private async Task <AuthResponse> GetRefreshToken(string token, string clientId)
{
var errorId = "invalid_refresh_token";
if (string.IsNullOrEmpty(token))
{
await ThrowAuthError("Refresh token is required", errorId);
}
var hashedTokenId = _crypto.Hash(token);
var refreshToken = await _authService.FindRefreshToken(hashedTokenId);
if (refreshToken == null)
{
await ThrowAuthError("Refresh token not found", errorId);
}
var ticketBytes = Convert.FromBase64String(refreshToken.ProtectedTicket);
var ticket = new TicketSerializer().Deserialize(ticketBytes);
var originalClient = ticket.Properties.Items["as:client_id"];
if (originalClient != clientId)
{
await ThrowAuthError("Refresh token is issued to a different clientId.", errorId);
}
// Change auth ticket for refresh token requests
var newIdentity = new ClaimsIdentity(ticket.Principal.Identity);
var newTicket = new AuthenticationTicket(new ClaimsPrincipal(newIdentity), ticket.Properties, JwtBearerDefaults.AuthenticationScheme);
return(await GetToken(newIdentity, token, clientId));
}
private async Task <string> StoreRefreshToken(IIdentity identity)
{
var refreshTokenId = Guid.NewGuid().ToString("n");
var refreshToken = new RefreshToken
{
Id = _crypto.Hash(refreshTokenId),
ClientId = _audience.ClientId,
Subject = identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(_audience.RefreshTokenLifeTime)),
ObjectState = ObjectState.Added
};
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{ "as:client_id", _audience.ClientId },
{ "userName", identity.Name }
})
{
IssuedUtc = refreshToken.IssuedUtc,
ExpiresUtc = refreshToken.ExpiresUtc
};
var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), props, JwtBearerDefaults.AuthenticationScheme);
var ticketBytes = new TicketSerializer().Serialize(ticket);
refreshToken.ProtectedTicket = Convert.ToBase64String(ticketBytes);
await _authService.AddRefreshToken(refreshToken);
return(refreshTokenId);
}
public void Test_ReturnsFailureIf_InValidCookieEsistsOrIfCookieIsDamaged()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket + "Corrupt"
};
cookies.Set(cookie);
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.False(result.Succeeded);
Assert.Equal($"Unable to extract cookie '{AuthConstants.AUTH_COOKIE_NM}', cookie might be damaged/modified", result.Failure.Message);
}
private static JwtAuthTicketFormat createAuthTicketFormat(IHostEnvironment hostEnv, IDataProtectionProvider?dataProtectionProvider, IConfiguration config)
{
var xtiAuthOptions = config.GetSection(XtiAuthenticationOptions.XtiAuthentication).Get <XtiAuthenticationOptions>();
var key = Encoding.ASCII.GetBytes(xtiAuthOptions.JwtSecret);
var dataSerializer = new TicketSerializer();
if (dataProtectionProvider == null)
{
var xtiFolder = new XtiFolder(hostEnv);
var keyDirPath = xtiFolder.SharedAppDataFolder()
.WithSubFolder("Keys")
.Path();
dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(keyDirPath));
}
var dataProtector = dataProtectionProvider.CreateProtector(new[] { "XTI_Apps_Auth1" });
var authTicketFormat = new JwtAuthTicketFormat
(
new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
},
dataSerializer,
dataProtector
);
return(authTicketFormat);
}
public void Test_SignIn_AddsCookie_IfAuthResultIsSuccess()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket
};
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
authenticator.SignIn(AuthenticateResult.Success(ticket), context.Object);
response.Verify(r => r.AppendCookie(It.Is <HttpCookie>(c => Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(c.Value))) == Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(encodedTicket))) &&
c.Expires.Date.Minute == DateTime.Now.AddMinutes(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES).Date.Minute)), Times.Once);
}
public void Test_ReturnsSuccessIfValidCookieEsists()
{
var serializer = new TicketSerializer();
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "Foo User"),
}, AuthConstants.SPNEGO_DEFAULT_SCHEME)),
AuthConstants.SPNEGO_DEFAULT_SCHEME);
var serializedTicket = serializer.Serialize(ticket);
var protectedTicket = dataProtector.Protect(serializedTicket);
var encodedTicket = Convert.ToBase64String(protectedTicket);
var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM)
{
Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES),
Value = encodedTicket
};
cookies.Set(cookie);
browser.SetupGet(b => b.Cookies).Returns(true);
var authenticator = new CookieAuthenticator(dataProtector, logger.Object);
var result = authenticator.Authenticate(context.Object);
Assert.True(result.Succeeded);
Assert.Equal("Foo User", result.Principal.Identity.Name);
}
public void CanRoundTripActorIdentity()
{
var serializer = new TicketSerializer();
var properties = new AuthenticationProperties();
var actor = new ClaimsIdentity("actor");
var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
ticket.Principal.AddIdentity(new ClaimsIdentity("misc")
{
Actor = actor
});
using (var stream = new MemoryStream())
using (var writer = new BinaryWriter(stream))
using (var reader = new BinaryReader(stream))
{
serializer.Write(writer, ticket);
stream.Position = 0;
var readTicket = serializer.Read(reader);
Assert.Single(readTicket.Principal.Identities);
Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
var identity = (ClaimsIdentity)readTicket.Principal.Identity;
Assert.NotNull(identity.Actor);
Assert.Equal("actor", identity.Actor.AuthenticationType);
}
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var db = context.OwinContext.Get <ApplicationDbContext>();
string hash = GetStringSha256Hash(context.Token);
RefreshToken foundToken = db.RefreshTokens.Where(t =>
t.TokenHash == hash &&
t.ExpiresAtUtc > DateTime.UtcNow &&
!t.Revoked
).FirstOrDefault();
//RefreshToken foundToken = tokens.Where(t =>
// t.TokenHash == hash &&
// t.ExpiresAtUtc > DateTime.UtcNow &&
// !t.Revoked
//).FirstOrDefault();
if (foundToken != null)
{
byte[] serializedTicket = Convert.FromBase64String(
ServerUtils.StringCipher.Decrypt(
foundToken.EncryptedTicket,
context.Token));
TicketSerializer serializer = new TicketSerializer();
AuthenticationTicket ticket = serializer.Deserialize(serializedTicket);
context.SetTicket(ticket);
}
}
public T Unprotect(string protectedText, string purpose)
{
TicketSerializer _serializer = new TicketSerializer();
byte[] bytes = Convert.FromBase64String(protectedText);
return(_serializer.Deserialize(bytes) as T);
}
public string Protect(T data, string purpose)
{
TicketSerializer _serializer = new TicketSerializer();
byte[] userData = _serializer.Serialize(data);
return(Convert.ToBase64String(userData));
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var refreshToken = Guid.NewGuid().ToString("n");
var entities = new ApplicationDbContext();
var repo = new ApplicationRepository(entities);
var rToken = new RefreshToken()
{
DateCreatedUtc = DateTime.UtcNow,
IssuedUtc = DateTime.UtcNow,
ExpirationDateUtc = DateTime.UtcNow.AddYears(1),
IsActive = true,
Id = GetHash(refreshToken),
ApplicationUserId = context.Ticket.Identity.GetUserId(),
};
context.Ticket.Properties.IssuedUtc = rToken.DateCreatedUtc;
context.Ticket.Properties.ExpiresUtc = rToken.ExpirationDateUtc;
//rToken.ProtectedTicket = context.SerializeTicket();
TicketSerializer serializer = new TicketSerializer();
rToken.ProtectedTicket = System.Text.Encoding.Default.GetString(serializer.Serialize(context.Ticket));
await repo.RefreshTokens.AddOrUpdateAndSaveAsync(rToken);
context.SetToken(refreshToken);
}
public void NewSerializerCanReadInteropTicket()
{
var identity = new ClaimsIdentity("scheme");
identity.AddClaim(new Claim("Test", "Value"));
var expires = DateTime.Today;
var issued = new DateTime(1979, 11, 11);
var properties = new Owin.Security.AuthenticationProperties();
properties.IsPersistent = true;
properties.RedirectUri = "/redirect";
properties.Dictionary["key"] = "value";
properties.ExpiresUtc = expires;
properties.IssuedUtc = issued;
var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties);
var interopSerializer = new AspNetTicketSerializer();
var bytes = interopSerializer.Serialize(interopTicket);
var newSerializer = new TicketSerializer();
var newTicket = newSerializer.Deserialize(bytes);
Assert.NotNull(newTicket);
Assert.Equal(1, newTicket.Principal.Identities.Count());
var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
Assert.NotNull(newIdentity);
Assert.Equal("scheme", newIdentity.AuthenticationType);
Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
Assert.NotNull(newTicket.Properties);
Assert.True(newTicket.Properties.IsPersistent);
Assert.Equal("/redirect", newTicket.Properties.RedirectUri);
Assert.Equal("value", newTicket.Properties.Items["key"]);
Assert.Equal(expires, newTicket.Properties.ExpiresUtc);
Assert.Equal(issued, newTicket.Properties.IssuedUtc);
}
string ISecureDataFormat <T> .Protect(T data)
{
TicketSerializer _serializer = new TicketSerializer();
byte[] userData = _serializer.Serialize(data);
return(Convert.ToBase64String(userData));
}
private async Task <TicketResult> RemoveAsync(AuthenticationTokenReceiveContext context)
{
TicketResult result = new TicketResult();
StoreKeyFunc = StoreKeyFunc ?? ((ctx, token) => token);
string key = StoreKeyFunc(context.Ticket, context.Token);
IDatabase database = _redis.GetDatabase(_configuration.Db);
byte[] ticket = await database.StringGetAsync(key);
if (ticket != null)
{
TicketSerializer serializer = new TicketSerializer();
result.Ticket = serializer.Deserialize(ticket);
result.Deleted = await database.KeyDeleteAsync(key);
}
else
{
await database.KeyDeleteAsync(context.Token);
}
return(result);
}
T ISecureDataFormat <T> .Unprotect(string protectedText)
{
TicketSerializer _serializer = new TicketSerializer();
byte[] bytes = Convert.FromBase64String(protectedText);
return(_serializer.Deserialize(bytes) as T);
}
static DataSerializers()
{
Extra = new ExtraSerializer();
#if NET45
Ticket = new TicketSerializer();
#endif
}
public static AuthenticationTicket Decrypt(string token)
{
byte[] sBt = TextEncodings.Base64Url.Decode(token);
byte[] bt = MachineKey.Unprotect(sBt);//将二进制数据加密
AuthenticationTicket ticket = new TicketSerializer().Deserialize(bt);
return(ticket);
}
public RefreshTokenProvider(IRefreshTokenService refreshTokenService, ICommandBus commandBus, int refreshTokenExpiredTimeInMinutes, int ttlChange)
{
this.refreshTokenService = refreshTokenService;
this.commandBus = commandBus;
this.expriredTime = refreshTokenExpiredTimeInMinutes;
this.ttlChange = ttlChange;
this.serializer = new TicketSerializer();
}
public RefreshTokenProvider(IRefreshTokenService refreshTokenService, ICommandBus commandBus, int refreshTokenExpiredTimeInMinutes, int ttlChange)
{
this.refreshTokenService = refreshTokenService;
this.commandBus = commandBus;
this.expriredTime = refreshTokenExpiredTimeInMinutes;
this.ttlChange = ttlChange;
this.serializer = new TicketSerializer();
}
public static string Encryption(AuthenticationTicket ticket)
{
byte[] bt = new TicketSerializer().Serialize(ticket); //票证序列化器,即将AuthenticationTicket对象序列化成二进制数据
byte[] sBt = MachineKey.Protect(bt); //将二进制数据加密,基于MachineKey算法
string token = TextEncodings.Base64Url.Encode(sBt); //转化成base64url字符串(为什么不是base64)
return(token);
}
private async Task StoreAsync(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
await Db.StringSetAsync(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow);
}
static DataSerializers()
{
Extra = new ExtraSerializer();
#if NET45
Ticket = new TicketSerializer();
#endif
}
private void Store(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
Db.StringSet(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow);
}
public static string Encode(IEnumerable <Claim> claims)
{
var ticket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims)), Constants.Scheme);
var serializer = new TicketSerializer();
var bytes = serializer.Serialize(ticket);
return(Convert.ToBase64String(bytes));
}
private async Task StoreAsync(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
IDatabase database = _redis.GetDatabase(_configuration.Db);
await database.StringSetAsync(guid, serialize, _configuration.ExpiresUtc.TimeOfDay);
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
try
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
return;
// Gera um ID unico para o RefreshToken
var refreshTokenId = Guid.NewGuid().ToString("n");
// Pega o tempo de expiração (em minuto) do token do contexto do Owin
var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime");
// Identifica o Browser
var userAgent = HttpContext.Current.Request.UserAgent;
var userBrowser = new HttpBrowserCapabilities { Capabilities = new Hashtable { { string.Empty, userAgent } } };
var factory = new BrowserCapabilitiesFactory();
factory.ConfigureBrowserCapabilities(new NameValueCollection(), userBrowser);
var browser = userBrowser.Browser;
var issuedUtc = DateTime.UtcNow;
var expiresUtc = issuedUtc.AddMinutes(3); //issuedUtc.AddMonths(Convert.ToInt32(refreshTokenLifeTime));
// Define os dados do RefreshToken
var token = new RefreshToken
{
Id = HashHelper.GetHash(refreshTokenId),
ClientId = clientid,
Browser = browser,
Subject = context.Ticket.Identity.Name,
IssuedUtc = issuedUtc,
ExpiresUtc = expiresUtc
};
// Define o IssuedUtc e o ExpiresUtc do ticket para determinar o quanto tempo o token vai ser válido
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
// Serializa o ticket para ser gravado na base de dados
var ticketSerializer = new TicketSerializer();
token.ProtectedTicket = ticketSerializer.Serialize(context.Ticket);
// Grava o ticket na base de dados
var refreshTokenDomain = DependecyConfig.Container.GetInstance<IRefreshTokenDomain>();
var result = await refreshTokenDomain.CreateAsync(token);
if (result)
context.SetToken(refreshTokenId);
}
catch (Exception ex)
{
throw ex;
}
}
internal Ticket addTicket(TicketSerializer ticket)
{
Customer c = GetCustomer(ticket.CId);
Reservation r = null; // Just for now
Ticket t = new Ticket(ticket, c, r);
Tickets.Add(t);
this.SaveChanges();
return(t);
}
public async Task <AuthenticateResult> AuthenticateAsync()
{
var cookie = Context.Request.Cookies["myAuthenticateCookie"];
if (string.IsNullOrEmpty(cookie))
{
return(AuthenticateResult.NoResult());
}
byte[] ticketBytes = Convert.FromBase64String(cookie);
AuthenticationTicket authenticationTicket = new TicketSerializer().Deserialize(ticketBytes);
return(AuthenticateResult.Success(authenticationTicket));
}
public void NullPrincipalThrows()
{
var properties = new AuthenticationProperties();
properties.RedirectUri = "bye";
var ticket = new AuthenticationTicket(properties, "Hello");
using (var stream = new MemoryStream())
using (var writer = new BinaryWriter(stream))
using (var reader = new BinaryReader(stream))
{
Assert.Throws <ArgumentNullException>(() => TicketSerializer.Write(writer, ticket));
}
}
// for debugging in memory
//List<RefreshToken> tokens = new List<RefreshToken>();
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
// apple send a different form format back
var form = context.Request.Path == new PathString("/api/Account/handleresponsefromapple") ? null : await context.Request.ReadFormAsync();
var grantType = form?.GetValues("grant_type");
// don't create a new refresh token if the user is only after a new access token
if (grantType == null || grantType[0] != "refresh_token")
{
var db = context.OwinContext.Get <ApplicationDbContext>();
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
Random rand = new Random();
string tokenString = Membership.GeneratePassword(30, 0);
tokenString = Regex.Replace(tokenString, @"[^a-zA-Z0-9]", m => rand.Next(0, 10).ToString());
DateTimeOffset issuedUtc = DateTimeOffset.UtcNow;
DateTimeOffset expiresUtc = DateTimeOffset.UtcNow.AddYears(1);
AuthenticationTicket refreshTokenTicket = new AuthenticationTicket(
context.Ticket.Identity,
new AuthenticationProperties(context.Ticket.Properties.Dictionary));
refreshTokenTicket.Properties.IssuedUtc = issuedUtc;
refreshTokenTicket.Properties.ExpiresUtc = expiresUtc;
TicketSerializer serializer = new TicketSerializer();
string serializedTicket = Convert.ToBase64String(serializer.Serialize(refreshTokenTicket));
// Store in the database, with the hashed token and the ticket as encrypted
// json using the token as the decrypt password
RefreshToken newToken = new RefreshToken
{
CreatedAtUtc = issuedUtc,
ExpiresAtUtc = expiresUtc,
Revoked = false,
User = await userManager.FindByNameAsync(context.Ticket.Identity.Name),
TokenHash = GetStringSha256Hash(tokenString),
EncryptedTicket = ServerUtils.StringCipher.Encrypt(serializedTicket, tokenString)
};
db.RefreshTokens.Add(newToken);
await db.SaveChangesAsync();
//tokens.Add(newToken);
context.SetToken(tokenString);
}
}
public Task <string> StoreAsync(AuthenticationTicket ticket)
{
string key = Guid.NewGuid().ToString();
HttpContext httpContext = HttpContext.Current;
CheckSessionAvailable(httpContext);
//httpContext.Session[key + ".Ticket"] = ticket;
// Serialization fix from https://stackoverflow.com/a/33614059
var ticketSerializer = new TicketSerializer();
var ticketBytes = ticketSerializer.Serialize(ticket);
httpContext.Session[key + ".Ticket"] = ticketBytes;
return(Task.FromResult(key));
}
public CookiePrincipalStorageProvider(
IDataProtectionProvider dataProtectionProvider,
IHttpContextAccessor httpContextAccessor,
IJSRuntime jsRuntime,
CookiePrincipalStorageOptions options)
{
_dataProtectionProvider = dataProtectionProvider ?? throw new ArgumentNullException(nameof(dataProtectionProvider), "A data protection provider must be available.");
_httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor), "A IHttpContextAccessor must be available.");
_jsRuntime = jsRuntime;
_options = options;
_dataProtector = _dataProtectionProvider.CreateProtector("Blazor.Authentication.Cookie");
_ticketSerializer = new TicketSerializer();
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var entities = new ApplicationDbContext();
var repo = new ApplicationRepository(entities);
var hashedToken = GetHash(context.Token);
var refreshToken = await repo.RefreshTokens.GetByIdAsync(hashedToken);
if (refreshToken != null)
{
//Get protectedTicket from refreshToken class
//context.DeserializeTicket(refreshToken.ProtectedTicket);
TicketSerializer serializer = new TicketSerializer();
context.SetTicket(serializer.Deserialize(System.Text.Encoding.Default.GetBytes(refreshToken.ProtectedTicket)));
//await repo.RefreshTokens.DeleteAndSaveAsync(hashedToken);
}
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary[AuthenticationPropertyKeys.CLIENT_ID];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
ApplicationDbContext appDbContext = context.OwinContext.Get <ApplicationDbContext>();
ApplicationUserManager applicationUserManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
AuthRepository _repo = new AuthRepository(appDbContext, applicationUserManager);
Client client = _repo.FindClient(clientid);
if (client == null)
{
return;
}
var token = new RefreshToken()
{
Id = HashGenerator.GetHash(refreshTokenId),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(client.RefreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
//token.ProtectedTicket = context.SerializeTicket();
TicketSerializer serializer = new TicketSerializer();
token.ProtectedTicket = Encoding.Default.GetString(serializer.Serialize(context.Ticket));
var result = await _repo.AddRefreshToken(token);
if (result)
{
context.SetToken(refreshTokenId);
}
}
public void CanRoundTripEmptyPrincipal()
{
var serializer = new TicketSerializer();
var properties = new AuthenticationProperties();
properties.RedirectUri = "bye";
var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
using (var stream = new MemoryStream())
using (var writer = new BinaryWriter(stream))
using (var reader = new BinaryReader(stream))
{
serializer.Write(writer, ticket);
stream.Position = 0;
var readTicket = serializer.Read(reader);
Assert.Equal(0, readTicket.Principal.Identities.Count());
Assert.Equal("bye", readTicket.Properties.RedirectUri);
Assert.Equal("Hello", readTicket.AuthenticationScheme);
}
}
public void CanRoundTripBootstrapContext()
{
var serializer = new TicketSerializer();
var properties = new AuthenticationProperties();
var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { BootstrapContext = "bootstrap" });
using (var stream = new MemoryStream())
using (var writer = new BinaryWriter(stream))
using (var reader = new BinaryReader(stream))
{
serializer.Write(writer, ticket);
stream.Position = 0;
var readTicket = serializer.Read(reader);
Assert.Equal(1, readTicket.Principal.Identities.Count());
Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
Assert.Equal("bootstrap", readTicket.Principal.Identities.First().BootstrapContext);
}
}
public void CanRoundTripActorIdentity()
{
var serializer = new TicketSerializer();
var properties = new AuthenticationProperties();
var actor = new ClaimsIdentity("actor");
var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { Actor = actor });
using (var stream = new MemoryStream())
using (var writer = new BinaryWriter(stream))
using (var reader = new BinaryReader(stream))
{
serializer.Write(writer, ticket);
stream.Position = 0;
var readTicket = serializer.Read(reader);
Assert.Equal(1, readTicket.Principal.Identities.Count());
Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
var identity = (ClaimsIdentity) readTicket.Principal.Identity;
Assert.NotNull(identity.Actor);
Assert.Equal(identity.Actor.AuthenticationType, "actor");
}
}
private TicketResult Remove(AuthenticationTokenReceiveContext context)
{
TicketResult result = new TicketResult();
StoreKeyFunc = StoreKeyFunc ?? ((ctx, token) => token);
string key = StoreKeyFunc(context.Ticket, context.Token);
IDatabase database = _redis.GetDatabase(_configuration.Db);
byte[] ticket = database.StringGet(key);
if (ticket.Length > default(int))
{
TicketSerializer serializer = new TicketSerializer();
result.Ticket = serializer.Deserialize(ticket);
result.Deleted = database.KeyDelete(key);
}
return result;
}
private void Store(string guid, AuthenticationTicket ticket)
{
TicketSerializer serializer = new TicketSerializer();
byte[] serialize = serializer.Serialize(ticket);
IDatabase database = _redis.GetDatabase(_configuration.Db);
database.StringSet(guid, serialize, _configuration.ExpiresUtc.TimeOfDay);
}
static DataSerializers()
{
Properties = new PropertiesSerializer();
Ticket = new TicketSerializer();
}
private async Task<TicketResult> RemoveAsync(AuthenticationTokenReceiveContext context)
{
TicketResult result = new TicketResult();
StoreKeyFunc = StoreKeyFunc ?? ((ctx, token) => token);
string key = StoreKeyFunc(context.Ticket, context.Token);
IDatabase database = _redis.GetDatabase(_configuration.Db);
byte[] ticket = await database.StringGetAsync(key);
if (ticket != null)
{
TicketSerializer serializer = new TicketSerializer();
result.Ticket = serializer.Deserialize(ticket);
result.Deleted = await database.KeyDeleteAsync(key);
}
else
{
await database.KeyDeleteAsync(context.Token);
}
return result;
}
public void CanRoundTripClaimProperties()
{
var serializer = new TicketSerializer();
var properties = new AuthenticationProperties();
var claim = new Claim("type", "value", "valueType", "issuer", "original-issuer");
claim.Properties.Add("property-1", "property-value");
// Note: a null value MUST NOT result in a crash
// and MUST instead be treated like an empty string.
claim.Properties.Add("property-2", null);
var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
ticket.Principal.AddIdentity(new ClaimsIdentity(new[] { claim }, "misc"));
using (var stream = new MemoryStream())
using (var writer = new BinaryWriter(stream))
using (var reader = new BinaryReader(stream))
{
serializer.Write(writer, ticket);
stream.Position = 0;
var readTicket = serializer.Read(reader);
Assert.Equal(1, readTicket.Principal.Identities.Count());
Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
var readClaim = readTicket.Principal.FindFirst("type");
Assert.NotNull(claim);
Assert.Equal(claim.Type, "type");
Assert.Equal(claim.Value, "value");
Assert.Equal(claim.ValueType, "valueType");
Assert.Equal(claim.Issuer, "issuer");
Assert.Equal(claim.OriginalIssuer, "original-issuer");
var property1 = readClaim.Properties["property-1"];
Assert.Equal(property1, "property-value");
var property2 = readClaim.Properties["property-2"];
Assert.Equal(property2, string.Empty);
}
}
static DataSerializers()
{
Extra = new ExtraSerializer();
Ticket = new TicketSerializer();
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
// define o cabecalho da resposta do contexto do Owin com a permição de origem
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {allowedOrigin});
// pega o Id do token pelo na requisição
var hashedTokenId = HashHelper.GetHash(context.Token);
// Identifica o Browser
var userAgent = HttpContext.Current.Request.UserAgent;
var userBrowser = new HttpBrowserCapabilities {Capabilities = new Hashtable {{string.Empty, userAgent}}};
var factory = new BrowserCapabilitiesFactory();
factory.ConfigureBrowserCapabilities(new NameValueCollection(), userBrowser);
var browser = userBrowser.Browser;
var refreshTokenDomain = new RefreshTokenDomain();
// busca o token na base de dados pelo id
var refreshToken = await refreshTokenDomain.ReadAsync(hashedTokenId, browser);
// se o token for encontrado
if (refreshToken != null)
{
// pega os dados do ticket para deserializar e gerar um novo ticket com
// as informações mapeadas do usuário que utiliza este token
var ticketSerializer = new TicketSerializer();
var ticket = ticketSerializer.Deserialize(refreshToken.ProtectedTicket);
context.SetTicket(ticket);
// remove o token da base de dados pois em nossa lógica, permitimos apenas
// um RefreshToken por usuário e aplicação cliente
await refreshTokenDomain.DeleteAsync(hashedTokenId, browser);
}
}
