing, actual); }
public void ValidateIdTokenSignatureShouldValidateUsingMatchingAlgKey() { var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}"; var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.QOdjTBG5xzX9ROIYmEyJ5ozamcd1O8R6Zna0GpO14n2lFu2oG2FP7HWws3VvgDqMkgwhyt-l7wFs-SDxYWsXj6a3wCGOHQSkOwdFWx5QZwHf4abOCVbcD0HMcFRWAAhBU8K0k9gBlNOdblArEusXWUtNOb3zA9kE5X8aX8v3anh_utrxaKYSvndjHIe7d50XybsOip4QOsqMEUbeBdos4hqSc_KW9qQvZcqBoZs3J7n-n8nPX5TcXu7OZd62pT48GvpL1Y1O6xvBA-gvLEpba3KffucBkgSXtLYsfw8n109A335z9TWIM_9D6OrRkWQrYBLm3B6GfcGOUDJIISegTA"; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks); Assert.AreEqual(TokenValidationResult.Valid, actual); }
public void ValidateIdTokenShouldReturnValidWhenUnsupportedVersionAndValidationPassed() { var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}"; var idToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3LCJpYXQiOjE0NzEwMDczMjd9.U9c5iuybG4GIvrbQH5BT9AgllRbPL6SuIzL4Y3MW7VlCVIQOc_HFfkiLa0LNvqZiP-kFlADmnkzuuQxPq7IyaOILVYct20mrcOb_U_zMli4jg-t9P3BxHaq3ds9JlLBjz0oewd01ZQtWHgRnrGymfKAIojzHlde-aePuL1M26Eld5zoKQvCLcKAynZsjKsWF_6YdLk-uhlC5ofMOaOoPirPSPAxYvbj91z3o9XIgSHoU-umN7AJ6UQ4H-ulfftlRGK8hz0Yzpf2MHOy9OHg1u3ayfCaaf8g5zKGngcz0LgK9VAw2B31xJw-RHkPPh0Hz82FgBc4588oEFC1c22GGTw"; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdToken(idToken, clientId, issuer, nonce, maxAge, jwks, _validationUnsupportedVersion); Assert.AreEqual(TokenValidationResult.IdTokenValidationSkipped, actual); }
public void ValidateIdTokenSignatureShouldNotValidateWhenAlgNotRS256() { var jwksJson = "{\"keys\":[{\"alg\":\"HS256\",\"kty\":\"oct\",\"use\":\"sig\",\"secret\":\"E5JqlByqY5vGQmeczEigRRr43fr-m7KdJMkN3eSDHOiv3UYYhRTr6OIirFHaYDdUgA4iq3WQ3lkHd3r-KV_iWlDzpha0dmaGaHvzYMThO5WKUBlsekGHT17V7tnnYq7aameaAUmVOZocKQ5svXrPNQJcFhDs-XO6Kcsin2zaYL6eCdLZF8w_YUYtGfxYD0SqB5mdmmE5jIam3f1dnodkoLmfGxUeSSAgCCJXHQtM-SwPpyZfGbYrhTAkcahPmrJOiQwZ7WPtFlMYR-T8U12STNaTDv63hjPW57cwLfjeTW8NEYO00KCWZD7HZo-8Tg4j93FG6b78VE7QUB-vjopQlw\"}]}"; var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.iTLUvv-HCYBkDzeVX0tRc5k3URY8kbjqvY1EgyXUE2s"; var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson); TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks); Assert.AreEqual(TokenValidationResult.IncorrectAlgorithm, actual); }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req, ILogger log) { // Check configuration if (string.IsNullOrEmpty(_config["apiFunctionId"]) || string.IsNullOrEmpty(_config["apiFunctionSecret"]) || string.IsNullOrEmpty(_config["tenantId"])) { log.LogError("Invalid app settings configured"); return(new InternalServerErrorResult()); } // Validate the bearer token var validationResult = await TokenValidation.ValidateAuthorizationHeader( req, _config["tenantId"], _config["apiFunctionId"], log); // If token wasn't returned it isn't valid if (validationResult == null) { return(new UnauthorizedResult()); } // Initialize a Graph client for this user var graphClient = _clientService.GetUserGraphClient(validationResult, new[] { "https://graph.microsoft.com/.default" }, log); // Get the user's newest message in inbox // GET /me/mailfolders/inbox/messages var messagePage = await graphClient.Me .MailFolders .Inbox .Messages .Request() // Limit the fields returned .Select(m => new { m.From, m.ReceivedDateTime, m.Subject }) // Sort by received time, newest on top .OrderBy("receivedDateTime DESC") // Only get back one message .Top(1) .GetAsync(); if (messagePage.CurrentPage.Count < 1) { return(new OkObjectResult(null)); } // Return the message in the response return(new OkObjectResult(messagePage.CurrentPage[0])); }
public override void ConfigureServicesCore(IServiceCollection services) { // Connection Cryptography Compliance: All connections must be utilizing TLS 1.2 ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "Cloud Born API", Version = "v1" }); }); services.AddMvc(options => { options.Filters.Add(new ErrorHandlingFilter()); options.Filters.Add(new OperationLoggingFilter(ServiceComponent.CloudBornWebService)); options.AllowValidatingTopLevelNodes = true; }); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => TokenValidation.CreateAuthenticationOptionsForMultiTenant(options, this.configuration.TokenValidationSettings)); services.AddAuthorization(options => { options.AddPolicy(AuthorizationPolicyConstants.OnlyTestApp, policy => policy.RequireClaim( "appid", this.configuration.AuthorizedResources.TestTrustedAppId)); }); // Add Gzip compression to our responses services.Configure <GzipCompressionProviderOptions>(options => { options.Level = CompressionLevel.Optimal; }); services.AddResponseCompression(options => { options.Providers.Add <GzipCompressionProvider>(); }); services.AddCors(options => { options.AddPolicy( CorsPolicyName, policy => { // Allow origins to match a configured wildcarded domains policy .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyMethod() .WithHeaders("authorization", "accept", "content-type", "origin"); }); }); }
public IActionResult Add([FromBody] TokenValidation tokenValidationToAdd) { if (!ModelState.IsValid) { return(BadRequest()); } _tokenValidationRepository.AddEmailVerification(tokenValidationToAdd); return(Accepted(tokenValidationToAdd)); }
public async Task <ResultWrapper <CompletedEvent> > CreateEvent(CompletedEvent newEvent, TokenDto token) { if (!TokenValidation.ValidateToken(token, _unitOfWork)) { List <ErrorResult> error = new List <ErrorResult>(); error.Add(new ErrorResult(401, "Invalid token.")); _unitOfWork.tokenRepo.Remove(_unitOfWork.tokenRepo.Find(tk => tk.token.Equals(token.AccessToken)).FirstOrDefault()); return(new ResultWrapper <CompletedEvent>(null, error)); } var errors = eventValid.ValidateEventCreation(newEvent); if (errors.Count() > 0) { return(new ResultWrapper <CompletedEvent>(null, errors)); } CompletedEvent existEvent = null; if (newEvent.EventId.HasValue) { existEvent = await GetEvent(newEvent.EventId.Value); } if (existEvent != null) { return(await UpdateEvent(existEvent, newEvent, token)); } Event ev = Mapper.Map <Event>(newEvent); Location location = Mapper.Map <Location>(newEvent.Location); // Insert a new location in DB _unitOfWork.LocationRepo.AddAsync(location); await _unitOfWork.LocationRepo.SaveAsync(); // Get user from token var userId = TokenValidation.GetUserIdFromToken(token, _unitOfWork); ev.Author = userId; ev.Location = location.LocationId; _unitOfWork.EventRepo.AddAsync(ev); await _unitOfWork.EventRepo.SaveAsync(); Category c = _unitOfWork.categoriesRepo.Find(e => e.Category1.Equals(newEvent.Category)).FirstOrDefault(); EventHasCategories ehc = new EventHasCategories(); ehc.EventId = ev.EventId; ehc.CategoryId = c.CategoryId; _unitOfWork.eventHasCategories.Add(ehc); await _unitOfWork.eventHasCategories.SaveAsync(); return(new ResultWrapper <CompletedEvent>(newEvent, null)); }