/// <summary> /// The ManageToken method. /// Applies business logic to a token coming from the Single Sign On client for registration. /// <para> /// @author: Jennifer Nguyen /// @updated: 03/22/2018 /// </para> /// </summary> /// <returns>ResponseDto with a UserAccountDto</returns> public ResponseDto <UserAccountDto> ManageRegistrationToken() { // Map payload keys to SsoPayload model var mappingResult = MapRequestJwtPayloadToSsoJwtPayload(); if (mappingResult.Error != null) { // Store invalid token into database StoreInvalidToken(); return(new ResponseDto <UserAccountDto>() { Error = mappingResult.Error }); } _ssoToken.SsoTokenPayloadDto = mappingResult.Data; // Validate token after applying business logic var ssoTokenRegistrationValidationStrategy = new SsoTokenRegistrationValidationStrategy(_ssoToken); var result = ssoTokenRegistrationValidationStrategy.ExecuteStrategy(); if (!result.Data) { // Store invalid token into database StoreInvalidToken(); return(new ResponseDto <UserAccountDto>() { Error = result.Error }); } // Store valid token into database using (var ssoGateway = new SsoGateway()) { var gatewayResult = ssoGateway.StoreValidSsoToken(new ValidSsoToken(_ssoToken.Token)); if (gatewayResult.Error != null) { return(new ResponseDto <UserAccountDto>() { Error = gatewayResult.Error }); } } // Send back a new UserAccountDto return(new ResponseDto <UserAccountDto>() { Data = new UserAccountDto(username: _ssoToken.SsoTokenPayloadDto.Username, password: _ssoToken.SsoTokenPayloadDto.Password, roleType: _ssoToken.SsoTokenPayloadDto.RoleType) }); }
/// <summary> /// The CheckIfSsoTokenExists method. /// Checks if there is an SSO token in the database. /// <para> /// @author: Jennifer Nguyen /// @updated: 03/22/2018 /// </para> /// </summary> /// <param name="token"></param> /// <returns></returns> public ResponseDto <bool> CheckIfSsoTokenExists(string token) { using (var ssoGateway = new SsoGateway()) { var gatewayResult = ssoGateway.GetValidSsoToken(token); return(new ResponseDto <bool>() { // Returns true if SsoToken exists Data = gatewayResult.Data != null, Error = gatewayResult.Error }); } }
/// <summary> /// /// This Method Checks the token coming from the Sso Service and see if it is a valid token /// /// </summary> /// <returns> /// ResetPassword Dto with either an Error or Data to update the password with /// </returns> public ResponseDto <ResetPasswordDto> ManageResetPasswordToken() { var mappingResult = MapRequestJwtPayloadToSsoJwtPayload(); if (mappingResult.Error != null) { // Store invalid token into database StoreInvalidToken(); return(new ResponseDto <ResetPasswordDto>() { Error = mappingResult.Error }); } _ssoToken.SsoTokenPayloadDto = mappingResult.Data; // Validate the SsoToken var ssoTokenResetPasswordValidationStrategy = new SsoTokenRestPasswordValidationStrategy(_ssoToken); var result = ssoTokenResetPasswordValidationStrategy.ExecuteStrategy(); if (!result.Data) { // Store invalid token into database StoreInvalidToken(); return(new ResponseDto <ResetPasswordDto>() { Error = result.Error }); } // Store valid token using (var ssoGateway = new SsoGateway()) { var gatewayResult = ssoGateway.StoreValidSsoToken(new ValidSsoToken(_ssoToken.Token)); if (gatewayResult.Error != null) { return(new ResponseDto <ResetPasswordDto>() { Error = gatewayResult.Error }); } } // Send back a new RestPasswordDto Object return(new ResponseDto <ResetPasswordDto>() { Data = new ResetPasswordDto(_ssoToken.SsoTokenPayloadDto.Username, _ssoToken.SsoTokenPayloadDto.Password) }); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { // Check if there is a token in the request if (!HasToken(request)) { // If token does not exist return back an unauthorized HttpResponseMessage with a 401 status code return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } // Get token from request if (!TryGetToken(request, out var token)) { // If unable to fetch token with valid Authorization scheme, then return back an unauthorized HttpResponseMessage with a 401 status code return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } try { var signingKey = GetSigningKey(); // Validate token before applying business logic var ssoTokenStrategy = new SsoTokenValidationStrategy(token, signingKey); var result = ssoTokenStrategy.ExecuteStrategy(); if (!result.Data) { // Store invalid token into database using (var ssoGateway = new SsoGateway()) { var getTokenResult = ssoGateway.GetInvalidSsoToken(token); if (getTokenResult.Data == null) { var storeTokenResult = ssoGateway.StoreInvalidSsoToken(new InvalidSsoToken(token)); } } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException) { return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } catch (Exception) { return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.InternalServerError), cancellationToken)); } }
/// <summary> /// Store an invalid token from Sso /// <para> /// @author: Jennifer Nguyen, Brian Fann /// @updated: 4/23/2018 /// </para> /// </summary> /// <returns></returns> private ResponseDto <bool> StoreInvalidToken() { using (var ssoGateway = new SsoGateway()) { var getTokenResult = ssoGateway.GetInvalidSsoToken(_ssoToken.Token); if (getTokenResult.Data == null) { return(ssoGateway.StoreInvalidSsoToken(new InvalidSsoToken(_ssoToken.Token))); } return(new ResponseDto <bool> { Data = false }); } }
/// <summary> /// Stores a valid token from Sso. /// <para> /// @author: Jennifer Nguyen, Brian Fann /// @updated: 4/23/2018 /// </para> /// </summary> /// <returns></returns> private ResponseDto <bool> StoreValidToken() { using (var gateway = new SsoGateway()) { var getTokenResult = gateway.GetValidSsoToken(_ssoToken.Token); if (getTokenResult.Data == null) { return(gateway.StoreValidSsoToken(new ValidSsoToken(_ssoToken.Token))); } return(new ResponseDto <bool>() { Data = false, Error = SsoErrorMessages.TOKEN_EXISTS_ERROR }); } }