public async Task <bool> UpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session, IEnumerable <Claim> claims = null)
        {
            logger.ScopeTrace(() => $"Update session, Route '{RouteBinding.Route}'.");

            var sessionEnabled = SessionEnabled(loginUpParty);
            var sessionValid   = SessionValid(loginUpParty, session);

            if (sessionEnabled && sessionValid)
            {
                AddDownPartyLink(session, newDownPartyLink);
                session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
                if (claims?.Count() > 0)
                {
                    session.Claims = UpdateClaims(session, claims);
                }
                await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));

                logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
                return(true);
            }

            await sessionCookieRepository.DeleteAsync(loginUpParty);

            logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'.");
            return(false);
        }
Exemple #2
0
        public async Task <(SessionCookie, User)> GetAndUpdateSessionCheckUserAsync(LoginUpParty loginUpParty)
        {
            logger.ScopeTrace($"Get and update session and check user, Route '{RouteBinding.Route}'.");

            var session = await sessionCookieRepository.GetAsync();

            if (session != null)
            {
                var sessionEnabled = SessionEnabled(loginUpParty);
                var sessionValid   = SessionValid(loginUpParty, session);

                logger.ScopeTrace($"User '{session.Email}' session exists, Enabled '{sessionEnabled}', Valid '{sessionValid}', User id '{session.UserId}', Session id '{session.SessionId}', Route '{RouteBinding.Route}'.");
                if (sessionEnabled && sessionValid)
                {
                    logger.SetScopeProperty("sessionId", session.SessionId);
                    var id = await User.IdFormat(new User.IdKey {
                        TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName, Email = session.Email
                    });

                    var user = await tenantRepository.GetAsync <User>(id, false);

                    if (user != null && user.UserId == session.UserId)
                    {
                        logger.ScopeTrace($"User '{user.Email}' found, User id '{user.UserId}'.");

                        session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
                        await sessionCookieRepository.SaveAsync(session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));

                        logger.ScopeTrace($"Session updated, Session id '{session.SessionId}'.", new Dictionary <string, string> {
                            { "sessionId", session.SessionId }
                        });

                        return(session, user);
                    }
                }

                await sessionCookieRepository.DeleteAsync();

                logger.ScopeTrace($"Session deleted, Session id '{session.SessionId}'.");
            }
            else
            {
                logger.ScopeTrace("Session do not exists.");
            }

            return(null, null);
        }
Exemple #3
0
        public async Task <string> CreateOrUpdateSessionAsync <T>(T upParty, DownPartySessionLink newDownPartyLink, List <Claim> claims, string externalSessionId, string idToken = null) where T : UpParty
        {
            logger.ScopeTrace($"Create or update session up-party, Route '{RouteBinding.Route}'.");

            var sessionClaims = FilterClaims(claims);

            Action <SessionUpPartyCookie> updateAction = (session) =>
            {
                sessionClaims.AddClaim(JwtClaimTypes.SessionId, NewSessionId());
                session.Claims = sessionClaims.ToClaimAndValues();

                session.ExternalSessionId = externalSessionId;
                session.IdToken           = idToken;
                AddDownPartyLink(session, newDownPartyLink);
            };

            var sessionEnabled = SessionEnabled(upParty);
            var session        = await sessionCookieRepository.GetAsync();

            if (session != null)
            {
                var sessionValid = SessionValid(upParty, session);

                logger.ScopeTrace($"User id '{session.UserId}' session up-party exists, Enabled '{sessionEnabled}', Valid '{sessionValid}', Session id '{session.SessionId}', Route '{RouteBinding.Route}'.");
                if (sessionEnabled && sessionValid)
                {
                    var userId = sessionClaims.FindFirstValue(c => c.Type == JwtClaimTypes.Subject);
                    if (!session.UserId.IsNullOrEmpty() && session.UserId != userId)
                    {
                        logger.ScopeTrace("Authenticated user and requested user do not match.");
                        // TODO invalid user login
                        throw new NotImplementedException("Authenticated user and requested user do not match.");
                    }

                    if (session.ExternalSessionId != externalSessionId)
                    {
                        try
                        {
                            throw new Exception("External session ID has changed, causing an session update including new session ID.");
                        }
                        catch (Exception ex)
                        {
                            logger.Warning(ex);
                        }
                        updateAction(session);
                    }
                    else
                    {
                        AddDownPartyLink(session, newDownPartyLink);
                    }
                    session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
                    await sessionCookieRepository.SaveAsync(session, null);

                    logger.ScopeTrace($"Session updated up-party, Session id '{session.SessionId}'.", GetSessionScopeProperties(session));

                    return(session.SessionId);
                }

                if (!sessionEnabled)
                {
                    await sessionCookieRepository.DeleteAsync();

                    logger.ScopeTrace($"Session deleted, Session id '{session.SessionId}'.");
                }
            }

            if (sessionEnabled)
            {
                logger.ScopeTrace($"Create session up-party, External Session id '{externalSessionId}', Route '{RouteBinding.Route}'.");
                session = new SessionUpPartyCookie();
                updateAction(session);
                session.LastUpdated = session.CreateTime;

                await sessionCookieRepository.SaveAsync(session, null);

                logger.ScopeTrace($"Session up-party created, User id '{session.UserId}', Session id '{session.SessionId}', External Session id '{externalSessionId}'.", GetSessionScopeProperties(session));

                return(session.SessionId);
            }

            return(null);
        }