public async Task <bool> UpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session, IEnumerable <Claim> claims = null)
{
logger.ScopeTrace(() => $"Update session, Route '{RouteBinding.Route}'.");
var sessionEnabled = SessionEnabled(loginUpParty);
var sessionValid = SessionValid(loginUpParty, session);
if (sessionEnabled && sessionValid)
{
AddDownPartyLink(session, newDownPartyLink);
session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
if (claims?.Count() > 0)
{
session.Claims = UpdateClaims(session, claims);
}
await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));
logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
return(true);
}
await sessionCookieRepository.DeleteAsync(loginUpParty);
logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'.");
return(false);
}
public async Task CreateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, long authTime, IEnumerable <Claim> claims)
{
if (SessionEnabled(loginUpParty))
{
logger.ScopeTrace(() => $"Create session, Route '{RouteBinding.Route}'.");
var session = new SessionLoginUpPartyCookie
{
Claims = claims.ToClaimAndValues(),
};
AddDownPartyLink(session, newDownPartyLink);
session.CreateTime = authTime;
session.LastUpdated = authTime;
await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));
logger.ScopeTrace(() => $"Session created, User id '{session.UserId}', Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
}
}
protected void AddDownPartyLink(SessionBaseCookie session, DownPartySessionLink newDownPartyLink)
{
if (newDownPartyLink == null || !newDownPartyLink.SupportSingleLogout)
{
return;
}
if (session.DownPartyLinks == null)
{
session.DownPartyLinks = new List <DownPartySessionLink> {
newDownPartyLink
};
}
else
{
if (!session.DownPartyLinks.Where(d => d.Id == newDownPartyLink.Id).Any())
{
session.DownPartyLinks.Add(newDownPartyLink);
}
}
}
public async Task <(SessionLoginUpPartyCookie, User)> GetAndUpdateSessionCheckUserAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink)
{
logger.ScopeTrace(() => $"Get and update session and check user, Route '{RouteBinding.Route}'.");
var session = await sessionCookieRepository.GetAsync(loginUpParty);
if (session != null)
{
var sessionEnabled = SessionEnabled(loginUpParty);
var sessionValid = SessionValid(loginUpParty, session);
logger.ScopeTrace(() => $"User id '{session.UserId}' session exists, Enabled '{sessionEnabled}', Valid '{sessionValid}', Session id '{session.SessionId}', Route '{RouteBinding.Route}'.");
if (sessionEnabled && sessionValid)
{
var id = await User.IdFormat(new User.IdKey {
TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName, Email = session.Email
});
var user = await tenantRepository.GetAsync <User>(id, false);
if (user != null && !user.DisableAccount)
{
if (user.UserId != session.UserId)
{
throw new Exception("Session user id and the Users user id do not match, this should not be able to occur.");
}
AddDownPartyLink(session, newDownPartyLink);
session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));
logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
return(session, user);
}
}
else
{
await sessionCookieRepository.DeleteAsync(loginUpParty);
logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'.");
}
}
else
{
logger.ScopeTrace(() => "Session do not exists.");
}
return(null, null);
}
public async Task <string> CreateOrUpdateSessionAsync <T>(T upParty, DownPartySessionLink newDownPartyLink, List <Claim> claims, string externalSessionId, string idToken = null) where T : UpParty
{
logger.ScopeTrace($"Create or update session up-party, Route '{RouteBinding.Route}'.");
var sessionClaims = FilterClaims(claims);
Action <SessionUpPartyCookie> updateAction = (session) =>
{
sessionClaims.AddClaim(JwtClaimTypes.SessionId, NewSessionId());
session.Claims = sessionClaims.ToClaimAndValues();
session.ExternalSessionId = externalSessionId;
session.IdToken = idToken;
AddDownPartyLink(session, newDownPartyLink);
};
var sessionEnabled = SessionEnabled(upParty);
var session = await sessionCookieRepository.GetAsync();
if (session != null)
{
var sessionValid = SessionValid(upParty, session);
logger.ScopeTrace($"User id '{session.UserId}' session up-party exists, Enabled '{sessionEnabled}', Valid '{sessionValid}', Session id '{session.SessionId}', Route '{RouteBinding.Route}'.");
if (sessionEnabled && sessionValid)
{
var userId = sessionClaims.FindFirstValue(c => c.Type == JwtClaimTypes.Subject);
if (!session.UserId.IsNullOrEmpty() && session.UserId != userId)
{
logger.ScopeTrace("Authenticated user and requested user do not match.");
// TODO invalid user login
throw new NotImplementedException("Authenticated user and requested user do not match.");
}
if (session.ExternalSessionId != externalSessionId)
{
try
{
throw new Exception("External session ID has changed, causing an session update including new session ID.");
}
catch (Exception ex)
{
logger.Warning(ex);
}
updateAction(session);
}
else
{
AddDownPartyLink(session, newDownPartyLink);
}
session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
await sessionCookieRepository.SaveAsync(session, null);
logger.ScopeTrace($"Session updated up-party, Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
return(session.SessionId);
}
if (!sessionEnabled)
{
await sessionCookieRepository.DeleteAsync();
logger.ScopeTrace($"Session deleted, Session id '{session.SessionId}'.");
}
}
if (sessionEnabled)
{
logger.ScopeTrace($"Create session up-party, External Session id '{externalSessionId}', Route '{RouteBinding.Route}'.");
session = new SessionUpPartyCookie();
updateAction(session);
session.LastUpdated = session.CreateTime;
await sessionCookieRepository.SaveAsync(session, null);
logger.ScopeTrace($"Session up-party created, User id '{session.UserId}', Session id '{session.SessionId}', External Session id '{externalSessionId}'.", GetSessionScopeProperties(session));
return(session.SessionId);
}
return(null);
}
public async Task <IActionResult> LoginResponseUpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session)
{
if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session))
{
return(await loginUpLogic.LoginResponseAsync(session.Claims.ToClaimList()));
}
else
{
throw new InvalidOperationException("Session do not exist or can not be updated.");
}
}
public async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, IEnumerable <string> authMethods, IEnumerable <Claim> acrClaims = null, SessionLoginUpPartyCookie session = null)
{
var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
List <Claim> claims = null;
if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session, acrClaims))
{
claims = session.Claims.ToClaimList();
}
else
{
var sessionId = RandomGenerator.Generate(24);
claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId, acrClaims);
await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims);
}
return(await loginUpLogic.LoginResponseAsync(claims));
}
private async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, SessionLoginUpPartyCookie session = null)
{
var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
var authMethods = new List <string>();
authMethods.Add(IdentityConstants.AuthenticationMethodReferenceValues.Pwd);
List <Claim> claims = null;
if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session))
{
claims = session.Claims.ToClaimList();
}
else
{
var sessionId = RandomGenerator.Generate(24);
claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId);
await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims);
}
return(await loginUpLogic.LoginResponseAsync(claims));
}
public async Task <(bool, SingleLogoutSequenceData)> InitializeSingleLogoutAsync(UpPartyLink upPartyLink, DownPartySessionLink initiatingDownParty, IEnumerable <DownPartySessionLink> downPartyLinks, IEnumerable <ClaimAndValues> claims, IEnumerable <string> allowIframeOnDomains = null, bool hostedInIframe = false)
{
logger.ScopeTrace(() => "Initialize single logout.");
downPartyLinks = downPartyLinks?.Where(p => p.SupportSingleLogout && (initiatingDownParty == null || p.Id != initiatingDownParty.Id));
if (!(downPartyLinks?.Count() > 0) || !(claims?.Count() > 0))
{
return(false, null);
}
var sequenceData = new SingleLogoutSequenceData
{
UpPartyName = upPartyLink.Name,
UpPartyType = upPartyLink.Type,
DownPartyLinks = downPartyLinks,
HostedInIframe = hostedInIframe,
AllowIframeOnDomains = allowIframeOnDomains
};
if (downPartyLinks.Where(p => p.Type == PartyTypes.Saml2).Any())
{
sequenceData.Claims = claims;
}
else
{
sequenceData.Claims = claims.Where(c => c.Claim == JwtClaimTypes.SessionId);
}
await sequenceLogic.SaveSequenceDataAsync(sequenceData);
return(true, sequenceData);
}
