public void Receive(AuthenticationTokenReceiveContext context) { context.DeserializeTicket(context.Token); if (context.Ticket == null) { context.Response.StatusCode = 400; context.Response.ContentType = "application/json"; context.Response.ReasonPhrase = "invalid token"; return; } if (context.Ticket.Properties.ExpiresUtc <= DateTime.UtcNow) { context.Response.StatusCode = 401; context.Response.ContentType = "application/json"; context.Response.ReasonPhrase = "unauthorized"; return; } context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(1); context.SetTicket(context.Ticket); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var allowedOrigin = context.OwinContext.Get <string>(OwinContextKeys.CLIENT_ALLOWED_ORIGIN); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); string hashedTokenId = HashGenerator.GetHash(context.Token); ApplicationDbContext appDbContext = context.OwinContext.Get <ApplicationDbContext>(); ApplicationUserManager applicationUserManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); AuthRepository _repo = new AuthRepository(appDbContext, applicationUserManager); var refreshToken = await _repo.FindRefreshToken(hashedTokenId); if (refreshToken != null) { //Get protectedTicket from refreshToken class //context.DeserializeTicket(refreshToken.ProtectedTicket); TicketSerializer serializer = new TicketSerializer(); context.SetTicket(serializer.Deserialize(Encoding.Default.GetBytes(refreshToken.ProtectedTicket))); var result = await _repo.RemoveRefreshToken(hashedTokenId); } }
public override async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var url = string.Format(_tokenValidationEndpoint, context.Token); var response = await _client.GetAsync(url); if (response.StatusCode != HttpStatusCode.OK) { return; } var jsonString = await response.Content.ReadAsStringAsync(); var dictionary = JsonConvert.DeserializeObject <Dictionary <string, object> >(jsonString); var claims = new List <Claim>(); foreach (var item in dictionary) { var values = item.Value as IEnumerable <object>; if (values == null) { claims.Add(new Claim(item.Key, item.Value.ToString())); } else { foreach (var value in values) { claims.Add(new Claim(item.Key, value.ToString())); } } } context.SetTicket(new AuthenticationTicket(new ClaimsIdentity(claims, _authenticationType), new AuthenticationProperties())); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { Guid sessionTokenId; if (!Guid.TryParseExact(context.Token, "N", out sessionTokenId)) { return; } var sessionToken = await GetSessionToken(context.OwinContext, sessionTokenId); if (object.Equals(sessionToken, null)) { context.Response.Headers.Add("Refresh-Token-Expired", new[] { string.Format("token: {0}", sessionTokenId.ToString("N")) }); context.Response.Headers.Add("Access-Control-Expose-Headers", new[] { "Refresh-Token-Expired" }); return; } //TODO external provider password verification context.OwinContext.Set("scope", SaaSScopeWorkerFactory.StringToScope(sessionToken.Scope)); context.OwinContext.Set("systemId", sessionToken.SystemId); context.OwinContext.Set("sessionToken", sessionToken); //context.DeserializeTicket(token.ProtectedTicket); var ticket = AccessTokenFormat.Unprotect(sessionToken.ProtectedTicket); var issued = DateTime.UtcNow; var expires = issued.Add(Startup.OAuthServerOptions.AccessTokenExpireTimeSpan); ticket.Properties.IssuedUtc = issued; ticket.Properties.ExpiresUtc = expires; context.SetTicket(ticket); }
/// <summary> /// Authenticates a refresh token. /// </summary> /// <param name="context">The authentication context.</param> /// <returns/> public void ReceiveRefreshToken(AuthenticationTokenReceiveContext context) { this.options.Logger.Debug("Received refresh token"); var clientId = context.OwinContext.GetOAuthContext().ClientId; var redirectUri = context.OwinContext.GetOAuthContext().RedirectUri; var tcs = new TaskCompletionSource <AuthenticationTicket>(); Task.Run( async() => { try { var principal = await this.options.TokenManager.AuthenticateRefreshTokenAsync(clientId, context.Token); if (principal.Identity.IsAuthenticated) { var client = principal.Identity.Claims.First(x => x.Type == ClaimType.Client); var redirect = principal.Identity.Claims.First(x => x.Type == ClaimType.RedirectUri); var scope = principal.Identity.Claims.FirstOrDefault(x => x.Type == ClaimType.Scope); /* Override the validation parameters. * This is because OWIN thinks the principal.Identity.Name should * be the same as the client_id from ValidateClientAuthentication method, * but we need to use the user id in Sentinel. */ var props = new AuthenticationProperties(); props.Dictionary.Add("client_id", client.Value); props.RedirectUri = redirectUri; props.ExpiresUtc = DateTimeOffset.UtcNow.Add(this.options.RefreshTokenLifetime); // Re-authenticate user to get new claims var user = await this.options.UserManager.AuthenticateUserAsync(principal.Identity.Name); // Make sure the user has the correct claims user.Identity.RemoveClaim(x => x.Type == ClaimType.Client); user.Identity.RemoveClaim(x => x.Type == ClaimType.RedirectUri); user.Identity.AddClaim(ClaimType.Client, client.Value); user.Identity.AddClaim(ClaimType.RedirectUri, redirect.Value); if (scope != null) { foreach (var s in scope.Value.Split(' ')) { user.Identity.AddClaim(ClaimType.Scope, s); } } tcs.SetResult(new AuthenticationTicket(user.Identity.AsClaimsIdentity(), props)); } else { tcs.SetResult(null); } } catch (Exception ex) { tcs.SetException(ex); } }).ConfigureAwait(false); var result = tcs.Task.Result; if (result != null) { context.SetTicket(result); } this.options.Logger.Debug("Finished processing refresh token"); }
/// <summary> /// Realiza o processo de refresh do token. /// </summary> /// <param name="context">Contexto da aplicação.</param> public void Receive(AuthenticationTokenReceiveContext context) { if (context == null) { throw new ArgumentNullException("context"); } using (var usuario = new APIUsuarioBO()) { // Define o client info baseado nos headers do contexto. var clientInfo = string.Empty; if (context.Request != null && context.Request.Headers != null) { clientInfo = !string.IsNullOrEmpty(context.Request.Headers["ClientInfo"]) ? context.Request.Headers["ClientInfo"] : string.Empty; } // Consulta o token do usuário, caso o token seja diferente de nulo e o client info não bata com os dados de identificação do token, retorna. var token = usuario.ConsultarToken(context.Token); if (token != null && !clientInfo.Equals(token.DadosIndentificacao, StringComparison.InvariantCultureIgnoreCase)) { return; } // Se o token continua nulo, consulta o token utilizando o client info, que contém o nome do usuário. if (token == null) { token = usuario.ConsultarToken(clientInfo, null); } else if (clientInfo.Equals(token.DadosIndentificacao, StringComparison.InvariantCultureIgnoreCase)) { token.Token = null; } // Se o objeto token continua null, gera exception, loga e retorna. if (token == null) { //throw new NullReferenceException("Objeto Token é nulo após tentativa de recuperação."); LogUtil.Debug(string.Format("##RefreshToken.Receive.ERROR## MSG: {0}, CLIENT_INFO {1}, TOKEN {2}", "Objeto Token é nulo após tentativa de recuperação.", clientInfo, context.Token)); return; } if (!string.IsNullOrEmpty(token.Token)) { return; } // Se o token não é nulo, atualiza o token no storage e no contexto, e redefine o ticket. // O processo é o mesmo de criação do token, o token não será gravado em banco neste momento, a variável AtualizarToken da API controller gerencia esse processo na // próxima requisição. token.DataExpiracao = DateTime.Now.Add(TimeSpan.FromHours(token.APIUsuario.HorasExpiracaoToken)); usuario.Salvar(token); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); var oAuthIdentity = usuario.CriarIdentity(token.APIUsuario, userManager.UserTokenProvider); var ticket = new AuthenticationTicket(oAuthIdentity, ApplicationOAuthProvider.CreateProperties(token.APIUsuario)); ticket.Properties.ExpiresUtc = token.DataExpiracao; ticket.Properties.IssuedUtc = DateTime.Now; context.SetTicket(ticket); } }
/// <summary>ReceiveRefreshToken</summary> /// <param name="context">AuthenticationTokenReceiveContext</param> private void ReceiveRefreshToken(AuthenticationTokenReceiveContext context) { //context.DeserializeTicket(context.Token); // -------------------------------------------------- if (ASPNETIdentityConfig.EnableRefreshToken) { // EnableRefreshToken == true AuthenticationTicket ticket; TicketSerializer serializer = new TicketSerializer(); IEnumerable <byte[]> values = null; List <byte[]> list = null; switch (ASPNETIdentityConfig.UserStoreType) { case EnumUserStoreType.Memory: if (RefreshTokenProvider.RefreshTokens.TryRemove(context.Token, out ticket)) { context.SetTicket(ticket); } break; case EnumUserStoreType.SqlServer: case EnumUserStoreType.ODPManagedDriver: case EnumUserStoreType.PostgreSQL: // DMBMS using (IDbConnection cnn = DataAccess.CreateConnection()) { cnn.Open(); switch (ASPNETIdentityConfig.UserStoreType) { case EnumUserStoreType.SqlServer: values = cnn.Query <byte[]>( "SELECT [Value] FROM [RefreshTokenDictionary] WHERE [Key] = @Key", new { Key = context.Token }); list = values.AsList(); if (list.Count != 0) { ticket = serializer.Deserialize(values.AsList()[0]); context.SetTicket(ticket); cnn.Execute( "DELETE FROM [RefreshTokenDictionary] WHERE [Key] = @Key", new { Key = context.Token }); } break; case EnumUserStoreType.ODPManagedDriver: values = cnn.Query <byte[]>( "SELECT \"Value\" FROM \"RefreshTokenDictionary\" WHERE \"Key\" = :Key", new { Key = context.Token }); list = values.AsList(); if (list.Count != 0) { ticket = serializer.Deserialize(values.AsList()[0]); context.SetTicket(ticket); cnn.Execute( "DELETE FROM \"RefreshTokenDictionary\" WHERE \"Key\" = :Key", new { Key = context.Token }); } break; case EnumUserStoreType.PostgreSQL: values = cnn.Query <byte[]>( "SELECT \"value\" FROM \"refreshtokendictionary\" WHERE \"key\" = @Key", new { Key = context.Token }); list = values.AsList(); if (list.Count != 0) { ticket = serializer.Deserialize(values.AsList()[0]); context.SetTicket(ticket); cnn.Execute( "DELETE FROM \"refreshtokendictionary\" WHERE \"key\" = @Key", new { Key = context.Token }); } break; } } break; } } else { // EnableRefreshToken == false } }