public List <Claim> GenerateAccessClaims(tbl_Issuer issuer, tbl_Audience audience) { var expire = _context.Set <tbl_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null && x.ConfigKey == SettingsConstants.AccessExpire).Single(); var claims = new List <Claim>(); //add lowest common denominators... claims.Add(new Claim(ClaimTypes.NameIdentifier, audience.Id.ToString())); var roles = _context.Set <tbl_Role>() .Where(x => x.tbl_AudienceRoles.Any(y => y.AudienceId == audience.Id)).ToList(); foreach (var role in roles.OrderBy(x => x.Name)) { claims.Add(new Claim(ClaimTypes.Role, role.Name)); } //nonce to enhance entropy claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String)); //not before timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); //issued at timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); //expire on timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); return(claims); }
public IActionResult GetV1([FromRoute] string issuerValue) { Guid issuerID; LambdaExpression expr = null; tbl_Issuer issuer = null; if (Guid.TryParse(issuerValue, out issuerID)) { expr = QueryExpressionFactory.GetQueryExpression <tbl_Issuer>() .Where(x => x.Id == issuerID).ToLambda(); } else { expr = QueryExpressionFactory.GetQueryExpression <tbl_Issuer>() .Where(x => x.Name == issuerValue).ToLambda(); } issuer = uow.Issuers.Get(expr, new List <Expression <Func <tbl_Issuer, object> > >() { x => x.tbl_Audiences, x => x.tbl_Claims, }) .SingleOrDefault(); if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{issuerValue}"); return(NotFound(ModelState)); } return(Ok(map.Map <IssuerV1>(issuer))); }
public List<Claim> GenerateRefreshClaims(tbl_Issuer issuer, tbl_User user) { var expire = _context.Set<tbl_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null && x.ConfigKey == SettingsConstants.RefreshExpire).Single(); var claims = new List<Claim>(); //add lowest common denominators... claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())); //nonce to enhance entropy claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String)); //not before timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); //issued at timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); //expire on timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); return claims; }
public List<Claim> GenerateAccessClaims(tbl_Issuer issuer, tbl_User user) { var expire = _context.Set<tbl_Setting>().Where(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null && x.ConfigKey == SettingsConstants.AccessExpire).Single(); var legacyClaims = _context.Set<tbl_Setting>().Where(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null && x.ConfigKey == SettingsConstants.GlobalLegacyClaims).Single(); var claims = new List<Claim>(); //add lowest common denominators... claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())); if (!string.IsNullOrEmpty(user.EmailAddress)) claims.Add(new Claim(ClaimTypes.Email, user.EmailAddress)); if (!string.IsNullOrEmpty(user.PhoneNumber)) claims.Add(new Claim(ClaimTypes.MobilePhone, user.PhoneNumber)); claims.Add(new Claim(ClaimTypes.GivenName, user.FirstName)); claims.Add(new Claim(ClaimTypes.Surname, user.LastName)); var userRoles = _context.Set<tbl_Role>() .Where(x => x.tbl_UserRoles.Any(y => y.UserId == user.Id)).ToList(); foreach (var role in userRoles.OrderBy(x => x.Name)) { claims.Add(new Claim(ClaimTypes.Role, role.Name)); //check compatibility is enabled. pack claim(s) with old name and new name. if (bool.Parse(legacyClaims.ConfigValue)) claims.Add(new Claim("role", role.Name, ClaimTypes.Role)); } var userClaims = _context.Set<tbl_Claim>() .Where(x => x.tbl_UserClaims.Any(y => y.UserId == user.Id)).ToList(); foreach (var claim in userClaims.OrderBy(x => x.Type)) claims.Add(new Claim(claim.Type, claim.Value, claim.ValueType)); //nonce to enhance entropy claims.Add(new Claim(JwtRegisteredClaimNames.Nonce, AlphaNumeric.CreateString(8), ClaimValueTypes.String)); //not before timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); //issued at timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(Clock.UtcDateTime).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); //expire on timestamp claims.Add(new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(Clock.UtcDateTime).AddSeconds(uint.Parse(expire.ConfigValue)).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); return claims; }
public void CreateIssuers() { /* * create test issuers */ foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>() .Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda()) .SingleOrDefault(); if (foundIssuer == null) { foundIssuer = _uow.Issuers.Create( _map.Map <tbl_Issuer>(new IssuerV1() { Name = TestDefaultConstants.IssuerName, IssuerKey = TestDefaultConstants.IssuerKey, IsEnabled = true, IsDeletable = true, })); _uow.Commit(); } }
public void CreateIssuers() { /* * create test issuers */ foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>() .Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda()) .SingleOrDefault(); if (foundIssuer == null) { foundIssuer = _uow.Issuers.Create( _map.Map <tbl_Issuer>(new IssuerV1() { Name = TestDefaultConstants.IssuerName, IssuerKey = TestDefaultConstants.IssuerKey, IsEnabled = true, IsDeletable = true, })); _uow.Commit(); } var foundAccessExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.AccessExpire).ToLambda()) .SingleOrDefault(); if (foundAccessExpire == null) { _uow.Settings.Create( _map.Map <tbl_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.AccessExpire, ConfigValue = 600.ToString(), IsDeletable = true, })); _uow.Commit(); } var foundRefreshExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.RefreshExpire).ToLambda()) .SingleOrDefault(); if (foundRefreshExpire == null) { _uow.Settings.Create( _map.Map <tbl_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.RefreshExpire, ConfigValue = 86400.ToString(), IsDeletable = true, })); _uow.Commit(); } var foundTotpExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.TotpExpire).ToLambda()) .SingleOrDefault(); if (foundTotpExpire == null) { _uow.Settings.Create( _map.Map <tbl_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.TotpExpire, ConfigValue = 600.ToString(), IsDeletable = true, })); _uow.Commit(); } var foundPollingMax = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.PollingMax).ToLambda()) .SingleOrDefault(); if (foundPollingMax == null) { _uow.Settings.Create( _map.Map <tbl_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.PollingMax, ConfigValue = 10.ToString(), IsDeletable = true, })); _uow.Commit(); } }