private bool ValidSessionUpAgainstSequence(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session, bool requereMfa = false) { if (session == null) { return(false); } if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value) { logger.ScopeTrace(() => $"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'."); return(false); } if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase)) { logger.ScopeTrace(() => "Session user and requested user do not match."); return(false); } if (requereMfa && !(session.Claims?.Where(c => c.Claim == JwtClaimTypes.Amr && c.Values.Where(v => v == IdentityConstants.AuthenticationMethodReferenceValues.Mfa).Any())?.Count() > 0)) { logger.ScopeTrace(() => "Session does not meet the MFA requirement."); return(false); } return(true); }
private IEnumerable <ClaimAndValues> UpdateClaims(SessionLoginUpPartyCookie session, IEnumerable <Claim> claims) { var sessionClaims = new List <ClaimAndValues>(session.Claims); var addClaims = claims.ToClaimAndValues(); foreach (var addClaim in addClaims) { var claim = sessionClaims.Where(c => c.Claim == addClaim.Claim).FirstOrDefault(); if (claim == null) { sessionClaims.Add(addClaim); } else { foreach (var addValue in addClaim.Values) { if (!claim.Values.Where(v => v == addValue).Any()) { claim.Values.Add(addValue); } } } } return(sessionClaims); }
public async Task CreateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, long authTime, IEnumerable <Claim> claims) { if (SessionEnabled(loginUpParty)) { logger.ScopeTrace(() => $"Create session, Route '{RouteBinding.Route}'."); var session = new SessionLoginUpPartyCookie { Claims = claims.ToClaimAndValues(), }; AddDownPartyLink(session, newDownPartyLink); session.CreateTime = authTime; session.LastUpdated = authTime; await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime)); logger.ScopeTrace(() => $"Session created, User id '{session.UserId}', Session id '{session.SessionId}'.", GetSessionScopeProperties(session)); } }
private bool ValidSession(LoginUpSequenceData sequenceData, SessionLoginUpPartyCookie session) { if (session == null) { return(false); } if (sequenceData.MaxAge.HasValue && DateTimeOffset.UtcNow.ToUnixTimeSeconds() - session.CreateTime > sequenceData.MaxAge.Value) { logger.ScopeTrace($"Session max age not accepted, Max age '{sequenceData.MaxAge}', Session created '{session.CreateTime}'."); return(false); } if (!sequenceData.UserId.IsNullOrWhiteSpace() && !session.UserId.Equals(sequenceData.UserId, StringComparison.OrdinalIgnoreCase)) { logger.ScopeTrace("Session user and requested user do not match."); return(false); } return(true); }
public async Task <bool> UpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session, IEnumerable <Claim> claims = null) { logger.ScopeTrace(() => $"Update session, Route '{RouteBinding.Route}'."); var sessionEnabled = SessionEnabled(loginUpParty); var sessionValid = SessionValid(loginUpParty, session); if (sessionEnabled && sessionValid) { AddDownPartyLink(session, newDownPartyLink); session.LastUpdated = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); if (claims?.Count() > 0) { session.Claims = UpdateClaims(session, claims); } await sessionCookieRepository.SaveAsync(loginUpParty, session, GetPersistentCookieExpires(loginUpParty, session.CreateTime)); logger.ScopeTrace(() => $"Session updated, Session id '{session.SessionId}'.", GetSessionScopeProperties(session)); return(true); } await sessionCookieRepository.DeleteAsync(loginUpParty); logger.ScopeTrace(() => $"Session deleted, Session id '{session.SessionId}'."); return(false); }
public async Task <IActionResult> LoginResponseUpdateSessionAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, SessionLoginUpPartyCookie session) { if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session)) { return(await loginUpLogic.LoginResponseAsync(session.Claims.ToClaimList())); } else { throw new InvalidOperationException("Session do not exist or can not be updated."); } }
public async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, IEnumerable <string> authMethods, IEnumerable <Claim> acrClaims = null, SessionLoginUpPartyCookie session = null) { var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); List <Claim> claims = null; if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session, acrClaims)) { claims = session.Claims.ToClaimList(); } else { var sessionId = RandomGenerator.Generate(24); claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId, acrClaims); await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims); } return(await loginUpLogic.LoginResponseAsync(claims)); }
private async Task <IActionResult> LogoutResponse(LoginUpParty loginUpParty, LoginUpSequenceData sequenceData, LogoutChoice logoutChoice, SessionLoginUpPartyCookie session = null) { if (logoutChoice == LogoutChoice.Logout) { await oauthRefreshTokenGrantLogic.DeleteRefreshTokenGrantsAsync(sequenceData.SessionId); if (loginUpParty.DisableSingleLogout) { await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); return(await LogoutDoneAsync(loginUpParty, sequenceData)); } else { (var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = loginUpParty.Name, Type = loginUpParty.Type }, sequenceData.DownPartyLink, session?.DownPartyLinks, session?.Claims); if (doSingleLogout) { return(await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData)); } else { await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); return(await LogoutDoneAsync(loginUpParty, sequenceData)); } } } else if (logoutChoice == LogoutChoice.KeepMeLoggedIn) { await sequenceLogic.RemoveSequenceDataAsync <LoginUpSequenceData>(); if (sequenceData.PostLogoutRedirect) { return(await logoutUpLogic.LogoutResponseAsync(sequenceData)); } else { logger.ScopeTrace("Show logged in dialog."); return(View("LoggedIn", new LoggedInViewModel { CssStyle = loginUpParty.CssStyle })); } } else { throw new NotImplementedException(); } }
private async Task <IActionResult> LoginResponseAsync(LoginUpParty loginUpParty, DownPartySessionLink newDownPartyLink, User user, SessionLoginUpPartyCookie session = null) { var authTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); var authMethods = new List <string>(); authMethods.Add(IdentityConstants.AuthenticationMethodReferenceValues.Pwd); List <Claim> claims = null; if (session != null && await sessionLogic.UpdateSessionAsync(loginUpParty, newDownPartyLink, session)) { claims = session.Claims.ToClaimList(); } else { var sessionId = RandomGenerator.Generate(24); claims = await GetClaimsAsync(loginUpParty, user, authTime, authMethods, sessionId); await sessionLogic.CreateSessionAsync(loginUpParty, newDownPartyLink, authTime, claims); } return(await loginUpLogic.LoginResponseAsync(claims)); }