public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
Client client;
var newSessionToken = CreateSessionToken(context.OwinContext, context.Ticket, out client);
if (object.Equals(newSessionToken, null))
{
return;
}
var scope = context.OwinContext.Get <string[]>("scope");
var sessionToken = context.OwinContext.Get <SessionToken>("sessionToken");
context.Ticket.Properties.IssuedUtc = newSessionToken.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = newSessionToken.ExpiresUtc;
newSessionToken.Scope = SaaSScopeWorkerFactory.ScopeToString(scope);
newSessionToken.ProtectedTicket = AccessTokenFormat.Protect(context.Ticket);
Guid?oldSessionId = null;
if (!object.Equals(sessionToken, null)) //come from grant_refresh
{
oldSessionId = sessionToken.Id;
newSessionToken.ClientVersion = sessionToken.ClientVersion;
newSessionToken.AccountProductId = sessionToken.AccountProductId;
newSessionToken.ExternalClient = sessionToken.ExternalClient;
newSessionToken.InstallationID = sessionToken.InstallationID;
}
using (var auth = new AuthRepository())
{
try
{
var scopeWorker = SaaSScopeWorkerFactory.Create(scope, auth);
await scopeWorker.SessionTokenInsertAsync(newSessionToken, oldSessionId);
context.SetToken(newSessionToken.Id.ToString("N"));
}
catch (Exception exc)
{
var builder = new StringBuilder();
builder.AppendLine(exc.Message);
builder.AppendLine($"Old session token Id: '{oldSessionId}'");
builder.AppendLine($"Client: '{client.Name}'");
builder.AppendLine($"Client version: '{newSessionToken.ClientVersion}'");
_oauthRefreshTokenLogger.Error(exc, builder.ToString());
}
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
Account user = null;
using (var auth = new AuthRepository())
{
using (var authProduct = new AuthProductRepository())
{
user = await GrantLocalUser(context, auth);
if (object.Equals(user, null))
{
return;
}
await auth.AccountNeverLoginSetAsync(user);
await auth.AccountVisitorIdSetAsync(user, context.OwinContext.Get <Guid?>("visitorId"));
var client = context.OwinContext.Get <Client>("client");
var externalClient = context.OwinContext.Get <ExternalClient?>("externalClient");
var scope = context.OwinContext.Get <string[]>("scope");
var scopeWorker = SaaSScopeWorkerFactory.Create(scope, context, auth, authProduct);
if (!await scopeWorker.ValidateDeviceAsync(user))
{
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
var properties = new Dictionary <string, string> {
{ "session", Guid.NewGuid().ToString("N") }
};
if (externalClient.HasValue)
{
properties["externalClient"] = OauthManager.GetExternalClientName(externalClient.Value);
}
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id);
identity.AddClaims(user, client);
context.OwinContext.Set("user", user);
context.Validated(new AuthenticationTicket(identity, new AuthenticationProperties(properties)));
}
}
}
public override async Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var identity = new ClaimsIdentity(context.Ticket.Identity);
var properties = context.Ticket.Properties.Dictionary;
var client = context.OwinContext.Get <Client>("client");
var sessionToken = context.OwinContext.Get <SessionToken>("sessionToken");
properties["session"] = Guid.NewGuid().ToString("N");
if (!string.IsNullOrEmpty(sessionToken.ExternalClientName))
{
properties["externalClient"] = sessionToken.ExternalClientName;
}
string[] scope = context.OwinContext.Get <string[]>("scope");
var accountId = Guid.Parse(identity.GetUserId());
using (var auth = new AuthRepository())
{
using (var authProduct = new AuthProductRepository())
{
var account = await auth.AccountGetAsync(accountId);
if (object.Equals(account, null))
{
return;
}
context.OwinContext.Set("user", account);
identity.TryRemoveClaim("module");
identity.AddClaims(account, client);
var scopeWorker = SaaSScopeWorkerFactory.Create(scope, context, auth, authProduct);
await scopeWorker.GrantClaims(identity);
}
}
context.Validated(new AuthenticationTicket(identity, context.Ticket.Properties));
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
Guid sessionTokenId;
if (!Guid.TryParseExact(context.Token, "N", out sessionTokenId))
{
return;
}
var sessionToken = await GetSessionToken(context.OwinContext, sessionTokenId);
if (object.Equals(sessionToken, null))
{
context.Response.Headers.Add("Refresh-Token-Expired", new[] { string.Format("token: {0}", sessionTokenId.ToString("N")) });
context.Response.Headers.Add("Access-Control-Expose-Headers", new[] { "Refresh-Token-Expired" });
return;
}
//TODO external provider password verification
context.OwinContext.Set("scope", SaaSScopeWorkerFactory.StringToScope(sessionToken.Scope));
context.OwinContext.Set("systemId", sessionToken.SystemId);
context.OwinContext.Set("sessionToken", sessionToken);
//context.DeserializeTicket(token.ProtectedTicket);
var ticket = AccessTokenFormat.Unprotect(sessionToken.ProtectedTicket);
var issued = DateTime.UtcNow;
var expires = issued.Add(Startup.OAuthServerOptions.AccessTokenExpireTimeSpan);
ticket.Properties.IssuedUtc = issued;
ticket.Properties.ExpiresUtc = expires;
context.SetTicket(ticket);
}
