/// <summary> /// /// </summary> /// <param name="authToken"></param> /// <returns></returns> public static UmbracoAuthToken GenerateUserAuthToken(UmbracoAuthToken authToken) { //Date Time var dateCreated = DateTime.UtcNow; var dateCreatedToString = dateCreated.ToString("u"); //this probably should be allowed to be configurable but keeping it simple and reasonable for now var dateExpires = dateCreated.Add(TimeSpan.FromMinutes(60)); var dateExpiresTostring = dateExpires.ToString("u"); //Create JSON payload for JWT token var payload = new Dictionary <string, object>() { { "identity_id", authToken.IdentityId }, { "identity_type", authToken.IdentityType }, { "date_created", dateCreatedToString }, { "date_expires", dateExpiresTostring } }; //Encode the JWT token with JSON payload, algorithm & our secret in constant var encodedToken = JsonWebToken.Encode(payload, _secretKey, JwtHashAlgorithm.HS256); //Return same object we passed in (Now with Date Created & Token properties updated) authToken.DateCreated = dateCreated; authToken.DateExpires = dateExpires; authToken.AuthToken = encodedToken; //Return the updated object return(authToken); }
/// <summary> /// /// </summary> /// <param name="jwtToken"></param> /// <returns></returns> public static UmbracoAuthToken DecodeUserAuthToken(string jwtToken) { //Object to return var userAuth = new UmbracoAuthToken(); //Decode & verify token was signed with our secret var jsonPayload = JsonWebToken.DecodeToObject(jwtToken, _secretKey) as IDictionary <string, object>; //Just the presence of the token & being deserialised with correct SECRET key is a good sign if (jsonPayload != null) { //Do DateTime conversion from u type back into DateTime object DateTime dateCreated; DateTime dateExpires; DateTime.TryParseExact(jsonPayload["date_created"].ToString(), "u", null, DateTimeStyles.AdjustToUniversal, out dateCreated); DateTime.TryParseExact(jsonPayload["date_expires"].ToString(), "u", null, DateTimeStyles.AdjustToUniversal, out dateExpires); //Get the details of the user from the JWT payload userAuth.IdentityId = Convert.ToInt32(jsonPayload["identity_id"]); userAuth.IdentityType = jsonPayload["identity_type"].ToString(); userAuth.DateCreated = dateCreated; userAuth.DateExpires = dateExpires; userAuth.AuthToken = jwtToken; } //Return the object return(userAuth); }
/// <summary> /// /// </summary> /// <param name="authToken"></param> /// <returns></returns> public static bool IsTokenValid(UmbracoAuthToken authToken) { //Let's verify that this token is not expired if (authToken.DateExpires < DateTime.UtcNow) { return(false); } //Let's verify the token we have //Is what we have in the DB matching on the UserID as lookup //Try & find record in DB on UserID var lookupRecord = GetAuthToken(authToken.IdentityId); //If we find a record in DB if (lookupRecord != null) { //Lets verify the token we have is the same on the DB record //May not match as the user may have saved the password & caused a new token to be return(authToken.AuthToken == lookupRecord.AuthToken); } //No record found in the DB - so return false return(false); }
/// <summary> /// Insert a new Auth Token into the custom DB table OR /// Update just the auth token if we find a record for the backoffice user already /// </summary> /// <param name="authToken"></param> public static void InsertAuthToken(UmbracoAuthToken authToken) { using (var scope = Current.ScopeProvider.CreateScope()) { //Just to be 100% sure for data sanity that a record for the user does not exist already var existingRecord = GetAuthToken(authToken.IdentityId); //Insert new record if no item exists already if (existingRecord == null) { //Getting issues with insert & ID being 0 causing a conflict scope.Database.Insert(authToken); } else { //Update the existing record existingRecord.AuthToken = authToken.AuthToken; existingRecord.DateCreated = authToken.DateCreated; //Save the existing record we found scope.Database.Save(existingRecord); } //Always complete scope scope.Complete(); } }
/// <summary> /// /// </summary> /// <param name="jwtToken"></param> /// <returns></returns> public static UmbracoAuthToken DecodeUserAuthToken(string jwtToken) { //Object to return var userAuth = new UmbracoAuthToken(); //Decode & verify token was signed with our secret var jsonPayload = JsonWebToken.DecodeToObject(jwtToken, _secretKey) as IDictionary<string, object>; //Just the presence of the token & being deserialised with correct SECRET key is a good sign if (jsonPayload != null) { //Do DateTime conversion from u type back into DateTime object DateTime dateCreated; DateTime.TryParseExact(jsonPayload["date_created"].ToString(), "u", null, DateTimeStyles.AdjustToUniversal, out dateCreated); //Get the details of the user from the JWT payload userAuth.IdentityId = Convert.ToInt32(jsonPayload["identity_id"]); userAuth.IdentityType = jsonPayload["identity_type"].ToString(); userAuth.DateCreated = dateCreated; userAuth.AuthToken = jwtToken; } //Return the object return userAuth; }
public string Authorise(AuthCredentials auth) { //Verify user is valid credentials var isValidAuth = Security.ValidateBackOfficeCredentials(auth.Username, auth.Password); //Are credentials correct? if (isValidAuth) { //Get the backoffice user from username var user = ApplicationContext.Services.UserService.GetByUsername(auth.Username); //Check if we have an Auth Token for user var hasAuthToken = UserAuthTokenDbHelper.GetAuthToken(user.Id); //If the token already exists if (hasAuthToken != null) { //Lets just return it in the request return hasAuthToken.AuthToken; } //Else user has no token yet - so let's create one //Generate AuthToken DB object var newToken = new UmbracoAuthToken(); newToken.IdentityId = user.Id; newToken.IdentityType = IdentityAuthType.User.ToString(); //Generate a new token for the user var authToken = UmbracoAuthTokenFactory.GenerateUserAuthToken(newToken); //We insert authToken as opposed to newToken //As authToken now has DateTime & JWT token string on it now //Store in DB (inserts or updates existing) UserAuthTokenDbHelper.InsertAuthToken(authToken); //Return the JWT token as the response //This means valid login & client in our case mobile app stores token in local storage return authToken.AuthToken; } //Throw unauthorised HTTP error var httpUnauthorised = new HttpResponseMessage(HttpStatusCode.Unauthorized); throw new HttpResponseException(httpUnauthorised); }
/// <summary> /// /// </summary> /// <param name="authToken"></param> /// <returns></returns> public static bool IsTokenValid(UmbracoAuthToken authToken) { //Let's verify the token we have //Is what we have in the DB matching on the UserID as lookup //Try & find record in DB on UserID var lookupRecord = GetAuthToken(authToken.IdentityId); //If we find a record in DB if (lookupRecord != null) { //Lets verify the token we have is the same on the DB record //May not match as the user may have saved the password & caused a new token to be generated return authToken.AuthToken == lookupRecord.AuthToken; } //No record found in the DB - so return false return false; }
/// <summary> /// Insert a new Auth Token into the custom DB table OR /// Update just the auth token if we find a record for the backoffice user already /// </summary> /// <param name="authToken"></param> public static void InsertAuthToken(UmbracoAuthToken authToken) { //Just to be 100% sure for data sanity that a record for the user does not exist already var existingRecord = GetAuthToken(authToken.IdentityId); //Insert new record if no item exists already if (existingRecord == null) { //Getting issues with insert & ID being 0 causing a conflict Database.Insert(authToken); } else { //Update the existing record existingRecord.AuthToken = authToken.AuthToken; existingRecord.DateCreated = authToken.DateCreated; //Save the existing record we found Database.Save(existingRecord); } }
/// <summary> /// /// </summary> /// <param name="sender"></param> /// <param name="e"></param> void MemberService_Saving(IMemberService sender, SaveEventArgs<IMember> e) { //Saved entites (Could be more than one member saved. Very unlikely?) var member = e.SavedEntities.FirstOrDefault(); //Found a member that has been saved if (member != null) { //Check if the password property (RawPasswordValue) is dirty aka has beeen changed var passIsDirty = member.IsPropertyDirty("RawPasswordValue"); //Password has been changed if (passIsDirty) { //Check if user already has token in DB (token created on first login/auth to API) var hasAuthToken = UserAuthTokenDbHelper.GetAuthToken(member.Id); //invalidate token (Only if token exists in DB) //We have found an existing token if (hasAuthToken != null) { //Generate AuthToken DB object var newToken = new UmbracoAuthToken(); newToken.IdentityId = member.Id; newToken.IdentityType = IdentityAuthType.Member.ToString(); //Generate a new token for the user var authToken = UmbracoAuthTokenFactory.GenerateUserAuthToken(newToken); //NOTE: We insert authToken as opposed to newToken //As authToken now has DateTime & JWT token string on it now //Store in DB (inserts or updates existing) UserAuthTokenDbHelper.InsertAuthToken(authToken); } } } }
/// <summary> /// /// </summary> /// <param name="authToken"></param> /// <returns></returns> public static UmbracoAuthToken GenerateUserAuthToken(UmbracoAuthToken authToken) { //Date Time var dateCreated = DateTime.UtcNow; var dateCreatedToString = dateCreated.ToString("u"); //Create JSON payload for JWT token var payload = new Dictionary<string, object>() { { "identity_id", authToken.IdentityId }, { "identity_type", authToken.IdentityType }, { "date_created", dateCreatedToString } }; //Encode the JWT token with JSON payload, algorithm & our secret in constant var encodedToken = JsonWebToken.Encode(payload, _secretKey, JwtHashAlgorithm.HS256); //Return same object we passed in (Now with Date Created & Token properties updated) authToken.DateCreated = dateCreated; authToken.AuthToken = encodedToken; //Return the updated object return authToken; }
/// <summary> /// /// </summary> /// <param name="authToken"></param> /// <returns></returns> public static UmbracoAuthToken GenerateUserAuthToken(UmbracoAuthToken authToken) { //Date Time var dateCreated = DateTime.UtcNow; var dateCreatedToString = dateCreated.ToString("u"); //Create JSON payload for JWT token var payload = new Dictionary <string, object>() { { "identity_id", authToken.IdentityId }, { "identity_type", authToken.IdentityType }, { "date_created", dateCreatedToString } }; //Encode the JWT token with JSON payload, algorithm & our secret in constant var encodedToken = JsonWebToken.Encode(payload, _secretKey, JwtHashAlgorithm.HS256); //Return same object we passed in (Now with Date Created & Token properties updated) authToken.DateCreated = dateCreated; authToken.AuthToken = encodedToken; //Return the updated object return(authToken); }