private bool ValidSessionUpAgainstSequence(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session, bool requereMfa = false)
{
if (session == null)
{
return(false);
}
if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value)
{
logger.ScopeTrace(() => $"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'.");
return(false);
}
if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase))
{
logger.ScopeTrace(() => "Session user and requested user do not match.");
return(false);
}
if (requereMfa && !(session.Claims?.Where(c => c.Claim == JwtClaimTypes.Amr && c.Values.Where(v => v == IdentityConstants.AuthenticationMethodReferenceValues.Mfa).Any())?.Count() > 0))
{
logger.ScopeTrace(() => "Session does not meet the MFA requirement.");
return(false);
}
return(true);
}
private IEnumerable <ClaimAndValues> UpdateClaims(SessionLoginUpPartyCookie session, IEnumerable <Claim> claims)
{
var sessionClaims = new List <ClaimAndValues>(session.Claims);
var addClaims = claims.ToClaimAndValues();
foreach (var addClaim in addClaims)
{
var claim = sessionClaims.Where(c => c.Claim == addClaim.Claim).FirstOrDefault();
if (claim == null)
{
sessionClaims.Add(addClaim);
}
else
{
foreach (var addValue in addClaim.Values)
{
if (!claim.Values.Where(v => v == addValue).Any())
{
claim.Values.Add(addValue);
}
}
}
}
return(sessionClaims);
}
public async Task CreateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, long authTime, IEnumerable <Claim> claims)
{
if (SessionEnabled(loginUpParty))
{
logger.ScopeTrace(() => $"Create session, Route '{RouteBinding.Route}'.");
var session = new SessionLoginUpPartyCookie
{
Claims = claims.ToClaimAndValues(),
};
AddDownPartyLink(session, newDownPartyLink);
session.CreateTime = authTime;
session.LastUpdated = authTime;
await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));
logger.ScopeTrace(() => $"Session created, User id '{session.UserId}', Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
}
}
private bool ValidSession(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session)
{
if (session == null)
{
return(false);
}
if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value)
{
logger.ScopeTrace($"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'.");
return(false);
}
if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase))
{
logger.ScopeTrace("Session user and requested user do not match.");
return(false);
}
return(true);
}
public async Task <bool> UpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session, IEnumerable <Claim> claims = null)
{
logger.ScopeTrace(() => $"Update session, Route '{RouteBinding.Route}'.");
var sessionEnabled = SessionEnabled(loginUpParty);
var sessionValid = SessionValid(loginUpParty, session);
if (sessionEnabled && sessionValid)
{
AddDownPartyLink(session, newDownPartyLink);
session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
if (claims?.Count() > 0)
{
session.Claims = UpdateClaims(session, claims);
}
await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime));
logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session));
return(true);
}
await sessionCookieRepository.DeleteAsync(loginUpParty);
logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'.");
return(false);
}
public async Task <IActionResult> LoginResponseUpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session)
{
if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session))
{
return(await loginUpLogic.LoginResponseAsync(session.Claims.ToClaimList()));
}
else
{
throw new InvalidOperationException("Session do not exist or can not be updated.");
}
}
public async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, IEnumerable <string> authMethods, IEnumerable <Claim> acrClaims = null, SessionLoginUpPartyCookie session = null)
{
var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
List <Claim> claims = null;
if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session, acrClaims))
{
claims = session.Claims.ToClaimList();
}
else
{
var sessionId = RandomGenerator.Generate(24);
claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId, acrClaims);
await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims);
}
return(await loginUpLogic.LoginResponseAsync(claims));
}
private async Task <IActionResult> LogoutResponse(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData, LogoutChoice logoutChoice, SessionLoginUpPartyCookie session = null)
{
if (logoutChoice == LogoutChoice.Logout)
{
await oauthRefreshTokenGrantLogic.DeleteRefreshTokenGrantsAsync(sequenceData.SessionId);
if (loginUpParty.DisableSingleLogout)
{
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
return(await LogoutDoneAsync(loginUpParty, sequenceData));
}
else
{
(var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = loginUpParty.Name, Type = loginUpParty.Type }, sequenceData.DownPartyLink, session?.DownPartyLinks, session?.Claims);
if (doSingleLogout)
{
return(await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData));
}
else
{
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
return(await LogoutDoneAsync(loginUpParty, sequenceData));
}
}
}
else if (logoutChoice == LogoutChoice.KeepMeLoggedIn)
{
await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>();
if (sequenceData.PostLogoutRedirect)
{
return(await logoutUpLogic.LogoutResponseAsync(sequenceData));
}
else
{
logger.ScopeTrace("Show logged in dialog.");
return(View("LoggedIn", new LoggedInViewModel {
CssStyle = loginUpParty.CssStyle
}));
}
}
else
{
throw new NotImplementedException();
}
}
private async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, SessionLoginUpPartyCookie session = null)
{
var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
var authMethods = new List <string>();
authMethods.Add(IdentityConstants.AuthenticationMethodReferenceValues.Pwd);
List <Claim> claims = null;
if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session))
{
claims = session.Claims.ToClaimList();
}
else
{
var sessionId = RandomGenerator.Generate(24);
claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId);
await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims);
}
return(await loginUpLogic.LoginResponseAsync(claims));
}
