public JsonResult Members(List <Person> persons)
{
string token = Request.Headers.Get("Authorization") ?? "";
List <MessageHandler> messageHandlers = new List <MessageHandler>();
try
{
TokenValidation tokenValidation = DBContext.IsTokenValid(token);
if (tokenValidation.Validate)
{
if (tokenValidation.Type == UserType.Admin)
{
foreach (Person person in persons)
{
string message = DBOperations.InsertNewMembers(person);
messageHandlers.Add(MessageHandler.GetMessageHandler(message.StartsWith("Success") ? "Success" : "Error", message));
}
}
else
{
messageHandlers.Add(MessageHandler.GetMessageHandler("Error", "Hack attack"));
}
}
else
{
messageHandlers.Add(MessageHandler.GetMessageHandler("Error", "Invalid/Expired Token"));
}
}
catch (Exception ex)
{
messageHandlers.Add(MessageHandler.GetMessageHandler("Error", ex.Message));
}
return(Json(messageHandlers));
}
public static TokenValidation ValidateToken(string validToken)
{
try
{
System.Data.IDbConnection _Mydb = Supreme_Mobile.Models.GeneralService.DapperConnection();
var loginResult = _Mydb.Query <ValidTokenResultModel>(";Exec Supreme_AuthenticateToken @TokenID",
new
{
TokenID = validToken
}).SingleOrDefault();
MyUsersModel userModel = new MyUsersModel();
userModel.UserID = loginResult.UserID;
userModel.UserName = loginResult.UserName;
userModel.SecurityStamp = loginResult.SecurityStamp;
GeneralService logger = new GeneralService();
logger.LogWrite("Token: " + validToken + " - " + JsonConvert.SerializeObject(userModel).ToString());
var validation = TokenManager.ValidateToken(ConfirmLoginTokenPurpose, userModel, validToken);
return(validation);
}
catch (Exception ee)
{
var result = new TokenValidation();
result.Errors.Add(TokenValidationStatus.Expired);
GeneralService.WriteErrorLog(ref ee);
return(result);
}
}
public JsonResult Member(string userId)
{
string token = Request.Headers.Get("Authorization") ?? "";
TokenValidation tokenValidation = DBContext.IsTokenValid(token);
if (tokenValidation.Validate)
{
if (tokenValidation.Type == UserType.Admin)
{
try
{
string result = DBOperations.DeleteMember(userId);
return(Json(MessageHandler.GetMessageHandler("Success", result)));
}
catch (Exception ex)
{
return(Json(MessageHandler.GetMessageHandler("Error", ex.Message)));
}
}
else
{
return(Json(MessageHandler.GetMessageHandler("Error", "Hack attack")));
}
}
else
{
return(Json(MessageHandler.GetMessageHandler("Error", "Invalid/Expired Token")));
}
}
public IActionResult SaveNotificationSettings(TokenDto tokenDto)
{
var token = tokenDto.Token;
Dictionary <string, string> validatedTokenClaims;
try
{
validatedTokenClaims = TokenValidation.ValidateToken(token);
}
catch (ArgumentException)
{
return(BadRequest(new { text = "Validation failed" }));
}
var userId = int.Parse(validatedTokenClaims["userId"]);
var sound = bool.Parse(validatedTokenClaims["sound"]);
var connection = bool.Parse(validatedTokenClaims["connection"]);
var newChat = bool.Parse(validatedTokenClaims["newchat"]);
var newMessage = bool.Parse(validatedTokenClaims["newmessage"]);
var notificationId = _context.Users.Single(user => user.UserId == userId).NotificationSettingsId;
var notificationEntity = _context.NotificationSettings.SingleOrDefault(settings => settings.NotificationSettingsId == notificationId);
if (notificationEntity != null)
{
notificationEntity.Sound = sound;
notificationEntity.ConnectionChanged = connection;
notificationEntity.NewChatReceived = newChat;
notificationEntity.NewMessageReceived = newMessage;
_context.NotificationSettings.Update(notificationEntity);
_context.SaveChanges();
}
return(Ok("success"));
}
// GET: api/Login
public IHttpActionResult Get()
{
var headers = Request.Headers;
if (headers.Contains("token-jwt"))
{
string token = headers.GetValues("token-jwt").First();
TokenValidation validation = new TokenValidation();
string userValidated = validation.ValidateToken(token);
if (userValidated != null)
{
TokenData data = JsonConvert.DeserializeObject <TokenData>(userValidated);
Player g2 = null;
try
{
g2 = db.Gamers.FirstOrDefault(g => g.ID == data.ID);
}
catch
{
}
return(Ok(g2));
}
else
{
return(BadRequest());
}
}
else
{
return(BadRequest());
}
}
public async Task <IActionResult> GetAllChatsWithLastMessage(TokenDto tokenDto)
{
var token = tokenDto.Token;
Dictionary <string, string> validatedTokenClaims;
try
{
validatedTokenClaims = TokenValidation.ValidateToken(token);
}
catch (ArgumentException)
{
return(BadRequest(new { text = "Validation failed" }));
}
var userId = int.Parse(validatedTokenClaims["userId"]);
var chatsOfUser = _context.ChatUsers.Where(user => user.UserId == userId).ToList();
var userChatsToReturn = new List <UserChatDTO>();
for (var i = 0; i < chatsOfUser.Count; i++)
{
var friendId = _context.ChatUsers
.Single(user => user.ChatId == chatsOfUser[i].ChatId && user.UserId != userId).UserId;
var friend = _context.Users.Find(friendId);
//Trying to use LastOrDefault resulted in a crash, using this workaround for now
var msgList = await _context.Messages.Where(message => message.ChatId == chatsOfUser[i].ChatId).ToListAsync();
Message?lastMsg = msgList.Count > 0 ? msgList[^ 1] : null;
public IActionResult AddChat(TokenDto tokenDto)
{
var token = tokenDto.Token;
Dictionary <string, string> validatedTokenClaims;
try
{
validatedTokenClaims = TokenValidation.ValidateToken(token);
}
catch (ArgumentException)
{
return(BadRequest(new { text = "Validation failed" }));
}
var curUserId = int.Parse(validatedTokenClaims["userId"]);
var emailToAdd = validatedTokenClaims["emailToAdd"];
var match = _context.Users.SingleOrDefault(u => u.Login.Email.Equals(emailToAdd));
if (match == null)
{
return(BadRequest(new { text = "No one with such email exists bro..." }));
}
//Checking if user is not adding himself
if (match.UserId == curUserId)
{
return(BadRequest(new { text = "You cannot add yourself,pls.." }));
}
var curUser = _context.Users.Find(curUserId);
var chatsCurrentUserHas = _context.ChatUsers.Where(user => user.UserId == curUserId).ToList();
// Loop looking for occurrences, when we already have a same chat ID with the user that we are about to add
foreach (var t in chatsCurrentUserHas)
{
var userListPerChat = ChatUserForASpecificChatFinder(t.ChatId);
if (userListPerChat.Any(user => user.UserId == match.UserId))
{
return(BadRequest(new { text = "You already have this guy..." }));
}
}
if (curUser != null)
{
var chatUser = _chatWorker.AddChat(new List <User>()
{
curUser, match
});
var newChatDto = new AddChatDto
{
ChatId = chatUser.ChatId, UserName = chatUser.User.UserName, FriendImageUrl = chatUser.User.ImageUrl
};
return(Ok(newChatDto));
}
return(BadRequest(new{ text = "Email not found" }));
}
public ActionResult GenerateTokenFor(GenerateTokenViewModel model)
{
CallService(() =>
{
TempData["ElectionId"] = model.SelectedElectionId;
TempData["WahlkreisId"] = model.SelectedWahlkreisId;
TempData["Amount"] = model.Amount;
if (!model.Password.Equals("ichdarfdasschon"))
{
throw new Exception("Sie dürfen mit diesem Passwort keine Token generieren.");
}
var election = Service.GetElection(model.SelectedElectionId);
var wahlkreis = Service.GetWahlkreis(model.SelectedWahlkreisId);
var infoToken = string.Format("Bundestagswahl: {0}\nWahlkreis: {1}\n\nErstellte Token:",
election.Date.ToShortDateString(), wahlkreis.Name);
for (var i = 0; i < model.Amount; i++)
{
infoToken += string.Format("\n {0}",
TokenValidation.GenerateTokenString(model.SelectedElectionId, model.SelectedWahlkreisId));
}
GetMessageBag().Info.Add(infoToken);
});
return(RedirectToAction("GenerateToken"));
}
public async Task <ResultWrapper <InviteOutDto> > CreateInvite(InviteDto newInvite, TokenDto token)
{
if (!TokenValidation.ValidateToken(token, _unitOfWork))
{
List <ErrorResult> errors = new List <ErrorResult>();
errors.Add(new ErrorResult(401, "Invalid token."));
_unitOfWork.tokenRepo.Remove(_unitOfWork.tokenRepo.Find(tk => tk.token.Equals(token.AccessToken)).FirstOrDefault());
return(new ResultWrapper <InviteOutDto>(null, errors));
}
var invite = GetInvite(newInvite);
if (invite != null)
{
invite.State = newInvite.State;
}
else
{
invite = Mapper.Map <Invite>(newInvite);
_unitOfWork.InviteRepo.AddAsync(invite);
}
await _unitOfWork.InviteRepo.SaveAsync();
var eventI = await _unitOfWork.EventRepo.GetAsync(invite.EventId);
var user = await _unitOfWork.UserRepo.GetAsync(invite.UserId);
return(new ResultWrapper <InviteOutDto>(ConvertInviteToOutInvite(user, eventI, invite.State), null));
}
private async Task OnExecutingAsync(HttpRequest request, Microsoft.Azure.WebJobs.ExecutionContext context)
{
// Extract token from header, return 'Unauthorized' error if the token is null.
string token = string.Empty;
if (request.Headers.ContainsKey("Authorization") && request.Headers["Authorization"][0].StartsWith("Bearer "))
{
token = request.Headers["Authorization"][0].Substring("Bearer ".Length);
}
else
{
request.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
throw new HttpRequestException("Unauthorized");
}
// Get Azure AD env settings
var config = new ConfigurationBuilder()
.SetBasePath(context.FunctionAppDirectory)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables()
.Build();
_instance = config["AzureAd:Instance"];
_tenantId = config["AzureAd:TenantId"];
_clientId = config["AzureAd:ClientId"];
// Validate token (authorization)
string audience = $"api://{_clientId}";
_userClaim = await TokenValidation.VerifyUserHasAnyAcceptedScope(token, _instance, _tenantId, _clientId, audience, _allowedScopes, new CancellationToken());
}
public void Setup()
{
// Build service colection to create identity UserManager and RoleManager.
IServiceCollection serviceCollection = new ServiceCollection();
// Add ASP.NET Core Identity database in memory.
sqliteConnection = new SqliteConnection("DataSource=:memory:");
serviceCollection.AddDbContext <ApplicationIdentityDbContext>(options => options.UseSqlite(sqliteConnection));
identityDbContext = serviceCollection.BuildServiceProvider().GetService <ApplicationIdentityDbContext>();
identityDbContext.Database.OpenConnection();
identityDbContext.Database.EnsureCreated();
// Add Identity using in memory database to create UserManager and RoleManager.
serviceCollection.AddApplicationIdentity();
// Get UserManager and RoleManager.
userManager = serviceCollection.BuildServiceProvider().GetService <UserManager <ApplicationUser> >();
roleManager = serviceCollection.BuildServiceProvider().GetService <RoleManager <ApplicationRole> >();
// Get token validation settings.
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true);
IConfigurationRoot configuration = builder.Build();
var tokenValidationSection = configuration.GetSection("TokenValidation");
serviceCollection.Configure <TokenValidation>(tokenValidationSection);
tokenValidationSettings = serviceCollection.BuildServiceProvider().GetService <IOptions <TokenValidation> >().Value;
}
public void ValidateIdTokenClaimsShouldReturnMaxAgePassedWhenMaxAgePassed()
{
var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoxNDUxNjUxNjYyfQ.novjze9SAX5QF-EKhdelob4UAhB_ZNEC-VzrcDRqXCk";
var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, 2600);
Assert.AreEqual(TokenValidationResult.MaxAgePassed, result);
}
public void ValidateIdTokenClaimsShouldReturnIdTokenExpiredWhenExpValueHasPassed()
{
var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MTQ1MTY1MTY2MiwiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3fQ.4MhPMtGMKBbzGrpT3TC4DUzR__sBsz2J6UqXdPksJLw";
var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, maxAge);
Assert.AreEqual(TokenValidationResult.IdTokenExpired, result);
}
public void ValidateIdTokenClaimsShouldReturnInvalidIssuerWhenIssuerNotMatching()
{
var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3fQ.8M6GM8GlMxSH_T8mYiQXZyEx0h6h4OYm0QN0H07ixwI";
var result = TokenValidation.ValidateIdTokenClaims(token, clientId, "notissuer", nonce, maxAge);
Assert.AreEqual(TokenValidationResult.InvalidIssuer, result);
}
public void ValidateIdTokenClaimsShouldReturnInvalidAudWhenClientIdNotInAudArray()
{
var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOlsibm90Y2xpZW50aWQiXSwiYXpwIjoieC1jbGllbnRpZC14IiwiaXNzIjoiaHR0cDovL21vYmlsZWNvbm5lY3QuaW8iLCJleHAiOjIxNDc0ODM2NDcsImF1dGhfdGltZSI6MjE0NzQ4MzY0N30.Is8A9klSQZYEs0MAScdyq_EqcpCy6r_56yzizktclNQ";
var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, maxAge);
Assert.AreEqual(TokenValidationResult.InvalidAudAndAzp, result);
}
public void ValidateIdTokenClaimsShouldReturnValidWhenAllClaimsValidWithAudArray()
{
var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOlsieC1jbGllbnRpZC14Il0sImF6cCI6IngtY2xpZW50aWQteCIsImlzcyI6Imh0dHA6Ly9tb2JpbGVjb25uZWN0LmlvIiwiZXhwIjoyMTQ3NDgzNjQ3LCJhdXRoX3RpbWUiOjIxNDc0ODM2NDd9.sPMj1GIchXKcVTXXRDb5tJeUFds7JkuREYYIuoBvpCM";
var result = TokenValidation.ValidateIdTokenClaims(token, clientId, issuer, nonce, maxAge);
Assert.AreEqual(TokenValidationResult.Valid, result);
}
public void ValidateIdTokenSignatureShouldNotValidateWhenKeysetNull()
{
var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InRlc3QifQ.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.PKN_cBANpXLegnmu6My4yhqcdbZaRVRLlseQJ4y1gMyFzLfRfYFHhbQC4xrIaN6ryxIsgJvFZ-047WfMwyptIhcP87exuYt6253k9gddndmjJtLuT9d5DB9bjiKkK49IdVsu91xyT1bXBHiWnZ-alFgnC4NfsCN3ec9TAynlivhzlBwghfdc6T8V27ewHWKg1ds0ZZbLQYZ0PtuLd0PW_SEOAnajVICBN7xm0rgxf9CTgOs5mBnKVCgPu1sJ-6bdcfA2VpLGLleuDHb9J9t6kbMytEMUjs4eDjdgxlogIUBOvY4MWfuu4l85GPZPMJ29aGmvAbns9e5Pufm8nO9DEA";
TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, null);
Assert.AreEqual(TokenValidationResult.JWKSError, actual);
}
public void ValidateAccessTokenShouldReturnExpiredIfExistsAndExpired()
{
var json = "{\"access_token\":\"zmxncbvlaksjdhfgeteywteuiroqp\",\"time_received\":\"2016-01-01T12:34:22\",\"expires_in\":3600}";
var tokenResponse = JsonConvert.DeserializeObject <RequestTokenResponseData>(json);
var result = TokenValidation.ValidateAccessToken(tokenResponse);
Assert.AreEqual(TokenValidationResult.AccessTokenExpired, result);
}
public void ValidateIdTokenShouldNotValidateWhenClaimInvalid()
{
var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}";
var idToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXkiLCJhenAiOiJ4LWNsaWVudGlkLXkiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3LCJpYXQiOjE0NzEwMDc2NzR9.byu8aDef11sJPpPD9WM_j5uv92CsQEJLJ23SVCwrmf-btdyViTe5q1Q0X1hjVzv6FcCQLlrdJj1ib4sky6It1kVEEDk_E7w8KHH1CmmApghWh2lozJRlg8LQTQXgvfnUPeSLsoGBDYWI502aUhyy9V_zm9M0F3Vi0GWmDVZeXIvUlqdGd1YdzO0cmEfc9nyQSchimVmc-0etCGJn8qehvCZa_x96_u-qJeUiOb_7NypECoVDv8UzAZ48P5Dq-iDCYP6jCmOjdZ36b4JO6co1OnYp4cGONqZTQadVDewAfskKtGkspm6XUdil0WDct1DMuPnDuH1eweQtYopxtHRsjw";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdToken(idToken, clientId, issuer, nonce, maxAge, jwks, _allValidationSupportedVersion);
Assert.AreEqual(TokenValidationResult.InvalidAudAndAzp, actual);
}
public void ValidateAccessTokenShouldReturnMissingIfNotExists()
{
// This test will stop working at 01/19/2038 @ 3:14am (UTC) (but so will all unix timestamps)
var json = "{\"access_token\":\"\",\"expires_in\":2147483647}";
var tokenResponse = JsonConvert.DeserializeObject <RequestTokenResponseData>(json);
var result = TokenValidation.ValidateAccessToken(tokenResponse);
Assert.AreEqual(TokenValidationResult.AccessTokenMissing, result);
}
public void ValidateIdTokenSignatureShouldNotValidateWhenNoMatchingKey()
{
var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\",\"kid\":\"test1\",},{\"e\":\"AQAB\",\"n\":\"sj_E_-OM6We6kM3Zl8LFQCbp4J1GA_RArvFo8Y0jLXR1xK20nJ0UIhCR1u4a3WD9dSwDRmcDa-3nT_1g5mzMOjBBO1I0VFDG61LyTkrbHhaz-VtRKjMcZMaVPHGC-nRogg92984s-ahO-Q4hkE05tiO96u3xj4S8_A3bsMIQCLQRYKS9_ovl_HxEJne3NFRkSZiiTym5g0H_nOrl2RlBYfV7GPst8Vzq45Mn1uDtCHocSeM3zunLG8TNOz0t6U_s0hAd0gKukoxgaGc1JDSsRWNs8r9SPniRMclKkcMWpdZQbLdT9ARsEB7i6w4x4C1p9i75PloXhwE-EOZ9kCeOtw\",\"kty\":\"RSA\",\"kid\":\"nottest\"}]}";
var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InRlc3QifQ.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.PKN_cBANpXLegnmu6My4yhqcdbZaRVRLlseQJ4y1gMyFzLfRfYFHhbQC4xrIaN6ryxIsgJvFZ-047WfMwyptIhcP87exuYt6253k9gddndmjJtLuT9d5DB9bjiKkK49IdVsu91xyT1bXBHiWnZ-alFgnC4NfsCN3ec9TAynlivhzlBwghfdc6T8V27ewHWKg1ds0ZZbLQYZ0PtuLd0PW_SEOAnajVICBN7xm0rgxf9CTgOs5mBnKVCgPu1sJ-6bdcfA2VpLGLleuDHb9J9t6kbMytEMUjs4eDjdgxlogIUBOvY4MWfuu4l85GPZPMJ29aGmvAbns9e5Pufm8nO9DEA";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks);
Assert.AreEqual(TokenValidationResult.NoMatchingKey, actual);
}
public void ValidateIdTokenSignatureShouldNotValidateWhenSignatureMissing()
{
var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}";
var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks);
Assert.AreEqual(TokenValidationResult.InvalidSignature, actual);
}
public void ValidateIdTokenShouldNotValidateWhenNoIdToken()
{
var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}";
var idToken = "";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdToken(idToken, clientId, issuer, nonce, maxAge, jwks, _allValidationSupportedVersion);
Assert.AreEqual(TokenValidationResult.IdTokenMissing, actual);
}
public void ValidateIdTokenSignatureShouldValidateUsingMatchingAlgKey()
{
var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}";
var token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.QOdjTBG5xzX9ROIYmEyJ5ozamcd1O8R6Zna0GpO14n2lFu2oG2FP7HWws3VvgDqMkgwhyt-l7wFs-SDxYWsXj6a3wCGOHQSkOwdFWx5QZwHf4abOCVbcD0HMcFRWAAhBU8K0k9gBlNOdblArEusXWUtNOb3zA9kE5X8aX8v3anh_utrxaKYSvndjHIe7d50XybsOip4QOsqMEUbeBdos4hqSc_KW9qQvZcqBoZs3J7n-n8nPX5TcXu7OZd62pT48GvpL1Y1O6xvBA-gvLEpba3KffucBkgSXtLYsfw8n109A335z9TWIM_9D6OrRkWQrYBLm3B6GfcGOUDJIISegTA";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks);
Assert.AreEqual(TokenValidationResult.Valid, actual);
}
public void ValidateIdTokenShouldReturnValidWhenUnsupportedVersionAndValidationPassed()
{
var jwksJson = "{\"keys\":[{\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"hzr2li5ABVbbQ4BvdDskl6hejaVw0tIDYO-C0GBr5lRA-AXtmCO7bh0CEC9-R6mqctkzUhVnU22Vrj-B1J0JtJoaya9VTC3DdhzI_-7kxtIc5vrHq-ss5wo8-tK7UqtKLSRf9DcyZA0H9FEABbO5Qfvh-cfK4EI_ytA5UBZgO322RVYgQ9Do0D_-jf90dcuUgoxz_JTAOpVNc0u_m9LxGnGL3GhMbxLaX3eUublD40aK0nS2k37dOYOpQHxuAS8BZxLvS6900qqaZ6z0kwZ2WFq-hhk3Imd6fweS724fzqVslY7rHpM5n7z5m7s1ArurU1dBC1Dxw1Hzn6ZeJkEaZQ\",\"kty\":\"RSA\",\"use\":\"sig\"}]}";
var idToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJ4LWNsaWVudGlkLXgiLCJhenAiOiJ4LWNsaWVudGlkLXgiLCJpc3MiOiJodHRwOi8vbW9iaWxlY29ubmVjdC5pbyIsImV4cCI6MjE0NzQ4MzY0NywiYXV0aF90aW1lIjoyMTQ3NDgzNjQ3LCJpYXQiOjE0NzEwMDczMjd9.U9c5iuybG4GIvrbQH5BT9AgllRbPL6SuIzL4Y3MW7VlCVIQOc_HFfkiLa0LNvqZiP-kFlADmnkzuuQxPq7IyaOILVYct20mrcOb_U_zMli4jg-t9P3BxHaq3ds9JlLBjz0oewd01ZQtWHgRnrGymfKAIojzHlde-aePuL1M26Eld5zoKQvCLcKAynZsjKsWF_6YdLk-uhlC5ofMOaOoPirPSPAxYvbj91z3o9XIgSHoU-umN7AJ6UQ4H-ulfftlRGK8hz0Yzpf2MHOy9OHg1u3ayfCaaf8g5zKGngcz0LgK9VAw2B31xJw-RHkPPh0Hz82FgBc4588oEFC1c22GGTw";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdToken(idToken, clientId, issuer, nonce, maxAge, jwks, _validationUnsupportedVersion);
Assert.AreEqual(TokenValidationResult.IdTokenValidationSkipped, actual);
}
public void ValidateIdTokenSignatureShouldNotValidateWhenAlgNotRS256()
{
var jwksJson = "{\"keys\":[{\"alg\":\"HS256\",\"kty\":\"oct\",\"use\":\"sig\",\"secret\":\"E5JqlByqY5vGQmeczEigRRr43fr-m7KdJMkN3eSDHOiv3UYYhRTr6OIirFHaYDdUgA4iq3WQ3lkHd3r-KV_iWlDzpha0dmaGaHvzYMThO5WKUBlsekGHT17V7tnnYq7aameaAUmVOZocKQ5svXrPNQJcFhDs-XO6Kcsin2zaYL6eCdLZF8w_YUYtGfxYD0SqB5mdmmE5jIam3f1dnodkoLmfGxUeSSAgCCJXHQtM-SwPpyZfGbYrhTAkcahPmrJOiQwZ7WPtFlMYR-T8U12STNaTDv63hjPW57cwLfjeTW8NEYO00KCWZD7HZo-8Tg4j93FG6b78VE7QUB-vjopQlw\"}]}";
var token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhenAiOiJNekZsWmpreFpHSXRPV1UyTlMwMFpURm1MVGt3TXpjdE5UUXpOamRrTURCa016Y3pPbTl3WlhKaGRHOXlMV0U9IiwiYXV0aF90aW1lIjoxNDcwMzI2ODIwLCJhdWQiOlsiTXpGbFpqa3haR0l0T1dVMk5TMDBaVEZtTFRrd016Y3ROVFF6Tmpka01EQmtNemN6T205d1pYSmhkRzl5TFdFPSJdLCJhbXIiOlsiU0lNX1BJTiJdLCJub25jZSI6ImFkNjVmOGUwNzA3MTRlYTU5Yzc2NDRlZjE1OGM1MjM3IiwiaWF0IjoxNDcwMzI2ODIwLCJpc3MiOiJpbnRlZ3JhdGlvbjIuc2FuZGJveC5tb2JpbGVjb25uZWN0LmlvIiwiYWNyIjoiMiIsImV4cCI6MTQ3MDMzMDQyMCwic3ViIjoiYzIzMjQ2N2MtNDliMi0xMWU2LTlhYTgtMDI0MmFjMTEwMDAzIn0.iTLUvv-HCYBkDzeVX0tRc5k3URY8kbjqvY1EgyXUE2s";
var jwks = JsonConvert.DeserializeObject <JWKeyset>(jwksJson);
TokenValidationResult actual = TokenValidation.ValidateIdTokenSignature(token, jwks);
Assert.AreEqual(TokenValidationResult.IncorrectAlgorithm, actual);
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req,
ILogger log)
{
// Check configuration
if (string.IsNullOrEmpty(_config["apiFunctionId"]) ||
string.IsNullOrEmpty(_config["apiFunctionSecret"]) ||
string.IsNullOrEmpty(_config["tenantId"]))
{
log.LogError("Invalid app settings configured");
return(new InternalServerErrorResult());
}
// Validate the bearer token
var validationResult = await TokenValidation.ValidateAuthorizationHeader(
req, _config["tenantId"], _config["apiFunctionId"], log);
// If token wasn't returned it isn't valid
if (validationResult == null)
{
return(new UnauthorizedResult());
}
// Initialize a Graph client for this user
var graphClient = _clientService.GetUserGraphClient(validationResult,
new[] { "https://graph.microsoft.com/.default" }, log);
// Get the user's newest message in inbox
// GET /me/mailfolders/inbox/messages
var messagePage = await graphClient.Me
.MailFolders
.Inbox
.Messages
.Request()
// Limit the fields returned
.Select(m => new
{
m.From,
m.ReceivedDateTime,
m.Subject
})
// Sort by received time, newest on top
.OrderBy("receivedDateTime DESC")
// Only get back one message
.Top(1)
.GetAsync();
if (messagePage.CurrentPage.Count < 1)
{
return(new OkObjectResult(null));
}
// Return the message in the response
return(new OkObjectResult(messagePage.CurrentPage[0]));
}
public override void ConfigureServicesCore(IServiceCollection services)
{
// Connection Cryptography Compliance: All connections must be utilizing TLS 1.2
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Cloud Born API", Version = "v1"
});
});
services.AddMvc(options =>
{
options.Filters.Add(new ErrorHandlingFilter());
options.Filters.Add(new OperationLoggingFilter(ServiceComponent.CloudBornWebService));
options.AllowValidatingTopLevelNodes = true;
});
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
TokenValidation.CreateAuthenticationOptionsForMultiTenant(options, this.configuration.TokenValidationSettings));
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationPolicyConstants.OnlyTestApp, policy => policy.RequireClaim(
"appid",
this.configuration.AuthorizedResources.TestTrustedAppId));
});
// Add Gzip compression to our responses
services.Configure <GzipCompressionProviderOptions>(options =>
{
options.Level = CompressionLevel.Optimal;
});
services.AddResponseCompression(options =>
{
options.Providers.Add <GzipCompressionProvider>();
});
services.AddCors(options =>
{
options.AddPolicy(
CorsPolicyName,
policy =>
{
// Allow origins to match a configured wildcarded domains
policy
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyMethod()
.WithHeaders("authorization", "accept", "content-type", "origin");
});
});
}
public IActionResult Add([FromBody] TokenValidation tokenValidationToAdd)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
_tokenValidationRepository.AddEmailVerification(tokenValidationToAdd);
return(Accepted(tokenValidationToAdd));
}
public async Task <ResultWrapper <CompletedEvent> > CreateEvent(CompletedEvent newEvent, TokenDto token)
{
if (!TokenValidation.ValidateToken(token, _unitOfWork))
{
List <ErrorResult> error = new List <ErrorResult>();
error.Add(new ErrorResult(401, "Invalid token."));
_unitOfWork.tokenRepo.Remove(_unitOfWork.tokenRepo.Find(tk => tk.token.Equals(token.AccessToken)).FirstOrDefault());
return(new ResultWrapper <CompletedEvent>(null, error));
}
var errors = eventValid.ValidateEventCreation(newEvent);
if (errors.Count() > 0)
{
return(new ResultWrapper <CompletedEvent>(null, errors));
}
CompletedEvent existEvent = null;
if (newEvent.EventId.HasValue)
{
existEvent = await GetEvent(newEvent.EventId.Value);
}
if (existEvent != null)
{
return(await UpdateEvent(existEvent, newEvent, token));
}
Event ev = Mapper.Map <Event>(newEvent);
Location location = Mapper.Map <Location>(newEvent.Location);
// Insert a new location in DB
_unitOfWork.LocationRepo.AddAsync(location);
await _unitOfWork.LocationRepo.SaveAsync();
// Get user from token
var userId = TokenValidation.GetUserIdFromToken(token, _unitOfWork);
ev.Author = userId;
ev.Location = location.LocationId;
_unitOfWork.EventRepo.AddAsync(ev);
await _unitOfWork.EventRepo.SaveAsync();
Category c = _unitOfWork.categoriesRepo.Find(e => e.Category1.Equals(newEvent.Category)).FirstOrDefault();
EventHasCategories ehc = new EventHasCategories();
ehc.EventId = ev.EventId;
ehc.CategoryId = c.CategoryId;
_unitOfWork.eventHasCategories.Add(ehc);
await _unitOfWork.eventHasCategories.SaveAsync();
return(new ResultWrapper <CompletedEvent>(newEvent, null));
}
