/// <inheritdoc /> public async Task <string> CreateJwtTokenAsync(long organizationId) { var oidcClaims = await GetOidcUserClaimsAsync(); var user = await _userService.TryCreateDefaultUserAsync(oidcClaims); if (user != null) { var allUserClaims = new List <Claim>(); allUserClaims.AddRange(oidcClaims); allUserClaims.AddRange(GetUserAuthorizationClaims(user)); if (organizationId != 0) { allUserClaims.AddRange(GetOrganizationClaims(organizationId)); allUserClaims.AddRange(await GetPermissionsClaimsAsync(allUserClaims)); if (!allUserClaims.Any(claim => claim.Type == PermissionsHelper.Claims.UserRole)) { throw new UnauthorizedAccessException(); } } return(JwtAuthorizationHelper.CreateJwtTokenFromClaims(allUserClaims, _apiJwtAuthorizationOptions.JwtSecret)); } throw new UnauthorizedAccessException(Properties.Resources.AuthorizationServiceForbiddenRequest); }
public void TryGetTokenValueReturnsNullToken() { IHeaderDictionary headers = new HeaderDictionary(); bool contains = JwtAuthorizationHelper.TryGetTokenValue(headers, out string token); contains.Should().BeFalse(); token.Should().BeNull(); }
public void CreateDifferentJwtTokensForDifferentClaims() { var claims1 = CreateClaims(11, "*****@*****.**"); var jwt1 = JwtAuthorizationHelper .CreateJwtTokenFromClaims(claims1, "top_secreat_password", new DateTime(2200, 1, 1)); var claims2 = CreateClaims(22, "*****@*****.**"); var jwt2 = JwtAuthorizationHelper .CreateJwtTokenFromClaims(claims2, "top_secreat_password", new DateTime(2200, 1, 1)); jwt1.Should().NotBe(jwt2); }
public void TryGetTokenValueReturnsCorrectToken( string token, bool removePrefix, bool expectedContains, string expectedToken) { IHeaderDictionary headers = new HeaderDictionary(); headers.Add(HeaderNames.Authorization, token); bool contains = JwtAuthorizationHelper.TryGetTokenValue(headers, out token, removePrefix); contains.Should().Be(expectedContains); token.Should().Be(expectedToken); }
public void CreateJwtTokensFromClaims() { var claims = CreateClaims(11, "*****@*****.**"); var jwt = JwtAuthorizationHelper .CreateJwtTokenFromClaims(claims, "top_secreat_password", new DateTime(2200, 1, 1)); var handler = new JwtSecurityTokenHandler(); var tokenS = handler.ReadToken(jwt) as JwtSecurityToken; tokenS.Claims.First(claim => claim.Type == UserClaimTypes.Email).Value .Should().Be("*****@*****.**"); tokenS.Claims.First(claim => claim.Type == UserClaimTypes.UserId).Value .Should().Be("11"); }
/// <inheritdoc /> public async Task <string> CreateJwtTokenAsync() { var oidcClaims = await GetOidcUserClaimsAsync(); var user = await _userService.TryCreateDefaultUserAsync(oidcClaims); if (user != null) { var allUserClaims = new List <Claim>(); allUserClaims.AddRange(oidcClaims); allUserClaims.AddRange(GetUserAuthorizationClaims(user)); return(JwtAuthorizationHelper.CreateJwtTokenFromClaims(allUserClaims, _apiJwtAuthorizationOptions.JwtSecret)); } throw new UnauthorizedAccessException(Properties.Resources.AuthorizationServiceForbiddenRequest); }