private async Task <AppUser> UpdateStorageWithUserPayload(GoogleJsonWebSignature.Payload googleAuthPayload) { var user = (await _appUserStorage.ReadAll(u => u.EmailAddress.ToLower() == googleAuthPayload.Email.ToLower())).SingleOrDefault(); if (user == null) { user = new AppUser { EmailAddress = googleAuthPayload.Email, FirstName = googleAuthPayload.GivenName, LastName = googleAuthPayload.FamilyName, LastLoggedInDate = _dateTimeService.GetEasternNow(), CreateDate = _dateTimeService.GetEasternNow(), UpdateDate = _dateTimeService.GetEasternNow() }; user.Id = await _appUserStorage.Create(user); } else { user.LastLoggedInDate = _dateTimeService.GetEasternNow(); await _appUserStorage.Update(user); } return(user); }
/// <summary> /// Creates a JWT access token than can be used in request headers instead of an OAuth2 token. /// This is achieved by signing a special JWT using this service account's private key. /// <param name="authUri">The URI for which the access token will be valid.</param> /// <param name="issueUtc">The issue time of the JWT.</param> /// <param name="expiryUtc">The expiry time of the JWT.</param> /// </summary> private string CreateJwtAccessToken(string authUri, DateTime issueUtc, DateTime expiryUtc) { JsonWebSignature.Payload payload; if (HasExplicitScopes) { payload = new GoogleJsonWebSignature.Payload() { Scope = string.Join(" ", Scopes) }; } else { payload = new JsonWebSignature.Payload() { Audience = authUri }; } payload.Issuer = Id; payload.Subject = Id; payload.IssuedAtTimeSeconds = (long)(issueUtc - UnixEpoch).TotalSeconds; payload.ExpirationTimeSeconds = (long)(expiryUtc - UnixEpoch).TotalSeconds; return(CreateAssertionFromPayload(payload)); }
/// <summary> /// Validate <paramref name="idToken"/> is Google Id Token and then Login the user. An account will be auto-created if the google user does not have an account yet. /// Returns a Jwt Token for authorizing later requests. /// </summary> /// <param name="idToken"> Google Id Token provided by google when signing in with OAuth (e.g. from mobile app) </param> /// <returns> Jwt Token for authorizing later requests to API. </returns> /// <exception cref="AccountException"> Thrown when <paramref name="idToken"/> is not valid or user can not be created or login </exception> public async Task <string> LoginUsingGoogleIdToken(string idToken) { bool isValid = await IsGoogleTokenValidAsync(idToken).ConfigureAwait(false); if (!isValid) { throw new AccountException("Google Id token is invalid"); } GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken).ConfigureAwait(false); PantryPlannerUser appUser = _userManager.Users.SingleOrDefault(u => u.Email == validPayload.Email); if (appUser == null) { // user doesn't exist so we'll auto create them appUser = await AutoCreateAccountFromGoogleAsync(validPayload).ConfigureAwait(false); } if (appUser != null) { // sign the user in and return a Jwt Token await _signInManager.SignInAsync(appUser, false).ConfigureAwait(false); string token = GenerateJwtToken(appUser, _configuration); return(token); } // reached here then the user could not be created/found throw new AccountException($"Could not login with google user for email {validPayload.Email}"); }
public async Task <ActionResult> GoogleLogin(string id_token) { GoogleJsonWebSignature.Payload payload = null; try { payload = await GoogleJsonWebSignature.ValidateAsync(id_token, GoogleValidationSetting); } catch (Google.Apis.Auth.InvalidJwtException ex) { return(Content($"Google.Apis.Auth.InvalidJwtException: { ex.Message}")); } catch (Newtonsoft.Json.JsonReaderException ex) { return(Content($"Newtonsoft.Json.JsonReaderException: {ex.Message}")); } catch (Exception ex) { return(Content($"Exception: {ex.Message}")); } if (payload == null) { return(null); } string email = payload.Email; if (_dbContext.Users.Where(u => u.Email == email).Any()) // if 使用者已存在 { return(Content(Url.Action("Index", "Users"))); } return(Content(Url.Action("Register", routeValues: new { email = email }))); }
private static void ValidateToken(GoogleJsonWebSignature.Payload userInfo) { if (userInfo == null) { throw new ArgumentException(ErrorMessages.INVALID_TOKEN); } }
/*admin authentication => check account, if there is admin account in the system, generate the token*/ public async Task <Account> AuthenticateAsync(string _token) { try { //get admin information from google account GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(_token); var admin = _dbContext.accounts.FirstOrDefault(x => x.Email.ToLower() == validPayload.Email.ToLower() && x.Role == Role.Admin); //if there is admin account in this system if (admin != null) { //generate token var _user = GetToken(admin.Id_account); return(_user); } //if there is no admin account in this system else { return(null); } } catch (Exception) { //error Console.WriteLine("Error check admin"); return(null); } }
public async Task <IActionResult> AdminAuthenticate([FromBody] Token token) { TimeZoneInfo zone = TimeZoneInfo.FindSystemTimeZoneById("SE Asia Standard Time"); DateTime dateTime = TimeZoneInfo.ConvertTime(DateTime.Now, zone); try { GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(token._Token); var admin = await _adminService.AuthenticateAsync(token._Token); //there is admin account return back to this function //if there is admin return to this function if (admin != null) { Log.Information("Admin access {name}., {DateTime}.", admin.Name, dateTime); return(Ok(admin.Token)); } // there is no admin return to this function else { Log.Information("Access Denied {DateTime}.", dateTime); return(BadRequest("Access Denied.")); } } catch { //error Log.Information("Error Admin Authentication"); return(NotFound("Error Admin Authentication")); } }
public async System.Threading.Tasks.Task <ENTITIES.CustomModels.Authen.Gmail> GetUserDetailsAsync(string providerToken) { GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(providerToken); if (!payload.Audience.Equals("24917390994-co652l6gu3eeoqaf96oc9h4av23eprot.apps.googleusercontent.com")) { return(null); } if (!payload.Issuer.Equals("accounts.google.com") && !payload.Issuer.Equals("https://accounts.google.com")) { return(null); } if (payload.ExpirationTimeSeconds == null) { return(null); } else { DateTime now = DateTime.Now.ToUniversalTime(); DateTime expiration = DateTimeOffset.FromUnixTimeSeconds((long)payload.ExpirationTimeSeconds).DateTime; if (now > expiration) { return(null); } } return(new ENTITIES.CustomModels.Authen.Gmail { email = payload.Email, id = payload.Subject, name = payload.Name, imageurl = payload.Picture }); }
public async Task <IActionResult> Google([FromBody] GoogleAuthModel model) { Log.Information("userView = " + model.tokenId); GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(model.tokenId, new GoogleJsonWebSignature.ValidationSettings()); var authRequest = new AuthentificateRequestGoogle() { User = payload, GroupId = model.GroupId }; var authResult = await _userSerice.AuthentificateWithGoogle(authRequest, ipAddress()); if (authResult == null) { return(BadRequest("Group is not match user group!")); } setTokenCookie(authResult.RefreshToken); return(Ok(new AuthentificateDto { Id = authResult.Student.Id, Group = authResult.Student.Group.Group_Name, Username = authResult.Student.Username, FirstName = authResult.Student.FirstName, LastName = authResult.Student.LastName, Token = authResult.JwtToken, RefreshToken = authResult.RefreshToken })); }
public async Task <WikiUser> CreateUser(GoogleJsonWebSignature.Payload payload) { var user = new WikiUser { Id = Guid.NewGuid(), Name = payload.Name, Email = payload.Email, Subject = payload.Subject, Issuer = payload.Issuer }; await using var conn = new NpgsqlConnection(m_ConnectionString); await conn.OpenAsync(); await using var cmd = conn.CreateCommand(); cmd.CommandText = @"INSERT INTO users(id, name, email, subject, issuer) VALUES (@id, @name, @email, @subject, @issuer);"; cmd.Parameters.AddWithValue("id", NpgsqlDbType.Uuid, user.Id); cmd.Parameters.AddWithValue("name", NpgsqlDbType.Text, user.Name); cmd.Parameters.AddWithValue("email", NpgsqlDbType.Text, user.Email); cmd.Parameters.AddWithValue("subject", NpgsqlDbType.Text, user.Subject); cmd.Parameters.AddWithValue("issuer", NpgsqlDbType.Text, user.Issuer); var rowsChanged = await cmd.ExecuteNonQueryAsync(); if (rowsChanged != 1) { throw new NpgsqlException("Added more than one user, something has gone seriously wrong. "); } return(user); }
public async Task <string> GenerateToken(GoogleJsonWebSignature.Payload payload) { var signingCredentials = await GetSigningCredentials(_appSettings.JWTSettings.SecurityKey); var tokenDescriptor = await GenerateTokenOptions(signingCredentials); return(await Task.FromResult(new JwtSecurityTokenHandler().WriteToken(tokenDescriptor))); }
/*user authentication => check account, if there is user account in the system, generate the token * if there is no user account in the system, create account in the system then generate the token */ public async Task <Account> AuthenticateAsync(string _token) { try { //get user information from google account GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(_token); string id = ""; string domainmail = "@kmitl.ac.th"; //if domain account is not "@kmitl.ac.th" if (!validPayload.Email.Contains(domainmail)) { // detect domain email return(null); } id = validPayload.Email.Replace(domainmail, ""); //if id account is not numberic if (!int.TryParse(id, out int numberic)) { //before email is not studentID return(null); } //if account already exist if (_dbContext.accounts.FirstOrDefault(x => x.Id_account == id) != null) { //generate token var _user = GetToken(id); Console.WriteLine("already exist"); return(_user); } //create account to store in database Account account = new Account() { Id_account = id, Email = validPayload.Email, Name = validPayload.Name, Phone = "", Point = 100, Role = Role.User }; //add account into database _dbContext.accounts.Add(account); //save database _dbContext.SaveChanges(); //generate token var user = GetToken(id); return(user); } catch { //error Console.WriteLine("AddUserAccount Error"); return(null); } }
public async Task <AuthenticateResponse> GoogleLogin(GoogleJsonWebSignature.Payload payload, string ipAddress, string origin) { var account = await _context.Users.FirstOrDefaultAsync(x => x.Email == payload.Email); var isFirstAccount = _context.Users.Count() == 0; if (account == null) { // map model to new account object account = new User { Email = payload.Email, Name = payload.Name, AvatarPath = payload.Picture, // first registered account is an admin Role = isFirstAccount ? UserRole.Admin : UserRole.User, Created = DateTime.Now, VerificationToken = randomTokenString(), //UserName = "******" + Guid.NewGuid().ToString() // hash password PasswordHash = BC.HashPassword(Guid.NewGuid().ToString()) }; // save account _context.Users.Add(account); await _context.SaveChangesAsync(); //var result = await _context.UserClaims.CreateAsync(account, Guid.NewGuid().ToString()); //if (!result.Succeeded) throw new AppException("Some thing wrong"); // send email sendVerificationEmail(account, origin); } if (!account.IsVerified) { throw new AppException("Email not verified"); } // authentication successful so generate jwt and refresh tokens var jwtToken = _tokenService.generateJwtToken(account); //var jwtToken = payload.JwtId; var refreshToken = generateRefreshToken(ipAddress); account.RefreshTokens.Add(refreshToken); // remove old refresh tokens from account removeOldRefreshTokens(account); // save changes to db _context.Update(account); await _context.SaveChangesAsync(); //await _userManager.UpdateAsync(account); var response = _mapper.Map <AuthenticateResponse>(account); response.JwtToken = jwtToken; response.RefreshToken = refreshToken.Token; return(response); }
public ApplicationUser(GoogleJsonWebSignature.Payload model) { EmailConfirmed = model.EmailVerified; Picture = model.Picture; Email = model.Email; UserName = model.Email; Name = model.Name; SurName = model.FamilyName; }
private async Task <UserDetailResponse> FindOrAddUser(GoogleJsonWebSignature.Payload payload) { var user = new UserCreateRequest { Name = payload.Name, Email = payload.Email, Avatar = payload.Picture }; return(await _service.FindOrAddUserAsync(user)); }
public async Task <IActionResult> LoginWithGoogle([FromBody] LoginWithGoogleModel model) { GoogleJsonWebSignature.Payload googlePayload = new GoogleJsonWebSignature.Payload(); try { googlePayload = await GoogleJsonWebSignature.ValidateAsync(model.TokenId, new GoogleJsonWebSignature.ValidationSettings()); } catch (Exception exception) { return(BadRequest(exception.Message)); } var user = CreateUserIfNotExists(googlePayload.Name, googlePayload.Email); return(GenerateLoginResponse(user)); }
public async Task <WikiUser> GetOrCreateUser(GoogleJsonWebSignature.Payload payload) { var user = await _userStore.GetUser(payload); if (user == null) { return(await _userStore.CreateUser(payload)); } return(user); }
public async Task AutoCreateAccountFromGoogleAsync_Valid_UserReturnedAsync() { GoogleJsonWebSignature.Payload payload = new GoogleJsonWebSignature.Payload() { Email = "*****@*****.**" }; PantryPlannerUser newUser = await _service.AutoCreateAccountFromGoogleAsync(payload); Assert.NotNull(newUser); Assert.Equal(payload.Email, newUser.Email); }
public async Task <IActionResult> SocialLoginAsync([FromQuery] string _token, [FromQuery] bool _existe, [FromBody] Usuario _usuario) { GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(_token); if (_existe) { bl.UsuarioController userLogic = new bl.UsuarioController(); var buscarUsuario = userLogic.BuscarUsuario(_usuario.Email); if (buscarUsuario == null) { return(Unauthorized()); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, Enum.GetName(typeof(RolUsuario), buscarUsuario.Rol)) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var returnToken = tokenHandler.WriteToken(token); return(Ok(new { buscarUsuario.Email, token = returnToken })); } else { bl.UsuarioController userLogic = new bl.UsuarioController(); userLogic.AgregarUsuario(_usuario); var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, Enum.GetName(typeof(RolUsuario), RolUsuario.UsuarioFinal)) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var returnToken = tokenHandler.WriteToken(token); return(Ok(new { _usuario.Email, token = returnToken })); } }
/// <summary> /// Validates the <paramref name="id_token"/> and is signed by Google /// </summary> /// <param name="id_token"></param> /// <remarks> /// from: https://stackoverflow.com/questions/39061310/validate-google-id-token /// </remarks> /// <returns> true if token is valid; false otherwise </returns> public static async Task <bool> IsGoogleTokenValidAsync(string id_token) { try { GoogleJsonWebSignature.Payload tokenPayload = await GoogleJsonWebSignature.ValidateAsync(id_token); return(tokenPayload != null); } catch (Exception) { return(false); } }
public async Task <GoogleUserDto> Handle(GetGoogleUser request, CancellationToken cancellationToken) { var settings = new GoogleJsonWebSignature.ValidationSettings { Audience = new List <string> { _audience } }; GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(request.IdToken, settings); return(new GoogleUserDto(payload.Email)); }
public IActionResult Authenticate([FromBody] AuthenticateRequest data) { GoogleJsonWebSignature.ValidationSettings settings = new GoogleJsonWebSignature.ValidationSettings(); // Change this to your google client ID settings.Audience = new List <string>() { "425874635785-9qbseena0h69r9f6jbe7o84qpfjk6krr.apps.googleusercontent.com" }; GoogleJsonWebSignature.Payload payload = GoogleJsonWebSignature.ValidateAsync(data.IdToken, settings).Result; return(Ok(new { AuthToken = _jwtGenerator.CreateUserAuthToken(payload.Email) })); }
public void ValidateToken(string token) { Guard.Against.NullOrWhiteSpace(token, nameof(token)); try { _jwtPayload = GoogleJsonWebSignature.ValidateAsync(token).Result; IsAuthenticated = true; } catch (Exception ex) { IsAuthenticated = false; } }
/// <summary> /// Gets the user's information from Google Sign in /// </summary> /// <param name="request"></param> /// <returns></returns> private async Task <UserResponse> GetGoogleUser(AuthorizedUserRequest request) { GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(request.AccessToken); if (!payload.Audience.Equals(Environment.GetEnvironmentVariable(EnvironmentConstants.GOOGLE_CLIENTID))) { throw new StatusCodeException(HttpStatusCode.Forbidden, $"{nameof(EnvironmentConstants.GOOGLE_CLIENTID)} not valid"); } if (!payload.EmailVerified) { throw new StatusCodeException(HttpStatusCode.Forbidden, $"{nameof(payload.EmailVerified)} is false"); } return(_mapper.Map <UserResponse>(payload)); }
/// <summary> /// Creates a serialized claim set as specified in /// https://developers.google.com/accounts/docs/OAuth2ServiceAccount#formingclaimset. /// </summary> private string GetSerializedPayload() { var issued = (int)(Clock.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds; var payload = new GoogleJsonWebSignature.Payload() { Issuer = Id, Audience = TokenServerUrl, IssuedAtTimeSeconds = issued, ExpirationTimeSeconds = issued + 3600, Subject = User, Scope = String.Join(" ", Scopes) }; return(NewtonsoftJsonSerializer.Instance.Serialize(payload)); }
public void ValidateGoogleIdTokenTest_CaseValid() { // wrong audience options.SetupGet(x => x.Value).Returns(TestHelper.CreateAuthSettings()); var expectedPayload = new GoogleJsonWebSignature.Payload { Issuer = AuthService.Issuers.First(), EmailVerified = true, ExpirationTimeSeconds = ExtensionMethods.ConvertToUnixTimestamp(DateTime.Now.AddHours(1)), Audience = options.Object.Value.GoogleClientId }; googleAuthService.Setup(x => x.ValidateAsync(It.IsAny <string>())) .Returns(Task.FromResult(expectedPayload)); var service = new AuthService(options.Object, logger.Object, googleAuthService.Object); Assert.IsTrue(service.ValidateGoogleIdToken(It.IsAny <string>(), out var payload, out var err)); }
public override void OnActionExecuting(ActionExecutingContext context) { var token = context.HttpContext.Request.Headers["authorization"]; GoogleJsonWebSignature.ValidationSettings settings = new GoogleJsonWebSignature.ValidationSettings(); settings.Audience = new List <string>() { "419273351615-a2kp1blvs5f3idt3mlr5vbkeqtqgjvr6.apps.googleusercontent.com" }; GoogleJsonWebSignature.Payload payload = GoogleJsonWebSignature.ValidateAsync(token, settings).Result; context.ActionArguments["nome"] = payload.Name; context.ActionArguments["email"] = payload.Email; base.OnActionExecuting(context); }
public async Task <GoogleJsonWebSignature.Payload> ValidateToken([FromQuery] string idToken, CancellationToken cancellationToken) { //var validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken); //Assert.NotNull(validPayload, "GoogleValidationResponse", "Id_Token is not valid!"); //return Ok("Token is Valid"); GoogleJsonWebSignature.ValidationSettings settings = new GoogleJsonWebSignature.ValidationSettings(); settings.Audience = new List <string>() { _configuration.GetSection("Authentication:Google")["ClientId"] }; GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(idToken, settings); return(payload); }
public void ValidateGoogleIdTokenTest_CaseEmailNotVerified() { // email not verified var expectedPayload = new GoogleJsonWebSignature.Payload { EmailVerified = false }; options.SetupGet(x => x.Value).Returns(TestHelper.CreateAuthSettings()); googleAuthService.Setup(x => x.ValidateAsync(It.IsAny <string>())) .Returns(Task.FromResult(expectedPayload)); var service = new AuthService(options.Object, logger.Object, googleAuthService.Object); Assert.IsFalse(service.ValidateGoogleIdToken(It.IsAny <string>(), out var payload, out var err)); Assert.IsFalse(payload.EmailVerified); Assert.AreEqual(AuthError.EmailNotVerified, err); }
async Task <IdentityUser> Register(GoogleJsonWebSignature.Payload payload) { var user = new IdentityUser() { UserName = payload.Email }; // save var result = await _userManager.CreateAsync(user); if (result.Succeeded) { await _userManager.AddToRoleAsync(user, "Player"); } _context.SaveChanges(); return(user); }
/// <summary> /// Creates a serialized claim set as specified in /// https://developers.google.com/accounts/docs/OAuth2ServiceAccount#formingclaimset. /// </summary> private string GetSerializedPayload() { var issued = (int)(Clock.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds; var payload = new GoogleJsonWebSignature.Payload() { Issuer = Id, Audience = TokenServerUrl, IssuedAtTimeSeconds = issued, ExpirationTimeSeconds = issued + 3600, Subject = User, Scope = String.Join(" ", Scopes) }; return NewtonsoftJsonSerializer.Instance.Serialize(payload); }