public ActionResult PostbackFromMfa(string accessToken)
{
var tokenValidationService = new TokenValidationService();
_logger.Debug($"Received MFA token: {accessToken}");
if (tokenValidationService.VerifyToken(accessToken, out var token))
{
_logger.Information($"User {token.Identity} authenticated");
//save token to cookie
var cookie = new HttpCookie(Constants.COOKIE_NAME)
{
Value = accessToken,
//Secure = true,
Expires = token.ValidTo
};
Response.Cookies.Add(cookie);
FormsAuthentication.SetAuthCookie(token.Identity, false);
if (token.MustChangePassword)
{
return(RedirectToAction("ChangePassword", "Home"));
}
return(RedirectToAction("Index", "Home"));
}
//invalid token, see logs
return(RedirectToAction("Login"));
}
public ActionResult Change(ChangePasswordModel model)
{
var tokenCookie = Request.Cookies[Constants.COOKIE_NAME];
if (tokenCookie != null)
{
var tokenValidationService = new TokenValidationService();
if (tokenValidationService.VerifyToken(tokenCookie.Value, out var token))
{
if (ModelState.IsValid)
{
var activeDirectoryService = new ActiveDirectoryService();
if (activeDirectoryService.ChangePassword(User.Identity.Name, model.Password, model.NewPassword, out string errorReason))
{
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError(string.Empty, errorReason);
}
}
else
{
ModelState.AddModelError(string.Empty, "Неверное имя пользователя или пароль");
}
return(View(model));
}
}
return(SignOut());
}
//public TokenAuthenicationHandler(HttpConfiguration configuration)
//{
// InnerHandler = new HttpControllerDispatcher(configuration);
//}
protected override System.Threading.Tasks.Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
bool isRequestValid = false;
var cookies = request.Headers.GetCookies("api.token-id").FirstOrDefault();
if (cookies != null)
{
string token = cookies["api.token-id"].Value;
if (!string.IsNullOrEmpty(token))
{
IToken tokenService = new TokenValidationService();
isRequestValid = tokenService.Validate(token);
if (isRequestValid)
{
Task.Run(() => tokenService.RenewToken(token));
}
}
}
if (!isRequestValid)
{
HttpResponseMessage responseResult = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
responseResult.Headers.Add("WWW-Authenticate", "Token Required or Invalid");
return(Task.FromResult(responseResult));
}
return(base.SendAsync(request, cancellationToken));
}
public IActionResult Post(AccessTokenDTO auth)
{
string tmp = string.Empty;
try
{
TokenValidationService tm = new TokenValidationService(
_refreshService,
_configuration,
_tSLogger,
_tokenService,
_tokenServiceDbContext,
_encryptionService);
tmp = tm.VerifyToken(auth);
}
catch (InvalidTokenException exToken)
{
return(Unauthorized(new UnauthorizedError(exToken.Message)));
}
catch (Exception ex)
{
return(Unauthorized(new UnauthorizedError(ex.Message)));
}
return(Ok(tmp));
}
public BasketCheckoutConsumer(IMapper mapper, ILogger <BasketCheckoutConsumer> logger, IOrdersRepository service, IPublishEndpoint publishEndpoint, TokenValidationService tokenValidationService, IConfiguration config)
{
_mapper = mapper ?? throw new ArgumentNullException(nameof(mapper));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_service = service ?? throw new ArgumentNullException(nameof(service));
_publishEndpoint = publishEndpoint ?? throw new ArgumentNullException(nameof(publishEndpoint));
_tokenValidationService = tokenValidationService;
_config = config;
}
public ActionResult Change()
{
var tokenCookie = Request.Cookies[Constants.COOKIE_NAME];
if (tokenCookie != null)
{
var tokenValidationService = new TokenValidationService();
if (tokenValidationService.VerifyToken(tokenCookie.Value, out var token))
{
return(View());
}
}
return(SignOut());
}
public ActionResult PostbackFromMfa(string accessToken)
{
var tokenValidationService = new TokenValidationService();
if (tokenValidationService.VerifyToken(accessToken, out var userName, out bool mustChangePassword))
{
_logger.Information($"User {userName} authenticated");
FormsAuthentication.SetAuthCookie(userName, false);
if (mustChangePassword)
{
return(RedirectToAction("ChangePassword", "Home"));
}
return(RedirectToAction("Index", "Home"));
}
//invalid token, see logs
return(RedirectToAction("Login"));
}
public void TestAuthenticateAccessTokenFromRefreshToken()
{
ITSLogger log = new TSLogger();
AccessTokenDTO accessDTO = new AccessTokenDTO();
AuthorizationGrantRequestDTO authorizationGrantRequestDTO = new AuthorizationGrantRequestDTO
{
Client_Id = Guid.Parse("29bfd4b1-81c0-4db3-a615-4422d08f9792"),
Code = null,
Grant_Type = AuthorizationGrantType.refresh_token,
UserName = null,
Scope = null,
Password = null,
Redirect_Uri = null,
Refresh_Token = HttpUtility.UrlEncode("pgsoAvSXD3xYPV+/pSAe3khYZWOFidHPxpltwNDP4Xw="),
State = null
};
IAuthenticationService tm = new AuthenticationService(new RefreshToken(), configuration, log, new JWTToken(log, new EncryptionService(), configuration), context, new EncryptionService());
accessDTO.Authorization = accessDTO.Authorization = tm.Authenticate(authorizationGrantRequestDTO).access_token;
TokenValidationService tokenValidationService = new TokenValidationService(new RefreshToken(), configuration, log, new JWTToken(log, new EncryptionService(), configuration), context, new EncryptionService());
Assert.AreEqual(TokenConstants.ValidToken, tokenValidationService.VerifyToken(accessDTO));
}
public TokenValidationServiceTests()
{
_jwtValidator = new Mock <ISecurityTokenValidator>();
_testObject = new TokenValidationService(_jwtValidator.Object);
}
public HomeController(TokenValidationService validator)
{
this.validator = validator;
}
