public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(HttpResponse response, User user,
LongSession longSession = null)
{
void GenerateTokens(LongSession longSession1)
{
longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length);
longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length);
longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jwtOptions.LongTokenLiveTimeDays);
}
if (longSession == null)
{
longSession = new LongSession
{
UserId = user.Id,
DeviceInfo = ""
};
GenerateTokens(longSession);
longSession.Id = await db.InsertWithInt64IdentityAsync(longSession);
}
else
{
GenerateTokens(longSession);
await db.UpdateAsync(longSession);
}
var lat2Token = CreateLong2AuthToken(longSession, out string lat2r);
response.Cookies.Append(
TokenClaimNames.LongToken2CoockiName,
lat2Token,
new CookieOptions
{
Path = "/",
HttpOnly = true,
IsEssential = true,
Expires = longSession.ExpirationDate
}
);
TokenAndClaimsPrincipal tokenAndClaimsPrincipal =
await GenerateShortAuthTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id);
string json = JsonConvert.SerializeObject(new
{
LongToken = new
{
Token = longSession.LongToken1,
Expiration = longSession.ExpirationDate.ToInvariantString()
},
ShortToken = tokenAndClaimsPrincipal.Token
}, jsonSerializerSettings);
response.Headers.Add(Headers.TokensHeaderName, json);
return(tokenAndClaimsPrincipal.ClaimsPrincipal);
}
private async Task <TokenAndClaimsPrincipal> CreateShortTokenAsync(
User user, string lat2r, string lat2, long sessionId)
{
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(JwtRegisteredClaimNames.Jti,
CryptoRandomizer.GetRandomString(DbColumnSizes.BlackListShortToken_TokenId))
};
var roleNames = await userManager.GetRolesAsync(user);
foreach (var role in roleNames)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var expiration = DateTime.UtcNow.AddMinutes(jwtOptions.ShortTokenLiveTimeMinutes);
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: expiration);
var claimsIdentity = new ClaimsIdentity(claims, "JwtShortToken");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
return(new TokenAndClaimsPrincipal
{
ClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2),
Token = cryptService.Crypt(CipherSecrets.ShortJwt, token.Payload.SerializeToJson()),
Expiration = expiration
});
}
private string CreateLong2AuthToken(LongSession longSession, out string lat2r)
{
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(jwtOptions.LongJwtSecurityKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
lat2r = CryptoRandomizer.GetRandomString(10);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2),
new Claim(TokenClaimNames.SessionId, longSession.Id.ToString())
};
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: longSession.ExpirationDate,
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public string MakeCaptchaToken()
{
var token = CryptoRandomizer.GetRandomString(64);
var answer = GenerateCaptchaText();
captchaCacheService.Cache(token, answer);
return(token);
}
public FileAndDir GetNewImageNameAndDir(string ext)
{
var cid = CryptoRandomizer.GetRandomString(
DbColumnSizes.FileNameWithDirSize -
8); // Why -8. 4 needed for directory start "123/", and 4 needed for extension ".jpg"
byte[] bites = Encoding.UTF8.GetBytes(cid);
return(new FileAndDir(cid + ext, bites[0].ToString()));
}
public virtual string GenerateChangeEmailToken(User user, string email)
{
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, email),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(16))
};
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: DateTime.UtcNow.AddDays(3));
cryptService.Crypt(CipherSecrets.EmailChange, token.Payload.SerializeToJson());
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public async Task <string> GenereteEmailToken(User user)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(JwtRegisteredClaimNames.Email, user.Email),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(16)),
};
var token = new JwtSecurityToken(
claims: claims,
expires: DateTime.Now.AddDays(TokenParameters.EmailTokenLifeTime));
var cryptedToken = await crypt.Crypt(EmailCypherNameId, token.Payload.SerializeToJson());
return(cryptedToken);
}
public async Task <IActionResult> SignUpAsync([FromForm] RegisterModel model)
{
try
{
var longSession = CryptoRandomizer.GetRandomString(32);
var fingerPrint = authService.GetFingerPrint(HttpUtilities.GetDataFromHeaders(HttpContext, HttpConstants.UserAgentHeaderName), longSession);
var registerResult = await authService.RegisterAsync(model.UserName, model.Email, model.Password, fingerPrint, longSession);
authService.MakeLongSessionCookies(registerResult.RefreshToken);
return(Json(registerResult));
}
catch (ApiError infoExcetpion)
{
return(Unauthorized(infoExcetpion.ex.Description));
}
}
private string CreateLong2Token(LongSession longSession, out string lat2r)
{
lat2r = CryptoRandomizer.GetRandomString(10);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2),
new Claim(TokenClaimNames.SessionId, longSession.Id.ToString())
};
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: longSession.ExpirationDate);
return(cryptService.Crypt(CipherSecrets.Long2Jwt, token.Payload.SerializeToJson()));
}
public virtual string GenerateChangeEmailToken(User user, string email)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.SecurityKeyEmailChange));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, email),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(16))
};
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: DateTime.Now.AddDays(3),
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public string GenereteJwtToken(string userName, IdentityUser user, List <string> roles)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimsIdentity.DefaultNameClaimType, userName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(CommonConstants.UniqueClaimName, CryptoRandomizer.GetRandomString(16))
};
foreach (string role in roles)
{
claims.Add(new Claim(ClaimsIdentity.DefaultRoleClaimType, role));
}
var signInCreditials = new SigningCredentials(signInEncodingKey.GetKey(),
signInEncodingKey.SignInAlgorithm);
var encryptedCreditials = new EncryptingCredentials(jwtEncryptionEncodingKey.GetKey(),
jwtEncryptionEncodingKey.SigningAlgorithm,
jwtEncryptionEncodingKey.EncryptingAlgorithm);
var expires = DateTime.Now.AddMinutes(Convert.ToDouble(tokenLifeTimeOptions.Value.AccessTokenLifeTime));
var now = DateTime.UtcNow;
var token = new JwtSecurityTokenHandler().CreateJwtSecurityToken(
authOptions.Value.Issuer,
authOptions.Value.Audience,
notBefore: now,
subject: new ClaimsIdentity(claims),
expires: expires,
issuedAt: DateTime.Now,
signingCredentials: signInCreditials,
encryptingCredentials: encryptedCreditials
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private async Task <TokenAndClaimsPrincipal> GenerateShortAuthTokenAsync(User user, string lat2r, string lat2, long sessionId)
{
// Generate and issue a JWT token
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.ShortJwtSecurityKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.UserName),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(JwtRegisteredClaimNames.Jti, CryptoRandomizer.GetRandomString(DbColumnSizes.BlackListShortToken_TokenId))
};
var roleNames = await userManager.GetRolesAsync(user);
foreach (var role in roleNames)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: DateTime.UtcNow.AddMinutes(jwtOptions.ShortTokenLiveTimeMinutes),
signingCredentials: credentials);
var claimsIdentity = new ClaimsIdentity(claims, "JwtShortToken");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
return(new TokenAndClaimsPrincipal
{
ClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2),
Token = new JwtSecurityTokenHandler().WriteToken(token)
});
}
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(
HttpContext httpContext,
User user,
LongSession longSession = null)
{
void GenerateTokens(LongSession longSession1)
{
longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length);
longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length);
longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jweOptions.CurrentValue.LongTokenLiveTimeDays);
httpContext.Request.Headers.TryGetValue("User-Agent", out var userAgent);
longSession1.DeviceInfo = Parser.GetDefault()?.Parse(userAgent.ToString() ?? "")?.ToString() ?? "";
longSession1.UpdateDate = DateTime.UtcNow;
}
if (longSession == null)
{
longSession = new LongSession
{
UserId = user.Id
};
GenerateTokens(longSession);
longSession.Id = await db.InsertWithInt64IdentityAsync(longSession);
}
else
{
GenerateTokens(longSession);
await db.UpdateAsync(longSession);
}
var lat2Token = CreateLong2Token(longSession, out string lat2r);
httpContext.Response.Cookies.Append(
TokenClaimNames.LongToken2CoockiName,
lat2Token,
new CookieOptions
{
Path = "/",
HttpOnly = true,
Secure = globalOptions.CurrentValue.IsHttps,
IsEssential = true,
SameSite = SameSiteMode.Strict,
Expires = longSession.ExpirationDate
}
);
TokenAndClaimsPrincipal tokenAndClaimsPrincipal =
await CreateShortTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id);
string json = JsonSerializer.Serialize(new
{
LongToken = longSession.LongToken1,
ShortToken = tokenAndClaimsPrincipal.Token,
ShortTokenExpiration = tokenAndClaimsPrincipal.Expiration
}, SunJson.DefaultJsonSerializerOptions);
httpContext.Response.Headers.Add(Headers.TokensHeaderName, json);
return(tokenAndClaimsPrincipal.ClaimsPrincipal);
}