예제 #1
0
        public List <Claim> GenerateRefreshClaims(uvw_Issuer issuer, uvw_User user)
        {
            var expire = _context.Set <uvw_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null &&
                                                            x.ConfigKey == SettingsConstants.RefreshExpire).Single();

            var claims = new List <Claim>();

            //add lowest common denominators...
            claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));

            //nonce to enhance entropy
            claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));

            //not before timestamp
            claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
                                 new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));

            //issued at timestamp
            claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
                                 new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));

            //expire on timestamp
            claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
                                 new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));

            return(claims);
        }
예제 #2
0
        public void CreateIssuers()
        {
            /*
             * create default issuers
             */

            foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <uvw_Issuer>()
                                           .Where(x => x.Name == DefaultConstants.IssuerName).ToLambda())
                          .SingleOrDefault();

            if (foundIssuer == null)
            {
                foundIssuer = _uow.Issuers.Create(
                    _map.Map <uvw_Issuer>(new IssuerV1()
                {
                    Name        = DefaultConstants.IssuerName,
                    IssuerKey   = DefaultConstants.IssuerKey,
                    IsEnabled   = true,
                    IsDeletable = false,
                }));

                _uow.Commit();
            }

            var foundAccessExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
                                                      .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.AccessExpire).ToLambda())
                                    .SingleOrDefault();

            if (foundAccessExpire == null)
            {
                _uow.Settings.Create(
                    _map.Map <uvw_Setting>(new SettingV1()
                {
                    IssuerId    = foundIssuer.Id,
                    ConfigKey   = SettingsConstants.AccessExpire,
                    ConfigValue = 600.ToString(),
                    IsDeletable = false,
                }));

                _uow.Commit();
            }

            var foundRefreshExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
                                                       .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.RefreshExpire).ToLambda())
                                     .SingleOrDefault();

            if (foundRefreshExpire == null)
            {
                _uow.Settings.Create(
                    _map.Map <uvw_Setting>(new SettingV1()
                {
                    IssuerId    = foundIssuer.Id,
                    ConfigKey   = SettingsConstants.RefreshExpire,
                    ConfigValue = 86400.ToString(),
                    IsDeletable = false,
                }));

                _uow.Commit();
            }

            var foundTotpExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
                                                    .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.TotpExpire).ToLambda())
                                  .SingleOrDefault();

            if (foundTotpExpire == null)
            {
                _uow.Settings.Create(
                    _map.Map <uvw_Setting>(new SettingV1()
                {
                    IssuerId    = foundIssuer.Id,
                    ConfigKey   = SettingsConstants.TotpExpire,
                    ConfigValue = 600.ToString(),
                    IsDeletable = false,
                }));

                _uow.Commit();
            }

            var foundPollingMax = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>()
                                                    .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.PollingMax).ToLambda())
                                  .SingleOrDefault();

            if (foundPollingMax == null)
            {
                _uow.Settings.Create(
                    _map.Map <uvw_Setting>(new SettingV1()
                {
                    IssuerId    = foundIssuer.Id,
                    ConfigKey   = SettingsConstants.PollingMax,
                    ConfigValue = 10.ToString(),
                    IsDeletable = false,
                }));

                _uow.Commit();
            }
        }
예제 #3
0
        public List <Claim> GenerateAccessClaims(uvw_Issuer issuer, uvw_User user)
        {
            var expire = _context.Set <uvw_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null &&
                                                            x.ConfigKey == SettingsConstants.AccessExpire).Single();

            var legacyClaims = _context.Set <uvw_Setting>().Where(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null &&
                                                                  x.ConfigKey == SettingsConstants.GlobalLegacyClaims).Single();

            var claims = new List <Claim>();

            //add lowest common denominators...
            claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));

            if (!string.IsNullOrEmpty(user.EmailAddress))
            {
                claims.Add(new Claim(ClaimTypes.Email, user.EmailAddress));
            }

            if (!string.IsNullOrEmpty(user.PhoneNumber))
            {
                claims.Add(new Claim(ClaimTypes.MobilePhone, user.PhoneNumber));
            }

            claims.Add(new Claim(ClaimTypes.GivenName, user.FirstName));
            claims.Add(new Claim(ClaimTypes.Surname, user.LastName));

            var userRoles = _context.Set <uvw_Role>()
                            .Where(x => _context.Set <uvw_UserRole>().Where(x => x.UserId == user.Id).Any()).ToList();

            foreach (var role in userRoles.OrderBy(x => x.Name))
            {
                claims.Add(new Claim(ClaimTypes.Role, role.Name));

                //check compatibility is enabled. pack claim(s) with old name and new name.
                if (bool.Parse(legacyClaims.ConfigValue))
                {
                    claims.Add(new Claim("role", role.Name, ClaimTypes.Role));
                }
            }

            var userClaims = _context.Set <uvw_Claim>()
                             .Where(x => _context.Set <uvw_UserClaim>().Where(x => x.UserId == user.Id).Any()).ToList();

            foreach (var claim in userClaims.OrderBy(x => x.Type))
            {
                claims.Add(new Claim(claim.Type, claim.Value, claim.ValueType));
            }

            //nonce to enhance entropy
            claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String));

            //not before timestamp
            claims.Add(new Claim(JwtRegisteredClaimNames.Nbf,
                                 new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));

            //issued at timestamp
            claims.Add(new Claim(JwtRegisteredClaimNames.Iat,
                                 new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));

            //expire on timestamp
            claims.Add(new Claim(JwtRegisteredClaimNames.Exp,
                                 new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));

            return(claims);
        }