public object Any(ConvertSessionToToken request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
if (Request.ResponseContentType.MatchesContentType(MimeTypes.Html))
{
Request.ResponseContentType = MimeTypes.Json;
}
var token = Request.GetJwtToken();
IAuthSession session = null;
var includeTokensInResponse = jwtAuthProvider.IncludeJwtInConvertSessionToTokenResponse;
var createFromSession = string.IsNullOrEmpty(token);
if (createFromSession || includeTokensInResponse)
{
session = Request.GetSession();
if (createFromSession)
{
token = jwtAuthProvider.CreateJwtBearerToken(Request, session);
}
if (!request.PreserveSession)
{
Request.RemoveSession(session.Id);
}
}
return(new HttpResult(new ConvertSessionToTokenResponse {
AccessToken = includeTokensInResponse
? token
: null,
RefreshToken = createFromSession && includeTokensInResponse && !request.PreserveSession
? jwtAuthProvider.CreateJwtRefreshToken(Request, session.UserAuthId, jwtAuthProvider.ExpireRefreshTokensIn)
: null
})
{
Cookies =
{
new Cookie(Keywords.TokenCookie, token, Cookies.RootPath)
{
HttpOnly = true,
Secure = Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn),
}
}
});
}
public object Any(ConvertSessionToToken request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
if (Request.ResponseContentType.MatchesContentType(MimeTypes.Html))
{
Request.ResponseContentType = MimeTypes.Json;
}
var token = Request.GetJwtToken();
if (string.IsNullOrEmpty(token))
{
var session = Request.GetSession();
token = jwtAuthProvider.CreateJwtBearerToken(Request, session);
if (!request.PreserveSession)
{
Request.RemoveSession(session.Id);
}
}
return(new HttpResult(new ConvertSessionToTokenResponse())
{
Cookies =
{
new Cookie(Keywords.TokenCookie, token, Cookies.RootPath)
{
HttpOnly = true,
Secure = Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn),
}
}
});
}
public async Task <object> Any(GetAccessToken request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
var refreshTokenCookie = Request.Cookies.TryGetValue(Keywords.RefreshTokenCookie, out var refTok)
? refTok.Value
: null;
var refreshToken = request.RefreshToken ?? refreshTokenCookie;
var accessToken = await jwtAuthProvider.CreateAccessTokenFromRefreshToken(refreshToken, Request).ConfigAwait();
var response = new GetAccessTokenResponse
{
AccessToken = accessToken
};
// Don't return JWT in Response Body if Refresh Token Cookie was used
if (refreshTokenCookie == null && jwtAuthProvider.UseTokenCookie != true)
{
return(response);
}
var httpResult = new HttpResult(new GetAccessTokenResponse())
.AddCookie(Request,
new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath)
{
HttpOnly = true,
Secure = Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn),
});
return(httpResult);
}
public object Any(GetAccessToken request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
if (string.IsNullOrEmpty(request.RefreshToken))
{
throw new ArgumentNullException(nameof(request.RefreshToken));
}
JsonObject jwtPayload;
try
{
jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split('.'));
}
catch (ArgumentException)
{
throw;
}
catch (Exception ex)
{
throw new ArgumentException(ex.Message);
}
jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload);
if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request))
{
throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken));
}
var userId = jwtPayload["sub"];
IAuthSession session;
IEnumerable <string> roles = null, perms = null;
var userSessionSource = AuthenticateService.GetUserSessionSource();
if (userSessionSource != null)
{
session = userSessionSource.GetUserSession(userId);
if (session == null)
{
throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request));
}
roles = session.Roles;
perms = session.Permissions;
}
else if (AuthRepository is IUserAuthRepository userRepo)
{
var userAuth = userRepo.GetUserAuth(userId);
if (userAuth == null)
{
throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request));
}
if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth))
{
throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request));
}
session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId());
session.PopulateSession(userAuth, userRepo);
if (userRepo is IManageRoles manageRoles && session.UserAuthId != null)
{
roles = manageRoles.GetRoles(session.UserAuthId);
perms = manageRoles.GetPermissions(session.UserAuthId);
}
}
else
{
throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource");
}
var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session, roles, perms);
var response = new GetAccessTokenResponse
{
AccessToken = accessToken
};
if (request.UseTokenCookie != true)
{
return(response);
}
return(new HttpResult(new GetAccessTokenResponse())
{
Cookies =
{
new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath)
{
HttpOnly = true,
Secure = Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn),
}
}
});
}
public async Task <object> Any(GetAccessToken request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
if (string.IsNullOrEmpty(request.RefreshToken))
{
throw new ArgumentNullException(nameof(request.RefreshToken));
}
JsonObject jwtPayload;
try
{
jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split('.'));
}
catch (ArgumentException)
{
throw;
}
catch (Exception ex)
{
throw new ArgumentException(ex.Message);
}
if (jwtPayload == null)
{
throw new ArgumentException(ErrorMessages.TokenInvalid.Localize(Request));
}
jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload);
if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request))
{
throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken));
}
var userId = jwtPayload["sub"];
var result = await Request.GetSessionFromSourceAsync(userId, async (authRepo, userAuth) => {
if (await jwtAuthProvider.IsAccountLockedAsync(authRepo, userAuth))
{
throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request));
}
}).ConfigAwait();
if (result == null)
{
throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource");
}
var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request,
session: result.Session, roles: result.Roles, perms: result.Permissions);
var response = new GetAccessTokenResponse
{
AccessToken = accessToken
};
if (request.UseTokenCookie.GetValueOrDefault(jwtAuthProvider.UseTokenCookie) != true)
{
return(response);
}
return(new HttpResult(new GetAccessTokenResponse())
{
Cookies =
{
new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath)
{
HttpOnly = true,
Secure = Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn),
}
}
});
}
