public void GenerateEncodedToken_Should_Generate_Proper_Token_With_Extra_Claims(string userId, string email, Fixture claimsFixture)
{
// Arrange
// To enable AutoFixture to generate claims
claimsFixture.Behaviors.Add(new OmitOnRecursionBehavior());
claimsFixture.Customize <Claim>(
c => c.FromFactory(new MethodInvoker(new GreedyConstructorQuery())));
var claims = claimsFixture.Create <List <Claim> >();
// Act
var result = _jwtFactory.GenerateEncodedToken(userId, email, claims);
// Assert
var jwt = new JwtSecurityToken(result);
jwt.Claims.ShouldContain(c => c.Type == JwtRegisteredClaimNames.Iss && c.Value == _jwtConfiguration.Issuer);
jwt.Claims.ShouldContain(c => c.Type == JwtRegisteredClaimNames.Sub && c.Value == userId);
jwt.Claims.ShouldContain(c => c.Type == JwtRegisteredClaimNames.Email && c.Value == email);
jwt.Claims.ShouldContain(c => c.Type == JwtRegisteredClaimNames.Aud && c.Value == _jwtConfiguration.Audience);
// The jwt should contain all of the extra claims
claims.ShouldAllBe(c => jwt.Claims.Any(x => x.Type == c.Type && x.Value == c.Value));
jwt.ValidFrom.ShouldBe(DateTime.UtcNow, TimeSpan.FromSeconds(10));
jwt.ValidTo.ShouldBe(DateTime.UtcNow.Add(_jwtConfiguration.ValidFor), TimeSpan.FromSeconds(10));
}
public async Task <Option <JwtModel, Error> > Login(LoginUserModel model)
{
var loginResult = await(await UserManager.FindByEmailAsync(model.Email))
.SomeNotNull()
.FilterAsync(async user => await UserManager.CheckPasswordAsync(user, model.Password));
return(loginResult.Match(
user =>
{
Company company = _companyService.GetCompany(user.Email.Split('@')[1]);
return new JwtModel
{
TokenString = JwtFactory.GenerateEncodedToken(user.Id, user.Email, new List <Claim>
{
new Claim("CompanyGuid", company.Guid.ToString()),
new Claim("CompanyName", company.Name),
new Claim("CompanyDomain", company.DomainName)
})
}.Some <JwtModel, Error>();
},
() => Option.None <JwtModel, Error>(new Error("Invalid credentials."))));
}
public async void GenerateEncodedToken_GivenValidInputs_ReturnsExpectedTokenData()
{
// arrange
var token = Guid.NewGuid().ToString();
var id = Guid.NewGuid().ToString();
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("secret_key"));
var jwtIssuerOptions = new JwtIssuerOptions
{
Issuer = "",
Audience = "",
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
};
var mockJwtTokenHandler = new Mock <IJwtTokenHandler>();
mockJwtTokenHandler.Setup(handler => handler.WriteToken(It.IsAny <JwtSecurityToken>())).Returns(token);
var jwtFactory = new JwtFactory(mockJwtTokenHandler.Object, Options.Create(jwtIssuerOptions));
// act
var result = await jwtFactory.GenerateEncodedToken(id, "userName");
// assert
Assert.Equal(token, result.Token);
}
public async Task <IActionResult> Post([FromBody] CredentialsViewModel credentials)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!userService.IsAuthorized(credentials.UserName, credentials.Password))
{
return(BadRequest("login failed"));
}
// Serialize and return the response
try
{
var response = new
{
access_token = jwtFactory.GenerateEncodedToken(credentials.UserName)
};
var json = JsonConvert.SerializeObject(response, new JsonSerializerSettings
{
Formatting = Formatting.Indented
});
return(Ok(json));
}
catch (Exception ex)
{
System.Console.WriteLine(ex.GetBaseException().Message);
throw;
}
}
public static async Task <string> GenerateJwt(ClaimsIdentity identity, JwtFactory jwtFactory, string userName, JwtIssuerOptions jwtOptions, JsonSerializerSettings serializerSettings)
{
var response = new
{
id = identity.Claims.Single(c => c.Type == "id").Value,
auth_token = await jwtFactory.GenerateEncodedToken(userName, identity),
expires_in = (int)jwtOptions.ValidFor.TotalSeconds
};
return(JsonConvert.SerializeObject(response, serializerSettings));
}
public async Task <IActionResult> Post([FromBody] LoginModel loginModel)
{
var login = await CheckPasswordAsync(loginModel.Email, loginModel.Password);
if (!login)
{
return(BadRequest());
}
return(new OkObjectResult(new
{
token = jwtFactory.GenerateEncodedToken(loginModel.Email)
}));
}
public async Task WhenGeneratingEncodedTokenItShouldReturnAnAuthToken()
{
_jwtOptionsnMock.Setup(p => p.Value)
.Returns(new JwtOptions {
Audience = "", Issuer = "", SigningCredentials = new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256), Subject = "ASubject", ValidFor = new TimeSpan(0, 0, 7200)
});
_objectToTest = new JwtFactory(_jwtOptionsnMock.Object);
var claims = _objectToTest.GenerateClaimsIdentity("UserName", "Id");
var token = await _objectToTest.GenerateEncodedToken("UserName", claims);
Assert.NotNull(token);
}
public async Task <Option <JwtModel, Error> > Login(LoginUserModel model)
{
var loginResult = await(await UserManager.FindByEmailAsync(model.Email))
.SomeNotNull()
.FilterAsync(async user => await UserManager.CheckPasswordAsync(user, model.Password));
return(loginResult.Match(
user =>
{
return new JwtModel
{
TokenString = JwtFactory.GenerateEncodedToken(user.Id, user.Email, new List <Claim>())
}.Some <JwtModel, Error>();
},
() => Option.None <JwtModel, Error>(new Error("Invalid credentials."))));
}
public async Task <Option <JwtModel, Error> > Login(LoginUserModel model)
{
var loginResult = await(await UserManager.FindByEmailAsync(model.Email))
.SomeNotNull(new Error("Such an user does not exist!"))
.FilterAsync(
async user => await UserManager.CheckPasswordAsync(user, model.Password),
new Error("Invalid credentials."));
return(await loginResult.FlatMapAsync(async user =>
{
var claims = await UserManager.GetClaimsAsync(user);
return new JwtModel(
JwtFactory.GenerateEncodedToken(
userId: user.Id,
email: user.Email,
additionalClaims: claims)).Some <JwtModel, Error>();
}));
}
private string GenerateToken(string userId, string email) => JwtFactory.GenerateEncodedToken(userId, email, new List <Claim>());
public async Task <string> GenerateJwt(JwtFactory jwtFactory, AppUser user, JwtIssuerOptions jwtOptions, JsonSerializerSettings serializerSettings, List <string> roles)
{
var response = await jwtFactory.GenerateEncodedToken(user, roles);
return(response);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider, ILogger logger, IHostApplicationLifetime lifetime)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
//app.UseDatabaseErrorPage();
}
else
{
app.ConfigureExceptionHandler(logger);
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors(options => options.AllowAnyOrigin().AllowAnyHeader());
//app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSerilogRequestLogging();
app.UseAuthentication();
app.UseRouting();
app.Use(async(context, next) =>
{
// Do work that doesn't write to the Response.
await next.Invoke();
// Do logging or other work that doesn't write to the Response.
});
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
// Check for lifetime shutdown working with WebSocket active
lifetime.ApplicationStopping.Register(() =>
{
logger.Information("Wikibot is shutting down.");
}, true);
lifetime.ApplicationStopped.Register(() =>
{
logger.Information("Wikibot has stopped.");
}, true);
var configuration = app.ApplicationServices.GetRequiredService <IConfiguration>();
var dashboardUrl = configuration["DashboardURL"];
app.Use(async(context, next) =>
{
var url = context.Request.Path.Value;
// Redirect to an external URL
if (url.Contains("/Dashboard") && (context.User.IsInRole("WikiMod") || context.User.IsInRole("BotAdmin")))
{
var jwtOptions = app.ApplicationServices.GetRequiredService <IOptions <JwtIssuerOptions> >();
var factory = new JwtFactory(jwtOptions);
var jwtToken = await factory.GenerateEncodedToken(context.User.Identity.Name, context.User.Identities.First());
context.Response.Redirect($"{dashboardUrl}?auth_token= {jwtToken}"); //Update URL
return; // short circuit
}
await next();
});
// Enable middleware to serve generated Swagger as a JSON endpoint.
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
// specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
CreateUserRoles(serviceProvider, configuration).Wait();
}