public virtual TModel Create(Utilizer utilizer, string membershipId, TModel model)
        {
            // Check membership
            var membership = this.membershipService.Get(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }
            else
            {
                model.MembershipId = membershipId;
            }

            // Model validation
            if (!this.ValidateModel(model, out var errors))
            {
                throw ErtisAuthException.ValidationError(errors);
            }

            // Check existing
            if (this.IsAlreadyExist(model, membershipId))
            {
                throw this.GetAlreadyExistError(model);
            }

            // Insert to database
            var dto         = Mapper.Current.Map <TModel, TDto>(model);
            var insertedDto = this.repository.Insert(dto);
            var inserted    = Mapper.Current.Map <TDto, TModel>(insertedDto);

            this.OnCreated?.Invoke(this, new CreateResourceEventArgs <TModel>(utilizer, inserted));

            return(inserted);
        }
Esempio n. 2
0
        public IPaginationCollection <dynamic> GetDynamic(string membershipId, int?skip, int?limit, bool withCount, string orderBy, SortDirection?sortDirection)
        {
            var membership = this.membershipService.Get(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            return(this.repository.Query(x => x.MembershipId == membershipId, skip, limit, withCount, orderBy, sortDirection));
        }
Esempio n. 3
0
        public async Task <IPaginationCollection <dynamic> > GetDynamicAsync(string membershipId, int?skip, int?limit, bool withCount, string orderBy, SortDirection?sortDirection)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            return(await this.eventRepository.QueryAsync(x => x.MembershipId == membershipId, skip, limit, withCount, orderBy, sortDirection));
        }
Esempio n. 4
0
        private async Task <Membership> CheckMembershipAsync(string membershipId)
        {
            var membership = await this._membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            return(membership);
        }
Esempio n. 5
0
        public virtual async Task <TModel> GetAsync(string membershipId, string id)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var dto = await this.repository.FindOneAsync(x => x.Id == id && x.MembershipId == membershipId);

            return(Mapper.Current.Map <TDto, TModel>(dto));
        }
Esempio n. 6
0
        public override async ValueTask <ErtisAuthEventBase> GetAsync(string membershipId, string id)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var dto = await this.repository.FindOneAsync(x => x.Id == id && x.MembershipId == membershipId);

            return(DtoToModel(dto));
        }
Esempio n. 7
0
        public override ErtisAuthEventBase Get(string membershipId, string id)
        {
            var membership = this.membershipService.Get(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var dto = this.repository.FindOne(x => x.Id == id && x.MembershipId == membershipId);

            return(DtoToModel(dto));
        }
        public virtual async ValueTask <TModel> UpdateAsync(Utilizer utilizer, string membershipId, TModel model)
        {
            // Check membership
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }
            else
            {
                model.MembershipId = membershipId;
            }

            // Overwrite
            var current = await this.GetAsync(membershipId, model.Id);

            if (current == null)
            {
                throw this.GetNotFoundError(model.Id);
            }

            this.Overwrite(model, current);

            // Touch model
            model = await this.TouchAsync(model, CrudOperation.Update);

            // Model validation
            if (!this.ValidateModel(model, out var errors))
            {
                throw ErtisAuthException.ValidationError(errors);
            }

            // Check existing
            if (await this.IsAlreadyExistAsync(model, membershipId, current))
            {
                throw this.GetAlreadyExistError(model);
            }

            model.MembershipId = membershipId;
            var dto        = Mapper.Current.Map <TModel, TDto>(model);
            var updatedDto = await this.repository.UpdateAsync(dto);

            var updated = Mapper.Current.Map <TDto, TModel>(updatedDto);

            this.OnUpdated?.Invoke(this, new UpdateResourceEventArgs <TModel>(utilizer, current, updated));

            return(updated);
        }
        protected async ValueTask <TModel> GetAsync(string membershipId, Expression <Func <TDto, bool> > expression)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var entities = await this.repository.FindAsync(expression);

            var entity = entities.Items.FirstOrDefault(x => x.MembershipId == membershipId);

            return(Mapper.Current.Map <TDto, TModel>(entity));
        }
Esempio n. 10
0
        public async Task SetPasswordAsync(Utilizer utilizer, string membershipId, string resetToken, string usernameOrEmailAddress, string password)
        {
            if (string.IsNullOrEmpty(usernameOrEmailAddress))
            {
                throw ErtisAuthException.ValidationError(new []
                {
                    "Username or email required!"
                });
            }

            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var user = await this.GetUserWithPasswordAsync(usernameOrEmailAddress, usernameOrEmailAddress, membershipId);

            if (user == null)
            {
                throw ErtisAuthException.UserNotFound(usernameOrEmailAddress, "username or email_address");
            }

            if (utilizer.Role == Rbac.ReservedRoles.Administrator || utilizer.Id == user.Id)
            {
                if (this.jwtService.TryDecodeToken(resetToken, out var securityToken))
                {
                    var expireTime = securityToken.ValidTo.ToLocalTime();
                    if (DateTime.Now > expireTime)
                    {
                        // Token was expired!
                        throw ErtisAuthException.TokenWasExpired();
                    }

                    await this.ChangePasswordAsync(utilizer, membershipId, user.Id, password);
                }
                else
                {
                    // Reset token could not decoded!
                    throw ErtisAuthException.InvalidToken();
                }
            }
            else
            {
                throw ErtisAuthException.AccessDenied("Unauthorized access");
            }
        }
Esempio n. 11
0
        public async Task <ResetPasswordToken> ResetPasswordAsync(Utilizer utilizer, string membershipId, string usernameOrEmailAddress)
        {
            if (string.IsNullOrEmpty(usernameOrEmailAddress))
            {
                throw ErtisAuthException.ValidationError(new []
                {
                    "Username or email required!"
                });
            }

            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var user = await this.GetUserWithPasswordAsync(usernameOrEmailAddress, usernameOrEmailAddress, membershipId);

            if (user == null)
            {
                throw ErtisAuthException.UserNotFound(usernameOrEmailAddress, "username or email_address");
            }

            if (utilizer.Role == Rbac.ReservedRoles.Administrator || utilizer.Id == user.Id)
            {
                var tokenClaims = new TokenClaims(Guid.NewGuid().ToString(), user, membership);
                tokenClaims.AddClaim("token_type", "reset_token");
                var resetToken         = this.jwtService.GenerateToken(tokenClaims, HashAlgorithms.SHA2_256, Encoding.UTF8);
                var resetPasswordToken = new ResetPasswordToken(resetToken, TimeSpan.FromHours(1));

                await this.eventService.FireEventAsync(this, new ErtisAuthEvent
                {
                    EventType    = ErtisAuthEventType.UserPasswordReset,
                    UtilizerId   = user.Id,
                    Document     = resetPasswordToken,
                    MembershipId = membershipId
                });

                return(resetPasswordToken);
            }
            else
            {
                throw ErtisAuthException.AccessDenied("Unauthorized access");
            }
        }
        public async ValueTask <IPaginationCollection <TModel> > SearchAsync(
            string membershipId,
            string keyword,
            int?skip                    = null,
            int?limit                   = null,
            bool?withCount              = null,
            string sortField            = null,
            SortDirection?sortDirection = null)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var textSearchLanguage = TextSearchLanguage.None;

            if (!string.IsNullOrEmpty(membership.DefaultLanguage) && TextSearchLanguage.All.Any(x => x.ISO6391Code == membership.DefaultLanguage))
            {
                textSearchLanguage = TextSearchLanguage.All.FirstOrDefault(x => x.ISO6391Code == membership.DefaultLanguage);
            }

            var textSearchOptions = new TextSearchOptions
            {
                Language             = textSearchLanguage,
                IsCaseSensitive      = true,
                IsDiacriticSensitive = false
            };

            var paginatedDtoCollection = await this.repository.SearchAsync(keyword, textSearchOptions, skip, limit, withCount, sortField, sortDirection);

            if (paginatedDtoCollection?.Items != null)
            {
                return(new PaginationCollection <TModel>
                {
                    Items = paginatedDtoCollection.Items.Select(x => Mapper.Current.Map <TDto, TModel>(x)),
                    Count = paginatedDtoCollection.Count
                });
            }
            else
            {
                return(new PaginationCollection <TModel>());
            }
        }
Esempio n. 13
0
        public async ValueTask <dynamic> GetDynamicAsync(string membershipId, string id)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var result = await this.repository.QueryAsync(x => x.Id == id && x.MembershipId == membershipId, 0, 1);

            if (result?.Items != null && result.Items.Any())
            {
                return(result.Items.FirstOrDefault());
            }

            return(null);
        }
Esempio n. 14
0
        public dynamic GetDynamic(string membershipId, string id)
        {
            var membership = this.membershipService.Get(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var result = this.eventRepository.Query(x => x.Id == id && x.MembershipId == membershipId, 0, 1);

            if (result?.Items != null && result.Items.Any())
            {
                return(result.Items.FirstOrDefault());
            }

            return(null);
        }
Esempio n. 15
0
        public override Application Create(Utilizer utilizer, string membershipId, Application model)
        {
            var membership = this.membershipService.Get(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var application = base.Create(utilizer, membershipId, model);

            if (application != null)
            {
                application.Secret = $"{application.Id}:{membership.SecretKey}";
                application        = this.Update(utilizer, membershipId, application);
            }

            return(application);
        }
Esempio n. 16
0
        public async Task <BasicTokenValidationResult> VerifyBasicTokenAsync(string basicToken, bool fireEvent = true)
        {
            if (string.IsNullOrEmpty(basicToken))
            {
                throw ErtisAuthException.InvalidToken();
            }

            var parts = basicToken.Split(':');

            if (parts.Length != 2)
            {
                throw ErtisAuthException.InvalidToken();
            }

            var applicationId = parts[0];
            var application   = await this.applicationService.GetByIdAsync(applicationId);

            if (application == null)
            {
                throw ErtisAuthException.ApplicationNotFound(applicationId);
            }

            var membership = await this.membershipService.GetAsync(application.MembershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(application.MembershipId);
            }

            var secret = parts[1];

            if (membership.SecretKey != secret)
            {
                throw ErtisAuthException.ApplicationSecretMismatch();
            }

            if (fireEvent)
            {
                await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenVerified, application, new { basicToken }));
            }

            return(new BasicTokenValidationResult(true, basicToken, application));
        }
Esempio n. 17
0
        public async Task <BearerToken> GenerateTokenAsync(string username, string password, string membershipId, bool fireEvent = true)
        {
            // Check membership
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            if (!membership.IsValid(out IEnumerable <string> errors))
            {
                throw ErtisAuthException.MalformedMembership(membershipId, errors);
            }

            // Check user
            var user = await this.userService.GetUserWithPasswordAsync(username, username, membership.Id);

            if (user == null)
            {
                throw ErtisAuthException.UserNotFound(username, "username or email");
            }

            // Check password
            var passwordHash = this.cryptographyService.CalculatePasswordHash(membership, password);

            if (passwordHash != user.PasswordHash)
            {
                throw ErtisAuthException.UsernameOrPasswordIsWrong(username, password);
            }
            else
            {
                var token = this.GenerateBearerToken(user, membership);

                if (fireEvent)
                {
                    await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenGenerated, user, token));
                }

                return(token);
            }
        }
Esempio n. 18
0
        public async Task <User> ChangePasswordAsync(Utilizer utilizer, string membershipId, string userId, string newPassword)
        {
            if (string.IsNullOrEmpty(newPassword))
            {
                throw ErtisAuthException.ValidationError(new []
                {
                    "Password can not be null or empty!"
                });
            }

            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var user = await this.GetAsync(membershipId, userId);

            if (user == null)
            {
                throw ErtisAuthException.UserNotFound(userId, "_id");
            }

            var userWithPassword = Mapper.Current.Map <User, UserWithPassword>(user);
            var passwordHash     = this.cryptographyService.CalculatePasswordHash(membership, newPassword);

            userWithPassword.PasswordHash = passwordHash;

            var updatedUser = await this.UpdateAsync(utilizer, membershipId, userWithPassword);

            await this.eventService.FireEventAsync(this, new ErtisAuthEvent
            {
                EventType    = ErtisAuthEventType.UserPasswordChanged,
                UtilizerId   = user.Id,
                Document     = updatedUser,
                Prior        = userWithPassword,
                MembershipId = membershipId
            });

            return(updatedUser);
        }
Esempio n. 19
0
        public async Task <bool> RevokeTokenAsync(string token, bool fireEvent = true)
        {
            var validationResult = await this.VerifyBearerTokenAsync(token, false);

            if (!validationResult.IsValidated)
            {
                throw ErtisAuthException.InvalidToken();
            }

            await this.revokedTokensRepository.InsertAsync(new RevokedTokenDto
            {
                Token     = token,
                RevokedAt = DateTime.Now,
                UserId    = validationResult.User.Id
            });

            var membership = await this.membershipService.GetAsync(validationResult.User.MembershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(validationResult.User.MembershipId);
            }

            if (this.jwtService.TryDecodeToken(token, out var securityToken))
            {
                if (!this.IsRefreshToken(securityToken))
                {
                    var refreshToken = this.StimulateRefreshToken(token, validationResult.User, membership);
                    if (!string.IsNullOrEmpty(refreshToken))
                    {
                        await this.RevokeRefreshTokenAsync(refreshToken);
                    }
                }
            }

            await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenRevoked, validationResult.User, new { token }));

            return(true);
        }
Esempio n. 20
0
        public override async ValueTask <IPaginationCollection <ErtisAuthEventBase> > GetAsync(string membershipId, int?skip, int?limit, bool withCount, string orderBy, SortDirection?sortDirection)
        {
            var membership = await this.membershipService.GetAsync(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var paginatedDtoCollection = await this.repository.FindAsync(x => x.MembershipId == membershipId, skip, limit, withCount, orderBy, sortDirection);

            if (paginatedDtoCollection?.Items != null)
            {
                return(new PaginationCollection <ErtisAuthEventBase>
                {
                    Items = paginatedDtoCollection.Items.Select(DtoToModel),
                    Count = paginatedDtoCollection.Count
                });
            }
            else
            {
                return(new PaginationCollection <ErtisAuthEventBase>());
            }
        }
Esempio n. 21
0
        public virtual IPaginationCollection <TModel> Get(string membershipId, int?skip, int?limit, bool withCount, string orderBy, SortDirection?sortDirection)
        {
            var membership = this.membershipService.Get(membershipId);

            if (membership == null)
            {
                throw ErtisAuthException.MembershipNotFound(membershipId);
            }

            var paginatedDtoCollection = this.repository.Find(x => x.MembershipId == membershipId, skip, limit, withCount, orderBy, sortDirection);

            if (paginatedDtoCollection?.Items != null)
            {
                return(new PaginationCollection <TModel>
                {
                    Items = paginatedDtoCollection.Items.Select(x => Mapper.Current.Map <TDto, TModel>(x)),
                    Count = paginatedDtoCollection.Count
                });
            }
            else
            {
                return(new PaginationCollection <TModel>());
            }
        }
Esempio n. 22
0
 protected override ErtisAuthException GetNotFoundError(string id)
 {
     return(ErtisAuthException.MembershipNotFound(id));
 }
Esempio n. 23
0
        public async ValueTask <bool> RevokeTokenAsync(string token, bool logoutFromAllDevices = false, bool fireEvent = true)
        {
            User user;

            try
            {
                var validationResult = await this.VerifyBearerTokenAsync(token, false);

                user = validationResult.User;
                if (!validationResult.IsValidated)
                {
                    throw ErtisAuthException.InvalidToken();
                }
            }
            catch (ErtisAuthException ex)
            {
                if (ex.ErrorCode == ErtisAuthException.TokenWasRevoked().ErrorCode)
                {
                    Console.WriteLine("This token was revoked already");
                }

                return(false);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex);
                return(false);
            }

            var activeTokenDtos = await this.GetActiveTokensByUser(user.Id, user.MembershipId);

            var filteredActiveTokenDtos = logoutFromAllDevices ? activeTokenDtos : new[] { activeTokenDtos.FirstOrDefault(x => x.AccessToken == token) };
            var activeTokens            = filteredActiveTokenDtos.Where(x => x != null).ToArray();

            if (activeTokens.Any())
            {
                foreach (var activeTokenDto in activeTokens)
                {
                    var isRefreshToken = false;
                    if (this.jwtService.TryDecodeToken(activeTokenDto.AccessToken, out var securityToken))
                    {
                        isRefreshToken = this.IsRefreshToken(securityToken);
                    }

                    await this.revokedTokensRepository.InsertAsync(new RevokedTokenDto
                    {
                        Token        = activeTokenDto.AccessToken,
                        RevokedAt    = DateTime.Now,
                        UserId       = user.Id,
                        UserName     = user.Username,
                        EmailAddress = user.EmailAddress,
                        FirstName    = user.FirstName,
                        LastName     = user.LastName,
                        MembershipId = user.MembershipId,
                        TokenType    = isRefreshToken ? "refresh_token" : "bearer_token"
                    });

                    var membership = await this.membershipService.GetAsync(user.MembershipId);

                    if (membership == null)
                    {
                        throw ErtisAuthException.MembershipNotFound(user.MembershipId);
                    }

                    if (!isRefreshToken)
                    {
                        var refreshToken = this.StimulateRefreshToken(activeTokenDto.AccessToken, user, membership);
                        if (!string.IsNullOrEmpty(refreshToken))
                        {
                            await this.RevokeRefreshTokenAsync(refreshToken);
                        }
                    }

                    await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenRevoked, user, new { activeTokenDto.AccessToken }) { MembershipId = membership.Id });
                }

                await this.activeTokensRepository.BulkDeleteAsync(activeTokens);
            }

            return(true);
        }
Esempio n. 24
0
 public static NotFoundObjectResult MembershipNotFound(this ControllerBase controller, string membershipId)
 {
     return(controller.NotFound(ErtisAuthException.MembershipNotFound(membershipId)));
 }
Esempio n. 25
0
        public async Task <BearerTokenValidationResult> VerifyBearerTokenAsync(string token, bool fireEvent = true)
        {
            var revokedToken = await this.revokedTokensRepository.FindOneAsync(x => x.Token == token);

            if (revokedToken != null)
            {
                throw ErtisAuthException.TokenWasRevoked();
            }

            if (this.jwtService.TryDecodeToken(token, out var securityToken))
            {
                var expireTime = securityToken.ValidTo.ToLocalTime();
                if (DateTime.Now <= expireTime)
                {
                    var user = await this.GetTokenOwnerAsync(securityToken);

                    if (user != null)
                    {
                        if (this.TryExtractClaimValue(securityToken, JwtRegisteredClaimNames.Prn, out var membershipId) && !string.IsNullOrEmpty(membershipId))
                        {
                            var membership = await this.membershipService.GetAsync(membershipId);

                            if (membership != null)
                            {
                                var encoding          = membership.GetEncoding();
                                var secretSecurityKey = new SymmetricSecurityKey(encoding.GetBytes(membership.SecretKey));
                                var tokenClaims       = new TokenClaims(null, user, membership);
                                if (!this.jwtService.ValidateToken(token, tokenClaims, secretSecurityKey, out _))
                                {
                                    // Token signature not verified!
                                    throw ErtisAuthException.InvalidToken("Token signature could not verified!");
                                }
                            }
                            else
                            {
                                // Membership not found!
                                throw ErtisAuthException.MembershipNotFound(membershipId);
                            }
                        }
                        else
                        {
                            // MembershipId could not found in token claims!
                            throw ErtisAuthException.InvalidToken();
                        }

                        if (fireEvent)
                        {
                            await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenVerified, user, new { token }));
                        }

                        return(new BearerTokenValidationResult(true, token, user, expireTime - DateTime.Now, this.IsRefreshToken(securityToken)));
                    }
                    else
                    {
                        // User not found!
                        var userId = securityToken.Subject;
                        throw ErtisAuthException.UserNotFound(userId, "_id");
                    }
                }
                else
                {
                    // Token was expired!
                    throw ErtisAuthException.TokenWasExpired();
                }
            }
            else
            {
                // Token could not decoded!
                throw ErtisAuthException.InvalidToken();
            }
        }
Esempio n. 26
0
        public async Task <BearerToken> RefreshTokenAsync(string refreshToken, bool revokeBefore = true, bool fireEvent = true)
        {
            var revokedToken = await this.revokedTokensRepository.FindOneAsync(x => x.Token == refreshToken);

            if (revokedToken != null)
            {
                throw ErtisAuthException.RefreshTokenWasRevoked();
            }

            if (this.jwtService.TryDecodeToken(refreshToken, out var securityToken))
            {
                if (this.IsRefreshToken(securityToken))
                {
                    var expireTime = securityToken.ValidTo.ToLocalTime();
                    if (DateTime.Now <= expireTime)
                    {
                        if (this.TryExtractClaimValue(securityToken, JwtRegisteredClaimNames.Prn, out var membershipId) && !string.IsNullOrEmpty(membershipId))
                        {
                            var membership = await this.membershipService.GetAsync(membershipId);

                            if (membership != null)
                            {
                                var userId = securityToken.Subject;
                                if (!string.IsNullOrEmpty(userId))
                                {
                                    var user = await this.userService.GetAsync(membershipId, userId);

                                    if (user != null)
                                    {
                                        var token = this.GenerateBearerToken(user, membership);

                                        if (revokeBefore)
                                        {
                                            await this.RevokeTokenAsync(refreshToken);
                                        }

                                        if (fireEvent)
                                        {
                                            await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenRefreshed, user, token, new { refreshToken }));
                                        }

                                        return(token);
                                    }
                                    else
                                    {
                                        // User not found!
                                        throw ErtisAuthException.UserNotFound(userId, "_id");
                                    }
                                }
                                else
                                {
                                    // UserId could not found in token claims!
                                    throw ErtisAuthException.InvalidToken();
                                }
                            }
                            else
                            {
                                // Membership not found!
                                throw ErtisAuthException.MembershipNotFound(membershipId);
                            }
                        }
                        else
                        {
                            // MembershipId could not found in token claims!
                            throw ErtisAuthException.InvalidToken();
                        }
                    }
                    else
                    {
                        // Token was expired!
                        throw ErtisAuthException.RefreshTokenWasExpired();
                    }
                }
                else
                {
                    // This is not a refresh token!
                    throw ErtisAuthException.TokenIsNotRefreshable();
                }
            }
            else
            {
                // Token could not decoded!
                throw ErtisAuthException.InvalidToken();
            }
        }
Esempio n. 27
0
        public async ValueTask <BasicTokenValidationResult> VerifyBasicTokenAsync(string basicToken, bool fireEvent = true)
        {
            if (string.IsNullOrEmpty(basicToken))
            {
                throw ErtisAuthException.InvalidToken();
            }

            var parts = basicToken.Split(':');

            if (parts.Length != 2)
            {
                throw ErtisAuthException.InvalidToken();
            }

            var applicationId = parts[0];
            var secret        = parts[1];

            var application = await this.applicationService.GetByIdAsync(applicationId);

            if (application == null)
            {
                throw ErtisAuthException.ApplicationNotFound(applicationId);
            }

            var membership = await this.membershipService.GetAsync(application.MembershipId);

            if (membership == null)
            {
                if (this.applicationService.IsSystemReservedApplication(application))
                {
                    membership = await this.membershipService.GetBySecretKeyAsync(secret);

                    var onTheFlyApplication = new Application
                    {
                        Id           = application.Id,
                        Name         = application.Name,
                        Role         = application.Role,
                        Permissions  = application.Permissions,
                        Forbidden    = application.Forbidden,
                        Sys          = application.Sys,
                        MembershipId = membership.Id
                    };

                    application = onTheFlyApplication;
                }

                if (membership == null)
                {
                    throw ErtisAuthException.MembershipNotFound(application.MembershipId);
                }
            }

            if (membership.SecretKey != secret)
            {
                throw ErtisAuthException.ApplicationSecretMismatch();
            }

            if (fireEvent)
            {
                await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenVerified, application, new { basicToken }) { MembershipId = membership.Id });
            }

            return(new BasicTokenValidationResult(true, basicToken, application));
        }