static IAppHost GetAppHost() { if (_appHost == null) { _appHost = new BasicAppHost(); var authService = new AuthenticateService(); authService.SetResolver(_appHost); _appHost.Container.Register(authService); _appHost.Container.Register<IAuthSession>(authUserSession); } return _appHost; }
public void TestFixtureSetUp() { appHost = new BasicAppHost { ConfigureContainer = c => { var authService = new AuthenticateService(); c.Register(authService); c.Register<IAuthSession>(authUserSession); AuthenticateService.Init(() => authUserSession, new CredentialsAuthProvider()); } }.Init(); }
public object Any(ConvertSessionToToken request) { var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request)); } if (Request.ResponseContentType.MatchesContentType(MimeTypes.Html)) { Request.ResponseContentType = MimeTypes.Json; } var token = Request.GetJwtToken(); if (string.IsNullOrEmpty(token)) { var session = Request.GetSession(); token = jwtAuthProvider.CreateJwtBearerToken(Request, session); if (!request.PreserveSession) { Request.RemoveSession(session.Id); } } return(new HttpResult(new ConvertSessionToTokenResponse { AccessToken = jwtAuthProvider.IncludeJwtInConvertSessionToTokenResponse ? token : null }) { Cookies = { new Cookie(Keywords.TokenCookie, token, Cookies.RootPath) { HttpOnly = true, Secure = Request.IsSecureConnection, Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn), } } }); }
public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo) { var userSession = session as AuthUserSession; if (userSession != null) { LoadUserAuthInfo(userSession, tokens, authInfo); } var authRepo = authService.TryResolve <IAuthRepository>(); if (authRepo != null) { if (tokens != null) { authInfo.ForEach((x, y) => tokens.Items[x] = y); session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens); } foreach (var oAuthToken in session.ProviderOAuthAccess) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); if (authProvider == null) { continue; } var userAuthProvider = authProvider as OAuthProvider; if (userAuthProvider != null) { userAuthProvider.LoadUserOAuthProvider(session, oAuthToken); } } var httpRes = authService.Request.Response as IHttpResponse; if (httpRes != null) { httpRes.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId); } } authService.SaveSession(session, SessionExpiry); session.OnAuthenticated(authService, session, tokens, authInfo); }
public object Any(ConvertSessionToToken request) { var jwtAuthProvider = AuthenticateService.GetAuthProvider(JwtAuthProvider.Name) as JwtAuthProvider; if (jwtAuthProvider == null) { throw new NotSupportedException("JwtAuthProvider is not registered"); } if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection); } var session = Request.GetSession(); if (session.FromToken) { return(new ConvertSessionToTokenResponse()); } var token = jwtAuthProvider.CreateJwtBearerToken(session); if (!request.PreserveSession) { Request.RemoveSession(session.Id); } return(new HttpResult(new ConvertSessionToTokenResponse()) { Cookies = { new Cookie(Keywords.TokenCookie, token, Cookies.RootPath) { HttpOnly = true, Secure = Request.IsSecureConnection, Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn), } } }); }
protected virtual bool EnableRefreshToken() { var userSessionSource = AuthenticateService.GetUserSessionSource(); if (userSessionSource != null) { return(true); } var authRepo = HostContext.AppHost?.TryResolve <IAuthRepository>(); if (authRepo == null) { return(false); } using (authRepo as IDisposable) { return(authRepo is IUserAuthRepository); } }
public async Task <object> Any(GetAccessToken request) { var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request)); } var refreshTokenCookie = Request.Cookies.TryGetValue(Keywords.RefreshTokenCookie, out var refTok) ? refTok.Value : null; var refreshToken = request.RefreshToken ?? refreshTokenCookie; var accessToken = await jwtAuthProvider.CreateAccessTokenFromRefreshToken(refreshToken, Request).ConfigAwait(); var response = new GetAccessTokenResponse { AccessToken = accessToken }; // Don't return JWT in Response Body if Refresh Token Cookie was used if (refreshTokenCookie == null && jwtAuthProvider.UseTokenCookie != true) { return(response); } var httpResult = new HttpResult(new GetAccessTokenResponse()) .AddCookie(Request, new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath) { HttpOnly = true, Secure = Request.IsSecureConnection, Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn), }); return(httpResult); }
/// <summary> /// Saves the Auth Tokens for this request. Called in OnAuthenticated(). /// Overrideable, the default behaviour is to call IUserAuthRepository.CreateOrMergeAuthSession(). /// </summary> protected virtual void SaveUserAuth(IServiceBase authService, IAuthSession session, IAuthRepository authRepo, IAuthTokens tokens) { if (authRepo == null) { return; } if (tokens != null) { session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens).UserAuthId.ToString(); } authRepo.LoadUserAuth(session, tokens); foreach (var oAuthToken in session.ProviderOAuthAccess) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); if (authProvider == null) { continue; } var userAuthProvider = authProvider as OAuthProvider; if (userAuthProvider != null) { userAuthProvider.LoadUserOAuthProvider(session, oAuthToken); } } authRepo.SaveUserAuth(session); var httpRes = authService.Request.Response as IHttpResponse; if (httpRes != null) { httpRes.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId); } OnSaveUserAuth(authService, session); }
public override async Task <IHttpResult> OnAuthenticatedAsync(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo, CancellationToken token = default) { session.AuthProvider = Name; if (session is AuthUserSession userSession) { await LoadUserAuthInfoAsync(userSession, tokens, authInfo, token).ConfigAwait(); HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo); } if (session is IAuthSessionExtended authSession) { var failed = authSession.Validate(authService, session, tokens, authInfo) ?? await authSession.ValidateAsync(authService, session, tokens, authInfo, token) ?? AuthEvents.Validate(authService, session, tokens, authInfo) ?? (AuthEvents is IAuthEventsAsync asyncEvents ? await asyncEvents.ValidateAsync(authService, session, tokens, authInfo, token) : null); if (failed != null) { await authService.RemoveSessionAsync(token).ConfigAwait(); return(failed); } } var authRepo = GetUserAuthRepositoryAsync(authService.Request); #if NET472 || NETSTANDARD2_0 await using (authRepo as IAsyncDisposable) #else using (authRepo as IDisposable) #endif { if (authRepo != null) { if (tokens != null) { authInfo.ForEach((x, y) => tokens.Items[x] = y); session.UserAuthId = (await authRepo.CreateOrMergeAuthSessionAsync(session, tokens, token)).UserAuthId.ToString(); } foreach (var oAuthToken in session.GetAuthTokens()) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); var userAuthProvider = authProvider as OAuthProvider; userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken); } var failed = await ValidateAccountAsync(authService, authRepo, session, tokens, token).ConfigAwait(); if (failed != null) { return(failed); } } } try { session.IsAuthenticated = true; session.OnAuthenticated(authService, session, tokens, authInfo); if (session is IAuthSessionExtended sessionExt) { await sessionExt.OnAuthenticatedAsync(authService, session, tokens, authInfo, token).ConfigAwait(); } AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo); if (AuthEvents is IAuthEventsAsync asyncEvents) { await asyncEvents.OnAuthenticatedAsync(authService.Request, session, authService, tokens, authInfo, token).ConfigAwait(); } } finally { await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait(); authService.Request.Items[Keywords.DidAuthenticate] = true; } return(null); }
public object Any(GetAccessToken request) { var jwtAuthProvider = AuthenticateService.GetAuthProvider(JwtAuthProvider.Name) as JwtAuthProvider; if (jwtAuthProvider == null) { throw new NotSupportedException("JwtAuthProvider is not registered"); } if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection); } if (string.IsNullOrEmpty(request.RefreshToken)) { throw new ArgumentNullException(nameof(request.RefreshToken)); } var userRepo = AuthRepository as IUserAuthRepository; if (userRepo == null) { throw new NotSupportedException("JWT Refresh Tokens requires a registered IUserAuthRepository"); } var jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(request.RefreshToken.Split('.')); jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload); if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request)) { throw new ArgumentException(ErrorMessages.RefreshTokenInvalid, nameof(request.RefreshToken)); } var userId = jwtPayload["sub"]; var userAuth = userRepo.GetUserAuth(userId); if (userAuth == null) { throw HttpError.NotFound(ErrorMessages.UserNotExists); } if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth)) { throw new AuthenticationException(ErrorMessages.UserAccountLocked); } var session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId()); jwtAuthProvider.PopulateSession(userRepo, userAuth, session); IEnumerable <string> roles = null, perms = null; var manageRoles = userRepo as IManageRoles; if (manageRoles != null && session.UserAuthId != null) { roles = manageRoles.GetRoles(session.UserAuthId); perms = manageRoles.GetPermissions(session.UserAuthId); } var accessToken = jwtAuthProvider.CreateJwtBearerToken(session, roles, perms); return(new GetAccessTokenResponse { AccessToken = accessToken }); }
public async Task <object> Any(GetAccessToken request) { var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request)); } if (string.IsNullOrEmpty(request.RefreshToken)) { throw new ArgumentNullException(nameof(request.RefreshToken)); } JsonObject jwtPayload; try { jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split('.')); } catch (ArgumentException) { throw; } catch (Exception ex) { throw new ArgumentException(ex.Message); } if (jwtPayload == null) { throw new ArgumentException(ErrorMessages.TokenInvalid.Localize(Request)); } jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload); if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request)) { throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken)); } var userId = jwtPayload["sub"]; var result = await Request.GetSessionFromSourceAsync(userId, async (authRepo, userAuth) => { if (await jwtAuthProvider.IsAccountLockedAsync(authRepo, userAuth)) { throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request)); } }).ConfigAwait(); if (result == null) { throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource"); } var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session: result.Session, roles: result.Roles, perms: result.Permissions); var response = new GetAccessTokenResponse { AccessToken = accessToken }; if (request.UseTokenCookie.GetValueOrDefault(jwtAuthProvider.UseTokenCookie) != true) { return(response); } return(new HttpResult(new GetAccessTokenResponse()) { Cookies = { new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath) { HttpOnly = true, Secure = Request.IsSecureConnection, Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn), } } }); }
public virtual IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo) { session.AuthProvider = Provider; if (session is AuthUserSession userSession) { LoadUserAuthInfo(userSession, tokens, authInfo); HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo); LoadUserAuthFilter?.Invoke(userSession, tokens, authInfo); } var hasTokens = tokens != null && authInfo != null; if (hasTokens && SaveExtendedUserInfo) { if (tokens.Items == null) { tokens.Items = new Dictionary <string, string>(); } authInfo.ForEach((x, y) => tokens.Items[x] = y); } var authRepo = GetAuthRepository(authService.Request); using (authRepo as IDisposable) { if (CustomValidationFilter != null) { var ctx = new AuthContext { Request = authService.Request, Service = authService, AuthProvider = this, Session = session, AuthTokens = tokens, AuthInfo = authInfo, AuthRepository = authRepo, }; var response = CustomValidationFilter(ctx); if (response != null) { authService.RemoveSession(); return(response); } } if (authRepo != null) { var failed = ValidateAccount(authService, authRepo, session, tokens); if (failed != null) { authService.RemoveSession(); return(failed); } if (hasTokens) { var authDetails = authRepo.CreateOrMergeAuthSession(session, tokens); session.UserAuthId = authDetails.UserAuthId.ToString(); var firstTimeAuthenticated = authDetails.CreatedDate == authDetails.ModifiedDate; if (firstTimeAuthenticated) { session.OnRegistered(authService.Request, session, authService); AuthEvents.OnRegistered(authService.Request, session, authService); } } authRepo.LoadUserAuth(session, tokens); foreach (var oAuthToken in session.GetAuthTokens()) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); var userAuthProvider = authProvider as OAuthProvider; userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken); } var httpRes = authService.Request.Response as IHttpResponse; if (session.UserAuthId != null) { httpRes?.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId); } } else { if (hasTokens) { session.UserAuthId = CreateOrMergeAuthSession(session, tokens); } } } try { session.IsAuthenticated = true; session.OnAuthenticated(authService, session, tokens, authInfo); AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo); } finally { this.SaveSession(authService, session, SessionExpiry); authService.Request.Items[Keywords.DidAuthenticate] = true; } return(null); }
public static RegisterService GetRegistrationService( IUserAuthRepository userAuthRepository, AuthUserSession oAuthUserSession = null, MockRequestContext requestContext = null) { if (requestContext == null) requestContext = new MockRequestContext(); if (oAuthUserSession == null) oAuthUserSession = requestContext.ReloadSession(); var httpReq = requestContext.Get<IHttpRequest>(); var httpRes = requestContext.Get<IHttpResponse>(); oAuthUserSession.Id = httpRes.CreateSessionId(httpReq); httpReq.Items[ServiceExtensions.RequestItemsSessionKey] = oAuthUserSession; var mockAppHost = new BasicAppHost { Container = requestContext.Container }; requestContext.Container.Register(userAuthRepository); var authService = new AuthenticateService { RequestContext = requestContext, }; authService.SetResolver(mockAppHost); mockAppHost.Register(authService); var registrationService = new RegisterService { UserAuthRepo = userAuthRepository, RequestContext = requestContext, RegistrationValidator = new RegistrationValidator { UserAuthRepo = RegistrationServiceTests.GetStubRepo() }, }; registrationService.SetResolver(mockAppHost); return registrationService; }
public virtual async Task <IHttpResult> OnAuthenticatedAsync(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo, CancellationToken token = default) { session.AuthProvider = Provider; if (session is AuthUserSession userSession) { await LoadUserAuthInfoAsync(userSession, tokens, authInfo, token).ConfigAwait(); HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo); LoadUserAuthFilter?.Invoke(userSession, tokens, authInfo); } var hasTokens = tokens != null && authInfo != null; if (hasTokens && SaveExtendedUserInfo) { if (tokens.Items == null) { tokens.Items = new Dictionary <string, string>(); } foreach (var entry in authInfo) { if (ExcludeAuthInfoItems.Contains(entry.Key)) { continue; } tokens.Items[entry.Key] = entry.Value; } } if (session is IAuthSessionExtended authSession) { var failed = authSession.Validate(authService, session, tokens, authInfo) ?? AuthEvents.Validate(authService, session, tokens, authInfo); if (failed != null) { await authService.RemoveSessionAsync(token).ConfigAwait(); return(failed); } } var authRepo = GetAuthRepositoryAsync(authService.Request); #if NET472 || NETSTANDARD2_0 await using (authRepo as IAsyncDisposable) #else using (authRepo as IDisposable) #endif { if (CustomValidationFilter != null) { var ctx = new AuthContext { Request = authService.Request, Service = authService, AuthProvider = this, Session = session, AuthTokens = tokens, AuthInfo = authInfo, AuthRepositoryAsync = authRepo, AuthRepository = authRepo as IAuthRepository, }; var response = CustomValidationFilter(ctx); if (response != null) { await authService.RemoveSessionAsync(token).ConfigAwait(); return(response); } } if (authRepo != null) { var failed = await ValidateAccountAsync(authService, authRepo, session, tokens, token).ConfigAwait(); if (failed != null) { await authService.RemoveSessionAsync(token).ConfigAwait(); return(failed); } if (hasTokens) { var authDetails = await authRepo.CreateOrMergeAuthSessionAsync(session, tokens, token).ConfigAwait(); session.UserAuthId = authDetails.UserAuthId.ToString(); var firstTimeAuthenticated = authDetails.CreatedDate == authDetails.ModifiedDate; if (firstTimeAuthenticated) { session.OnRegistered(authService.Request, session, authService); AuthEvents.OnRegistered(authService.Request, session, authService); } } await authRepo.LoadUserAuthAsync(session, tokens, token).ConfigAwait(); foreach (var oAuthToken in session.GetAuthTokens()) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); var userAuthProvider = authProvider as OAuthProvider; userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken); } var httpRes = authService.Request.Response as IHttpResponse; if (session.UserAuthId != null) { httpRes?.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId); } } else { if (hasTokens) { session.UserAuthId = CreateOrMergeAuthSession(session, tokens); } } } try { session.IsAuthenticated = true; session.OnAuthenticated(authService, session, tokens, authInfo); AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo); } finally { await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait(); authService.Request.Items[Keywords.DidAuthenticate] = true; } return(null); }
public static RegisterService GetRegistrationService( IUserAuthRepository userAuthRepository, AuthUserSession oAuthUserSession = null, BasicRequest request = null) { if (request == null) request = new BasicRequest(); if (oAuthUserSession == null) oAuthUserSession = request.ReloadSession(); oAuthUserSession.Id = request.Response.CreateSessionId(request); request.Items[ServiceExtensions.RequestItemsSessionKey] = oAuthUserSession; var mockAppHost = new BasicAppHost(); mockAppHost.Container.Register<IAuthRepository>(userAuthRepository); var authService = new AuthenticateService { Request = request, }; authService.SetResolver(mockAppHost); mockAppHost.Register(authService); var registrationService = new RegisterService { AuthRepo = userAuthRepository, Request = request, RegistrationValidator = new RegistrationValidator { UserAuthRepo = RegistrationServiceTests.GetStubRepo() }, }; registrationService.SetResolver(mockAppHost); return registrationService; }
public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo) { var userSession = session as AuthUserSession; if (userSession != null) { LoadUserAuthInfo(userSession, tokens, authInfo); HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo); if (LoadUserAuthFilter != null) { LoadUserAuthFilter(userSession, tokens, authInfo); } } var authRepo = authService.TryResolve <IAuthRepository>(); if (CustomValidationFilter != null) { var ctx = new AuthContext { Request = authService.Request, Service = authService, AuthProvider = this, Session = session, AuthTokens = tokens, AuthInfo = authInfo, AuthRepository = authRepo, }; var response = CustomValidationFilter(ctx); if (response != null) { authService.RemoveSession(); return(response); } } if (authRepo != null) { if (tokens != null) { authInfo.ForEach((x, y) => tokens.Items[x] = y); session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens).UserAuthId.ToString(); } foreach (var oAuthToken in session.ProviderOAuthAccess) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); if (authProvider == null) { continue; } var userAuthProvider = authProvider as OAuthProvider; if (userAuthProvider != null) { userAuthProvider.LoadUserOAuthProvider(session, oAuthToken); } } var httpRes = authService.Request.Response as IHttpResponse; if (httpRes != null) { httpRes.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId); } var failed = ValidateAccount(authService, authRepo, session, tokens); if (failed != null) { return(failed); } } try { session.IsAuthenticated = true; session.OnAuthenticated(authService, session, tokens, authInfo); AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo); } finally { authService.SaveSession(session, SessionExpiry); } return(null); }
public virtual IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo) { var userSession = session as AuthUserSession; if (userSession != null) { LoadUserAuthInfo(userSession, tokens, authInfo); } var authRepo = authService.TryResolve <IAuthRepository>(); if (authRepo != null) { var hasTokens = tokens != null; if (hasTokens) { authInfo.ForEach((x, y) => tokens.Items[x] = y); } var failed = ValidateAccount(authService, authRepo, session, tokens); if (failed != null) { return(failed); } if (hasTokens) { session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens); } authRepo.LoadUserAuth(session, tokens); foreach (var oAuthToken in session.ProviderOAuthAccess) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); if (authProvider == null) { continue; } var userAuthProvider = authProvider as OAuthProvider; if (userAuthProvider != null) { userAuthProvider.LoadUserOAuthProvider(session, oAuthToken); } } var httpRes = authService.Request.Response as IHttpResponse; if (httpRes != null) { httpRes.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId); } } try { session.IsAuthenticated = true; session.OnAuthenticated(authService, session, tokens, authInfo); } finally { authService.SaveSession(session, SessionExpiry); } return(null); }
public static void AuthenticateIfWindowsAuth(IRequest req, IResponse res) { var winAuthProvider = AuthenticateService.GetAuthProvider(Name) as AspNetWindowsAuthProvider; winAuthProvider?.IsAuthorized(req.GetUser()); }
public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo) { session.AuthProvider = Name; if (session is AuthUserSession userSession) { LoadUserAuthInfo(userSession, tokens, authInfo); HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo); } if (session is IAuthSessionExtended authSession) { var failed = authSession.Validate(authService, session, tokens, authInfo) ?? AuthEvents.Validate(authService, session, tokens, authInfo); if (failed != null) { authService.RemoveSession(); return(failed); } } var authRepo = HostContext.AppHost.GetAuthRepository(authService.Request); using (authRepo as IDisposable) { if (authRepo != null) { if (tokens != null) { authInfo.ForEach((x, y) => tokens.Items[x] = y); session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens).UserAuthId.ToString(); } foreach (var oAuthToken in session.GetAuthTokens()) { var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider); var userAuthProvider = authProvider as OAuthProvider; userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken); } var failed = ValidateAccount(authService, authRepo, session, tokens); if (failed != null) { return(failed); } } } try { session.OnAuthenticated(authService, session, tokens, authInfo); AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo); } finally { this.SaveSession(authService, session, SessionExpiry); authService.Request.Items[Keywords.DidAuthenticate] = true; } return(null); }
public object Any(GetAccessToken request) { var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider(); if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection) { throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request)); } if (string.IsNullOrEmpty(request.RefreshToken)) { throw new ArgumentNullException(nameof(request.RefreshToken)); } JsonObject jwtPayload; try { jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split('.')); } catch (ArgumentException) { throw; } catch (Exception ex) { throw new ArgumentException(ex.Message); } jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload); if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request)) { throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken)); } var userId = jwtPayload["sub"]; IAuthSession session; IEnumerable <string> roles = null, perms = null; var userSessionSource = AuthenticateService.GetUserSessionSource(); if (userSessionSource != null) { session = userSessionSource.GetUserSession(userId); if (session == null) { throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request)); } roles = session.Roles; perms = session.Permissions; } else if (AuthRepository is IUserAuthRepository userRepo) { var userAuth = userRepo.GetUserAuth(userId); if (userAuth == null) { throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request)); } if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth)) { throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request)); } session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId()); session.PopulateSession(userAuth, userRepo); if (userRepo is IManageRoles manageRoles && session.UserAuthId != null) { roles = manageRoles.GetRoles(session.UserAuthId); perms = manageRoles.GetPermissions(session.UserAuthId); } } else { throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource"); } var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session, roles, perms); var response = new GetAccessTokenResponse { AccessToken = accessToken }; if (request.UseTokenCookie != true) { return(response); } return(new HttpResult(new GetAccessTokenResponse()) { Cookies = { new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath) { HttpOnly = true, Secure = Request.IsSecureConnection, Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn), } } }); }
public virtual bool IsAuthorized(string provider) { var tokens = ProviderOAuthAccess.FirstOrDefault(x => x.Provider == provider); return(AuthenticateService.GetAuthProvider(provider).IsAuthorizedSafe(this, tokens)); }