| public static GetAuthProvider ( string provider ) : IAuthProvider | ||
| provider | string | |
| return | IAuthProvider | |
public virtual IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo)
{
session.AuthProvider = Provider;
if (session is AuthUserSession userSession)
{
LoadUserAuthInfo(userSession, tokens, authInfo);
HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo);
LoadUserAuthFilter?.Invoke(userSession, tokens, authInfo);
}
var hasTokens = tokens != null && authInfo != null;
if (hasTokens && SaveExtendedUserInfo)
{
if (tokens.Items == null)
{
tokens.Items = new Dictionary <string, string>();
}
authInfo.ForEach((x, y) => tokens.Items[x] = y);
}
if (session is AuthUserSession authSession)
{
var failed = authSession.Validate(authService, session, tokens, authInfo);
if (failed != null)
{
authService.RemoveSession();
return(failed);
}
}
var authRepo = GetAuthRepository(authService.Request);
using (authRepo as IDisposable)
{
if (CustomValidationFilter != null)
{
var ctx = new AuthContext
{
Request = authService.Request,
Service = authService,
AuthProvider = this,
Session = session,
AuthTokens = tokens,
AuthInfo = authInfo,
AuthRepository = authRepo,
};
var response = CustomValidationFilter(ctx);
if (response != null)
{
authService.RemoveSession();
return(response);
}
}
if (authRepo != null)
{
var failed = ValidateAccount(authService, authRepo, session, tokens);
if (failed != null)
{
authService.RemoveSession();
return(failed);
}
if (hasTokens)
{
var authDetails = authRepo.CreateOrMergeAuthSession(session, tokens);
session.UserAuthId = authDetails.UserAuthId.ToString();
var firstTimeAuthenticated = authDetails.CreatedDate == authDetails.ModifiedDate;
if (firstTimeAuthenticated)
{
session.OnRegistered(authService.Request, session, authService);
AuthEvents.OnRegistered(authService.Request, session, authService);
}
}
authRepo.LoadUserAuth(session, tokens);
foreach (var oAuthToken in session.GetAuthTokens())
{
var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider);
var userAuthProvider = authProvider as OAuthProvider;
userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken);
}
var httpRes = authService.Request.Response as IHttpResponse;
if (session.UserAuthId != null)
{
httpRes?.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId);
}
}
else
{
if (hasTokens)
{
session.UserAuthId = CreateOrMergeAuthSession(session, tokens);
}
}
}
try
{
session.IsAuthenticated = true;
session.OnAuthenticated(authService, session, tokens, authInfo);
AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo);
}
finally
{
this.SaveSession(authService, session, SessionExpiry);
authService.Request.Items[Keywords.DidAuthenticate] = true;
}
return(null);
}
public static void AuthenticateIfWindowsAuth(IRequest req, IResponse res)
{
var winAuthProvider = AuthenticateService.GetAuthProvider(Name) as AspNetWindowsAuthProvider;
winAuthProvider?.IsAuthorized(req.GetUser());
}
public object Any(GetAccessToken request)
{
if (!(AuthenticateService.GetAuthProvider(JwtAuthProvider.Name) is JwtAuthProvider jwtAuthProvider))
{
throw new NotSupportedException("JwtAuthProvider is not registered");
}
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection);
}
if (string.IsNullOrEmpty(request.RefreshToken))
{
throw new ArgumentNullException(nameof(request.RefreshToken));
}
if (!(AuthRepository is IUserAuthRepository userRepo))
{
throw new NotSupportedException("JWT Refresh Tokens requires a registered IUserAuthRepository");
}
JsonObject jwtPayload;
try
{
jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split('.'));
}
catch (ArgumentException)
{
throw;
}
catch (Exception ex)
{
throw new ArgumentException(ex.Message);
}
jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload);
if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request))
{
throw new ArgumentException(ErrorMessages.RefreshTokenInvalid, nameof(request.RefreshToken));
}
var userId = jwtPayload["sub"];
var userAuth = userRepo.GetUserAuth(userId);
if (userAuth == null)
{
throw HttpError.NotFound(ErrorMessages.UserNotExists);
}
if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth))
{
throw new AuthenticationException(ErrorMessages.UserAccountLocked);
}
var session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId());
jwtAuthProvider.PopulateSession(userRepo, userAuth, session);
IEnumerable <string> roles = null, perms = null;
if (userRepo is IManageRoles manageRoles && session.UserAuthId != null)
{
roles = manageRoles.GetRoles(session.UserAuthId);
perms = manageRoles.GetPermissions(session.UserAuthId);
}
var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session, roles, perms);
return(new GetAccessTokenResponse
{
AccessToken = accessToken
});
}
public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo)
{
var userSession = session as AuthUserSession;
if (userSession != null)
{
LoadUserAuthInfo(userSession, tokens, authInfo);
HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo);
if (LoadUserAuthFilter != null)
{
LoadUserAuthFilter(userSession, tokens, authInfo);
}
}
var authRepo = authService.TryResolve <IAuthRepository>();
if (CustomValidationFilter != null)
{
var ctx = new AuthContext
{
Service = authService,
AuthProvider = this,
Session = session,
AuthTokens = tokens,
AuthInfo = authInfo,
AuthRepository = authRepo,
};
var response = CustomValidationFilter(ctx);
if (response != null)
{
authService.RemoveSession();
return(response);
}
}
if (authRepo != null)
{
if (tokens != null)
{
authInfo.ForEach((x, y) => tokens.Items[x] = y);
session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens).UserAuthId.ToString();
}
foreach (var oAuthToken in session.ProviderOAuthAccess)
{
var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider);
if (authProvider == null)
{
continue;
}
var userAuthProvider = authProvider as OAuthProvider;
if (userAuthProvider != null)
{
userAuthProvider.LoadUserOAuthProvider(session, oAuthToken);
}
}
var httpRes = authService.Request.Response as IHttpResponse;
if (httpRes != null)
{
httpRes.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId);
}
var failed = ValidateAccount(authService, authRepo, session, tokens);
if (failed != null)
{
return(failed);
}
}
try
{
session.IsAuthenticated = true;
session.OnAuthenticated(authService, session, tokens, authInfo);
AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo);
}
finally
{
authService.SaveSession(session, SessionExpiry);
}
return(null);
}
public override async Task <IHttpResult> OnAuthenticatedAsync(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo, CancellationToken token = default)
{
session.AuthProvider = Name;
if (session is AuthUserSession userSession)
{
await LoadUserAuthInfoAsync(userSession, tokens, authInfo, token).ConfigAwait();
HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo);
LoadUserAuthFilter?.Invoke(userSession, tokens, authInfo);
if (LoadUserAuthInfoFilterAsync != null)
{
await LoadUserAuthInfoFilterAsync(userSession, tokens, authInfo, token);
}
}
if (session is IAuthSessionExtended authSession)
{
// ReSharper disable once MethodHasAsyncOverloadWithCancellation
var failed = authSession.Validate(authService, session, tokens, authInfo)
?? await authSession.ValidateAsync(authService, session, tokens, authInfo, token)
?? AuthEvents.Validate(authService, session, tokens, authInfo)
?? (AuthEvents is IAuthEventsAsync asyncEvents
? await asyncEvents.ValidateAsync(authService, session, tokens, authInfo, token)
: null);
if (failed != null)
{
await authService.RemoveSessionAsync(token).ConfigAwait();
return(failed);
}
}
var authRepo = GetUserAuthRepositoryAsync(authService.Request);
#if NET472 || NETSTANDARD2_0
await using (authRepo as IAsyncDisposable)
#else
using (authRepo as IDisposable)
#endif
{
if (authRepo != null)
{
if (tokens != null)
{
authInfo.ForEach((x, y) => tokens.Items[x] = y);
session.UserAuthId = (await authRepo.CreateOrMergeAuthSessionAsync(session, tokens, token)).UserAuthId.ToString();
}
foreach (var oAuthToken in session.GetAuthTokens())
{
var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider);
var userAuthProvider = authProvider as OAuthProvider;
userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken);
}
var failed = await ValidateAccountAsync(authService, authRepo, session, tokens, token).ConfigAwait();
if (failed != null)
{
return(failed);
}
}
}
try
{
session.IsAuthenticated = true;
session.OnAuthenticated(authService, session, tokens, authInfo);
if (session is IAuthSessionExtended sessionExt)
{
await sessionExt.OnAuthenticatedAsync(authService, session, tokens, authInfo, token).ConfigAwait();
}
AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo);
if (AuthEvents is IAuthEventsAsync asyncEvents)
{
await asyncEvents.OnAuthenticatedAsync(authService.Request, session, authService, tokens, authInfo, token).ConfigAwait();
}
}
finally
{
await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait();
authService.Request.Items[Keywords.DidAuthenticate] = true;
}
return(null);
}
public virtual IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo)
{
var userSession = session as AuthUserSession;
if (userSession != null)
{
LoadUserAuthInfo(userSession, tokens, authInfo);
if (LoadUserAuthFilter != null)
{
LoadUserAuthFilter(userSession, tokens, authInfo);
}
}
var authRepo = authService.TryResolve <IAuthRepository>();
if (authRepo != null)
{
var hasTokens = tokens != null;
if (hasTokens)
{
authInfo.ForEach((x, y) => tokens.Items[x] = y);
}
var failed = ValidateAccount(authService, authRepo, session, tokens);
if (failed != null)
{
return(failed);
}
if (hasTokens)
{
session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens);
}
authRepo.LoadUserAuth(session, tokens);
foreach (var oAuthToken in session.ProviderOAuthAccess)
{
var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider);
if (authProvider == null)
{
continue;
}
var userAuthProvider = authProvider as OAuthProvider;
if (userAuthProvider != null)
{
userAuthProvider.LoadUserOAuthProvider(session, oAuthToken);
}
}
var httpRes = authService.Request.Response as IHttpResponse;
if (httpRes != null)
{
httpRes.Cookies.AddPermanentCookie(HttpHeaders.XUserAuthId, session.UserAuthId);
}
}
try
{
session.IsAuthenticated = true;
session.OnAuthenticated(authService, session, tokens, authInfo);
}
finally
{
authService.SaveSession(session, SessionExpiry);
}
return(null);
}
public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary <string, string> authInfo)
{
session.AuthProvider = Name;
if (session is AuthUserSession userSession)
{
LoadUserAuthInfo(userSession, tokens, authInfo);
HostContext.TryResolve <IAuthMetadataProvider>().SafeAddMetadata(tokens, authInfo);
}
if (session is IAuthSessionExtended authSession)
{
var failed = authSession.Validate(authService, session, tokens, authInfo)
?? AuthEvents.Validate(authService, session, tokens, authInfo);
if (failed != null)
{
authService.RemoveSession();
return(failed);
}
}
var authRepo = HostContext.AppHost.GetAuthRepository(authService.Request);
using (authRepo as IDisposable)
{
if (authRepo != null)
{
if (tokens != null)
{
authInfo.ForEach((x, y) => tokens.Items[x] = y);
session.UserAuthId = authRepo.CreateOrMergeAuthSession(session, tokens).UserAuthId.ToString();
}
foreach (var oAuthToken in session.GetAuthTokens())
{
var authProvider = AuthenticateService.GetAuthProvider(oAuthToken.Provider);
var userAuthProvider = authProvider as OAuthProvider;
userAuthProvider?.LoadUserOAuthProvider(session, oAuthToken);
}
var failed = ValidateAccount(authService, authRepo, session, tokens);
if (failed != null)
{
return(failed);
}
}
}
try
{
session.OnAuthenticated(authService, session, tokens, authInfo);
AuthEvents.OnAuthenticated(authService.Request, session, authService, tokens, authInfo);
}
finally
{
this.SaveSession(authService, session, SessionExpiry);
authService.Request.Items[Keywords.DidAuthenticate] = true;
}
return(null);
}
public virtual bool IsAuthorized(string provider)
{
var tokens = ProviderOAuthAccess.FirstOrDefault(x => x.Provider == provider);
return(AuthenticateService.GetAuthProvider(provider).IsAuthorizedSafe(this, tokens));
}
