public List <Claim> GenerateAccessClaims(tbl_Issuer issuer, tbl_Audience audience)
{
var expire = _context.Set <tbl_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.AccessExpire).Single();
var claims = new List <Claim>();
//add lowest common denominators...
claims.Add(new Claim(ClaimTypes.NameIdentifier, audience.Id.ToString()));
var roles = _context.Set <tbl_Role>()
.Where(x => x.tbl_AudienceRoles.Any(y => y.AudienceId == audience.Id)).ToList();
foreach (var role in roles.OrderBy(x => x.Name))
{
claims.Add(new Claim(ClaimTypes.Role, role.Name));
}
//nonce to enhance entropy
claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));
//not before timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//issued at timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//expire on timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
return(claims);
}
public IActionResult GetV1([FromRoute] string issuerValue)
{
Guid issuerID;
LambdaExpression expr = null;
tbl_Issuer issuer = null;
if (Guid.TryParse(issuerValue, out issuerID))
{
expr = QueryExpressionFactory.GetQueryExpression <tbl_Issuer>()
.Where(x => x.Id == issuerID).ToLambda();
}
else
{
expr = QueryExpressionFactory.GetQueryExpression <tbl_Issuer>()
.Where(x => x.Name == issuerValue).ToLambda();
}
issuer = uow.Issuers.Get(expr,
new List <Expression <Func <tbl_Issuer, object> > >()
{
x => x.tbl_Audiences,
x => x.tbl_Claims,
})
.SingleOrDefault();
if (issuer == null)
{
ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{issuerValue}");
return(NotFound(ModelState));
}
return(Ok(map.Map <IssuerV1>(issuer)));
}
public List<Claim> GenerateRefreshClaims(tbl_Issuer issuer, tbl_User user)
{
var expire = _context.Set<tbl_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null
&& x.ConfigKey == SettingsConstants.RefreshExpire).Single();
var claims = new List<Claim>();
//add lowest common denominators...
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
//nonce to enhance entropy
claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));
//not before timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//issued at timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//expire on timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
return claims;
}
public List<Claim> GenerateAccessClaims(tbl_Issuer issuer, tbl_User user)
{
var expire = _context.Set<tbl_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null
&& x.ConfigKey == SettingsConstants.AccessExpire).Single();
var legacyClaims = _context.Set<tbl_Setting>().Where(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null
&& x.ConfigKey == SettingsConstants.GlobalLegacyClaims).Single();
var claims = new List<Claim>();
//add lowest common denominators...
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if (!string.IsNullOrEmpty(user.EmailAddress))
claims.Add(new Claim(ClaimTypes.Email, user.EmailAddress));
if (!string.IsNullOrEmpty(user.PhoneNumber))
claims.Add(new Claim(ClaimTypes.MobilePhone, user.PhoneNumber));
claims.Add(new Claim(ClaimTypes.GivenName, user.FirstName));
claims.Add(new Claim(ClaimTypes.Surname, user.LastName));
var userRoles = _context.Set<tbl_Role>()
.Where(x => x.tbl_UserRoles.Any(y => y.UserId == user.Id)).ToList();
foreach (var role in userRoles.OrderBy(x => x.Name))
{
claims.Add(new Claim(ClaimTypes.Role, role.Name));
//check compatibility is enabled. pack claim(s) with old name and new name.
if (bool.Parse(legacyClaims.ConfigValue))
claims.Add(new Claim("role", role.Name, ClaimTypes.Role));
}
var userClaims = _context.Set<tbl_Claim>()
.Where(x => x.tbl_UserClaims.Any(y => y.UserId == user.Id)).ToList();
foreach (var claim in userClaims.OrderBy(x => x.Type))
claims.Add(new Claim(claim.Type, claim.Value, claim.ValueType));
//nonce to enhance entropy
claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));
//not before timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//issued at timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
//expire on timestamp
claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
return claims;
}
public void CreateIssuers()
{
/*
* create test issuers
*/
foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>()
.Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda())
.SingleOrDefault();
if (foundIssuer == null)
{
foundIssuer = _uow.Issuers.Create(
_map.Map <tbl_Issuer>(new IssuerV1()
{
Name = TestDefaultConstants.IssuerName,
IssuerKey = TestDefaultConstants.IssuerKey,
IsEnabled = true,
IsDeletable = true,
}));
_uow.Commit();
}
}
public void CreateIssuers()
{
/*
* create test issuers
*/
foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>()
.Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda())
.SingleOrDefault();
if (foundIssuer == null)
{
foundIssuer = _uow.Issuers.Create(
_map.Map <tbl_Issuer>(new IssuerV1()
{
Name = TestDefaultConstants.IssuerName,
IssuerKey = TestDefaultConstants.IssuerKey,
IsEnabled = true,
IsDeletable = true,
}));
_uow.Commit();
}
var foundAccessExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.AccessExpire).ToLambda())
.SingleOrDefault();
if (foundAccessExpire == null)
{
_uow.Settings.Create(
_map.Map <tbl_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.AccessExpire,
ConfigValue = 600.ToString(),
IsDeletable = true,
}));
_uow.Commit();
}
var foundRefreshExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.RefreshExpire).ToLambda())
.SingleOrDefault();
if (foundRefreshExpire == null)
{
_uow.Settings.Create(
_map.Map <tbl_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.RefreshExpire,
ConfigValue = 86400.ToString(),
IsDeletable = true,
}));
_uow.Commit();
}
var foundTotpExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.TotpExpire).ToLambda())
.SingleOrDefault();
if (foundTotpExpire == null)
{
_uow.Settings.Create(
_map.Map <tbl_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.TotpExpire,
ConfigValue = 600.ToString(),
IsDeletable = true,
}));
_uow.Commit();
}
var foundPollingMax = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.PollingMax).ToLambda())
.SingleOrDefault();
if (foundPollingMax == null)
{
_uow.Settings.Create(
_map.Map <tbl_Setting>(new SettingV1()
{
IssuerId = foundIssuer.Id,
ConfigKey = SettingsConstants.PollingMax,
ConfigValue = 10.ToString(),
IsDeletable = true,
}));
_uow.Commit();
}
}
