public Task Invoke(HttpContext context, Services.Contracts.IAccountService accountService)
{
GuardUtils.NotNull(context, nameof(context));
if (!context.Request.Path.Equals(_options.Path, StringComparison.Ordinal))
{
return(_next(context));
}
if (context.Request.Method.Equals("POST") && context.Request.HasFormContentType)
{
return(GenerateToken(context, accountService));
}
context.Response.StatusCode = StatusCodes.Status400BadRequest;
return(context.Response.WriteAsync("Bad request."));
}
private async Task GenerateToken(HttpContext context, Services.Contracts.IAccountService accountService)
{
var auth_success = false;
var username = context.Request.Form["username"];
var password = context.Request.Form["password"];
var authentication = context.Request.Form["authentication"];
if (!string.IsNullOrEmpty(authentication))
{
var dynamic = Newtonsoft.Json.JsonConvert.DeserializeObject <dynamic>(authentication.ToString().SafeDecoded());
SortedDictionary <string, string> sArray = new SortedDictionary <string, string>();
sArray.Add("UserName", dynamic.UserName.ToString());
sArray.Add("TimeStamp", dynamic.TimeStamp.ToString());
sArray.Add("Sign", dynamic.Sign.ToString());
if (SecuritySign.VerifyWithTimeStamp(sArray, sArray["Sign"], Convert.ToInt64(sArray["TimeStamp"])))
{
auth_success = true;
username = dynamic.UserName.ToString();
}
else
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("Invalid authentication.");
}
}
if (!auth_success)
{
var identity = await _options.IdentityResolver(username, password, accountService);
if (identity == null)
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("Invalid username or password.");
return;
}
}
var userInfo = await accountService.GetUserAuthInfo(username);
var now = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim(JwtRegisteredClaimNames.Sub, username),
new Claim(JwtRegisteredClaimNames.Jti, await _options.NonceGenerator()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
new Claim(JwtClaimNamesConst.Org, userInfo.OrganizationId.ToString(), ClaimValueTypes.String),
new Claim(JwtClaimNamesConst.UseName, userInfo.Name, ClaimValueTypes.String),
new Claim(JwtClaimNamesConst.Func, string.Join(",", userInfo.Functions.Select(x => x.ToString()).ToArray()))
};
// Create the JWT and write it to a string
var jwt = new JwtSecurityToken(
issuer: _options.Issuer,
audience: _options.Audience,
claims: claims,
notBefore: now,
expires: now.Add(_options.Expiration),
signingCredentials: _options.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var response = new
{
access_token = encodedJwt,
expires_in = (int)_options.Expiration.TotalSeconds,
user_name = userInfo.Name,
user_func = string.Join(",", userInfo.Functions.Select(x => x.ToString()).ToArray())
};
// Serialize and return the response
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject(response, _serializerSettings));
}
