public void Execute(AuthFilterContext authContext)
{
var session = authContext.Session;
var authService = authContext.AuthService;
var shouldReturnTokens = authContext.DidAuthenticate;
if (shouldReturnTokens && SetBearerTokenOnAuthenticateResponse && authContext.AuthResponse.BearerToken == null && session.IsAuthenticated)
{
if (!RequireSecureConnection || authService.Request.IsSecureConnection)
{
IEnumerable <string> roles = null, perms = null;
if (HostContext.AppHost.GetAuthRepository(authService.Request) is IManageRoles authRepo && session.UserAuthId != null)
{
roles = authRepo.GetRoles(session.UserAuthId);
perms = authRepo.GetPermissions(session.UserAuthId);
}
authContext.AuthResponse.BearerToken = CreateJwtBearerToken(authContext.AuthService.Request, session, roles, perms);
authContext.AuthResponse.RefreshToken = EnableRefreshToken()
? CreateJwtRefreshToken(authService.Request, session.UserAuthId, ExpireRefreshTokensIn)
: null;
}
}
}
public async Task ExecuteAsync(AuthFilterContext authContext)
{
var session = authContext.Session;
var authService = authContext.AuthService;
var shouldReturnTokens = authContext.DidAuthenticate;
if (shouldReturnTokens && SetBearerTokenOnAuthenticateResponse && authContext.AuthResponse.BearerToken == null && session.IsAuthenticated)
{
if (!RequireSecureConnection || authService.Request.IsSecureConnection)
{
IEnumerable <string> roles = null, perms = null;
var userRepo = HostContext.AppHost.GetAuthRepositoryAsync(authService.Request);
await using (userRepo as IAsyncDisposable)
{
if (userRepo is IManageRolesAsync manageRoles)
{
var tuple = await manageRoles.GetRolesAndPermissionsAsync(session.UserAuthId).ConfigAwait();
roles = tuple.Item1;
perms = tuple.Item2;
}
}
authContext.AuthResponse.BearerToken = CreateJwtBearerToken(authContext.AuthService.Request, session, roles, perms);
authContext.AuthResponse.RefreshToken = EnableRefreshToken()
? CreateJwtRefreshToken(authService.Request, session.UserAuthId, ExpireRefreshTokensIn)
: null;
}
}
}
public void Execute(AuthFilterContext authContext)
{
var session = authContext.Session;
var authService = authContext.AuthService;
if (SetBearerTokenOnAuthenticateResponse && authContext.AuthResponse.BearerToken == null && session.IsAuthenticated)
{
if (!RequireSecureConnection || authService.Request.IsSecureConnection)
{
IEnumerable <string> roles = null, perms = null;
var authRepo = HostContext.AppHost.GetAuthRepository(authService.Request) as IManageRoles;
if (authRepo != null && session.UserAuthId != null)
{
roles = authRepo.GetRoles(session.UserAuthId);
perms = authRepo.GetPermissions(session.UserAuthId);
}
authContext.AuthResponse.BearerToken = CreateJwtBearerToken(session, roles, perms);
}
}
}
public object AuthenticateResponseDecorator(AuthFilterContext authCtx)
{
if (authCtx.AuthResponse.BearerToken == null || authCtx.AuthRequest.UseTokenCookie != true)
{
return(authCtx.AuthResponse);
}
authCtx.AuthService.Request.RemoveSession(authCtx.AuthService.GetSessionId());
return(new HttpResult(authCtx.AuthResponse)
{
Cookies =
{
new Cookie(Keywords.TokenCookie, authCtx.AuthResponse.BearerToken, Cookies.RootPath)
{
HttpOnly = true,
Secure = authCtx.AuthService.Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(ExpireTokensIn),
}
}
});
}
public object Post(Authenticate request)
{
AssertAuthProviders();
if (ValidateFn != null)
{
var validationResponse = ValidateFn(this, Request.Verb, request);
if (validationResponse != null)
{
return(validationResponse);
}
}
if (request.RememberMe.HasValue)
{
var opt = request.RememberMe.GetValueOrDefault(false)
? SessionOptions.Permanent
: SessionOptions.Temporary;
base.Request.AddSessionOptions(opt);
}
var provider = request.provider ?? AuthProviders[0].Provider;
if (provider == CredentialsAliasProvider)
{
provider = CredentialsProvider;
}
var authProvider = GetAuthProvider(provider);
if (authProvider == null)
{
throw HttpError.NotFound(ErrorMessages.UnknownAuthProviderFmt.Fmt(provider.SafeInput()));
}
if (LogoutAction.EqualsIgnoreCase(request.provider))
{
return(authProvider.Logout(this, request));
}
if (authProvider is IAuthWithRequest && !base.Request.IsInProcessRequest())
{
//IAuthWithRequest normally doesn't call Authenticate directly, but they can to return Auth Info
//But as AuthenticateService doesn't have [Authenticate] we need to call it manually
new AuthenticateAttribute().ExecuteAsync(base.Request, base.Response, request).Wait();
if (base.Response.IsClosed)
{
return(null);
}
}
var session = this.GetSession();
var isHtml = base.Request.ResponseContentType.MatchesContentType(MimeTypes.Html);
try
{
var response = Authenticate(request, provider, session, authProvider);
// The above Authenticate call may end an existing session and create a new one so we need
// to refresh the current session reference.
session = this.GetSession();
if (request.provider == null && !session.IsAuthenticated)
{
throw HttpError.Unauthorized(ErrorMessages.NotAuthenticated.Localize(Request));
}
var referrerUrl = request.Continue
?? session.ReferrerUrl
?? this.Request.GetHeader(HttpHeaders.Referer)
?? authProvider.CallbackUrl;
var alreadyAuthenticated = response == null;
response = response ?? new AuthenticateResponse {
UserId = session.UserAuthId,
UserName = session.UserAuthName,
DisplayName = session.DisplayName
?? session.UserName
?? $"{session.FirstName} {session.LastName}".Trim(),
SessionId = session.Id,
ReferrerUrl = referrerUrl,
};
if (response is AuthenticateResponse authResponse)
{
var authCtx = new AuthFilterContext {
AuthService = this,
AuthProvider = authProvider,
AuthRequest = request,
AuthResponse = authResponse,
Session = session,
AlreadyAuthenticated = alreadyAuthenticated,
DidAuthenticate = Request.Items.ContainsKey(Keywords.DidAuthenticate),
};
foreach (var responseFilter in AuthResponseFilters)
{
responseFilter.Execute(authCtx);
}
if (AuthResponseDecorator != null)
{
return(AuthResponseDecorator(authCtx));
}
}
if (isHtml && request.provider != null)
{
if (alreadyAuthenticated)
{
return(this.Redirect(referrerUrl.SetParam("s", "0")));
}
if (!(response is IHttpResult) && !string.IsNullOrEmpty(referrerUrl))
{
return(new HttpResult(response)
{
Location = referrerUrl
});
}
}
return(response);
}
catch (HttpError ex)
{
var errorReferrerUrl = this.Request.GetHeader(HttpHeaders.Referer);
if (isHtml && errorReferrerUrl != null)
{
errorReferrerUrl = errorReferrerUrl.SetParam("f", ex.Message.Localize(Request));
return(HttpResult.Redirect(errorReferrerUrl));
}
throw;
}
}
public object Post(Authenticate request)
{
AssertAuthProviders();
if (ValidateFn != null)
{
var validationResponse = ValidateFn(this, Request.Verb, request);
if (validationResponse != null)
{
return(validationResponse);
}
}
var authFeature = GetPlugin <AuthFeature>();
if (request.RememberMe.HasValue)
{
var opt = request.RememberMe.GetValueOrDefault(false)
? SessionOptions.Permanent
: SessionOptions.Temporary;
base.Request.AddSessionOptions(opt);
}
var provider = request.provider ?? AuthProviders[0].Provider;
if (provider == CredentialsAliasProvider)
{
provider = CredentialsProvider;
}
var authProvider = GetAuthProvider(provider);
if (authProvider == null)
{
throw HttpError.NotFound(ErrorMessages.UnknownAuthProviderFmt.Fmt(provider.SafeInput()));
}
if (LogoutAction.EqualsIgnoreCase(request.provider))
{
return(authProvider.Logout(this, request));
}
if (authProvider is IAuthWithRequest && !base.Request.IsInProcessRequest())
{
//IAuthWithRequest normally doesn't call Authenticate directly, but they can to return Auth Info
//But as AuthenticateService doesn't have [Authenticate] we need to call it manually
new AuthenticateAttribute().ExecuteAsync(base.Request, base.Response, request).Wait();
if (base.Response.IsClosed)
{
return(null);
}
}
var session = this.GetSession();
var isHtml = base.Request.ResponseContentType.MatchesContentType(MimeTypes.Html);
try
{
var response = Authenticate(request, provider, session, authProvider);
// The above Authenticate call may end an existing session and create a new one so we need
// to refresh the current session reference.
session = this.GetSession();
if (request.provider == null && !session.IsAuthenticated)
{
throw HttpError.Unauthorized(ErrorMessages.NotAuthenticated.Localize(Request));
}
var returnUrl = Request.GetReturnUrl();
var referrerUrl = returnUrl
?? session.ReferrerUrl
?? base.Request.GetQueryStringOrForm(Keywords.ReturnUrl)
?? this.Request.GetHeader(HttpHeaders.Referer)
?? authProvider.CallbackUrl;
if (authFeature != null)
{
if (!string.IsNullOrEmpty(returnUrl))
{
authFeature.ValidateRedirectLinks(Request, referrerUrl);
}
}
var manageRoles = AuthRepository as IManageRoles;
var alreadyAuthenticated = response == null;
response ??= new AuthenticateResponse {
UserId = session.UserAuthId,
UserName = session.UserAuthName,
DisplayName = session.DisplayName
?? session.UserName
?? $"{session.FirstName} {session.LastName}".Trim(),
SessionId = session.Id,
ReferrerUrl = referrerUrl,
};
if (response is AuthenticateResponse authResponse)
{
authResponse.ProfileUrl ??= session.GetProfileUrl();
if (session.UserAuthId != null && authFeature != null)
{
if (authFeature.IncludeRolesInAuthenticateResponse)
{
var authSession = authFeature.AuthSecretSession;
if (authSession != null && session.UserAuthName == authSession.UserAuthName && session.UserAuthId == authSession.UserAuthId)
{
authResponse.Roles = session.Roles;
authResponse.Permissions = session.Permissions;
}
authResponse.Roles ??= (manageRoles != null
? manageRoles.GetRoles(session.UserAuthId)?.ToList()
: session.Roles);
authResponse.Permissions ??= (manageRoles != null
? manageRoles.GetPermissions(session.UserAuthId)?.ToList()
: session.Permissions);
}
if (authFeature.IncludeOAuthTokensInAuthenticateResponse && AuthRepository != null)
{
var authDetails = AuthRepository.GetUserAuthDetails(session.UserAuthId);
if (authDetails?.Count > 0)
{
authResponse.Meta ??= new Dictionary <string, string>();
foreach (var authDetail in authDetails.Where(x => x.AccessTokenSecret != null))
{
authResponse.Meta[authDetail.Provider + "-tokens"] = authDetail.AccessTokenSecret +
(authDetail.AccessToken != null ? ':' + authDetail.AccessToken : "");
}
}
}
}
var authCtx = new AuthFilterContext {
AuthService = this,
AuthProvider = authProvider,
AuthRequest = request,
AuthResponse = authResponse,
ReferrerUrl = referrerUrl,
Session = session,
AlreadyAuthenticated = alreadyAuthenticated,
DidAuthenticate = Request.Items.ContainsKey(Keywords.DidAuthenticate),
};
foreach (var responseFilter in AuthResponseFilters)
{
responseFilter.Execute(authCtx);
}
if (AuthResponseDecorator != null)
{
var authDecoratorResponse = AuthResponseDecorator(authCtx);
if (authDecoratorResponse != response)
{
return(authDecoratorResponse);
}
}
}
if (isHtml && request.provider != null)
{
if (alreadyAuthenticated)
{
return(this.Redirect(referrerUrl.SetParam("s", "0")));
}
if (!(response is IHttpResult) && !string.IsNullOrEmpty(referrerUrl))
{
return(new HttpResult(response)
{
Location = referrerUrl
});
}
}
return(response);
}
catch (Exception ex)
{
if (isHtml && Request.GetErrorView() != null)
{
return(ex);
}
if (ex is HttpError)
{
var errorReferrerUrl = this.Request.GetReturnUrl() ?? this.Request.GetHeader(HttpHeaders.Referer);
if (isHtml && errorReferrerUrl != null && Request.GetParam(Keywords.NoRedirect) == null)
{
errorReferrerUrl = errorReferrerUrl.SetParam("f", ex.Message.Localize(Request));
return(HttpResult.Redirect(errorReferrerUrl));
}
}
throw;
}
}
