public string GetAdditionalData(HttpContext context) { var newID = Guid.NewGuid(); var token = new CsrfToken(); token.CsrfTokenId = newID; token.ExpiresOn = DateTime.Now.AddMinutes(5); token.TokenValidOnPage = context.Request.Path; token.IsUsed = false; _context.CsrfToken.Add(token); _context.SaveChanges(); return(newID.ToString()); }
public void Should_return_token_mismatch_if_random_bytes_empty() { DateTime date = DateTime.Now; var tokenOne = new CsrfToken { CreatedDate = date, RandomBytes = ArrayCache.Empty <byte>() }; var tokenTwo = new CsrfToken { CreatedDate = date, RandomBytes = ArrayCache.Empty <byte>() }; tokenOne.CreateHmac(this.hmacProvider); tokenTwo.CreateHmac(this.hmacProvider); var result = this.validator.Validate(tokenOne, tokenTwo); result.ShouldEqual(CsrfTokenValidationResult.TokenTamperedWith); }
public void Should_return_token_ok_if_tokens_match_and_no_expiry_set() { DateTime date = DateTime.Now; var tokenOne = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; var tokenTwo = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; tokenOne.CreateHmac(this.hmacProvider); tokenTwo.CreateHmac(this.hmacProvider); var result = this.validator.Validate(tokenOne, tokenTwo); result.ShouldEqual(CsrfTokenValidationResult.Ok); }
public void Should_return_token_mismatch_if_tokens_differ() { DateTime date = DateTime.Now; var tokenOne = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; var tokenTwo = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 4, 3 } }; tokenOne.CreateHmac(this.hmacProvider); tokenTwo.CreateHmac(this.hmacProvider); var result = this.validator.Validate(tokenOne, tokenTwo); result.ShouldEqual(CsrfTokenValidationResult.TokenMismatch); }
public void Should_return_ok_if_valid_and_not_expired() { DateTime date = DateTime.Now.AddHours(-1); var tokenOne = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; var tokenTwo = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; tokenOne.CreateHmac(this.hmacProvider); tokenTwo.CreateHmac(this.hmacProvider); var result = this.validator.Validate(tokenOne, tokenTwo, validityPeriod: new TimeSpan(1, 30, 0)); result.ShouldEqual(CsrfTokenValidationResult.Ok); }
/// <summary> /// Creates a basic login result. /// Adds user role claims to Jwt payload /// NOTE: If you duplicate a key in the additionalPayload, this will error. /// </summary> /// <param name="authUser"></param> /// <param name="client"></param> /// <param name="config"></param> /// <param name="additionalPayload"></param> /// <returns></returns> protected LoginResult GetBaseLoginResult(AuthUser authUser, AuthClient client, JwtConfig config, IDictionary <string, string> additionalPayload = null) { config.RefreshMinutes = client.RefreshTokenMinutes; // MUST set refresh minutes by client var now = DateTime.UtcNow; IDictionary <string, string[]> payload = CreateJwtPayload(authUser, client); if (additionalPayload != null) { foreach (var kv in additionalPayload) { payload.Add(kv.Key, new[] { kv.Value }); } } // add ossied time for easier parsing payload.Add(OwinKeys.Ticks, new[] { now.Ticks.ToString() }); // add claims bool hasClaims = (authUser.UserRole?.UserRoleClaims != null); var claimFlags = new Dictionary <int, int>(); if (hasClaims) { foreach (var cgroup in authUser.UserRole.UserRoleClaims.GroupBy(cv => cv.ClaimTypeId)) { int claimValues = cgroup.Aggregate(0, (v, urc) => v | urc.ClaimValueId); // | them together claimFlags.Add(cgroup.Key, claimValues); payload[ClaimsHelper.SetTypePrefix(cgroup.Key)] = new [] { claimValues.ToString() }; } } string accessToken = JsonWebToken.CreateAccessToken(config, now, payload); string refreshToken = JsonWebToken.CreateRefreshToken(config, now, payload); string csrfToken = CsrfToken.Create(accessToken); Guid refreshGuid = AuthService.CreateToken(authUser.Id, client.Id, now, config.RefreshMinutes, refreshToken); return(new LoginResult { AuthUserId = authUser.Id, ClaimFlags = claimFlags, IssuedUtc = now, ExpiresUtc = now.AddMinutes(config.AccessMinutes), RefreshTokenIdentifier = refreshGuid.ToString(), Jwt = accessToken, CsrfToken = csrfToken }); }
public void Should_return_token_tampered_with_if_hmac_incorrect() { DateTime date = DateTime.Now; var tokenOne = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; var tokenTwo = new CsrfToken { CreatedDate = date, RandomBytes = new byte[] { 1, 2, 3 } }; tokenOne.CreateHmac(this.hmacProvider); tokenTwo.CreateHmac(this.hmacProvider); tokenOne.Hmac[0] -= 1; tokenTwo.Hmac[0] -= 1; var result = this.validator.Validate(tokenOne, tokenTwo); result.ShouldEqual(CsrfTokenValidationResult.TokenTamperedWith); }
private CsrfToken GetCsrfToken <TContent>(RestResponse <TContent> response, CsrfClass csrfClass) { if (!response.Headers.TryGetValue("csrf", out string csrfValue)) { return(null); } if (!response.Headers.TryGetValue("csrf_ts", out string csrfTsValue)) { return(null); } var csrfToken = new CsrfToken { Timestamp = csrfTsValue, Value = csrfValue, Class = csrfClass }; return(csrfToken); }
public bool CookieTokenStillValid(CsrfToken cookieToken) { return(true); }
public CsrfTokenValidationResult Validate(CsrfToken tokenOne, CsrfToken tokenTwo, TimeSpan?validityPeriod = null) { return(CsrfTokenValidationResult.Ok); }