public async Task <bool> UpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session, IEnumerable <Claim> claims = null) { logger.ScopeTrace(() => $"Update session, Route '{RouteBinding.Route}'."); var sessionEnabled = SessionEnabled(loginUpParty); var sessionValid = SessionValid(loginUpParty, session); if (sessionEnabled && sessionValid) { AddDownPartyLink(session, newDownPartyLink); session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); if (claims?.Count() > 0) { session.Claims = UpdateClaims(session, claims); } await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime)); logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session)); return(true); } await sessionCookieRepository.DeleteAsync(loginUpParty); logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'."); return(false); }
public async Task CreateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, long authTime, IEnumerable <Claim> claims) { if (SessionEnabled(loginUpParty)) { logger.ScopeTrace(() => $"Create session, Route '{RouteBinding.Route}'."); var session = new SessionLoginUpPartyCookie { Claims = claims.ToClaimAndValues(), }; AddDownPartyLink(session, newDownPartyLink); session.CreateTime = authTime; session.LastUpdated = authTime; await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime)); logger.ScopeTrace(() => $"Session created, User id '{session.UserId}', Session id '{session.SessionId}'.", GetSessionScopeProperties(session)); } }
protected void AddDownPartyLink(SessionBaseCookie session, DownPartySessionLink newDownPartyLink) { if (newDownPartyLink == null || !newDownPartyLink.SupportSingleLogout) { return; } if (session.DownPartyLinks == null) { session.DownPartyLinks = new List <DownPartySessionLink> { newDownPartyLink }; } else { if (!session.DownPartyLinks.Where(d => d.Id == newDownPartyLink.Id).Any()) { session.DownPartyLinks.Add(newDownPartyLink); } } }
public async Task <(SessionLoginUpPartyCookie, User)> GetAndUpdateSessionCheckUserAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink) { logger.ScopeTrace(() => $"Get and update session and check user, Route '{RouteBinding.Route}'."); var session = await sessionCookieRepository.GetAsync(loginUpParty); if (session != null) { var sessionEnabled = SessionEnabled(loginUpParty); var sessionValid = SessionValid(loginUpParty, session); logger.ScopeTrace(() => $"User id '{session.UserId}' session exists, Enabled '{sessionEnabled}', Valid '{sessionValid}', Session id '{session.SessionId}', Route '{RouteBinding.Route}'."); if (sessionEnabled && sessionValid) { var id = await User.IdFormat(new User.IdKey { TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName, Email = session.Email }); var user = await tenantRepository.GetAsync <User>(id, false); if (user != null && !user.DisableAccount) { if (user.UserId != session.UserId) { throw new Exception("Session user id and the Users user id do not match, this should not be able to occur."); } AddDownPartyLink(session, newDownPartyLink); session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime)); logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session)); return(session, user); } } else { await sessionCookieRepository.DeleteAsync(loginUpParty); logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'."); } } else { logger.ScopeTrace(() => "Session do not exists."); } return(null, null); }
public async Task <string> CreateOrUpdateSessionAsync <T>(T upParty, DownPartySessionLink newDownPartyLink, List <Claim> claims, string externalSessionId, string idToken = null) where T : UpParty { logger.ScopeTrace($"Create or update session up-party, Route '{RouteBinding.Route}'."); var sessionClaims = FilterClaims(claims); Action <SessionUpPartyCookie> updateAction = (session) => { sessionClaims.AddClaim(JwtClaimTypes.SessionId, NewSessionId()); session.Claims = sessionClaims.ToClaimAndValues(); session.ExternalSessionId = externalSessionId; session.IdToken = idToken; AddDownPartyLink(session, newDownPartyLink); }; var sessionEnabled = SessionEnabled(upParty); var session = await sessionCookieRepository.GetAsync(); if (session != null) { var sessionValid = SessionValid(upParty, session); logger.ScopeTrace($"User id '{session.UserId}' session up-party exists, Enabled '{sessionEnabled}', Valid '{sessionValid}', Session id '{session.SessionId}', Route '{RouteBinding.Route}'."); if (sessionEnabled && sessionValid) { var userId = sessionClaims.FindFirstValue(c => c.Type == JwtClaimTypes.Subject); if (!session.UserId.IsNullOrEmpty() && session.UserId != userId) { logger.ScopeTrace("Authenticated user and requested user do not match."); // TODO invalid user login throw new NotImplementedException("Authenticated user and requested user do not match."); } if (session.ExternalSessionId != externalSessionId) { try { throw new Exception("External session ID has changed, causing an session update including new session ID."); } catch (Exception ex) { logger.Warning(ex); } updateAction(session); } else { AddDownPartyLink(session, newDownPartyLink); } session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); await sessionCookieRepository.SaveAsync(session, null); logger.ScopeTrace($"Session updated up-party, Session id '{session.SessionId}'.", GetSessionScopeProperties(session)); return(session.SessionId); } if (!sessionEnabled) { await sessionCookieRepository.DeleteAsync(); logger.ScopeTrace($"Session deleted, Session id '{session.SessionId}'."); } } if (sessionEnabled) { logger.ScopeTrace($"Create session up-party, External Session id '{externalSessionId}', Route '{RouteBinding.Route}'."); session = new SessionUpPartyCookie(); updateAction(session); session.LastUpdated = session.CreateTime; await sessionCookieRepository.SaveAsync(session, null); logger.ScopeTrace($"Session up-party created, User id '{session.UserId}', Session id '{session.SessionId}', External Session id '{externalSessionId}'.", GetSessionScopeProperties(session)); return(session.SessionId); } return(null); }
public async Task <IActionResult> LoginResponseUpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session) { if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session)) { return(await loginUpLogic.LoginResponseAsync(session.Claims.ToClaimList())); } else { throw new InvalidOperationException("Session do not exist or can not be updated."); } }
public async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, IEnumerable <string> authMethods, IEnumerable <Claim> acrClaims = null, SessionLoginUpPartyCookie session = null) { var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); List <Claim> claims = null; if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session, acrClaims)) { claims = session.Claims.ToClaimList(); } else { var sessionId = RandomGenerator.Generate(24); claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId, acrClaims); await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims); } return(await loginUpLogic.LoginResponseAsync(claims)); }
private async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, SessionLoginUpPartyCookie session = null) { var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); var authMethods = new List <string>(); authMethods.Add(IdentityConstants.AuthenticationMethodReferenceValues.Pwd); List <Claim> claims = null; if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session)) { claims = session.Claims.ToClaimList(); } else { var sessionId = RandomGenerator.Generate(24); claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId); await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims); } return(await loginUpLogic.LoginResponseAsync(claims)); }
public async Task <(bool, SingleLogoutSequenceData)> InitializeSingleLogoutAsync(UpPartyLink upPartyLink, DownPartySessionLink initiatingDownParty, IEnumerable <DownPartySessionLink> downPartyLinks, IEnumerable <ClaimAndValues> claims, IEnumerable <string> allowIframeOnDomains = null, bool hostedInIframe = false) { logger.ScopeTrace(() => "Initialize single logout."); downPartyLinks = downPartyLinks?.Where(p => p.SupportSingleLogout && (initiatingDownParty == null || p.Id != initiatingDownParty.Id)); if (!(downPartyLinks?.Count() > 0) || !(claims?.Count() > 0)) { return(false, null); } var sequenceData = new SingleLogoutSequenceData { UpPartyName = upPartyLink.Name, UpPartyType = upPartyLink.Type, DownPartyLinks = downPartyLinks, HostedInIframe = hostedInIframe, AllowIframeOnDomains = allowIframeOnDomains }; if (downPartyLinks.Where(p => p.Type == PartyTypes.Saml2).Any()) { sequenceData.Claims = claims; } else { sequenceData.Claims = claims.Where(c => c.Claim == JwtClaimTypes.SessionId); } await sequenceLogic.SaveSequenceDataAsync(sequenceData); return(true, sequenceData); }