public async Task <GetAccessTokenResponse> Handle(ValidateCredentialsAndCreateAccessTokenRequest request, CancellationToken cancellationToken)
{
var credentialBytes = Convert.FromBase64String(request.Credentials);
var credentials = Encoding.UTF8.GetString(credentialBytes).Split(':', 2);
if (credentials.Length != 2)
{
_logger.LogInformation($"Invalid auth header [{request.Credentials}] - expected 'Basic appkey:appsecret'");
return(null);
}
var apiClient = await _apiClientRepository.GetAsync(credentials[0]);
if (apiClient == null)
{
_logger.LogInformation($"Could not find api client for appkey [{credentials[0]}]");
return(null);
}
if (SaltHashHelper.CreateHash(credentials[1], apiClient.AppSecretSalt) != apiClient.AppSecretHash)
{
_logger.LogInformation($"Invalid login attempt");
return(null);
}
var userAccountApiAccess = await _userAccountApiAccessRepository.GetByRefreshTokenAsync(request.RefreshToken);
if (userAccountApiAccess == null)
{
_logger.LogInformation($"Unknown refresh token: {request.RefreshToken}");
return(null);
}
if (userAccountApiAccess.RevokedDateTime != null)
{
_logger.LogInformation($"API Access has been revoked");
return(new GetAccessTokenResponse("user_revoked", null));
}
var tokenData = GuidString.NewGuidString();
var tokenExpiry = DateTime.UtcNow.AddMinutes(30);
await _userAccountTokenRepository.CreateAsync(userAccountApiAccess, tokenData, tokenExpiry);
var tokenOptions = _configuration.GetSection("SmallListerApiJwt");
var signingKey = tokenOptions.GetValue("SigningKey", "");
var issuer = tokenOptions.GetValue("Issuer", "");
var audience = tokenOptions.GetValue("Audience", "");
var tokenHandler = new JwtSecurityTokenHandler();
var securityTokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, tokenData) }),
Audience = audience,
Issuer = issuer,
Expires = tokenExpiry,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(signingKey)), SecurityAlgorithms.HmacSha256Signature)
};
return(new GetAccessTokenResponse(null, tokenHandler.WriteToken(tokenHandler.CreateToken(securityTokenDescriptor))));
}
public async Task <Unit> Handle(CreateFeedRequest request, CancellationToken cancellationToken)
{
var user = await _userAccountRepository.GetUserAccountAsync(request.User);
await _userFeedRepository.CreateAsync(user, GuidString.NewGuidString(), request.Model.Type ?? UserFeedType.Due, request.Model.Display ?? UserFeedItemDisplay.None);
return(Unit.Value);
}
public async Task <Nonce> CreateNonceAsync(CancellationToken cancellationToken)
{
var nonce = new Nonce(GuidString.NewValue());
await _nonceStore.SaveNonceAsync(nonce, cancellationToken);
_logger.LogInformation($"Created and saved new nonce: {nonce.Token}.");
return(nonce);
}
public void PropertyBagHolder_SetProperty_SetsGuidProperty()
{
const string GuidString = "{12345678-1234-1234-1234-1234567890ab}";
// Serializing will strip the braces. We could change SetProperty to
// special-case Guid and write it out with braces, but there's no
// point.
string expectedOutput = '"' + GuidString.Substring(1, GuidString.Length - 2) + '"';
new Guid(GuidString).ShouldSerializeAs(expectedOutput);
}
public async Task <CreateExternalClientResponse> Handle(CreateExternalClientRequest request, CancellationToken cancellationToken)
{
var user = await _userAccountRepository.GetUserAccountAsync(request.User);
var appKey = GuidString.NewGuidString();
var appSecret = GuidString.NewGuidString();
var(appSecretSalt, appSecretHash) = SaltHashHelper.CreateHash(appSecret);
await _apiClientRepository.CreateAsync(request.Model.Name, request.Model.Uri, appKey, appSecretHash, appSecretSalt, user);
return(new CreateExternalClientResponse(request.Model.Name, request.Model.Uri, appKey, appSecret));
}
public async Task <string> Handle(ApiAuthorizeRequest request, CancellationToken cancellationToken)
{
if (!Uri.TryCreate(request.Model.RedirectUri, UriKind.Absolute, out var redirectUri))
{
return(null);
}
if (!request.Model.AllowApiAuth)
{
return(GetRedirectUri("errorCode=user_declined"));
}
var apiClient = await _apiClientRepository.GetAsync(request.Model.AppKey);
if (apiClient == null)
{
_logger.LogInformation($"Cannot find api client {request.Model.AppKey} with redirect uri {request.Model.RedirectUri}");
return(null);
}
if (apiClient.RedirectUri != request.Model.RedirectUri)
{
_logger.LogInformation($"Api client {apiClient.AppKey} redirect uri {apiClient.RedirectUri} does not match request {request.Model.RedirectUri}");
return(null);
}
if (!apiClient.IsEnabled)
{
_logger.LogInformation($"Api client {apiClient.AppKey} is not enabled");
return(null);
}
var refreshToken = GuidString.NewGuidString();
await _userAccountApiAccessRepository.Create(apiClient, await _userAccountRepository.GetUserAccountAsync(request.User), refreshToken);
return(GetRedirectUri($"refreshToken={refreshToken}"));
string GetRedirectUri(string returnInfo) => $"{redirectUri}{(string.IsNullOrEmpty(redirectUri.Query) ? "?" : "&")}{returnInfo}";
}
