public virtual Task <LongSession> FindLongSessionAsync(LongSession longSession)
{
return(db.LongSessions.FirstOrDefaultAsync(x =>
x.UserId == longSession.UserId &&
x.LongToken1 == longSession.LongToken1 &&
x.LongToken2 == longSession.LongToken2));
}
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(HttpResponse response, User user,
LongSession longSession = null)
{
void GenerateTokens(LongSession longSession1)
{
longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length);
longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length);
longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jwtOptions.LongTokenLiveTimeDays);
}
if (longSession == null)
{
longSession = new LongSession
{
UserId = user.Id,
DeviceInfo = ""
};
GenerateTokens(longSession);
longSession.Id = await db.InsertWithInt64IdentityAsync(longSession);
}
else
{
GenerateTokens(longSession);
await db.UpdateAsync(longSession);
}
var lat2Token = CreateLong2AuthToken(longSession, out string lat2r);
response.Cookies.Append(
TokenClaimNames.LongToken2CoockiName,
lat2Token,
new CookieOptions
{
Path = "/",
HttpOnly = true,
IsEssential = true,
Expires = longSession.ExpirationDate
}
);
TokenAndClaimsPrincipal tokenAndClaimsPrincipal =
await GenerateShortAuthTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id);
string json = JsonConvert.SerializeObject(new
{
LongToken = new
{
Token = longSession.LongToken1,
Expiration = longSession.ExpirationDate.ToInvariantString()
},
ShortToken = tokenAndClaimsPrincipal.Token
}, jsonSerializerSettings);
response.Headers.Add(Headers.TokensHeaderName, json);
return(tokenAndClaimsPrincipal.ClaimsPrincipal);
}
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(HttpResponse response, int userId,
LongSession longSession = null)
{
var user = await db.Users.FirstOrDefaultAsync(x => x.Id == userId);
return(await RenewSecurityTokensAsync(response, user, longSession));
}
private string CreateLong2AuthToken(LongSession longSession, out string lat2r)
{
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(jwtOptions.LongJwtSecurityKey));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
lat2r = CryptoRandomizer.GetRandomString(10);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2),
new Claim(TokenClaimNames.SessionId, longSession.Id.ToString())
};
var token = new JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Issuer,
claims: claims.ToArray(),
expires: longSession.ExpirationDate,
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private string CreateLong2Token(LongSession longSession, out string lat2r)
{
lat2r = CryptoRandomizer.GetRandomString(10);
List <Claim> claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()),
new Claim(TokenClaimNames.LongToken2Ran, lat2r),
new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2),
new Claim(TokenClaimNames.SessionId, longSession.Id.ToString())
};
var token = new JwtSecurityToken(
claims: claims.ToArray(),
expires: longSession.ExpirationDate);
return(cryptService.Crypt(CipherSecrets.Long2Jwt, token.Payload.SerializeToJson()));
}
public async Task <bool> CreateLongSessionAsync(LongSession longSession)
{
var savedItem = await db.LongSessions.FirstOrDefaultAsync(x => x.UserId == longSession.UserId &&
x.FingerPrint == longSession.FingerPrint);
if (savedItem != null)
{
return(false);
}
savedItem = new LongSession();
savedItem.UserId = longSession.UserId;
savedItem.FingerPrint = longSession.FingerPrint;
savedItem.Value = longSession.Value;
savedItem.Created = DateTime.Now;
savedItem.ExpiresIn = DateTime.Now.AddDays(tokenOptions.Value.RefreshTokenLifeTime);
await db.LongSessions.AddAsync(savedItem);
return(await db.SaveChangesAsync() > 0);
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
async Task <AuthenticateResult> DeleteLongSessionAndLogout(long sessionId)
{
await userManager.DeleteLongSessionAsync(sessionId);
jweService.MakeLogoutCookiesAndHeaders(Response);
return(AuthenticateResult.NoResult());
}
AuthenticateResult Logout(string msg)
{
jweService.MakeLogoutCookiesAndHeaders(Response);
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"\nLogout: {msg}\n");
Console.ResetColor();
return(AuthenticateResult.NoResult());
}
try
{
var cookie = Request.Cookies[TokenClaimNames.LongToken2CoockiName];
if (cookie == null)
{
return(AuthenticateResult.NoResult());
}
JwtSecurityToken jwtLongToken2 = jweService.ReadLong2Token(cookie);
if (jwtLongToken2 == null)
{
return(Logout("No Long2 cookie token"));
}
var longToken2db = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Db).Value;
SunClaimsPrincipal sunClaimsPrincipal;
if (Request.Headers.TryGetValue(Headers.LongToken1HeaderName, out StringValues longToken1db))
{
int userId = int.Parse(jwtLongToken2.Claims.First(x => x.Type == ClaimTypes.NameIdentifier).Value);
var longSessionToFind = new LongSession
{
UserId = userId,
LongToken1 = longToken1db,
LongToken2 = longToken2db
};
var longSession = await userManager.FindLongSessionAsync(longSessionToFind);
if (longSession == null)
{
return(Logout("Session not found"));
}
sunClaimsPrincipal = await jweService.RenewSecurityTokensAsync(Context, userId, longSession);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("\nToken renews\n");
Console.ResetColor();
}
else
{
string authorization = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorization))
{
return(Logout("No Authorization header"));
}
string jwtShortToken = null;
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
jwtShortToken = authorization.Substring("Bearer ".Length).Trim();
}
if (string.IsNullOrEmpty(jwtShortToken))
{
return(Logout("No Bearer in Authorization header"));
}
var claimsPrincipal = jweService.ReadShortToken(jwtShortToken);
string lat2ran_1 = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Ran).Value;
string lat2ran_2 = claimsPrincipal.Claims.First(x => x.Type == TokenClaimNames.LongToken2Ran).Value;
long sessionId =
long.Parse(jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.SessionId).Value);
if (!string.Equals(lat2ran_1, lat2ran_2))
{
return(await DeleteLongSessionAndLogout(sessionId));
}
string lat2db = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Db).Value;
sunClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2db);
}
if (jweBlackListService.IsTokenInBlackList(sunClaimsPrincipal.LongToken2Db))
{
return(await DeleteLongSessionAndLogout(sunClaimsPrincipal.SessionId));
}
if (sunClaimsPrincipal.Roles.ContainsKey(RoleNames.Banned))
{
return(await DeleteLongSessionAndLogout(sunClaimsPrincipal.SessionId));
}
var authenticationTicket = new AuthenticationTicket(sunClaimsPrincipal, SunJwt.Scheme);
return(AuthenticateResult.Success(authenticationTicket));
}
catch (Exception e)
{
return(Logout("Error " + e));
}
}
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(
HttpContext httpContext,
User user,
LongSession longSession = null)
{
void GenerateTokens(LongSession longSession1)
{
longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length);
longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length);
longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jweOptions.CurrentValue.LongTokenLiveTimeDays);
httpContext.Request.Headers.TryGetValue("User-Agent", out var userAgent);
longSession1.DeviceInfo = Parser.GetDefault()?.Parse(userAgent.ToString() ?? "")?.ToString() ?? "";
longSession1.UpdateDate = DateTime.UtcNow;
}
if (longSession == null)
{
longSession = new LongSession
{
UserId = user.Id
};
GenerateTokens(longSession);
longSession.Id = await db.InsertWithInt64IdentityAsync(longSession);
}
else
{
GenerateTokens(longSession);
await db.UpdateAsync(longSession);
}
var lat2Token = CreateLong2Token(longSession, out string lat2r);
httpContext.Response.Cookies.Append(
TokenClaimNames.LongToken2CoockiName,
lat2Token,
new CookieOptions
{
Path = "/",
HttpOnly = true,
Secure = globalOptions.CurrentValue.IsHttps,
IsEssential = true,
SameSite = SameSiteMode.Strict,
Expires = longSession.ExpirationDate
}
);
TokenAndClaimsPrincipal tokenAndClaimsPrincipal =
await CreateShortTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id);
string json = JsonSerializer.Serialize(new
{
LongToken = longSession.LongToken1,
ShortToken = tokenAndClaimsPrincipal.Token,
ShortTokenExpiration = tokenAndClaimsPrincipal.Expiration
}, SunJson.DefaultJsonSerializerOptions);
httpContext.Response.Headers.Add(Headers.TokensHeaderName, json);
return(tokenAndClaimsPrincipal.ClaimsPrincipal);
}
public virtual LongSession FindLongSession(LongSession longSession)
{
return(db.LongSessions.FirstOrDefault(x => x.UserId == longSession.UserId &&
x.LongToken1 == longSession.LongToken1 &&
x.LongToken2 == longSession.LongToken2));
}
