public async Task <ActionResult <RepositoryResponse <AccessTokenViewModel> > > Register([FromBody] MixRegisterViewModel model)
{
RepositoryResponse <AccessTokenViewModel> result = new RepositoryResponse <AccessTokenViewModel>();
if (ModelState.IsValid)
{
var user = new ApplicationUser
{
UserName = model.Username,
Email = model.Email,
FirstName = model.FirstName,
LastName = model.LastName,
Avatar = model.Avatar ?? MixService.GetAppSetting <string>("DefaultAvatar"),
JoinDate = DateTime.UtcNow
};
var createResult = await _userManager.CreateAsync(user, password : model.Password).ConfigureAwait(false);
if (createResult.Succeeded)
{
await _userManager.AddToRoleAsync(user, MixDefaultRoles.Guest);
var saveData = await Mix.Cms.Lib.ViewModels.MixDatabaseDatas.Helper.SaveObjAsync(
MixDatabaseNames.SYSTEM_USER_DATA, model.UserData, user.UserName, MixDatabaseParentType.User);
result.IsSucceed = saveData.IsSucceed;
result.Errors = saveData.Errors;
result.Exception = saveData.Exception;
_logger.LogInformation("User created a new account with password.");
user = await _userManager.FindByNameAsync(model.Username).ConfigureAwait(false);
var rsaKeys = RSAEncryptionHelper.GenerateKeys();
var aesKey = AesEncryptionHelper.GenerateCombinedKeys(256);
var token = await _idService.GenerateAccessTokenAsync(user, true, aesKey, rsaKeys[MixConstants.CONST_RSA_PUBLIC_KEY]);
if (token != null)
{
result.IsSucceed = true;
result.Data = token;
_logger.LogInformation("User logged in.");
return(result);
}
else
{
return(Ok(result));
}
}
else
{
foreach (var error in createResult.Errors)
{
result.Errors.Add(error.Description);
}
return(BadRequest(result));
}
}
return(BadRequest(result));
}
public RepositoryResponse <CryptoViewModel <string> > Decrypt([FromBody] JObject model)
{
string data = model.GetValue("data")?.Value <string>();
string key = model.GetValue("key")?.Value <string>();
return(AesEncryptionHelper.DecryptStringFromBytes_Aes(data, key));
}
public UserSessions CreateNewUserSession(int id, LoginModel user)
{
string token = CreateRandomToken();
string tokenSalt = string.Empty;
//use User create timestamp and web.config secret key to encrypt newly created token (guids...)
string tokenEncryptKey = DateTime.Now + ConfigurationManager.AppSettings["ENCRYPT_LINK_KEY"];
string encryptedToken = AesEncryptionHelper.Encrypt(token, tokenEncryptKey, ref tokenSalt);
// use newly created token (guids...) and web.config secret to encrypt session id, use same salt as used by token
string sessionCookieEncryptKey = token + ":" + ConfigurationManager.AppSettings["ENCRYPT_LINK_KEY"];
string doubleSubmitSessionCookie = AesEncryptionHelper.Encrypt(Guid.NewGuid().ToString(), sessionCookieEncryptKey, ref tokenSalt);
var userSession = new UserSessions
{
UserId = id,
AuthToken = encryptedToken.Base64ToBase64URL(), //since we may use this authToken in a URL later, let's make sure it's URL safe.
AuthExpiration = DateTime.UtcNow.AddMinutes(12 * 60),
IsExpired = false,
HardAbsoluteExpirationTime = DateTime.UtcNow.AddMinutes(12 * 60),
AuthTokenSalt = tokenSalt,
AuthDoubleSubmitSessionIdCookie = doubleSubmitSessionCookie,
};
return(userSession);
}
private void InitializeMockObjects()
{
_simpleIdentityServerConfigurator = new Mock <IConfigurationService>();
_clientRepositoryStub = new Mock <IClientRepository>();
_jsonWebKeyRepositoryStub = new Mock <IJsonWebKeyRepository>();
_scopeRepositoryStub = new Mock <IScopeRepository>();
var clientValidator = new ClientValidator();
var claimsMapping = new ClaimsMapping();
var parameterParserHelper = new ParameterParserHelper(_scopeRepositoryStub.Object);
var createJwsSignature = new CreateJwsSignature(new CngKeySerializer());
var aesEncryptionHelper = new AesEncryptionHelper();
var jweHelper = new JweHelper(aesEncryptionHelper);
var jwsGenerator = new JwsGenerator(createJwsSignature);
var jweGenerator = new JweGenerator(jweHelper);
_jwtGenerator = new JwtGenerator(
_simpleIdentityServerConfigurator.Object,
_clientRepositoryStub.Object,
clientValidator,
_jsonWebKeyRepositoryStub.Object,
_scopeRepositoryStub.Object,
claimsMapping,
parameterParserHelper,
jwsGenerator,
jweGenerator);
}
public string Encrypt([FromBody] EncryptDataDto requestDto)
{
string data = requestDto.ObjectData.ToString(Newtonsoft.Json.Formatting.None);
var key = requestDto.Key ?? MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey);
return(AesEncryptionHelper.EncryptString(data, key));
}
public void Init()
{
_encryptionHelper = new AesEncryptionHelper();
//for test purposes, we're generating a new key each time
AesEncryptionHelper.CipherKey = AesEncryptionHelper.GenerateCipherKey();
}
public static IHostBuilder CreateHostBuilder(string[] args)
{
if (!File.Exists($"{MixConstants.CONST_FILE_APPSETTING}"))
{
File.Copy($"{MixConstants.CONST_DEFAULT_FILE_APPSETTING}", $"{MixConstants.CONST_FILE_APPSETTING}");
var aesKey = AesEncryptionHelper.GenerateCombinedKeys(256);
MixService.SetConfig <string>(MixAppSettingKeywords.ApiEncryptKey, aesKey);
MixService.SetAuthConfig(MixAuthConfigurations.SecretKey, Guid.NewGuid().ToString("N"));
MixService.SaveSettings();
}
var config = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile(MixConstants.CONST_FILE_APPSETTING, optional: true, reloadOnChange: true)
.Build();
return(Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
{
logging.ClearProviders();
logging.AddConsole();
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup <Startup>();
}));
}
public RepositoryResponse <string> Decrypt([FromBody] JObject model)
{
string data = model.GetValue("data")?.Value <string>();
var key = MixService.GetConfig <string>(MixAppSettingKeywords.ApiEncryptKey);
return(new RepositoryResponse <string>()
{
Data = AesEncryptionHelper.DecryptString(data, key)
});
}
public RepositoryResponse <CryptoViewModel <string> > Encrypt([FromBody] JObject model)
{
string data = model.GetValue("data").Value <string>();
var encrypted = new JObject(new JProperty("encrypted", data));
return(new RepositoryResponse <CryptoViewModel <string> >()
{
Data = AesEncryptionHelper.EncryptStringToBytes_Aes(encrypted)
});
}
public RepositoryResponse <string> Decrypt([FromBody] JObject model)
{
string data = model.GetValue("data")?.Value <string>();
//string key = model.GetValue("key")?.Value<string>();
var key = System.Text.Encoding.UTF8.GetBytes("sw-cms-secret-key");
return(new RepositoryResponse <string>()
{
Data = AesEncryptionHelper.DecryptString(data, Convert.ToBase64String(key))
});
}
public RepositoryResponse <CryptoViewModel <JObject> > Decrypt([FromBody] JObject model)
{
string data = model.GetValue("data").Value <string>();
string key = model.GetValue("key").Value <string>();
string iv = model.GetValue("iv").Value <string>();
return(new RepositoryResponse <CryptoViewModel <JObject> >()
{
Data = AesEncryptionHelper.DecryptStringFromBytes_Aes(data, key, iv)
});
}
public RepositoryResponse <string> Encrypt([FromBody] JObject model)
{
string data = model.GetValue("data").Value <string>();
var encrypted = new JObject(new JProperty("encrypted", data));
var key = MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey);
return(new RepositoryResponse <string>()
{
Data = AesEncryptionHelper.EncryptString(data, key)
});
}
/*
* [Fact]
* public void When_Passing_AuthorizationParameterWithoutOpenIdScope_Then_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* Prompt = "login",
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "email"
* };
*
* // ACT & ASSERTS
* var exception =
* Assert.Throws<IdentityServerExceptionWithState>(
* () => _processAuthorizationRequest.Process(authorizationParameter, null));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidScope));
* Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.TheScopesNeedToBeSpecified, Core.Constants.StandardScopes.OpenId.Name)));
* Assert.True(exception.State.Equals(state));
* }
*
* [Fact]
* public void When_Passing_AuthorizationRequestWithMissingResponseType_Then_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* Prompt = "login",
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid"
* };
*
* // ACT & ASSERTS
* var exception =
* Assert.Throws<IdentityServerExceptionWithState>(
* () => _processAuthorizationRequest.Process(authorizationParameter, null));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode));
* Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.MissingParameter
* , Core.Constants.StandardAuthorizationRequestParameterNames.ResponseTypeName)));
* Assert.True(exception.State.Equals(state));
* }
*
* [Fact]
* public void When_Passing_AuthorizationRequestWithNotSupportedResponseType_Then_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* Prompt = "login",
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code"
* };
*
* // ACT
* var client = FakeFactories.FakeDataSource.Clients.FirstOrDefault(c => c.ClientId == clientId);
* Assert.NotNull(client);
* client.ResponseTypes.Remove(ResponseType.code);
*
* // ACT & ASSERTS
* var exception =
* Assert.Throws<IdentityServerExceptionWithState>(
* () => _processAuthorizationRequest.Process(authorizationParameter, null));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode));
* Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.TheClientDoesntSupportTheResponseType
* , clientId, "code")));
* Assert.True(exception.State.Equals(state));
* }
*
* [Fact]
* public void When_TryingToByPassLoginAndConsentScreen_But_UserIsNotAuthenticated_Then_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* Prompt = "none",
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code"
* };
*
* // ACT & ASSERTS
* var exception =
* Assert.Throws<IdentityServerExceptionWithState>(
* () => _processAuthorizationRequest.Process(authorizationParameter, null));
* Assert.True(exception.Code.Equals(ErrorCodes.LoginRequiredCode));
* Assert.True(exception.Message.Equals(ErrorDescriptions.TheUserNeedsToBeAuthenticated));
* Assert.True(exception.State.Equals(state));
* }
*
* [Fact]
* public void When_TryingToByPassLoginAndConsentScreen_But_TheUserDidntGiveHisConsent_Then_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* Prompt = "none",
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code"
* };
*
* var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake"));
*
* // ACT & ASSERTS
* var exception =
* Assert.Throws<IdentityServerExceptionWithState>(
* () => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal));
* Assert.True(exception.Code.Equals(ErrorCodes.InteractionRequiredCode));
* Assert.True(exception.Message.Equals(ErrorDescriptions.TheUserNeedsToGiveHisConsent));
* Assert.True(exception.State.Equals(state));
* }
*
* [Fact]
* public void When_Passing_A_NotValid_IdentityTokenHint_Parameter_Then_An_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string subject = "*****@*****.**";
* const string redirectUrl = "http://localhost";
* FakeFactories.FakeDataSource.Consents.Add(new Consent
* {
* ResourceOwner = new ResourceOwner
* {
* Id = subject
* },
* GrantedScopes = new List<Scope>
* {
* new Scope
* {
* Name = "openid"
* }
* },
* Client = FakeFactories.FakeDataSource.Clients.First()
* });
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* Prompt = "none",
* IdTokenHint = "invalid identity token hint"
* };
*
* var claims = new List<Claim>
* {
* new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)
* };
* var claimIdentity = new ClaimsIdentity(claims, "fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
*
* // ACT
* var exception = Assert.Throws<IdentityServerExceptionWithState>(() => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode));
* Assert.True(exception.Message.Equals(ErrorDescriptions.TheIdTokenHintParameterIsNotAValidToken));
* }
*
* [Fact]
* public void When_Passing_An_IdentityToken_Valid_ForWrongAudience_Then_An_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string subject = "*****@*****.**";
* const string redirectUrl = "http://localhost";
* FakeFactories.FakeDataSource.Consents.Add(new Consent
* {
* ResourceOwner = new ResourceOwner
* {
* Id = subject
* },
* GrantedScopes = new List<Scope>
* {
* new Scope
* {
* Name = "openid"
* }
* },
* Client = FakeFactories.FakeDataSource.Clients.First()
* });
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* Prompt = "none",
* };
*
* var subjectClaim = new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject);
* var claims = new List<Claim>
* {
* subjectClaim
* };
* var claimIdentity = new ClaimsIdentity(claims, "fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
* var jwtPayload = new JwsPayload
* {
* {
* subjectClaim.Type, subjectClaim.Value
* }
* };
*
* authorizationParameter.IdTokenHint = _jwtGenerator.Sign(jwtPayload, JwsAlg.RS256);
*
* // ACT
* var exception = Assert.Throws<IdentityServerExceptionWithState>(() => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode));
* Assert.True(exception.Message.Equals(ErrorDescriptions.TheIdentityTokenDoesntContainSimpleIdentityServerAsAudience));
* }
*
* [Fact]
* public void When_Passing_An_IdentityToken_Different_From_The_Current_Authenticated_User_Then_An_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string subject = "*****@*****.**";
* const string issuerName = "audience";
* const string redirectUrl = "http://localhost";
* FakeFactories.FakeDataSource.Consents.Add(new Consent
* {
* ResourceOwner = new ResourceOwner
* {
* Id = subject
* },
* GrantedScopes = new List<Scope>
* {
* new Scope
* {
* Name = "openid"
* }
* },
* Client = FakeFactories.FakeDataSource.Clients.First()
* });
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* Prompt = "none",
* };
*
* var subjectClaim = new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject);
* var claims = new List<Claim>
* {
* subjectClaim
* };
* var claimIdentity = new ClaimsIdentity(claims, "fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
* var jwtPayload = new JwsPayload
* {
* {
* subjectClaim.Type, "wrong subjet"
* },
* {
* Jwt.Constants.StandardClaimNames.Audiences, new [] { issuerName }
* }
* };
* _simpleIdentityServerConfiguratorStub.Setup(s => s.GetIssuerName()).Returns(issuerName);
* authorizationParameter.IdTokenHint = _jwtGenerator.Sign(jwtPayload, JwsAlg.RS256);
*
* // ACT
* var exception = Assert.Throws<IdentityServerExceptionWithState>(() => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode));
* Assert.True(exception.Message.Equals(ErrorDescriptions.TheCurrentAuthenticatedUserDoesntMatchWithTheIdentityToken));
* }
*
* [Fact]
* public void When_Passing_Not_Supported_Prompts_Parameter_Then_An_Exception_Is_Thrown()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* Prompt = "select_account",
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code"
* };
*
* var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake"));
*
* // ACT & ASSERTS
* var exception =
* Assert.Throws<IdentityServerExceptionWithState>(
* () => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal));
* Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode));
* Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.ThePromptParameterIsNotSupported, "select_account")));
* Assert.True(exception.State.Equals(state));
* }
*/
#endregion
/*
#region TEST VALID SCENARIOS
*
* [Fact]
* public void When_TryingToRequestAuthorization_But_TheUserConnectionValidityPeriodIsNotValid_Then_Redirect_To_The_Authentication_Screen()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* const long maxAge = 300;
* var currentDateTimeOffset = DateTimeOffset.UtcNow.ConvertToUnixTimestamp();
* currentDateTimeOffset -= maxAge + 100;
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* Prompt = "none",
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* MaxAge = 300
* };
*
* var claims = new List<Claim>
* {
* new Claim(ClaimTypes.AuthenticationInstant, currentDateTimeOffset.ToString())
* };
* var claimIdentity = new ClaimsIdentity(claims, "fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
*
* // ACT
* var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal);
*
* // ASSERTS
* Assert.NotNull(result);
* Assert.True(result.RedirectInstruction.Action.Equals(IdentityServerEndPoints.AuthenticateIndex));
* }
*
* [Fact]
* public void When_TryingToRequestAuthorization_But_TheUserIsNotAuthenticated_Then_Redirect_To_The_Authentication_Screen()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* };
*
* // ACT
* var result = _processAuthorizationRequest.Process(authorizationParameter, null);
*
* // ASSERTS
* Assert.NotNull(result);
* Assert.True(result.RedirectInstruction.Action.Equals(Core.Results.IdentityServerEndPoints.AuthenticateIndex));
* }
*
* [Fact]
* public void When_TryingToRequestAuthorization_And_TheUserIsAuthenticated_But_He_Didnt_Give_His_Consent_Then_Redirect_To_Consent_Screen()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* };
*
* var claimIdentity = new ClaimsIdentity("fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
*
* // ACT
* var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal);
*
* // ASSERTS
* Assert.NotNull(result);
* Assert.True(result.RedirectInstruction.Action.Equals(Core.Results.IdentityServerEndPoints.ConsentIndex));
* }
*
* [Fact]
* public void When_TryingToRequestAuthorization_And_ExplicitySpecify_PromptConsent_But_The_User_IsNotAuthenticated_Then_Redirect_To_Consent_Screen()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* Prompt = "consent"
* };
*
* // ACT
* var result = _processAuthorizationRequest.Process(authorizationParameter, null);
*
* // ASSERTS
* Assert.NotNull(result);
* Assert.True(result.RedirectInstruction.Action.Equals(Core.Results.IdentityServerEndPoints.AuthenticateIndex));
* }
*
* [Fact]
* public void When_TryingToRequestAuthorization_And_TheUserIsAuthenticated_And_He_Already_Gave_HisConsent_Then_The_AuthorizationCode_Is_Passed_To_The_Callback()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string subject = "*****@*****.**";
* const string redirectUrl = "http://localhost";
* FakeFactories.FakeDataSource.Consents.Add(new Consent
* {
* ResourceOwner = new ResourceOwner
* {
* Id = subject
* },
* GrantedScopes = new List<Scope>
* {
* new Scope
* {
* Name = "openid"
* }
* },
* Client = FakeFactories.FakeDataSource.Clients.First()
* });
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* Prompt = "none"
* };
*
* var claims = new List<Claim>
* {
* new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)
* };
* var claimIdentity = new ClaimsIdentity(claims, "fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
*
* // ACT
* var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal);
*
* // ASSERTS
* Assert.NotNull(result);
* Assert.True(result.Type.Equals(TypeActionResult.RedirectToCallBackUrl));
* Assert.True(result.RedirectInstruction.Parameters.Count().Equals(0));
* }
*
#endregion
*
#region TEST THE LOGIN
*
* [Fact]
* public void When_Executing_Correct_Authorization_Request_Then_Events_Are_Logged()
* {
* // ARRANGE
* InitializeMockingObjects();
* const string state = "state";
* const string clientId = "MyBlog";
* const string redirectUrl = "http://localhost";
* const long maxAge = 300;
* var currentDateTimeOffset = DateTimeOffset.UtcNow.ConvertToUnixTimestamp();
* currentDateTimeOffset -= maxAge + 100;
* var authorizationParameter = new AuthorizationParameter
* {
* ClientId = clientId,
* State = state,
* Prompt = "none",
* RedirectUrl = redirectUrl,
* Scope = "openid",
* ResponseType = "code",
* MaxAge = 300
* };
*
* var jsonAuthorizationParameter = authorizationParameter.SerializeWithJavascript();
*
* var claims = new List<Claim>
* {
* new Claim(ClaimTypes.AuthenticationInstant, currentDateTimeOffset.ToString())
* };
* var claimIdentity = new ClaimsIdentity(claims, "fake");
* var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
*
* // ACT
* var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal);
*
* // ASSERTS
* Assert.NotNull(result);
* Assert.True(result.RedirectInstruction.Action.Equals(IdentityServerEndPoints.AuthenticateIndex));
* _simpleIdentityServerEventSource.Verify(s => s.StartProcessingAuthorizationRequest(jsonAuthorizationParameter));
* _simpleIdentityServerEventSource.Verify(s => s.EndProcessingAuthorizationRequest(jsonAuthorizationParameter, "RedirectToAction", "AuthenticateIndex"));
* }
*
#endregion
*/
private void InitializeMockingObjects()
{
var clientValidator = new ClientValidator();
_simpleIdentityServerConfiguratorStub = new Mock <IConfigurationService>();
_oauthEventSource = new Mock <IOAuthEventSource>();
var scopeRepository = new Mock <IScopeRepository>();
var clientRepository = new Mock <IClientRepository>();
var consentRepository = new Mock <IConsentRepository>();
var jsonWebKeyRepository = new Mock <IJsonWebKeyRepository>();
var parameterParserHelper = new ParameterParserHelper(scopeRepository.Object);
var scopeValidator = new ScopeValidator(parameterParserHelper);
var actionResultFactory = new ActionResultFactory();
var consentHelper = new ConsentHelper(consentRepository.Object, parameterParserHelper);
var aesEncryptionHelper = new AesEncryptionHelper();
var jweHelper = new JweHelper(aesEncryptionHelper);
var jweParser = new JweParser(jweHelper);
var createJwsSignature = new CreateJwsSignature(new CngKeySerializer());
var jwsParser = new JwsParser(createJwsSignature);
var jsonWebKeyConverter = new JsonWebKeyConverter();
var httpClientFactory = new Mock <IHttpClientFactory>();
var jwtParser = new JwtParser(
jweParser,
jwsParser,
httpClientFactory.Object,
clientRepository.Object,
jsonWebKeyConverter,
jsonWebKeyRepository.Object);
var claimsMapping = new ClaimsMapping();
var jwsGenerator = new JwsGenerator(createJwsSignature);
var jweGenerator = new JweGenerator(jweHelper);
_authenticationContextclassReferenceRepositoryStub = new Mock <IAuthenticationContextclassReferenceRepository>();
_processAuthorizationRequest = new ProcessAuthorizationRequest(
parameterParserHelper,
clientValidator,
scopeValidator,
actionResultFactory,
consentHelper,
jwtParser,
_simpleIdentityServerConfiguratorStub.Object,
_oauthEventSource.Object,
_authenticationContextclassReferenceRepositoryStub.Object);
_jwtGenerator = new JwtGenerator(_simpleIdentityServerConfiguratorStub.Object,
clientRepository.Object,
clientValidator,
jsonWebKeyRepository.Object,
scopeRepository.Object,
claimsMapping,
parameterParserHelper,
jwsGenerator,
jweGenerator);
}
public void Encryption_With_Text_Success()
{
EncryptionConfiguration encryptionConfiguration = new EncryptionConfiguration(DefaultKey);
IAesEncryptionHelper aesEncryptionHelper = new AesEncryptionHelper(encryptionConfiguration);
var text = "aesEncrypt";
var encrypted = aesEncryptionHelper.Encrypt(text);
Assert.NotNull(encrypted);
Assert.NotEmpty(encrypted);
}
public async Task <ActionResult <JObject> > ExternalLogin([FromBody] JObject data)
{
string message = data.Value <string>("message");
string key = MixService.GetConfig <string>(MixAppSettingKeywords.ApiEncryptKey);
string decryptMsg = AesEncryptionHelper.DecryptString(message, key);
var model = JsonConvert.DeserializeObject <RegisterExternalBindingModel>(decryptMsg);
RepositoryResponse <JObject> loginResult = await _idService.ExternalLogin(model);
if (loginResult.IsSucceed)
{
return(Ok(loginResult.Data));
}
return(BadRequest(loginResult.Errors));
}
public void CanDecryptDateString()
{
var key = new byte[]
{
54, 109, 249, 186, 109, 210, 209, 44, 94, 28, 227, 232, 73, 86, 128, 186
};
var data = new byte[]
{
123, 28, 227, 85, 79, 126, 149, 28, 211, 96, 199, 192, 105, 149, 76, 231,
8, 136, 51, 141, 139, 44, 0, 230, 228, 116, 12, 145, 132, 157, 5, 123, 235, 247, 232, 244, 36, 217, 73, 147, 157, 124, 27, 143, 255, 79, 220, 194
};
var output = AesEncryptionHelper.Decrypt(data, key);
Assert.Equal("D:20180808103317-07'00'", OtherEncodings.BytesAsLatin1String(output));
}
public void Fail_To_Decrypt()
{
var plainText = "https://www.nsa.gov/";
AesEncryptionHelper.CipherKey = null;
var cipherText = _encryptionHelper.EncryptAsBase64(plainText);
Assert.AreNotEqual(plainText, cipherText);
AesEncryptionHelper.CipherKey = AesEncryptionHelper.GenerateCipherKey();//this will yield the wrong key that was used to encrypt
Assert.Throws <CryptographicException>(() =>
{
var decryptedText = _encryptionHelper.DecryptAsBase64(cipherText);
});
}
public override MixPostAttributeValue ParseModel(MixCmsContext _context = null, IDbContextTransaction _transaction = null)
{
if (string.IsNullOrEmpty(Id))
{
Id = Guid.NewGuid().ToString();
CreatedDateTime = DateTime.UtcNow;
}
if (Field.IsEncrypt && !string.IsNullOrEmpty(StringValue))
{
if (string.IsNullOrEmpty(EncryptValue))
{
EncryptKey = Guid.NewGuid().ToString("N");
EncryptValue = AesEncryptionHelper.EncryptString(StringValue, EncryptKey);
}
StringValue = string.Empty;
}
return(base.ParseModel(_context, _transaction));
}
public async Task Decrypt_EncryptedString_GetsOriginalValue()
{
//Arrange
var fakeEncryptionOptionsMonitor = Substitute.For <IOptionsMonitor <EncryptionOptions> >();
fakeEncryptionOptionsMonitor
.CurrentValue
.Returns(new EncryptionOptions()
{
Pepper = "VQpYmtjVlH$Ys#llTcP9fwPCkzTxs1%f"
});
var aesEncryptionHelper = new AesEncryptionHelper(fakeEncryptionOptionsMonitor);
//Act
var data = await aesEncryptionHelper.EncryptAsync("some-data");
//Assert
Assert.AreEqual("some-data", await aesEncryptionHelper.DecryptAsync(data));
}
public async Task <ActionResult> Login([FromBody] JObject data)
{
string message = data.Value <string>("message");
string key = MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey);
string decryptMsg = AesEncryptionHelper.DecryptString(message, key);
if (!string.IsNullOrEmpty(decryptMsg))
{
var model = JsonConvert.DeserializeObject <LoginViewModel>(decryptMsg);
RepositoryResponse <JObject> loginResult = new RepositoryResponse <JObject>();
loginResult = await _idService.Login(model);
if (loginResult.IsSucceed)
{
return(Ok(loginResult.Data));
}
return(BadRequest(loginResult.Errors));
}
return(BadRequest());
}
public JObject SaveEncrypt([FromBody] RequestEncrypted request)
{
//var key = Convert.FromBase64String(request.Key); //Encoding.UTF8.GetBytes(request.Key);
//var iv = Convert.FromBase64String(request.IV); //Encoding.UTF8.GetBytes(request.IV);
string encrypted = string.Empty;
string decrypt = string.Empty;
if (!string.IsNullOrEmpty(request.PlainText))
{
encrypted = AesEncryptionHelper.EncryptStringToBytes_Aes(new JObject()).ToString();
}
if (!string.IsNullOrEmpty(request.Encrypted))
{
//decrypt = SioService.DecryptStringFromBytes_Aes(request.Encrypted, request.Key, request.IV);
}
JObject data = new JObject(
new JProperty("key", request.Key),
new JProperty("encrypted", encrypted),
new JProperty("plainText", decrypt));
return data;
}
public async Task <JObject> GetAuthData(ApplicationUser user, bool rememberMe)
{
var rsaKeys = RSAEncryptionHelper.GenerateKeys();
var aesKey = AesEncryptionHelper.GenerateCombinedKeys(256);
var token = await GenerateAccessTokenAsync(user, rememberMe, aesKey, rsaKeys[MixConstants.CONST_RSA_PUBLIC_KEY]);
if (token != null)
{
token.Info = new MixUserViewModel(user);
await token.Info.LoadUserDataAsync();
var plainText = JObject.FromObject(token).ToString(Formatting.None).Replace("\r\n", string.Empty);
var encryptedInfo = AesEncryptionHelper.EncryptString(plainText, aesKey);
var resp = new JObject()
{
new JProperty("k", aesKey),
new JProperty("rpk", rsaKeys[MixConstants.CONST_RSA_PRIVATE_KEY]),
new JProperty("data", encryptedInfo)
};
return(resp);
}
return(default);
public async Task Encrypt_SameDataEncryptedTwice_ContainsDifferentBytesDueToSalt()
{
//Arrange
var fakeEncryptionOptionsMonitor = Substitute.For <IOptionsMonitor <EncryptionOptions> >();
fakeEncryptionOptionsMonitor
.CurrentValue
.Returns(new EncryptionOptions()
{
Pepper = "VQpYmtjVlH$Ys#llTcP9fwPCkzTxs1%f"
});
var aesEncryptionHelper = new AesEncryptionHelper(fakeEncryptionOptionsMonitor);
//Act
var data1 = await aesEncryptionHelper.EncryptAsync("some-data");
var data2 = await aesEncryptionHelper.EncryptAsync("some-data");
//Assert
Assert.AreNotEqual(
Convert.ToBase64String(data1),
Convert.ToBase64String(data2));
}
public void Generate_Key()
{
var key = AesEncryptionHelper.GenerateCipherKey();
}
public JObject Decrypt([FromBody] EncryptDataDto requestDto)
{
var key = requestDto.Key ?? MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey);
return(JObject.Parse(AesEncryptionHelper.DecryptString(requestDto.StringData, key)));
}
