public async Task TestJwtMiddleware() { HttpContext context = new DefaultHttpContext(); JwtMiddleware middleware = new JwtMiddleware(httpContext => Task.CompletedTask); await middleware.Invoke(context); Assert.IsTrue(!context.User.Claims.Any(), "Are there any claims when there's no authentication header?"); Assert.IsNull(context.User.Identity.AuthenticationType, "Is the authenticationtype null when there's no auth header?"); // Create a test user instance User testUser = new User { confirmed = true, date_of_birth = DateTime.Now, email = "*****@*****.**", ID = 0, password = "******", plan = Plans.Basic, registration_timestamp = DateTime.Now, role = Roles.User, username = "******" }; ClaimsPrincipal userPrincipal = testUser.ClaimsPrincipal(TokenScope.UserLogin); context.Request.Headers.Add("Authorization", "Bearer " + Jwt.Sign((ClaimsIdentity)userPrincipal.Identity)); await middleware.Invoke(context); Assert.IsTrue(context.User.Claims.Any(), "Are there any claims when the authentication header is present?"); Assert.IsNotNull(context.User.Identity.AuthenticationType, "Is the authenticationtype no null when the authentication header is present?"); Assert.AreEqual(context.User.Identity.AuthenticationType, TokenScope.UserLogin, "Is the AuthenticationType the same as the one used to sign the Jwt token?"); }
public dynamic ConsultarProgramasToken() { var data = JwtMiddleware.returnId(); var id = _dataModelRepository.ObtenerID(data); return(_dataModelRepository.ConsultarTokenProgramas(id)); }
public new void OnAuthorization(AuthorizationFilterContext context) { var token = context.HttpContext.Request.Headers.ContainsKey("Authorization"); if (token) { var tokenHandler = new JwtSecurityTokenHandler(); var tokenHeader = context.HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last(); if (!JwtMiddleware.Validate(tokenHeader) || !JwtMiddleware.ValidateIsAdmin(tokenHeader)) { context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized }; } } else { // not logged in context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized }; } }
public void OnAuthorization(AuthorizationFilterContext context) { var token = context.HttpContext.Request.Headers.ContainsKey("Authorization"); if (token) { var tokenHandler = new JwtSecurityTokenHandler(); var tokenHeader = context.HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last(); var key = Encoding.ASCII.GetBytes("clave-secreta-supersecreta-tiene queser grande"); if (!JwtMiddleware.Validate(tokenHeader)) { context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized }; } } else { // not logged in context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized }; } }
public IActionResult GenerateToken() { return(Ok(new { access_Token = JwtMiddleware.GenerateToken(), Token_Type = "bearer" })); }
public IActionResult IsValidToken() { var token = HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last(); return(Ok(new { Valid_To = JwtMiddleware.IsValidToken(token), })); }
public JwtMiddlewareTests() { _testingSettings = new AppSettings(); _testingSettings.Secret = "THIS IS MY VERY LONG TESTING SECRET THAT NO ONE SHOULD KNOW"; // Arrange testing service for all the testing class _appOptions = Options.Create(_testingSettings); var mapperConfig = new MapperConfiguration(cfg => { cfg.AddProfile <UsersProfile>(); cfg.AddProfile <AuthenticateProfile>(); }); _mockMapper = mapperConfig.CreateMapper(); _authenticateExample = new AuthenticateResponse { Id = 2, FirstName = "User", LastName = "User", Username = "******", Token = "My Token" }; var user = new User { Id = 2, FirstName = "User", LastName = "User", Username = "******", Password = "******", PizzaLove = 3 }; _mockUserService = new Mock <IUserService>(); _mockUserService .Setup(x => x.AuthenticateAsync(It.Is <AuthenticateRequest>(i => i.Username == "user"))) .ReturnsAsync(_authenticateExample); _mockUserService.Setup(x => x.GetByIdAsync(It.IsAny <int>())) .ReturnsAsync(user); _userController = new UsersController(_appOptions, _mockUserService.Object, _mockMapper); _mockContext = new DefaultHttpContext(); _next = async(HttpContext hc) => await Task.CompletedTask; _authenticationMiddleware = new JwtMiddleware(_mockUserService.Object, _appOptions); }
public async Task <LoginResultDTO> Refresh() { var user = await UserManager.GetUserAsync(User); if (user is null) { return(new LoginResultDTO { Success = false }); } await SignInManager.RefreshSignInAsync(user); var token = JwtMiddleware.GenerateJwtToken(user, Logger); Logger.LogDebug($"refreshed token for {user.UserName}"); return(new LoginResultDTO { Success = true, Token = token, UserName = user.UserName }); }
public async Task JwtMiddleware_ValidUser() { username = "******"; _mockUserRepository.Setup(repo => repo.GetByUserName(username)). Returns(_testuser.Username == username ? _testuser : null); defaultContext = new DefaultHttpContext(); defaultContext.Request.Path = "/"; defaultContext.Request.Headers.Add("Ocp-Apim-Subscription-Key", "test"); var middlewareInstance = new JwtMiddleware(next: (innerHttpContext) => { return(Task.CompletedTask); }, _mockappsetting ); await middlewareInstance.Invoke(defaultContext, _mockUserRepository.Object); Assert.True(defaultContext.Request.Headers["Auth-User"].FirstOrDefault()?.Split(" ").Last() != null); }
public async Task <LoginResultDTO> LogIn( [FromBody] LoginDTO details ) { Logger.LogCritical($"user: {JsonSerializer.Serialize(details)}"); var result = await SignInManager.PasswordSignInAsync(details.Username, details.Password, true, false); if (!result.Succeeded) { return(new LoginResultDTO { Success = false, Token = result.ToString() }); } var user = await CurrentUserAccessor.FindByUsername(details.Username); var token = JwtMiddleware.GenerateJwtToken(user, Logger); Logger.LogDebug($"Logged in {details.Username} with token {token}"); return(new LoginResultDTO { Success = true, Token = token, UserName = user.UserName }); }
public async Task JwtMiddleware_InValidUser() { username = "******"; _mockUserRepository.Setup(repo => repo.GetByUserName(username)).Returns(_testuser.Username == username ? _testuser : null); defaultContext = new DefaultHttpContext(); defaultContext.Request.Path = "/"; var middlewareInstance = new JwtMiddleware(next: (innerHttpContext) => { return(Task.CompletedTask); }, _mockappsetting ); await middlewareInstance.Invoke(defaultContext, _mockUserRepository.Object); var test = defaultContext.Request.Headers["Auth-User"].Count; Assert.True(defaultContext.Request.Headers["Auth-User"].Count == 0); }
public JwtMiddlewareTests() { _headers = new HeaderDictionary(); var mockHttpRequest = new Mock <HttpRequest>(); mockHttpRequest.SetupGet(request => request.Headers).Returns(_headers); _mockHttpContext = new Mock <HttpContext>(); _mockHttpContext.SetupGet(context => context.Request).Returns(mockHttpRequest.Object); _mockExecutionContext = new Mock <IExecutionContext>(); _mockExecutionContextHelper = new Mock <IExecutionContextHelper>(); var logger = new Mock <ILogger <JwtMiddleware> >(); _nextWasCalled = false; _middleware = new JwtMiddleware(context => { _nextWasCalled = true; return(Task.FromResult(0)); }, logger.Object); }
public JwtMiddlewareTests() { _testingSettings = new AppSettings(); _testingSettings.Secret = "THIS IS MY VERY LONG TESTING SECRET THAT NO ONE SHOULD KNOW"; // Arrange testing service for all the testing class _testingOptions = Options.Create(_testingSettings); var mapperConfig = new MapperConfiguration(cfg => cfg.AddProfile(new UsersProfile())); _mockMapper = mapperConfig.CreateMapper(); _context = new PizzaProblemContext( new DbContextOptionsBuilder <PizzaProblemContext>() .UseInMemoryDatabase(databaseName: "MiddlewareTests") .Options); _context.Database.EnsureCreated(); _testingService = new UserService(_testingOptions, _mockMapper, _context); _mockContext = new DefaultHttpContext(); _next = async(HttpContext hc) => await Task.CompletedTask; _authenticationMiddleware = new JwtMiddleware(_testingService, _testingOptions); }
public DatafeedAuthController(JwtMiddleware jwtMiddleware, IOptions <AppSettings> appSettings) { _jwtMiddleware = jwtMiddleware; _appSettings = appSettings.Value; }
public async Task Invoke_returns_200_with_token_if_match([Frozen] IUserAuthenticator authenticator, [Frozen] IUserExtractor extractor, JwtMiddleware sut, [Frozen] IServiceProvider serviceProvider, HttpContext context, JwtOptions options, IActionResultExecutor <ObjectResult> executor, User user, ClaimsIdentity identity) { Mock.Get(extractor).Setup(p => p.TryExtractUser(It.IsAny <HttpContext>(), out user)).Returns(true); Mock.Get(authenticator).Setup(p => p.TryAuthenticateUserAsync(It.IsAny <User>(), out identity)).ReturnsAsync(true); Mock.Get(serviceProvider).Setup(p => p.GetService(typeof(IActionResultExecutor <ObjectResult>))).Returns(executor); await sut.Invoke(context, options); Mock.Get(executor).Verify(p => p.ExecuteAsync(It.IsAny <ActionContext>(), It.Is <ObjectResult>(or => or.StatusCode == 200 && or.Value is TokenModel))); }
public async Task Invoke_returns_401_if_no_match([Frozen] IUserExtractor extractor, JwtMiddleware sut, [Frozen] IServiceProvider serviceProvider, HttpContext context, JwtOptions options, IActionResultExecutor <ObjectResult> executor) { User user = null; Mock.Get(extractor).Setup(p => p.TryExtractUser(It.IsAny <HttpContext>(), out user)).Returns(false); Mock.Get(serviceProvider).Setup(p => p.GetService(typeof(IActionResultExecutor <ObjectResult>))).Returns(executor); await sut.Invoke(context, options); Mock.Get(executor).Verify(p => p.ExecuteAsync(It.IsAny <ActionContext>(), It.Is <ObjectResult>(or => or.StatusCode == 401))); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseMiddleware <CustomExceptionHandlerMiddleware>(); app.UseCors("AllowAll"); app.UseFileServer(); // Bug fix app.Use(async(context, next) => { context.Request.Headers.Remove("If-Modified-Since"); await next(); }); // Deal with X-StoreId header app.Use(async(context, next) => { var request = context.Request; var x = request.Path.Value; var query = request.Query; if (x.StartsWith("/mktchat") || x.StartsWith("/mktpush")) { if (query.TryGetValue("storeId", out var storeId)) { request.Headers.Add("storeId", storeId); } if (query.TryGetValue("authorization", out var authorization)) { request.Headers.Add("Authorization", $"Bearer {authorization}"); } if (query.TryGetValue("access_token", out var access_token)) { request.Headers.Add("Authorization", $"Bearer {access_token}"); } } await next(); }); app.Use(async(context, next) => { await JwtMiddleware.UseJwtMiddleware(context, next); }); app.UseAuthentication(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Livechat}/{action=Register}/{id?}"); }); app.UseSignalR(routes => { routes.MapHub <MktChatHub>("/mktchat"); }); }