Exemplo n.º 1
0
        public async Task <ActionResult <TokenResponse> > ClaimAuthCode(AuthCodeClaimDTO authCodeClaimDTO)
        {
            authCodeClaimDTO.SecurityKey = CryptographyUtils.Base64Decode(authCodeClaimDTO.SecurityKey);

            var dbAuthCode = await applicationDbContext.UserAuthenticationCodes.FirstOrDefaultAsync(code => code.Token == authCodeClaimDTO.Token);

            if (dbAuthCode == null)
            {
                return(BadRequest());
            }

            string md5Key = CryptographyUtils.ComputeSHA256Hash(authCodeClaimDTO.SecurityKey);

            if (dbAuthCode.SecurityKey.ToLower() != md5Key.ToLower())
            {
                return(BadRequest());
            }


            var user = await applicationDbContext.Users.Where(x => x.Id == dbAuthCode.UserId).FirstOrDefaultAsync();

            string purpose = authCodeClaimDTO.Purpose == ApplicationConstants.ExternalLoginTokenPurposeName ?
                             ApplicationConstants.ExternalLoginTokenPurposeName : authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName ?
                             ApplicationConstants.PersistentLoginTokenPurposeName : string.Empty;

            if (string.IsNullOrEmpty(purpose))
            {
                return(BadRequest("Proposito incorrecto"));
            }



            bool result = await userManager.VerifyUserTokenAsync(user, ApplicationConstants.AuthCodeTokenProviderName, purpose,
                                                                 authCodeClaimDTO.Token);

            if (!result)
            {
                return(BadRequest());
            }


            return(await BuildLoginToken(user.Email, authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName));
        }
Exemplo n.º 2
0
        public async Task <ActionResult> PersistLogin([FromQuery] LoginWithPersistDTO loginWithPersistDTO)
        {
            var user = await GetUserFromContext();

            if (user == null)
            {
                return(RedirectToAction(nameof(RedirectToLogin)));
            }

            loginWithPersistDTO.SecurityKeyHash = CryptographyUtils.Base64Decode(HttpUtility.UrlDecode(loginWithPersistDTO.SecurityKeyHash));

            if (!(await PersistentRedirectUrlExist(loginWithPersistDTO.returnUrl)))
            {
                return(BadRequest("returnUrl no es un valor valido"));
            }
            var token = await userManager.GenerateUserTokenAsync(user, ApplicationConstants.AuthCodeTokenProviderName, ApplicationConstants.PersistentLoginTokenPurposeName);

            var authenticationCode = new UserAuthenticationCode
            {
                Expiration  = DateTime.UtcNow.AddMinutes(5),
                SecurityKey = loginWithPersistDTO.SecurityKeyHash,
                Token       = token,
                UserId      = user.Id
            };

            applicationDbContext.Add(authenticationCode);

            await applicationDbContext.SaveChangesAsync();


            string url = $"{loginWithPersistDTO.returnUrl}?authcode={HttpUtility.UrlEncode(token)}";

            if (!string.IsNullOrEmpty(loginWithPersistDTO.InternalUrl))
            {
                url += $"&internalUrl={HttpUtility.UrlEncode(loginWithPersistDTO.InternalUrl)}";
            }

            return(Redirect(url));
        }
Exemplo n.º 3
0
        public async Task <ActionResult> ExternalLogin([FromQuery] ExternalLoginDTO externalLoginDTO)
        {
            externalLoginDTO.SecurityKeyHash = CryptographyUtils.Base64Decode(HttpUtility.UrlDecode(externalLoginDTO.SecurityKeyHash));
            if (!(await ExternalRedirectUrlExist(externalLoginDTO.returnUrl)))
            {
                return(BadRequest("returnUrl no es un valor valido"));
            }
            var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { externalLoginDTO.returnUrl });

            HttpContext.Response.Cookies.Append(ApplicationConstants.KeyHashCookieName, externalLoginDTO.SecurityKeyHash,

                                                new Microsoft.AspNetCore.Http.CookieOptions()
            {
                HttpOnly = true,
                MaxAge   = TimeSpan.FromMinutes(10),
                Secure   = true,
                SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax
            });

            var properties = signInManager.ConfigureExternalAuthenticationProperties(externalLoginDTO.Provider, redirectUrl, externalLoginDTO.SecurityKeyHash);


            return(Challenge(properties, externalLoginDTO.Provider));
        }