private TokenResponse GetTokenResponse(User user)
{
var accessTokenExpiry = DateTime.UtcNow.AddMinutes(_config.JWT_EXPIRE_MINUTES);
var principal = ClaimsPrincipalHelper.Create <User>(user);
var identity = (ClaimsIdentity)principal.Identity;
var securityTokenDescriptor = new SecurityTokenDescriptor
{
SigningCredentials = _signingCredentials,
Subject = identity,
Expires = accessTokenExpiry
};
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(securityTokenDescriptor);
var accessToken = handler.WriteToken(securityToken);
Logger.Info("User login: {0}", user.UserName);
var refreshToken = _tokenGenerator.GenerateRefreshToken();
var expiration = DateTime.UtcNow.AddDays(_config.JWT_REFRESH_TOKEN_EXPIRE_IN_DAYS);
_usersService.UpdateRefreshToken(user, refreshToken, expiration);
return(new TokenResponse()
{
access_token = accessToken,
refresh_token = refreshToken,
token_type = "Bearer",
expires_in = (int)TimeSpan.FromMinutes(_config.JWT_EXPIRE_MINUTES).TotalSeconds,
user_id = user.Id,
user_name = user.Name,
user_role = user.Role
});
}
public async Task <IActionResult> AssertionConsumer()
{
var binding = new Saml2PostBinding();
var response = new FixedSaml2AuthnResponse(_configuration);
binding.Unbind(Request.ToGenericHttpRequest(), response);
await response.CreateSession(HttpContext, ClaimsTransform : principal => ClaimsPrincipalHelper.Transform(principal));
var returnUrl = binding.GetRelayStateQuery()[ReturnUrlRelayStateKey];
return(Redirect(returnUrl));
}
public async Task GetRolesAsync_IfTheUserPrincipalNameIsInvalid_ShouldReturnNoRoles()
{
using (var loggerFactory = new LoggerFactoryMock())
{
var claimsPrincipalHelper = new ClaimsPrincipalHelper();
var windowsRoleProvider = new WindowsRoleProvider(await this.CreateMemoryCacheAsync(), claimsPrincipalHelper, loggerFactory, await this.CreateOptionsMonitorAsync());
var principal = await this.CreatePrincipalAsync("Invalid-user-principal-name", claimsPrincipalHelper.UserPrincipalNameClaimTypes.ToArray());
var roles = (await windowsRoleProvider.GetRolesAsync(principal)).ToArray();
Assert.IsFalse(roles.Any());
}
}
public async Task GetRolesAsync_IfThereAreMultipelUserPrincipalNameClaims_ShouldLog()
{
using (var loggerFactory = new LoggerFactoryMock())
{
var claimsPrincipalHelper = new ClaimsPrincipalHelper();
var windowsRoleProvider = new WindowsRoleProvider(await this.CreateMemoryCacheAsync(), claimsPrincipalHelper, loggerFactory, await this.CreateOptionsMonitorAsync());
var principal = await this.CreatePrincipalAsync("Invalid-user-principal-name", claimsPrincipalHelper.UserPrincipalNameClaimTypes.ToArray());
await windowsRoleProvider.GetRolesAsync(principal);
var log = loggerFactory.Logs.First();
Assert.AreEqual(LogLevel.Warning, log.LogLevel);
Assert.AreEqual("Multiple claims were found. The following claims were found: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn: Invalid-user-principal-name, upn: Invalid-user-principal-name", log.Message);
}
}
protected bool IsTester()
{
return(ClaimsPrincipalHelper.UserHasTesterClaim(User));
}
protected int GetUserId()
{
return(ClaimsPrincipalHelper.GetUserIdFromSubClaim(User));
}
protected Claims GetClaims()
{
return(ClaimsPrincipalHelper.GetClaims(User));
}
public async Task <IActionResult> GetCurrentUser()
{
var user = await GetUserById(ClaimsPrincipalHelper.GetUserId(this.User));
return(user);
}
