private LoginResultData UpdateToken(string renewalToken, PersistedToken ptoken, UserInfo userInfo)
{
var expiry = DateTime.UtcNow.AddMinutes(SessionTokenTtl);
if (expiry > ptoken.RenewalExpiry)
{
// don't extend beyond renewal expiry and make sure it is marked in UTC
expiry = new DateTime(ptoken.RenewalExpiry.Ticks, DateTimeKind.Utc);
}
ptoken.TokenExpiry = expiry;
var portalSettings = PortalController.Instance.GetCurrentPortalSettings();
var secret = ObtainSecret(ptoken.TokenId, portalSettings.GUID, userInfo.Membership.LastPasswordChangeDate);
var jwt = CreateJwtToken(secret, portalSettings.PortalAlias.HTTPAlias, ptoken, userInfo.Roles);
var accessToken = jwt.RawData;
// save hash values in DB so no one with access can create JWT header from existing data
ptoken.TokenHash = GetHashedStr(accessToken);
DataProvider.UpdateToken(ptoken);
return(new LoginResultData
{
UserId = userInfo.UserID,
DisplayName = userInfo.DisplayName,
AccessToken = accessToken,
RenewalToken = renewalToken
});
}
/// <inheritdoc/>
public virtual void AddToken(PersistedToken token)
{
this.dataProvider.ExecuteNonQuery(
"JsonWebTokens_Add",
token.TokenId,
token.UserId,
token.TokenExpiry,
token.RenewalExpiry,
token.TokenHash,
token.RenewalHash);
DataCache.SetCache(GetCacheKey(token.TokenId), token, token.TokenExpiry.ToLocalTime());
}
public virtual void UpdateToken(PersistedToken token)
{
_dataProvider.ExecuteNonQuery("JsonWebTokens_Update", token.TokenId, token.TokenExpiry, token.TokenHash);
token.RenewCount += 1;
DataCache.SetCache(GetCacheKey(token.TokenId), token, token.TokenExpiry.ToLocalTime());
}
private static JwtSecurityToken CreateJwtToken(byte[] symmetricKey, string issuer, PersistedToken ptoken, IEnumerable <string> roles)
{
//var key = Convert.FromBase64String(symmetricKey);
var credentials = new SigningCredentials(
new InMemorySymmetricSecurityKey(symmetricKey),
"http://www.w3.org/2001/04/xmldsig-more#hmac-sha256",
"http://www.w3.org/2001/04/xmlenc#sha256");
var claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(SessionClaimType, ptoken.TokenId));
claimsIdentity.AddClaims(roles.Select(r => new Claim(ClaimTypes.Role, r)));
var notBefore = DateTime.UtcNow.AddMinutes(-ClockSkew);
var notAfter = ptoken.TokenExpiry;
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(issuer, null, claimsIdentity, notBefore, notAfter, credentials);
return(token);
}
/// <summary>
/// Validates user login credentials from request header Auth parameter and returns result when successful
/// </summary>
public LoginResultData LoginUser(HttpRequestMessage request)
{
if (!JwtAuthMessageHandler.IsEnabled)
{
Logger.Trace(SchemeType + " is not registered/enabled in web.config file");
return(EmptyWithError("disabled"));
}
var portalSettings = PortalController.Instance.GetCurrentPortalSettings();
if (portalSettings == null)
{
Logger.Trace("portalSettings = null");
return(EmptyWithError("no-portal"));
}
var status = UserLoginStatus.LOGIN_FAILURE;
var ipAddress = request.GetIPAddress() ?? "";
var loginData = GetCredentials(request);
if (loginData == null)
{
Logger.Trace("empty username or password");
return(EmptyWithError("bad-credentials"));
}
var userInfo = UserController.ValidateUser(portalSettings.PortalId,
loginData.Value.Username, loginData.Value.Password, "DNN", "", AuthScheme, ipAddress, ref status);
if (userInfo == null)
{
Logger.Trace("user = null");
return(EmptyWithError("bad-credentials"));
}
var valid =
status == UserLoginStatus.LOGIN_SUCCESS ||
status == UserLoginStatus.LOGIN_SUPERUSER ||
status == UserLoginStatus.LOGIN_INSECUREADMINPASSWORD ||
status == UserLoginStatus.LOGIN_INSECUREHOSTPASSWORD;
if (!valid)
{
Logger.Trace("login status = " + status);
return(EmptyWithError("bad-credentials"));
}
// save hash values in DB so no one with access can create JWT header from existing data
var sessionId = NewSessionId;
var now = DateTime.UtcNow;
var renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray()));
var ptoken = new PersistedToken
{
TokenId = sessionId,
UserId = userInfo.UserID,
TokenExpiry = now.AddMinutes(SessionTokenTtl),
RenewalExpiry = now.AddDays(RenewalTokenTtl),
//TokenHash = GetHashedStr(accessToken), -- not computed yet
RenewalHash = GetHashedStr(renewalToken),
};
var secret = ObtainSecret(sessionId, portalSettings.GUID, userInfo.Membership.LastPasswordChangeDate);
var jwt = CreateJwtToken(secret, portalSettings.PortalAlias.HTTPAlias, ptoken, userInfo.Roles);
var accessToken = jwt.RawData;
ptoken.TokenHash = GetHashedStr(accessToken);
DataProvider.AddToken(ptoken);
return(new LoginResultData
{
UserId = userInfo.UserID,
DisplayName = userInfo.DisplayName,
AccessToken = accessToken,
RenewalToken = renewalToken
});
}
