public virtual bool IsAuthorized(string provider)
{
var tokens = this.GetAuthTokens(provider);
return(AuthenticateService.GetAuthProvider(provider).IsAuthorizedSafe(this, tokens));
}
/// <summary>
/// Configure the service with plugins and features.
/// </summary>
public override void Configure(Container container)
{
//set up orm connection factory, mainly used for auth stuff
var dbFactory = new OrmLiteConnectionFactory(AppSettings.GetConnectionString("AUTH_DB"), SqlServer2012Dialect.Provider);
container.Register <IDbConnectionFactory>(c => dbFactory);
Plugins.Add(new OpenApiFeature()); //the open api feature
//implement the custom auth provider
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
//new AspNetWindowsAuthProvider(this), //<-- this can only be used when hoisting in IIS!!!
new ApiKeyAuthProvider(AppSettings),
new CredentialsAuthProvider(AppSettings),
new JwtAuthProvider(AppSettings), //<--when not using Microsoft.Identity.Client to get JWT token.
//new AadJwtAuthProvider(AppSettings),
//new MicrosoftGraphAuthProvider(AppSettings),
//new IdentityServerAuthFeature(AppSettings),
//new CustomCredentialsAuthProvider(), //<-- we will use this to look at active directory, although should be changed to something else
//other providers can be used for external connections.
}));
//allso add the registration feature, where we can register users, roles and permissions
Plugins.Add(new RegistrationFeature());
//add a memory cache client to the container.
//container.Register<ICacheClient>(new MemoryCacheClient()); //<-- to do this in memory while in dev.
//container.RegisterAs<OrmLiteCacheClient, ICacheClient>();
//container.Register<IDbConnectionFactory>(c => new OrmLiteConnectionFactory(ConfigurationManager.ConnectionStrings["AUTH_DB"].ConnectionString, SqlServer2012Dialect.Provider));
//container.Register<IAuthRepository>(c => new OrmLiteAuthRepository(c.Resolve<IDbConnectionFactory>())
//{ UseDistinctRoleTables = true });
//container.Resolve<IAuthRepository>().InitSchema();
//container.Resolve<ICacheClient>().InitSchema();
//container.Register<ICacheClient>(new JarsCacheClient());
//container.Register<IAuthRepository>(c => new JarsAuthRepository());
container.Register <ICacheClient>(new OrmLiteCacheClient()
{
DbFactory = dbFactory
});
container.Resolve <ICacheClient>().InitSchema();
container.Register <IAuthRepository>(c => new OrmLiteAuthRepository(dbFactory));
container.Resolve <IAuthRepository>().InitSchema();
//new SaltedHash().GetHashAndSaltString("password", out string hash, out string salt);
//then we need to add a user to authenticate to the user repository.
var authRepo = container.Resolve <IAuthRepository>();
if (authRepo.GetUserAuthByUserName("JarsAdminUser") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "Admin",
LastName = "Admin",
DisplayName = "Jars Admin",
UserName = "******",
Email = "*****@*****.**",
Roles = { RoleNames.Admin },
Permissions = { JarsPermissions.Full }
}, "J@r5@dm1nU53r");
}
if (authRepo.GetUserAuthByUserName("JarsMobileApp") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "JarsMobile",
LastName = "App",
DisplayName = "JarsMobile App",
UserName = "******",
//Email = "*****@*****.**",
Roles = { JarsRoles.MobileApp },
Permissions = { JarsPermissions.CanView, JarsPermissions.CanAdd, JarsPermissions.CanEdit, JarsPermissions.CanDelete }
}, "Th1sN33ds70Ch@ng£");
}
if (authRepo.GetUserAuthByUserName("AdminUser") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "AdminTest",
LastName = "AdminTest",
DisplayName = "Jars Admin Test",
UserName = "******",
Email = "*****@*****.**",
Roles = { RoleNames.Admin },
Permissions = { JarsPermissions.Full }
}, "adminuser");
}
if (authRepo.GetUserAuthByUserName("guestuser") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "Guest",
LastName = "User",
DisplayName = "Guest User",
UserName = "******",
Email = "*****@*****.**",
Roles = { JarsRoles.Guest },
}, "guestuser");
//get the user from the database and give it some roles
var testUser = authRepo.GetUserAuthByUserName("guestuser");
authRepo.AssignRoles(testUser, new[] { JarsRoles.Guest });
}
if (authRepo.GetUserAuthByUserName("TestUser") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "Test",
LastName = "User",
DisplayName = "Test User",
UserName = "******",
Email = "*****@*****.**",
Roles = { JarsRoles.User },
}, "testuser");
//get the user from the database and give it some roles
var testUser = authRepo.GetUserAuthByUserName("testuser");
authRepo.AssignRoles(testUser, new[] { JarsRoles.User }, new[] { JarsPermissions.CanView, JarsPermissions.CanAddAppointment });
}
if (authRepo.GetUserAuthByUserName("TestUser") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "Power",
LastName = "User",
DisplayName = "Power User",
UserName = "******",
Email = "*****@*****.**",
Roles = { JarsRoles.PowerUser },
}, "poweruser");
//get the user from the database and give it some roles
var testUser = authRepo.GetUserAuthByUserName("poweruser");
authRepo.AssignRoles(testUser, new[] { JarsRoles.PowerUser });
}
if (authRepo.GetUserAuthByUserName("TestUser") == null)
{
authRepo.CreateUserAuth(new UserAuth()
{
FirstName = "Manager",
LastName = "User",
DisplayName = "Manager User",
UserName = "******",
Email = "*****@*****.**",
Roles = { JarsRoles.Manager },
}, "manageruser");
//get the user from the database and give it some roles
var testUser = authRepo.GetUserAuthByUserName("manageruser");
authRepo.AssignRoles(testUser, new[] { JarsRoles.Manager });
}
AfterInitCallbacks.Add(host =>
{
var authProvider = (ApiKeyAuthProvider)
AuthenticateService.GetAuthProvider(ApiKeyAuthProvider.Name);
using (var db = host.TryResolve <IDbConnectionFactory>().Open())
{
var userWithKeysIds = db.Column <string>(db.From <ApiKey>()
.SelectDistinct(x => x.UserAuthId)).Map(int.Parse);
var userIdsMissingKeys = db.Column <string>(db.From <UserAuth>()
.Where(x => userWithKeysIds.Count == 0 || !userWithKeysIds.Contains(x.Id))
.Select(x => x.Id));
var aRepo = (IManageApiKeys)host.TryResolve <IAuthRepository>();
foreach (var userId in userIdsMissingKeys)
{
var apiKeys = authProvider.GenerateNewApiKeys(userId.ToString());
aRepo.StoreAll(apiKeys);
}
}
});
}
public virtual bool IsAuthorized(string provider)
{
var tokens = ProviderOAuthAccess.FirstOrDefault(x => x.Provider == provider);
return(AuthenticateService.GetAuthProvider(provider).IsAuthorizedSafe(this, tokens));
}
public async Task Login(string token, string operatingSystem, string ipAddress, string nameVersionClient)
{
var jwtAuthProviderReader = (JwtAuthProviderReader)AuthenticateService.GetAuthProvider("jwt");
try
{
var jwtPayload = jwtAuthProviderReader.GetVerifiedJwtPayload(new BasicHttpRequest(), token.Split('.'));
await Groups.AddToGroupAsync(this.Context.ConnectionId, _loginedGroup);
Context.Items["login"] = jwtPayload["name"];
Context.Items["uid"] = jwtPayload["sub"];
Context.Items["session"] = jwtPayload["session"];
var user = await _ravenSession.LoadAsync <User>(jwtPayload["sub"]);
if (user != null)
{
Context.Items["nickname"] = user.DisplayName;
}
var logOn = new LogOn
{
Id = jwtPayload["sub"],
UserLogin = jwtPayload["name"],
};
if (long.TryParse(jwtPayload["exp"], out long expire))
{
logOn.ExpireTime = DateTimeOffset.FromUnixTimeSeconds(expire);
if (logOn.ExpireTime < DateTimeOffset.UtcNow)
{
throw new TokenException("Token is expired");
}
}
await Clients.Caller.SendAsync(logOn);
var userLoginAudit = await _ravenSession.LoadAsync <LoginAudit>(jwtPayload["sub"] + "/LoginAudit");
if (userLoginAudit != null)
{
if (jwtPayload["session"] != userLoginAudit.SessionId)
{
userLoginAudit.NameVersionClient = nameVersionClient;
userLoginAudit.OperatingSystem = operatingSystem;
userLoginAudit.IpAddress = ipAddress;
userLoginAudit.DateOfEntry = DateTime.Now;
userLoginAudit.SessionId = jwtPayload["session"];
await _ravenSession.StoreAsync(userLoginAudit);
await _ravenSession.SaveChangesAsync();
}
}
else
{
userLoginAudit = new LoginAudit
{
Id = jwtPayload["sub"] + "/LoginAudit",
OperatingSystem = operatingSystem,
DateOfEntry = DateTime.Now,
IpAddress = ipAddress,
NameVersionClient = nameVersionClient,
SessionId = jwtPayload["session"]
};
await _ravenSession.StoreAsync(userLoginAudit);
await _ravenSession.SaveChangesAsync();
}
Log.Information($"Connected {Context.Items["login"]}({Context.Items["uid"]}) with session {Context.Items["session"]}");
}
catch (Exception e)
{
await Clients.Caller.SendAsync(new LogOn
{
Error = true
});
Log.Warning($"Bad token from connection {Context.ConnectionId}");
}
}
