public UserController(
UserManager <CyberSparrow> userManager,
IUserHandler userHandler,
JwtHandler jwtHandler,
SignInManager <CyberSparrow> signInManager,
RegistrationCodesHandler rch
)
{
this.userManager = userManager;
this.userHandler = userHandler;
this.jwtHandler = jwtHandler;
this.signInManager = signInManager;
this.rch = rch;
}
public static void SetupJwtConf(this IServiceCollection services, ref IConfiguration configuration)
{
var jwtOptions = services.GetTypedOptions <JwtOptions>(configuration, "JWT");
if (jwtOptions == null)
{
return;
}
var jwtHandler = new JwtHandler(jwtOptions);
services.AddSingleton <IJwtHandler>(jwtHandler);
SetupJwtNetCore(services, jwtOptions, jwtHandler);
}
public LoginResultDTO Login(LoginCredentialsDTO credentialsDTO)
{
var user = _userRepository.GetByEmail(credentialsDTO.Email);
Validate.NotNull(user);
var encryptedPassword = this.GenerateEncryptedPassword(credentialsDTO.Password);
Validate.EqualThan(user.Password, encryptedPassword);
var token = JwtHandler.GenerateToken(_tokenOptions.Value.SecretKey, user.Name, user.Id, user.IsAdmin);
return(new LoginResultDTO(token));
}
public async Task <UserModel?> TryGetUserAsync(string jwt, CancellationToken cancellationToken)
{
var tokenConfiguration = await fTokenConfigurationRepository.GetAsync(cancellationToken);
var parameters = GetValidationParams(tokenConfiguration);
var principal = JwtHandler.ValidateToken(jwt, parameters);
if (principal is null)
{
return(null);
}
return(CreateModel(principal));
}
public AccountService(
IStoredProcedureService storedProcedure,
RandomMaker randomMaker,
Cryptograph cryptograph,
IAccountProfileService accountProfileService,
IAccountDeviceService accountDeviceService,
JwtHandler jwtHandler)
{
_storedProcedure = storedProcedure;
_randomMaker = randomMaker;
_cryptograph = cryptograph;
_accountProfileService = accountProfileService;
_accountDeviceService = accountDeviceService;
_jwtHandler = jwtHandler;
}
public async Task <IHttpActionResult> Login(UserModel model)
{
// validate user and password in DB
var userId = 5;
var claims = new List <Claim> {
new Claim("name", model.UserName),
new Claim("userId", userId.ToString())
};
var tokenString = JwtHandler.GetToken(claims, Request.BaseUrl());
return(Ok(tokenString));
//return Ok(ApiAuthorizationFilterAttribute.Bearer + tokenString);
}
public async Task FTCreateAndValidateTest()
{
var testCertificate = await "CN=test1, O=Test".CreateSelfSignedCertificateAsync();
var testKey = await testCertificate.ToFTJsonWebKeyAsync(true);
var issuer = "test-issuer";
var audience = "test-aud";
var token = JwtHandler.CreateToken(testKey, issuer, new[] { audience }, new[] { new Claim("sub", "test-user") });
var tokenString = await token.ToJwtString();
(ClaimsPrincipal claimsPrincipal, MSTokens.SecurityToken securityToken) = JwtHandler.ValidateToken(tokenString, issuer, new[] { testKey }, audience: audience);
Assert.True(claimsPrincipal?.Claims?.Count() > 1);
Assert.NotNull(securityToken);
}
public int ExractIdFromToken()
{
try {
var token = Request.Headers.FirstOrDefault(x => x.Key == "Authorization").Value.FirstOrDefault();
int userId = 0;
if (JwtHandler.IsTokenValid(token, out userId) == false)
{
return(0);
}
return(userId);
}
catch (Exception ex) {
return(1019);
}
}
public async Task <BaseResponse> Login([FromBody] LoginRequest request)
{
var response = new BaseResponse();
try
{
var user = await _usersRepository.GetByEmail(request.Email);
var sha1 = new SHA1CryptoServiceProvider();
var hashedString = Encoding.ASCII.GetString(
sha1.ComputeHash(
Encoding.ASCII.GetBytes(request.Email + request.Password)
)
);
if (user == null || hashedString != user.Password)
{
HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
response.Message = "Unauthorized.";
return(response);
}
var token = JwtHandler.GenerateToken(new JwtOptions
{
Issuer = _configuration["JwtSecurity:Issuer"],
Audience = _configuration["JwtSecurity:Audience"],
SecretKey = _configuration["JwtSecurity:SecretKey"],
PublicClaims = new Dictionary <string, string>(),
Id = user.Id,
Subject = "Authorization"
});
HttpContext.Response.Headers.Add("ACCESS-TOKEN", token.Token);
HttpContext.Response.Headers.Add("ACCESS-TOKEN-EXPIRATION", token.ValidTo.ToString());
response.Success = true;
response.Message = "User logged in!";
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
HttpContext.Response.StatusCode = StatusCodes.Status500InternalServerError;
response.Message = "Failed to login.";
}
return(response);
}
public async Task <UserLoginResponseDTO> Login(UserLoginDTO dto)
{
var user = await _userRepository.GetByEmail(dto.Email);
Validate.NotNull(user, "User not found");
var passwordIsValid = SecurityManager.VerifyPasswordPbkdf2(dto.Password, user.Password);
Validate.IsTrue(passwordIsValid, "Password is incorrect");
return(new UserLoginResponseDTO()
{
Name = user.Name,
Email = user.Email,
Token = JwtHandler.GenerateToken(_options.Value.SecretKey, user.Id, user.Name)
});
}
public Token Token(string token)
{
try
{
if (!string.IsNullOrEmpty(token))
{
return(JwtHandler.ReadToken(token));
}
else
{
throw new Exception("Bitte neu Anmelden Session Abgelaufen");
}
}
catch (Exception)
{
throw;
}
}
public async Task MSCreateAndOidcDiscoveryValidateTest()
{
var testCertificate = await "CN=test1, O=Test".CreateSelfSignedCertificateAsync();
var testKey = await testCertificate.ToMSJsonWebKeyAsync(true);
var issuer = "test-issuer";
var audience = "test-aud";
var token = JwtHandler.CreateToken(testKey, issuer, new[] { audience }, new[] { new Claim("sub", "test-user") });
var tokenString = await token.ToJwtString();
var jsonWebKeySetAsJson = GetOidcDiscoveryJsonWebKeySet(testKey.ToFTJsonWebKey());
var jsonWebKeySet = jsonWebKeySetAsJson.ToObject <JsonWebKeySet>();
(ClaimsPrincipal claimsPrincipal, MSTokens.SecurityToken securityToken) = JwtHandler.ValidateToken(tokenString, issuer, jsonWebKeySet.Keys.ToMSJsonWebKeys(), audience: audience);
Assert.True(claimsPrincipal?.Claims?.Count() > 1);
Assert.NotNull(securityToken);
}
/// <summary>
/// 常用自定义验证策略,模仿自定义中间件JwtCustomerauthorizeMiddleware的验证范围
/// </summary>
/// <param name="context"></param>
/// <param name="requirement"></param>
/// <returns></returns>
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement)
{
var httpContext = accssor.HttpContext;
//var httpContext = (context.Resource as AuthorizationFilterContext).HttpContext;
#region 身份验证,并设置用户Ruser值
var result = httpContext.Request.Headers.TryGetValue("Authorization", out StringValues authStr);
if (!result || string.IsNullOrEmpty(authStr.ToString()))
{
return(Task.CompletedTask);
}
result = JwtHandler.Validate(authStr.ToString().Substring("Bearer ".Length).Trim(), payLoad =>
{
var success = true;
//可以添加一些自定义验证,用法参照测试用例
//验证是否包含aud 并等于 roberAudience
success = success && payLoad["aud"]?.ToString() == jwtOption.Value.Audience;
if (success)
{
//设置Ruse值,把user信息放在payLoad中,(在获取jwt的时候把当前用户存放在payLoad的ruser键中)
//如果用户信息比较多,建议放在缓存中,payLoad中存放缓存的Key值
userContext.TryInit(payLoad["ruser"]?.ToString());
}
return(success);
});
if (!result)
{
return(Task.CompletedTask);
}
#endregion
#region 权限验证
if (!userContext.Authorize(httpContext.Request.Path))
{
return(Task.CompletedTask);
}
#endregion
//context.Succeed(requirement);是验证成功,如果没有这个,就默认验证失败
context.Succeed(requirement);
return(Task.CompletedTask);
}
public async Task <ClaimsPrincipal> ValidateAccessTokenAsync(string accessToken, string issuer, TParty party, string clientId)
{
(var validKeys, var invalidKeys) = party.Keys.GetValidKeys();
try
{
(var claimsPrincipal, _) = await Task.FromResult(JwtHandler.ValidateToken(accessToken, issuer, validKeys, clientId, validateAudience: false));
return(claimsPrincipal);
}
catch (Exception ex)
{
var ikex = GetInvalidKeyException(invalidKeys, ex);
if (ikex != null)
{
throw ikex;
}
throw;
}
}
public void ShouldCreateValidTokenWhenKeysAreValid()
{
var jwtSettingsMock = new Mock <IOptions <JwtSettings> >();
var jwtSettings = new JwtSettings();
jwtSettings.Issuer = "http://localhost:5000";
jwtSettings.PrivateKeyXML = "private-key.xml";
jwtSettings.PublicKeyXML = "public-key.xml";
jwtSettingsMock.Setup(j => j.Value).Returns(jwtSettings);
var jwtHandler = new JwtHandler(jwtSettingsMock.Object);
var token = jwtHandler.Create(Guid.NewGuid().ToString());
var tokenHandler = new JwtSecurityTokenHandler();
var exception = Record.Exception(() => tokenHandler.ValidateToken(token.Token, jwtHandler.Parameters, out _));
Assert.Null(exception);
}
public async Task <ActionResult> CreateUser(UserPartial iUser)
{
try
{
SignalRChatContext DB = new SignalRChatContext();
using (var transaction = DB.Database.BeginTransaction())
{
try
{
bool isExist = UserFunctions.CheckIfUserExist(iUser, DB);
if (isExist == true)
{
return(BadRequest());
}
UserCls newUser = UserFunctions.CreateNewUser(iUser, DB);
newUser.code = SignInCodesFucntions.GenerateCodeForUser(newUser.id, DB);
transaction.Commit();
newUser.token = JwtHandler.CreateJwt(newUser.id, newUser.userName, DateTime.Now);
await hubContext.Clients.All.AddUserEvent(newUser.id);
return(new JsonResult(newUser));
}
catch (Exception exc)
{
//write exc to log...
transaction.Rollback();
return(BadRequest());
}
}
}
catch (Exception ex)
{
//write ex to log...
return(BadRequest());
}
}
public void Token_Service_Generate_Tokens()
{
var secret = Guid.NewGuid().ToString();
var options = Options.Create <JwtOptions>(new JwtOptions {
ExpiryMinutes = 2, Issuer = "JuntoSeguros", SecretKey = secret
});
var jwtProvider = new JwtHandler(options);
var token = jwtProvider.Create("my_login", "my_name");
Assert.NotNull(token);
Assert.IsNotEmpty(token.Token);
var decodedToken = jwtProvider.Decode(token.Token);
Assert.NotNull(decodedToken);
Assert.AreEqual(decodedToken.Login, "my_login");
Assert.AreEqual(decodedToken.Name, "my_name");
}
public async Task <ActionResult> LogIn(loginCls iLoginObj)
{
var userValidData = SignInCodesFucntions.ValidateCode(iLoginObj.phone, iLoginObj.code);
if (userValidData == null)
{
return(BadRequest());
}
var token = JwtHandler.CreateJwt(userValidData.userId, userValidData.userName, DateTime.Now);
UserCls res = UserFunctions.UserByPhoneAndCode(iLoginObj.phone, iLoginObj.code);
res.token = token;
res.id = res.id; //id should not be returned. selected user should return dummy id or encrypted one.
res.code = null;
await this.hubContext.Clients.All.AddUserEvent(res.id);
return(new JsonResult(res));
}
public AuthControllerIntegrationTests()
{
// Setup
var options = new DbContextOptionsBuilder <DatabaseContext>()
.UseInMemoryDatabase(Guid.NewGuid().ToString())
.Options;
var dbContext = new DatabaseContext(options);
var userRepository = new UserRepository(dbContext);
var tokenRepository = new TokenRepository(dbContext);
var jwtOptions = Options.Create(new JwtSettings {
Issuer = "Backend", Audience = "Users", SecretKey = "myXAuthenticationSecret"
});
var jwtHandler = new JwtHandler(jwtOptions);
_authService = new AuthService(userRepository, jwtHandler, tokenRepository);
_authService.Register(new RegisterRequestDTO {
Username = "******", Password = "******", ClientId = "Test"
});
}
public string GenerateUserJwt(UserDoc user, string grant)
{
var issuedAtUtc = DateTime.UtcNow;
var claims = new List <Claim>(8)
{
new Claim(Constants._NameClaim, user.Id.ToString()),
new Claim(Constants._EmailClaim, user.Email),
new Claim(Constants._GrantClaim, grant)
};
if (user.Username != null)
{
claims.Add(new Claim(Constants._UsernameClaim, user.Username));
}
if (user.GivenName != null)
{
claims.Add(new Claim(Constants._GivenNameClaim, user.GivenName));
}
if (user.FamilyName != null)
{
claims.Add(new Claim(Constants._FamilyNameClaim, user.FamilyName));
}
if (user.Admin)
{
claims.Add(new Claim(Constants._RoleClaim, nameof(UserModel.Admin)));
}
using var rsa = RSA.Create();
var dto = new JwtSecurityTokenDto
{
Audience = fConfig.BearerTokenAudience,
Issuer = fConfig.BearerTokenIssuer,
Claims = claims,
NotBefore = issuedAtUtc,
Expires = issuedAtUtc.AddSeconds(fConfig.BearerTokenDuration),
SigningCredentials = rsa.ToSigningCredentials(fConfig.BearerPrivateKey)
};
return(JwtHandler.CreateToken(dto));
}
public async Task <ClaimsPrincipal> ValidatePartyClientTokenAsync(TClient client, string token, bool validateLifetime = true)
{
var issuerSigningKeys = new List <JsonWebKey>();
issuerSigningKeys.Add(RouteBinding.PrimaryKey.Key);
if (RouteBinding.SecondaryKey != null)
{
issuerSigningKeys.Add(RouteBinding.SecondaryKey.Key);
}
try
{
(var claimsPrincipal, var securityToken) = await Task.FromResult(JwtHandler.ValidateToken(token, Issuer(RouteBinding), issuerSigningKeys, audience: client.ClientId, validateLifetime: validateLifetime));
return(claimsPrincipal);
}
catch (Exception ex)
{
logger.Error(ex, $"Party client JWT not valid. Client id '{client.ClientId}', Route '{RouteBinding.Route}'.");
return(null);
}
}
public async Task <string> CreateIdTokenAsync(TClient client, IEnumerable <Claim> claims, IEnumerable <string> selectedScopes, string nonce, IEnumerable <string> responseTypes, string code, string accessToken, string algorithm)
{
if (!(client is OidcDownClient))
{
throw new InvalidOperationException("Include ID Token only possible for OIDC Down Client.");
}
var onlyIdToken = !responseTypes.Contains(IdentityConstants.ResponseTypes.Code) && !responseTypes.Contains(IdentityConstants.ResponseTypes.Token);
var idTokenClaims = new List <Claim>(await claimsDownLogic.FilterJwtClaimsAsync(client, claims, selectedScopes, includeIdTokenClaims: true, includeAccessTokenClaims: onlyIdToken));
var clientClaims = claimsDownLogic.GetClientJwtClaims(client, onlyIdTokenClaims: true);
if (clientClaims?.Count() > 0)
{
idTokenClaims.AddRange(clientClaims);
}
if (!nonce.IsNullOrEmpty())
{
idTokenClaims.AddClaim(JwtClaimTypes.Nonce, nonce);
}
if (!onlyIdToken)
{
if (responseTypes.Contains(IdentityConstants.ResponseTypes.Token))
{
idTokenClaims.AddClaim(JwtClaimTypes.AtHash, await accessToken.LeftMostBase64urlEncodedHashAsync(algorithm));
}
if (responseTypes.Contains(IdentityConstants.ResponseTypes.Code))
{
idTokenClaims.AddClaim(JwtClaimTypes.CHash, await code.LeftMostBase64urlEncodedHashAsync(algorithm));
}
}
logger.ScopeTrace(() => $"Down, JWT ID token claims '{idTokenClaims.ToFormattedString()}'", traceType: TraceTypes.Claim);
var token = JwtHandler.CreateToken(await trackKeyLogic.GetPrimarySecurityKeyAsync(RouteBinding.Key), trackIssuerLogic.GetIssuer(), client.ClientId, idTokenClaims, expiresIn: (client as OidcDownClient).IdTokenLifetime, algorithm: algorithm);
return(await token.ToJwtString());
}
public async Task <ClaimsPrincipal> ValidateTokenAsync(string token, bool validateAudience = false, bool validateLifetime = true)
{
var issuerSigningKeys = new List <JsonWebKey>();
issuerSigningKeys.Add(RouteBinding.Key.PrimaryKey.Key);
if (RouteBinding.Key.SecondaryKey != null)
{
issuerSigningKeys.Add(RouteBinding.Key.SecondaryKey.Key);
}
try
{
(var claimsPrincipal, _) = await Task.FromResult(JwtHandler.ValidateToken(token, trackIssuerLogic.GetIssuer(), issuerSigningKeys, validateAudience: validateAudience, validateLifetime: validateLifetime));
return(claimsPrincipal);
}
catch (Exception ex)
{
logger.Error(ex, $"JWT not valid. Route '{RouteBinding.Route}'.");
return(null);
}
}
public async Task <string> CreateAccessTokenAsync(TClient client, IEnumerable <Claim> claims, IEnumerable <string> selectedScopes, string algorithm)
{
var accessTokenClaims = new List <Claim>();
(var audiences, var audienceScopes) = await oauthResourceScopeLogic.GetValidResourceAsync(client, selectedScopes);
if (audiences.Count() > 0)
{
accessTokenClaims.AddClaim(JwtClaimTypes.Scope, audienceScopes.ToSpaceList());
}
else
{
audiences.Add(client.ClientId);
}
accessTokenClaims.AddClaim(JwtClaimTypes.ClientId, client.ClientId);
accessTokenClaims.AddRange(await claimsLogic.FilterJwtClaims(client, claims, selectedScopes, includeAccessTokenClaims: true));
var token = JwtHandler.CreateToken(trackKeyLogic.GetSecurityKey(RouteBinding.PrimaryKey), Issuer(RouteBinding), audiences, accessTokenClaims, expiresIn: client.AccessTokenLifetime, algorithm: algorithm, x509CertificateSHA1Thumbprint: RouteBinding.PrimaryKey.Key.Kid);
return(await token.ToJwtString());
}
public void TestGetClaims()
{
var jwtHandler = new JwtHandler(_config);
var user = new ApplicationUser
{
Id = "13265262",
UserName = "******",
PasswordHash = "jerryricehashed",
FullName = "Jerry Rice",
PhoneNumber = "111-111-1111",
Email = "*****@*****.**",
TeamID = Guid.NewGuid(),
RoleName = Roles.HC,
StatLineID = Guid.NewGuid()
};
var claims = jwtHandler.GetClaims(user);
foreach (var claim in claims)
{
Assert.NotEmpty(claim.Type);
Assert.NotEmpty(claim.Value);
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
#region Swagger
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Study Group Finder API V1", Version = "v1"
});
});
#endregion
#region JWT Token
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
ValidIssuer = Configuration["JwtSecurity:Issuer"],
ValidAudience = Configuration["JwtSecurity:Audience"],
IssuerSigningKey = JwtHandler.CreateSigningKey(Configuration["JwtSecurity:SecretKey"])
};
});
#endregion
#region Dependency Injection
services.AddTransient <DatabaseProvider>();
services.AddTransient <UsersRepository>();
#endregion
services.AddMvc();
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
try
{
var accessToken = GetAccessTokenFromHeader();
var routeBinding = Context.GetRouteBinding();
var authority = UrlCombine.Combine(GetFoxIDsEndpoint(), routeBinding.TenantName, Constants.Routes.MasterTrackName, Options.DownParty);
var oidcDiscoveryUri = UrlCombine.Combine(authority, IdentityConstants.OidcDiscovery.Path);
var oidcDiscoveryHandler = Context.RequestServices.GetService <OidcDiscoveryHandlerService>();
var oidcDiscovery = await oidcDiscoveryHandler.GetOidcDiscoveryAsync(oidcDiscoveryUri);
var oidcDiscoveryKeySet = await oidcDiscoveryHandler.GetOidcDiscoveryKeysAsync(oidcDiscoveryUri);
ClaimsPrincipal principal;
try
{
(principal, _) = JwtHandler.ValidateToken(accessToken, oidcDiscovery.Issuer, oidcDiscoveryKeySet.Keys, Options.DownParty);
}
catch (SecurityTokenInvalidSignatureException isex)
{
Logger.LogWarning(isex, $"Invalid signature reload OIDC discovery keys, uri '{oidcDiscoveryUri}'.");
oidcDiscoveryKeySet = await oidcDiscoveryHandler.GetOidcDiscoveryKeysAsync(oidcDiscoveryUri, refreshCache : true);
(principal, _) = JwtHandler.ValidateToken(accessToken, oidcDiscovery.Issuer, oidcDiscoveryKeySet.Keys, Options.DownParty);
}
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
catch (Exception ex)
{
Logger.LogError(ex, ex.Message);
return(AuthenticateResult.Fail(ex.Message));
}
}
public override async Task OnAuthorizationAsync(HttpActionContext actionContext, System.Threading.CancellationToken cancellationToken)
{
try
{
var token = actionContext.Header(Authorization); //HttpContext.Current.Request.Headers[Authorization];
if (string.IsNullOrEmpty(token))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "No token!"
};
return;
}
token = token.Replace(Bearer, "");
var result = JwtHandler.DecodeToken(token, actionContext.BaseUrl());
var name = result.ClaimsPrincipal.FindFirst(c => c.Type == Name);
var userId = result.ClaimsPrincipal.FindFirst(c => c.Type == UserId);
//get user from Db by user id
actionContext.ActionArguments.Add(Name, $"{name.Value}:{userId.Value}");
var issuer = result.SecurityToken.Issuer;
}
catch (Exception)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "Wrong token or userId!"
};
return;
}
}
public StringResult LoginStudent([FromBody] StudentLoginRequest student)
{
if (string.IsNullOrEmpty(student.Username) || string.IsNullOrEmpty(student.Password))
{
return(StringResult.Error("Username and password cannot be blank"));
}
var loginResult = studentBl.LoginStudent(student.Username, student.Password);
if (loginResult.Success)
{
var secretKey = configuration[CONSTANTS.Keys.JWT_SECRETKEY];
var issuer = configuration[CONSTANTS.Keys.JWT_ISSUER];
var audience = configuration[CONSTANTS.Keys.JWT_AUDIENCE];
var token = JwtHandler.GenerateAPIToken(loginResult.ResultOk.ToString(), secretKey, issuer, audience);
return(StringResult.Ok(token));
}
else
{
var result = StringResult.Error();
result.ResultError = loginResult.ResultError;
return(result);
}
}
public AuthenticationController(UserManager <ApplicationUser> userManager, JwtHandler jwtHandler)
{
_userManager = userManager;
_jwtHandler = jwtHandler;
}
