/// <summary>
///
/// CreateToken
///
/// Creates a new Authentiaction Token and saves it in the Database and return it to the user
///
/// </summary>
/// <para>
/// @author: Ahmed Sadiq, Brian Fann, Rachel Dang
/// @updated: 4/26/18
/// </para>
/// <param name="loginDto"></param>
/// <returns>
/// Response with the AuthenticationTokenDto
/// </returns>
public ResponseDto <AuthenticationTokenDto> CreateToken(string username)
{
var tokenHandler = new JwtSecurityTokenHandler();
var authenticationToken = new AuthenticationToken();
var salt = new SaltGenerator().GenerateSalt(128);
// Creating the Header of the Token
var key = new SymmetricSecurityKey(Encoding.Default.GetBytes(salt));
var signingCredentials = new SigningCredentials(key, "HS256");
authenticationToken.Salt = salt;
// Assigning the Username to the Token
authenticationToken.Username = username;
// Time Stamping the Token
var issuedOn = DateTime.UtcNow;
authenticationToken.ExpiresOn = issuedOn.AddMinutes(15);
// Create claims identity with "Read" permisison claims
var claimsIdentity = CreateClaimsIdentity(username).Data;
// Creating the Body of the token
var tokenDescription = new SecurityTokenDescriptor
{
Subject = claimsIdentity,
Audience = AuthenticationTokenConstants.AUDIENCE,
IssuedAt = issuedOn,
Expires = authenticationToken.ExpiresOn,
Issuer = AuthenticationTokenConstants.ISSUER,
SigningCredentials = signingCredentials,
};
// Changing the Token to a String Form
var token = tokenHandler.CreateToken(tokenDescription);
var tokenString = tokenHandler.WriteToken(token);
authenticationToken.TokenString = tokenString;
// Storing the Token to the Database
using (var authenticationGateway = new AuthenticationGateway())
{
authenticationGateway.StoreAuthenticationToken(authenticationToken);
}
// Assigning the Token to a Dto to return it back to the User
var authenticationTokenDto = new AuthenticationTokenDto(authenticationToken.Username,
authenticationToken.ExpiresOn, authenticationToken.TokenString);
// Returning the Token to the Controler
return(new ResponseDto <AuthenticationTokenDto>
{
Data = authenticationTokenDto
});
}
/// <summary>
///
/// RevokeToken
///
/// Ends the duration of the token before its Experation time
///
/// </summary>
/// <param name="authenticationTokenDto"></param>
/// <returns>
/// Response with the message of session ending successfully
/// </returns>
public ResponseDto <AuthenticationTokenDto> RevokeToken(AuthenticationTokenDto authenticationTokenDto)
{
var authenticationTokenPreLogicValidationStrategy =
new AuthenticationTokenPreLogicValidationStrategy(authenticationTokenDto);
// Checking if the Dto has all the information it needs
var validateAuthenticationTokenDtoResult = authenticationTokenPreLogicValidationStrategy.ExcuteStrategy();
if (validateAuthenticationTokenDtoResult.Error != null)
{
return(new ResponseDto <AuthenticationTokenDto>
{
Data = authenticationTokenDto,
Error = validateAuthenticationTokenDtoResult.Error
});
}
// Changing the Experiation time on the Token
authenticationTokenDto.ExpiresOn = DateTime.UtcNow; // Set this to the past
// Creating the Model to save in the DB
var incomingAuthenticationToken = new AuthenticationToken(authenticationTokenDto.Username, authenticationTokenDto.ExpiresOn, authenticationTokenDto.TokenString);
// Validating the Model after creation
var authenticationTokenPostLogicValidationStrategy =
new AuthenticationTokenPostLogicValidationStrategy(incomingAuthenticationToken);
var validateAutenticationTokenResult = authenticationTokenPostLogicValidationStrategy.ExcuteStrategy();
if (!validateAutenticationTokenResult)
{
return(new ResponseDto <AuthenticationTokenDto>
{
Data = authenticationTokenDto,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
// Updating the Token on the Database
using (var authenticationGateway = new AuthenticationGateway())
{
authenticationGateway.StoreAuthenticationToken(incomingAuthenticationToken);
}
// Returning a message that everything went fine
return(new ResponseDto <AuthenticationTokenDto>
{
Data = authenticationTokenDto,
});
}
public void Should_ReturnFalse_When_UserNameIsNull_InToken()
{
// Arrange
var gateway = new AuthenticationGateway();
var incomingAuthenticationToken = new AuthenticationToken()
{
TokenString = "TokenString"
};
// Act
var result = gateway.StoreAuthenticationToken(incomingAuthenticationToken);
// Assert
result.Data.Should().BeFalse();
result.Error.Should().NotBeNullOrEmpty();
}
public void Should_ReturnFalse_When_UserNameIsValid_NoExpirarionTime_InToken()
{
// Arrange
var gateway = new AuthenticationGateway();
var incomingAuthenticationToken = new AuthenticationToken()
{
Username = "******",
TokenString = "TokenString",
};
// Act
var result = gateway.StoreAuthenticationToken(incomingAuthenticationToken);
// Assert
result.Data.Should().BeFalse();
result.Error.Should().NotBeNullOrEmpty();
}
public void Should_ReturnTrue_When_UserNameIsValid_InToken()
{
// Arrange
var gateway = new AuthenticationGateway();
var incomingAuthenticationToken = new AuthenticationToken()
{
Username = "******",
TokenString = "TokenString",
ExpiresOn = DateTime.UtcNow
};
// Act
var result = gateway.StoreAuthenticationToken(incomingAuthenticationToken);
// Assert
result.Data.Should().BeTrue();
result.Error.Should().BeNullOrEmpty();
}