public async Task <GetAccessTokenResponse> Handle(ValidateCredentialsAndCreateAccessTokenRequest request, CancellationToken cancellationToken) { var credentialBytes = Convert.FromBase64String(request.Credentials); var credentials = Encoding.UTF8.GetString(credentialBytes).Split(':', 2); if (credentials.Length != 2) { _logger.LogInformation($"Invalid auth header [{request.Credentials}] - expected 'Basic appkey:appsecret'"); return(null); } var apiClient = await _apiClientRepository.GetAsync(credentials[0]); if (apiClient == null) { _logger.LogInformation($"Could not find api client for appkey [{credentials[0]}]"); return(null); } if (SaltHashHelper.CreateHash(credentials[1], apiClient.AppSecretSalt) != apiClient.AppSecretHash) { _logger.LogInformation($"Invalid login attempt"); return(null); } var userAccountApiAccess = await _userAccountApiAccessRepository.GetByRefreshTokenAsync(request.RefreshToken); if (userAccountApiAccess == null) { _logger.LogInformation($"Unknown refresh token: {request.RefreshToken}"); return(null); } if (userAccountApiAccess.RevokedDateTime != null) { _logger.LogInformation($"API Access has been revoked"); return(new GetAccessTokenResponse("user_revoked", null)); } var tokenData = GuidString.NewGuidString(); var tokenExpiry = DateTime.UtcNow.AddMinutes(30); await _userAccountTokenRepository.CreateAsync(userAccountApiAccess, tokenData, tokenExpiry); var tokenOptions = _configuration.GetSection("SmallListerApiJwt"); var signingKey = tokenOptions.GetValue("SigningKey", ""); var issuer = tokenOptions.GetValue("Issuer", ""); var audience = tokenOptions.GetValue("Audience", ""); var tokenHandler = new JwtSecurityTokenHandler(); var securityTokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, tokenData) }), Audience = audience, Issuer = issuer, Expires = tokenExpiry, SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(signingKey)), SecurityAlgorithms.HmacSha256Signature) }; return(new GetAccessTokenResponse(null, tokenHandler.WriteToken(tokenHandler.CreateToken(securityTokenDescriptor)))); }
public async Task <Unit> Handle(CreateFeedRequest request, CancellationToken cancellationToken) { var user = await _userAccountRepository.GetUserAccountAsync(request.User); await _userFeedRepository.CreateAsync(user, GuidString.NewGuidString(), request.Model.Type ?? UserFeedType.Due, request.Model.Display ?? UserFeedItemDisplay.None); return(Unit.Value); }
public async Task <CreateExternalClientResponse> Handle(CreateExternalClientRequest request, CancellationToken cancellationToken) { var user = await _userAccountRepository.GetUserAccountAsync(request.User); var appKey = GuidString.NewGuidString(); var appSecret = GuidString.NewGuidString(); var(appSecretSalt, appSecretHash) = SaltHashHelper.CreateHash(appSecret); await _apiClientRepository.CreateAsync(request.Model.Name, request.Model.Uri, appKey, appSecretHash, appSecretSalt, user); return(new CreateExternalClientResponse(request.Model.Name, request.Model.Uri, appKey, appSecret)); }
public async Task <string> Handle(ApiAuthorizeRequest request, CancellationToken cancellationToken) { if (!Uri.TryCreate(request.Model.RedirectUri, UriKind.Absolute, out var redirectUri)) { return(null); } if (!request.Model.AllowApiAuth) { return(GetRedirectUri("errorCode=user_declined")); } var apiClient = await _apiClientRepository.GetAsync(request.Model.AppKey); if (apiClient == null) { _logger.LogInformation($"Cannot find api client {request.Model.AppKey} with redirect uri {request.Model.RedirectUri}"); return(null); } if (apiClient.RedirectUri != request.Model.RedirectUri) { _logger.LogInformation($"Api client {apiClient.AppKey} redirect uri {apiClient.RedirectUri} does not match request {request.Model.RedirectUri}"); return(null); } if (!apiClient.IsEnabled) { _logger.LogInformation($"Api client {apiClient.AppKey} is not enabled"); return(null); } var refreshToken = GuidString.NewGuidString(); await _userAccountApiAccessRepository.Create(apiClient, await _userAccountRepository.GetUserAccountAsync(request.User), refreshToken); return(GetRedirectUri($"refreshToken={refreshToken}")); string GetRedirectUri(string returnInfo) => $"{redirectUri}{(string.IsNullOrEmpty(redirectUri.Query) ? "?" : "&")}{returnInfo}"; }