/// <summary>
/// The MapRequestJwtPayloadToSsoJwtPayload method.
/// Maps the information inside a SSO JWT payload to the SsoJwtPayload model.
/// <para>
/// @author: Jennifer Nguyen
/// @updated: 04/09/2018
/// </para>
/// </summary>
/// <param name="payload"></param>
/// <returns>ResponseDto with a SsoTokenPayload</returns>
public ResponseDto <SsoTokenPayloadDto> MapRequestJwtPayloadToSsoJwtPayload()
{
// Convert string token to Json Web Security Token (JwtSecurityToken)
var jwt = _tokenService.GetJwtSecurityToken(_ssoToken.Token);
// Extract payload from JwtSecurityToken
var payload = jwt.Payload;
var ssoTokenPayloadDto = new SsoTokenPayloadDto();
// Mapping required information in the payload to a data transfer object
foreach (var keyValuePair in payload)
{
switch (keyValuePair.Key)
{
case SsoTokenPayloadKeys.USERNAME:
ssoTokenPayloadDto.Username = keyValuePair.Value.ToString();
break;
case SsoTokenPayloadKeys.PASSWORD:
ssoTokenPayloadDto.Password = keyValuePair.Value.ToString();
break;
case SsoTokenPayloadKeys.ROLE_TYPE:
ssoTokenPayloadDto.RoleType = keyValuePair.Value.ToString().ToLower();
break;
case SsoTokenPayloadKeys.APPLICATION:
ssoTokenPayloadDto.Application = keyValuePair.Value.ToString().ToLower();
break;
case SsoTokenPayloadKeys.IAT:
ssoTokenPayloadDto.IssuedAt = keyValuePair.Value.ToString();
break;
default:
// If there are extra keys in payload, then the token is invalid
return(new ResponseDto <SsoTokenPayloadDto>()
{
Data = null,
Error = SsoErrorMessages.INVALID_TOKEN_PAYLOAD
});
}
}
return(new ResponseDto <SsoTokenPayloadDto>()
{
Data = ssoTokenPayloadDto
});
}
public void Should_FailValidation_When_PasswordIsNull()
{
// Arrange
var ssoTokenPayload = new SsoTokenPayloadDto()
{
Username = "******",
Password = null,
Application = "getusgrub",
RoleType = "public",
IssuedAt = "123980213"
};
// Act
var result = _ssoTokenPayloadDtoValidator.Validate(ssoTokenPayload, ruleSet: "SsoRegistration");
var isValid = result.IsValid;
// Assert
isValid.Should().Be(false);
}
/// <summary>
/// Validates whether the payload's credentials are valid.
/// <para>
/// @author: Brian Fann
/// @updated: 4/24/18
/// </para>
/// </summary>
/// <param name="payload">Payload of token</param>
/// <returns>True if credentials are valid, false otherwise</returns>
private ResponseDto <bool> ValidateCredentials(SsoTokenPayloadDto payload)
{
// Validate username and password
var loginDto = new LoginDto(payload.Username, payload.Password);
var accountValidationStrategy = new LoginPreLogicValidationStrategy(loginDto);
var accountResult = accountValidationStrategy.ExecuteStrategy();
if (!accountResult.Data)
{
StoreInvalidToken();
return(new ResponseDto <bool>()
{
Data = false,
Error = accountResult.Error
});
}
using (var gateway = new AuthenticationGateway())
{
var userAccountResult = gateway.GetUserAccount(payload.Username);
if (userAccountResult.Error != null)
{
return(new ResponseDto <bool>()
{
Data = false,
Error = userAccountResult.Error
});
}
var userAccount = userAccountResult.Data;
var saltResult = gateway.GetUserPasswordSalt(userAccount.Id);
// Check if salt exists
if (saltResult.Error != null)
{
return(new ResponseDto <bool>()
{
Data = false,
Error = saltResult.Error
});
}
// Hash the password and compare it against the database
var hashedPassword = new PayloadHasher().Sha256HashWithSalt(saltResult.Data.Salt, payload.Password);
var isPasswordMatching = hashedPassword == userAccount.Password;
if (!isPasswordMatching)
{
return(new ResponseDto <bool>()
{
Data = false,
Error = AuthenticationErrorMessages.USERNAME_PASSWORD_ERROR
});
}
}
// Credentials are valid at this point
return(new ResponseDto <bool>()
{
Data = true
});
}
