private static Func<NancyContext, Response> Before()
{
return context => {
AuthorizationRequest = new AuthorizationRequest(context.Request);
TokenRequest = new TokenRequest(context.Request);
context.Items["TokenRequest"] = TokenRequest;
context.Items["AuthorizationRequest"] = AuthorizationRequest;
return null;
};
}
public List <ITokenResponse> CreateToken(ITokenRequest request)
{
TokenResponse response = new TokenResponse();
//The username and password would be pulled either from a secure server
//or database in our class library codebase or some other DAL
if (Authorize(request))
{
var handler = new JwtSecurityTokenHandler();
var claims = new[]
{
new Claim(ClaimTypes.Name, request.Username),
new Claim("CanAccessMovies", "")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWTKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
// _config["Jwt:Issuer"]
//We should create a QA URL and Prod URL in the appsettings.json
//then use that here
//in the 'issuer' and 'audience' portion
//whereby the issueing server is whatever we need it to be
//should it be diference than the audience server (audience being
//being the Angular app or front end whatever domain name
//and the issuing server could be a different domain name altogether
//like token.domain.com
//and audienc would just be domain.com etc.
string issuer = "";
string audience = "";
switch (_configuration["Environment"])
{
case "Development":
issuer = _configuration["DevelopmentIssuerURL"];
audience = _configuration["DevelopmentAudienceURL"];
break;
case "UAT":
issuer = _configuration["UATIssuerURL"];
audience = _configuration["UATAudienceURL"];
break;
case "Production":
issuer = _configuration["ProductionIssuerURL"];
audience = _configuration["ProductionAudienceURL"];
break;
default:
issuer = "";
audience = "";
break;
}
DateTime tokenExpirationTime = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWTExpirationLengthInMinutes"]));
response = new TokenResponse();
response.Token = new JwtSecurityTokenHandler().WriteToken(
new JwtSecurityToken(
issuer: "Issuer",
audience: "Audience",
claims: claims,
notBefore: DateTime.Now,
expires: tokenExpirationTime,
signingCredentials: creds)
);
response.expiration = tokenExpirationTime;
response.Username = request.Username;
}
List <ITokenResponse> tokenList = new List <ITokenResponse>();
tokenList.Add(response);
return(tokenList);
}
public TokenController(ITokenRequest tokenRequest)
{
_tokenRequest = tokenRequest;
}
public async Task <IAuthenticatedUserResult> IsAuthenticated(ITokenRequest request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
var result = new AuthenticatedUserResult();
var validateUserTask = userManagementService.IsValidUser(request.UserName, request.Password);
validateUserTask.Wait();
if (!validateUserTask.Result)
{
result.Success = false;
result.Message = UsersMessages.UserNotFoundMessage;
return(result);
}
var user = (User)(await usersRepository.GetByUserName(request.UserName, true)).Object;
var app = (App)(await appsRepository.GetByLicense(request.License)).Object;
if (!app.IsActive)
{
result.Success = false;
result.Message = AppsMessages.AppDeactivatedMessage;
return(result);
}
if (!app.PermitCollectiveLogins && !app.Users.Any(ua => ua.UserId == user.Id))
{
result.Success = false;
result.Message = AppsMessages.UserIsNotARegisteredUserOfThisAppMessage;
return(result);
}
var appAdmins = (await appAdminsRepository.GetAll()).Objects.ConvertAll(aa => (AppAdmin)aa);
if (!user.IsSuperUser)
{
if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN))
{
if (!appAdmins.Any(aa => aa.AppId == app.Id && aa.UserId == user.Id && aa.IsActive))
{
var adminRole = user
.Roles
.FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN);
user.Roles.Remove(adminRole);
}
}
}
else
{
if (!app.PermitSuperUserAccess)
{
if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER))
{
var superUserRole = user
.Roles
.FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER);
user.Roles.Remove(superUserRole);
}
if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN))
{
var adminRole = user
.Roles
.FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN);
user.Roles.Remove(adminRole);
}
}
}
result.User.UpdateWithUserInfo(user);
var claim = new List <Claim> {
new Claim(ClaimTypes.Name, request.UserName)
};
foreach (var role in user.Roles)
{
var r = (Role)(await rolesRepository.GetById(role.Role.Id)).Object;
claim.Add(new Claim(ClaimTypes.Role, r.RoleLevel.ToString()));
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenManagement.Secret));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
DateTime expirationLimit;
if (app.TimeFrame == TimeFrame.SECONDS)
{
expirationLimit = DateTime.UtcNow.AddSeconds(app.AccessDuration);
}
else if (app.TimeFrame == TimeFrame.MINUTES)
{
expirationLimit = DateTime.UtcNow.AddMinutes(app.AccessDuration);
}
else if (app.TimeFrame == TimeFrame.HOURS)
{
expirationLimit = DateTime.UtcNow.AddHours(app.AccessDuration);
}
else if (app.TimeFrame == TimeFrame.DAYS)
{
expirationLimit = DateTime.UtcNow.AddDays(app.AccessDuration);
}
else
{
expirationLimit = DateTime.UtcNow.AddMonths(app.AccessDuration);
}
var jwtToken = new JwtSecurityToken(
tokenManagement.Issuer,
tokenManagement.Audience,
claim.ToArray(),
notBefore: DateTime.UtcNow,
expires: expirationLimit,
signingCredentials: credentials
);
result.Token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
result.Success = true;
result.Message = UsersMessages.UserFoundMessage;
return(result);
}
