예제 #1
0
        public IAccessToken Create(int userId)
        {
            // create the token
            var    token        = container.GetInstance <IAccessToken>();
            var    passwordHash = container.GetInstance <IPasswordHash>();
            string tokenHash;
            string encryptedUserId;

            byte[]   userIdSalt;
            DateTime issuedAt, refreshed;

            // check whether there is a token existing for this userId
            bool tokenExists = tokenStorage.VerifyTokenExistence(userId, out tokenHash, out issuedAt, out refreshed);

            if (tokenExists)
            {
                if (dateHelper.IsWithinTimeOutLimit(refreshed))
                {
                    // token is still valid, refresh the token to extend the timeout
                    if (!tokenStorage.RefreshToken(userId, tokenHash, dateHelper.Now))
                    {
                        throw new Exception("Failed to refresh existing the token");
                    }

                    token.IssuedAt  = issuedAt;
                    token.Token     = tokenHash;
                    encryptedUserId = null;
                    issuedAt        = new DateTime();
                    refreshed       = new DateTime();
                    return(token);
                }
            }

            // Create the token identifier
            Guid tokenId     = openGuid.New();
            var  hashedToken = passwordHash.CreateHash(tokenId.ToString());

            userIdSalt      = encrypter.GetSalt();
            encryptedUserId = encrypter.Encrypt(userId.ToString(), userIdSalt);
            issuedAt        = dateHelper.Now;

            //store the hashInfo
            if (!tokenStorage.StoreToken(userId, hashedToken, encryptedUserId, userIdSalt, issuedAt))
            {
                throw new Exception("Failed to store the session token");
            }

            // set the token for the user
            token.Token    = hashedToken.Hash;
            token.IssuedAt = issuedAt;

            //reset all information
            hashedToken.Dispose();
            userIdSalt      = null;
            encryptedUserId = null;
            passwordHash.Dispose();
            passwordHash = null;

            return(token);
        }