예제 #1
0
        /// <summary>
        /// Login for Account route.
        /// </summary>
        /// <param name="loginDto"></param>
        /// <param name="account"></param>
        /// <returns></returns>
        private HttpResponseMessage AccountLoginHelper(SsoLoginRequestDTO loginDto, Account account)
        {
            var saltModel = _saltLogic.GetSalt(loginDto.Username);

            if (saltModel == null)
            {
                return(new HttpResponseMessage(HttpStatusCode.InternalServerError));
            }

            // Make sure you append the salt, not prepend (group decision).
            var hashedPassword = HashService.Instance.HashPasswordWithSalt(saltModel.PasswordSalt, loginDto.Password, true);

            if (!account.Password.Equals(hashedPassword))
            {
                return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
            }

            var token = JwtManager.Instance.GenerateToken(loginDto.Username);

            // Grab the previous access token associated with the account.
            var accountAccessToken = _jAccessTokenLogic.GetJAccessToken(loginDto.Username);

            if (accountAccessToken != null)
            {
                // Set current account token to expired list.
                var expiredToken = new ExpiredAccessToken(accountAccessToken.Value, false);
                _expiredAccessTokenLogic.Create(expiredToken);

                // Updated new access token.
                accountAccessToken.Value = token;
                _jAccessTokenLogic.Update(accountAccessToken);
            }

            // Redirect them to our Home page with their credentials logged.
            return(new HttpResponseMessage
            {
                Content = new StringContent(UrlConstants.BaseAppClient + "home?jwt=" + token),
                StatusCode = HttpStatusCode.OK
            });
        }
예제 #2
0
        public IHttpActionResult RenewToken()
        {
            string accessTokenFromRequest = "";

            // Check authorization header
            if (Request.Headers.Authorization.ToString() != null)
            {
                var authHeader = Request.Headers.Authorization;
                // Retrieve JWT from authorization header
                if (authHeader != null)
                {
                    var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader.ToString());

                    // RFC 2617 sec 1.2, "scheme" name is case-insensitive
                    if (authHeaderVal.Scheme.Equals("bearer",
                                                    StringComparison.OrdinalIgnoreCase) &&
                        authHeaderVal.Parameter != null)
                    {
                        accessTokenFromRequest = authHeaderVal.Parameter;
                    }
                }

                string username = "";
                // Obtain username from JWT if it is valid
                if (JwtManager.Instance.ValidateToken(accessTokenFromRequest, out username))
                {
                    JAccessToken accessToken = _jAccessTokenLogic.GetJAccessToken(username);
                    // Make sure the given username has an existing JWT token
                    if (accessToken != null)
                    {
                        string accessTokenStored = accessToken.Value;
                        // Compare the stored JWT to the given JWT to ensure they are the same
                        if (accessTokenFromRequest == accessTokenStored)
                        {
                            accessToken.DateTimeIssued = DateTime.UtcNow;
                            string token = JwtManager.Instance.GenerateToken(username);
                            accessToken.Value = token;
                            // Update store with new JWT value
                            _jAccessTokenLogic.Update(accessToken);
                            return(Json(new { AuthToken = token }));
                        }
                        else
                        {
                            return(Unauthorized());
                        }
                    }
                    // An existing JWT token was not found for the given username
                    else
                    {
                        return(Unauthorized());
                    }
                }
                // JWT was not valid
                else
                {
                    return(Unauthorized());
                }
            }
            // Authorization header is empty
            else
            {
                return(Unauthorized());
            }
        }