public IActionResult Login([FromBody] Login body)
{
if (string.IsNullOrEmpty(body.Password) || body.Password.Length < 8)
{
return(StatusCode(401));
}
UserInfo user = _userService.Login(body.Email, body.Password);
if (user == null)
{
return(StatusCode(401));
}
var accessToken = JwtIssuer.Issue(
user.Id,
user.DisplayName,
user.Email,
user.Level == UserLevel.Administrator);
return(Ok(new LoginResponse
{
AccessToken = accessToken,
Expires = (int)JwtSettings.Expiration.TotalSeconds
}));
}
private IJwtIssuer ConfigureSecurity(IServiceCollection services)
{
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["securitySettings:tokenKey"]));
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
IssuerSigningKey = key
});
services
.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
});
var jwtIssuer = new JwtIssuer(key,
TimeSpan.FromMinutes(Configuration.GetValue <int>("securitySettings:tokenLifeMinutes")));
return(jwtIssuer);
}
private static int Execute(IReporter reporter, string projectPath, string id, bool showFull)
{
if (!DevJwtCliHelpers.GetProjectAndSecretsId(projectPath, reporter, out var _, out var userSecretsId))
{
return(1);
}
var jwtStore = new JwtStore(userSecretsId);
if (!jwtStore.Jwts.TryGetValue(id, out var jwt))
{
reporter.Output(Resources.FormatPrintCommand_NoJwtFound(id));
return(1);
}
reporter.Output(Resources.FormatPrintCommand_Confirmed(id));
JwtSecurityToken fullToken;
if (showFull)
{
fullToken = JwtIssuer.Extract(jwt.Token);
DevJwtCliHelpers.PrintJwt(reporter, jwt, fullToken);
}
return(0);
}
public UsersController(
UserService svc,
JwtIssuer jwtIssuer,
UserRepository users)
{
_svc = svc;
_jwtIssuer = jwtIssuer;
_users = users;
}
public AuthController(
IGoogleService googleService,
IUserService userService,
JwtIssuer jwtIssuer)
{
this.googleService = googleService;
this.userService = userService;
this.jwtIssuer = jwtIssuer;
}
public AuthController(
ExternalLoginProvider externalLoginProvider,
IAccountSerivce accountService,
JwtIssuer jwtIssuer,
AppSettings appSettings)
{
this.externalLoginProvider = externalLoginProvider;
this.accountService = accountService;
this.jwtIssuer = jwtIssuer;
this.appSettings = appSettings;
}
public void UserIdMustBeEqualsUserIdEncryptedInToken()
{
var securitySettings = new SecuritySettings("lod-misis.ru", "asdasfsagfhjkgflsdakjfb.jgglg[jnfjjnrjbvajk",
TimeSpan.Parse("720:00:00"), null, TimeSpan.Zero);
var jwtIssuer = new JwtIssuer(securitySettings);
var userId = "test";
var token = jwtIssuer.IssueAccessJwt(userId);
var handler = new JwtSecurityTokenHandler();
var dycryptedUserId = handler.ReadJwtToken(token).Claims.First(c => c.Type == "UserId").Value;
Assert.AreEqual(userId, dycryptedUserId);
}
public void SaveConfiguration()
{
Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
config.AppSettings.Settings[nameof(Configured)].Value = Configured.ToString();
config.AppSettings.Settings[nameof(ConnectionString)].Value = ConnectionString.ToString();
config.AppSettings.Settings[nameof(JwtIssuer)].Value = JwtIssuer.ToString();
config.AppSettings.Settings[nameof(JwtAudience)].Value = JwtAudience.ToString();
config.AppSettings.Settings[nameof(JwtExpiryInDays)].Value = JwtExpiryInDays.ToString();
config.AppSettings.Settings[nameof(JwtSecurityKey)].Value = JwtSecurityKey.ToString();
//config.AppSettings.Settings[nameof(ExtendsClassApi)].Value = ExtendsClassApi.ToString();
config.Save(ConfigurationSaveMode.Modified);
ConfigurationManager.RefreshSection(config.AppSettings.SectionInformation.Name);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
ConfigureLogging();
services.AddMvc(options =>
{
options.Filters.Add(new ActionFilter());
options.Filters.Add(new ExceptionFilter());
});
var securityConfiguration = Configuration.GetSection("Security");
var emailCredentialsConfiguration = Configuration.GetSection("EmailCredatials");
var emailCredatials = new NetworkCredential(emailCredentialsConfiguration["Address"],
emailCredentialsConfiguration["Password"]);
var userRepository = new UserRepository();
var userService = new UserService(userRepository);
var smsRepository = new SMSRepository();
var emailRepository = new EmailRepository();
var messageService = new MessageService(emailRepository, smsRepository, emailCredatials);
services.AddSingleton <IUserService>(userService);
services.AddSingleton <IMessageService>(messageService);
services.AddSingleton <ExceptionFilter>(new ExceptionFilter());
services.AddSingleton <ActionFilter>(new ActionFilter());
var securitySettings = new SecuritySettings(securityConfiguration["EncryptionKey"],
securityConfiguration["Issue"],
securityConfiguration.GetValue <TimeSpan>("ExpirationPeriod"));
var jwtIssuer = new JwtIssuer(securitySettings);
services.AddSingleton <IJwtIssuer>(jwtIssuer);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(securitySettings.EncryptionKey))
};
});
StartSendingMessage(messageService);
}
public static IServiceCollection AddJwtIssuerAndBearer(this IServiceCollection services, JwtIssuerOptions options)
{
var jwtIssuer = new JwtIssuer(options);
services.AddSingleton(jwtIssuer);
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(jwtOptions =>
{
jwtOptions.TokenValidationParameters = jwtIssuer.TokenValidationParameters;
});
return(services);
}
protected Task <IPrincipal> AuthenticateJwtToken(string token, JwtIssuer jwtProvider)
{
if (this.ValidateToken(jwtProvider, token, out var claimsPrincipal))
{
// based on username to get more information from database in order to build local identity
var claims = claimsPrincipal.Claims;
var identity = new ClaimsIdentity(claims, "Jwt");
IPrincipal user = new ClaimsPrincipal(identity);
return(Task.FromResult(user));
}
return(Task.FromResult <IPrincipal>(null));
}
private void ConfigureSecurity(IServiceCollection services)
{
var sercurityConfiguration = Configuration.GetSection("Security");
var securitySetting = new SecuritySettings(
sercurityConfiguration["Issuer"],
sercurityConfiguration.GetValue <TimeSpan>("ExpirationPeriod"),
Credentials.FromRawData(sercurityConfiguration["AdminEmail"], sercurityConfiguration["AdminPassword"]),
sercurityConfiguration["EncryptionKey"]
);
var jwtIssuer = new JwtIssuer(securitySetting);
services.AddSingleton(securitySetting);
services.AddSingleton <IJwIssuer>(jwtIssuer);
}
public void Encode()
{
var privateKeyId = "keys/private/test.pem";
var claims = new Claims()
{
ExpireData = DateTime.Now.AddMinutes(1),
Payload = new Dictionary <string, object>()
{
{ "hello", "world" }
}
};
var jwt = JwtIssuer.Encode(claims, privateKeyId);
Assert.IsNotNull(jwt);
}
private void ConfigureSecurity(IServiceCollection services)
{
var securityConfiguration = Configuration.GetSection("Security");
var securitySettings = new SecuritySettings(
securityConfiguration["EncryptionKey"], securityConfiguration["Issue"],
securityConfiguration.GetValue <TimeSpan>("ExpirationPeriod"));
var jwtIssuer = new JwtIssuer(securitySettings);
services.AddSingleton(securitySettings);
services.AddSingleton <IJwtIssuer>(jwtIssuer);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(securitySettings.EncryptionKey))
};
});
services
.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
options.AddPolicy("AdminOnly",
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireClaim(Claims.Roles.RoleClaim, Claims.Roles.Admin).Build());
options.AddPolicy("ModeratorsOnly",
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireClaim(Claims.Roles.RoleClaim, Claims.Roles.Moderator).Build());
options.AddPolicy("AdminAndModeratorsOnly",
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireClaim(Claims.Roles.RoleClaim, Claims.Roles.Admin, Claims.Roles.Moderator).Build());
});
}
private bool ValidateToken(JwtIssuer jwtIssuer, string token, out ClaimsPrincipal claimsPrincipal)
{
claimsPrincipal = jwtIssuer.GetPrincipal(token);
var identity = claimsPrincipal?.Identity as ClaimsIdentity;
if (identity == null)
{
return(false);
}
if (!identity.IsAuthenticated)
{
return(false);
}
return(true);
}
private static void RegisterDI(HttpConfiguration config)
{
var builder = new ContainerBuilder();
builder.RegisterApiControllers(Assembly.GetExecutingAssembly());
var jwtIssuer = new JwtIssuer(options =>
{
options.Audience = "https://localhost:44309/";
options.Issuer = "https://localhost:44309/";
options.SecurityKey = "PUT-YOUR-KEY-HERE";
});
builder.RegisterInstance(jwtIssuer);
var container = builder.Build();
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
}
public void DecodeTest_ExpireNotSet()
{
var privateKeyId = "keys/private/test.pem";
var publicKeyId = "keys/public/test.pem";
var claims = new Claims()
{
Payload = new Dictionary <string, object>()
{
{ "hello", "world" }
}
};
var jwt = JwtIssuer.Encode(claims, privateKeyId);
Assert.IsNotNull(jwt);
var payload = JwtIssuer.Decode(jwt, publicKeyId);
Assert.AreEqual("world", payload["hello"]);
}
/// <summary>
/// Load your modules or register your services here!
/// </summary>
/// <param name="kernel">The kernel.</param>
private static void RegisterServices(IKernel kernel)
{
kernel.Bind <NLog.ILogger>().To <NLog.Logger>();
/*kernel.Bind<Core.ILogger>().ToMethod(x =>
* {
* var scope = x.Request.ParentRequest != null
* ? x.Request.ParentRequest.Service.FullName
* : x.Request.Service.FullName;
* var log = (Core.ILogger) LogManager.GetLogger(scope, typeof(LoggerService));
* return log;
* });*/
kernel.Bind <IAuthenticateService>().To <JwtTokenAuthenticationService>();
kernel.Bind <IAreaService>().To <AreaService>();
kernel.Bind <IDocumentTypeService>().To <DocumentTypeService>();
kernel.Bind <IEventTypeService>().To <EventTypeService>();
kernel.Bind <IUserService>().To <UserService>();
kernel.Bind <IDocumentService>().To <DocumentService>();
kernel.Bind <IEventService>().To <EventService>();
kernel.Bind <IQueryService>().To <QueryService>();
kernel.Bind <IFtpService>().To <FtpService>();
kernel.Bind <IFileCacheService>().To <FileCacheService>();
kernel.Bind <IPopupService>().To <PopupService>();
kernel.Bind <IConfigurationProvider>().To <ConfigurationProvider>().InSingletonScope();
kernel.Bind <FileCacheProvder>().ToSelf().InSingletonScope();
var configProvider = kernel.Get <IConfigurationProvider>();
var jwtIssuer = new JwtIssuer(options =>
{
options.Audience = configProvider.JwtSettings.Audience;
options.Issuer = configProvider.JwtSettings.Issuer;
options.ExpireSeconds =
configProvider.JwtSettings.AccessExpirationSeconds;
options.SecurityKey = Guid.NewGuid().ToString();
});
kernel.Bind <JwtIssuer>().ToConstant(jwtIssuer);
}
public async Task <CrossroadsDecodedToken> DecodeAndValidateToken(string token, IOIDConfigurationService configService)
{
JwtSecurityToken decodedToken = DecodeToken(token);
// Get updated configurations for auth servers
var mpConfiguration = await configService.GetMpConfigAsync();
var oktaConfiguration = await configService.GetOktaConfigAsync();
JwtIssuer issuer = GetAndValidateIssuer(decodedToken, mpConfiguration, oktaConfiguration);
ValidateToken(token, issuer.configuration);
CrossroadsDecodedToken crossroadsDecodedToken = new CrossroadsDecodedToken
{
decodedToken = decodedToken,
authProvider = issuer.authProvider
};
return(crossroadsDecodedToken);
}
private JwtIssuer GetAndValidateIssuer(JwtSecurityToken decodedToken, OpenIdConnectConfiguration mpConfiguration, OpenIdConnectConfiguration oktaConfiguration)
{
JwtIssuer issuer = new JwtIssuer();
if (decodedToken.Issuer == mpConfiguration.Issuer)
{
issuer.authProvider = AuthConstants.AUTH_PROVIDER_MP;
issuer.configuration = mpConfiguration;
}
else if (decodedToken.Issuer == oktaConfiguration.Issuer)
{
issuer.authProvider = AuthConstants.AUTH_PROVIDER_OKTA;
issuer.configuration = oktaConfiguration;
}
else
{
string exceptionMessage = $"The token issuer: {decodedToken.Issuer} was invalid";
_logger.Warn(exceptionMessage);
throw new SecurityTokenInvalidIssuerException(exceptionMessage);
}
return(issuer);
}
public UserActions(JwtIssuer jwtIssuer)
{
_jwtIssuer = jwtIssuer;
}
public UserActions(UserManager <AppUser> userManager, JwtIssuer issuer)
{
this.userManager = userManager;
this.issuer = issuer;
}
public TestController(JwtIssuer jwtIssuer)
{
this.jwtIssuer = jwtIssuer;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// CONFIGURATION SETTINGS
var applicationConfiguration = Configuration.GetSection("Application");
var applicationSettings = new ApplicationSettings(
applicationConfiguration["DefaultNickname"],
applicationConfiguration.GetValue <double>("RadiusAround"),
applicationConfiguration["UploadsFolderName"]);
services.AddSingleton(applicationSettings);
var securityConfiguration = Configuration.GetSection("Security");
var securitySettings = new SecuritySettings(
securityConfiguration["EncryptionKey"],
securityConfiguration["Issue"],
securityConfiguration.GetValue <TimeSpan>("ExpirationPeriod"));
services.AddSingleton(securitySettings);
// REPOSITORIES
IShyneesRepository shyneesRepository;
if (Configuration.GetValue <bool>("Database:IsInMemory"))
{
shyneesRepository = new InMemoryShyneesRepository();
}
else
{
var dbConfiguration = Configuration.GetSection("Database:MongoDB");
var dbSettings = new DbSettings(
dbConfiguration["ConnectionString"],
dbConfiguration["Database"]);
services.AddSingleton(dbSettings);
var dbMapper = new DbMapper();
var dbContext = new DbContext(dbSettings);
shyneesRepository = new ShyneesRepository(dbContext);
}
// SERVICES
var shyneesService = new ShyneesService(shyneesRepository, applicationSettings);
var assetsService = new AssetsService(applicationSettings);
services.AddSingleton <IShyneesService>(shyneesService);
services.AddSingleton <IAssetsService>(assetsService);
// OTHER DEPENDENCIES
services.AddScoped <ModelValidationAttribute>();
var jwtIssuer = new JwtIssuer(securitySettings);
services.AddSingleton <IJwtIssuer>(jwtIssuer);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(securitySettings.EncryptionKey))
};
});
services
.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
});
services.AddCors(options =>
{
options.AddPolicy("EnableCORS", builder =>
{
builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials().Build();
});
});
services.AddMvc(config =>
{
config.ReturnHttpNotAcceptable = true;
});
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info
{
Title = Configuration["Swagger:Title"],
Version = Configuration["Swagger:Version"],
Description = Configuration["Swagger:Description"]
});
options.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Description =
"JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey"
});
options.IncludeXmlComments(string.Format(@"{0}/ShyneeBackend.Application.xml",
AppDomain.CurrentDomain.BaseDirectory));
options.IncludeXmlComments(string.Format(@"{0}/ShyneeBackend.Domain.xml",
AppDomain.CurrentDomain.BaseDirectory));
options.DescribeAllEnumsAsStrings();
});
}
public AccountController(UserManager <AppUser> userManager, RoleManager <IdentityRole> roleManager, JwtIssuer issuer)
{
this.userManager = userManager;
this.roleManager = roleManager;
this.issuer = issuer;
}
public JwtService(JwtIssuer jwtIssuer)
{
this.jwtIssuer = jwtIssuer;
}
public JwtTokenAuthenticationService(IUserService userService, JwtIssuer jwtIssuer)
{
this.userService = userService;
this.jwtIssuer = jwtIssuer;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
StartLogging();
var connectionString = "mongodb://localhost";
var client = new MongoClient(connectionString);
var db = client.GetDatabase("ItHappenedDB");
services.AddOptions();
services.AddMemoryCache();
services.Configure <IpRateLimitOptions>(Configuration.GetSection("IpRateLimiting"));
services.Configure <IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
services.AddSingleton <IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton <IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
var securityConfiguration = Configuration.GetSection("Security");
var securitySettings = new SecuritySettings(securityConfiguration["Issue"],
securityConfiguration["AccessEncryptionKey"],
securityConfiguration.GetValue <TimeSpan>("AccessExpirationPeriod"),
securityConfiguration["RefreshEncryptionKey"],
securityConfiguration.GetValue <TimeSpan>("RefreshExpirationPeriod"));
var jwtIssuer = new JwtIssuer(securitySettings);
services.AddSingleton(securitySettings);
services.AddSingleton <IJwtIssuer>(jwtIssuer);
var accessTokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(securitySettings.AccessEncryptionKey))
};
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = accessTokenValidationParameters;
});
services
.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build();
});
var accessFilter = new AccessFilter(accessTokenValidationParameters);
var refreshTokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(securitySettings.RefreshEncryptionKey)),
ClockSkew = TimeSpan.Zero
};
var refreshFilter = new RefreshTokenFilter(refreshTokenValidationParameters);
services.AddSingleton(refreshFilter);
services.AddSingleton(accessFilter);
var userRepository = new UserRepository(db);
var trackingManager = new TrackingManager(userRepository);
services.AddSingleton <ITrackingManager>(trackingManager);
services.AddMvc(o =>
{
o.Filters.Add(new ActionFilter());
o.Filters.Add(new ExceptionFilter());
});
}
