public void Setup()
{
var serviceCollection = new ServiceCollection();
serviceCollection.AddCoreDependencies();
serviceCollection.AddDALDependencies();
serviceCollection.AddApiServiceCollectionDependencies();
serviceCollection.AddScoped <HttpMessageHandler>(provider => CreateMockedHttpClientHandler());
var jwtAuthorizationConfig = new JwtAuthorization
{
JwkUrl = "https://some-example-site.com",
JwtValidationRules = new JwtValidationRules()
{
ClientId = "smittestopp",
SupportedAlgorithm = "RS256",
Issuer = "https://dev-smittestopp-verification.azurewebsites.net"
}
};
serviceCollection.AddSingleton(jwtAuthorizationConfig);
serviceCollection.AddDbContext <DigNDB_SmittestopContext>(opts =>
opts.UseInMemoryDatabase(Guid.NewGuid().ToString()));
ServiceProvider serviceProvider = serviceCollection.BuildServiceProvider();
_jwtValidationService = serviceProvider.GetService <IJwtValidationService>();
}
public async Task <(string, string, int)> GetTokenAsync(string alias, string password)
{
var player = await this.playerRepository.GetAsync(alias) ?? throw new NotFoundException($"Player with alias {alias} not found.");
if (!player.Active)
{
throw new BaseException($"Player with alias {alias} is inactive. Contact to developers.");
}
if (!string.Equals(player.PasswordHash, PasswordHasher.GetPasswordHash(password), StringComparison.InvariantCulture))
{
throw new BaseException($"Wrond alias or password.");
}
var token = JwtAuthorization.GenerateToken(player, this.configuration);
var refresh = JwtAuthorization.GenerateRefreshToken(this.configuration);
await this.refreshTokenRepository.RevokeUsersTokensAsync(player.Id);
await this.refreshTokenRepository.CreateAsync(new RefreshToken
{
Id = refresh.refreshTokenKey,
Active = true,
Token = refresh.refreshTokenValue,
UserId = player.Id
});
return(token, refresh.refreshTokenKey, (int)this.configuration.Expiration.TotalSeconds);
}
public JwkRsaProviderService(
JwtAuthorization jwtAuthorizationConfiguration,
HttpMessageHandler?httpMessageHandler = null)
{
httpMessageHandler ??= new HttpClientHandler();
_httpClient = new HttpClient(httpMessageHandler);
_httpClient.DefaultRequestHeaders.Add("accept", "application/json");
_jwkUrl = new Uri(jwtAuthorizationConfiguration.JwkUrl);
}
public JwtValidationService(
IRsaProviderService rsaProviderService,
IJwtTokenReplyAttackService jwtTokenReplyAttackService,
JwtAuthorization jwtAuthorizationConfiguration)
{
_rsaProviderService = rsaProviderService;
_jwtTokenReplyAttackService = jwtTokenReplyAttackService;
_validClientIdValue = jwtAuthorizationConfiguration.JwtValidationRules.ClientId;
_supportedAlgorithm = jwtAuthorizationConfiguration.JwtValidationRules.SupportedAlgorithm;
_validIssuer = jwtAuthorizationConfiguration.JwtValidationRules.Issuer;
}
public async Task <(string, string, int)> GetTokenAsync(string refreshToken)
{
var refreshentity = await this.refreshTokenRepository.GetAsync(refreshToken) ?? throw new NotFoundException();
if (!refreshentity.Active)
{
throw new TokenInactiveException($"Token is inactive. You should relogin");
}
var tokenentity = new JwtSecurityTokenHandler().ReadJwtToken(refreshentity.Token);
if (tokenentity.ValidTo < DateTime.UtcNow)
{
throw new TokenExpiredException($"Token is expired. You should relogin");
}
var alias = tokenentity.Claims.FirstOrDefault(t => t.Type == FootballClaims.PlayerAlias)?.Value;
if (string.IsNullOrEmpty(alias))
{
throw new NotFoundException("Not found alias.");
}
var player = await this.playerRepository.GetAsync(alias);
if (player == null)
{
throw new NotFoundException("Not found player.");
}
var token = JwtAuthorization.GenerateToken(player, this.configuration);
var refresh = JwtAuthorization.GenerateRefreshToken(this.configuration);
await this.refreshTokenRepository.RevokeUsersTokensAsync(player.Id);
await this.refreshTokenRepository.CreateAsync(new RefreshToken
{
Id = refresh.refreshTokenKey,
Active = true,
Token = refresh.refreshTokenValue,
UserId = player.Id
});
return(token, refresh.refreshTokenKey, (int)this.configuration.Expiration.TotalSeconds);
}
