Пример #1
0
        public async Task Validate(string sourceClass, string sourceMethod)
        {
            // Check if JWT token exists in session, if not redirect to login page
            if (string.IsNullOrEmpty(_httpContextAccessor.HttpContext.Session.GetString("_JwtToken")))
            {
                throw new TokenException("You are not logged in", sourceClass, sourceMethod, "401");
            }

            // JWT exist in session, check if expired
            if (Convert.ToDateTime(_httpContextAccessor.HttpContext.Session.GetString("_JwtExpiresOn")) < DateTime.UtcNow)
            {
                // Unnecesary because check is done at back-end but this client-side check saves an API call
                // Check if refresh token is expired
                // If expired the user needs to authenticate with credentials
                if (Convert.ToDateTime(_httpContextAccessor.HttpContext.Session.GetString("_RtExpiresOn")) < DateTime.UtcNow)
                {
                    throw new TokenException("Your session has expired", sourceClass, sourceMethod, "401");
                }

                // If not expired a request to /api/Users/refresh-token is required to get a new set of tokens
                PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.RefreshToken();

                // Update the session data with the new set of tokens
                _stateManagementService.SetState(postAuthenticateResponseModel);
            }
        }
        [ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
        public async Task <IActionResult> Index(PostUserModel postUserModel, string rememberMe)
        {
            if (postUserModel.Password != postUserModel.ConfirmPassword)
            {
                ModelState.AddModelError("ConfirmPassword", _localizer["Passwords are not the same"]);
            }

            if (ModelState.IsValid)
            {
                try
                {
                    if (postUserModel.Roles == null)
                    {
                        postUserModel.Roles = new List <String>
                        {
                            "Guest"
                        };
                    }
                    else if (postUserModel.Roles.Count == 0)
                    {
                        postUserModel.Roles.Add("Guest");
                    }
                    // Send an API request to create the new user
                    GetUserModel getUserModel = await _moviemindAPIService.PostModel <PostUserModel, GetUserModel>(postUserModel, "users");

                    // When the user was successfully created send an API request to authenticate the new user
                    PostAuthenticateRequestModel postAuthenticateRequestModel = new PostAuthenticateRequestModel
                    {
                        UserName = postUserModel.UserName,
                        Password = postUserModel.Password,
                    };

                    PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel);

                    _stateManagementService.SetState(postAuthenticateResponseModel);

                    // Redirect to the home page
                    return(RedirectToRoute(new { action = "Index", controller = "Home" }));
                }
                catch (MovieMindException e)
                {
                    TempData["ApiError"] = e.Message;
                }
            }

            return(View(postUserModel));
        }
        public async Task InvokeAsync(HttpContext context, MoviemindAPIService movieMindAPIService, IStateManagementService stateManagementService)
        {
            // Token validation is not required for authentication and registration
            if (!context.Request.Path.Value.Contains("Registration") && !context.Request.Path.Value.Contains("Authentication"))
            {
                // Check if JWT token exists in session, if not redirect to login page
                if (string.IsNullOrEmpty(context.Session.GetString("_JwtToken")))
                {
                    context.Response.Redirect("/Authentication");
                    return;
                }
                else
                {
                    var expiresOn = Convert.ToDateTime(context.Session.GetString("_JwtExpiresOn"));
                    // JWT exist in session, check if expired
                    if (expiresOn < DateTime.UtcNow)
                    {
                        // Unnecesary because check is done at back-end but this client-side check saves an API call
                        // Check if refresh token is expired
                        // If expired the user needs to authenticate with credentials
                        var rtexpireson = Convert.ToDateTime(context.Session.GetString("_RtExpiresOn"));
                        if (rtexpireson < DateTime.UtcNow)
                        {
                            context.Session.SetString("SessionExpired", "Your session is expired");
                            context.Response.Redirect("/Authentication");
                            return;

                            //throw new TokenException("Uw sessie is verlopen", "TokenValidationMiddleware", "InvokeAsync", "401");
                        }
                        else
                        {
                            // If not expired a request to /api/Users/refresh-token is required to get a new set of tokens
                            PostAuthenticateResponseModel postAuthenticateResponseModel = await movieMindAPIService.RefreshToken();

                            // Update the session data with the new set of tokens
                            stateManagementService.SetState(postAuthenticateResponseModel);
                        }
                    }
                }
            }

            // Call the next delegate/middleware in the pipeline
            await _next(context);
        }
Пример #4
0
        [ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
        public async Task <IActionResult> Index(PostAuthenticateRequestModel postAuthenticateRequestModel)
        {
            if (ModelState.IsValid)
            {
                try
                {
                    // Send an API request to authenticate the new user
                    PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel);

                    _stateManagementService.SetState(postAuthenticateResponseModel);

                    // Redirect to the home page
                    return(RedirectToRoute(new { action = "Index", controller = "Home" }));
                }
                catch (MovieMindException e)
                {
                    TempData["ApiError"] = e.Message;
                }
            }

            return(View(postAuthenticateRequestModel));
        }