public async Task <IActionResult> Register([FromBody] EmailPasswordModel model)
{
if (!model.Email.IsValidEmail())
{
return(BadRequest());
}
var user = new ApplicationUser {
UserName = model.Email, Email = model.Email
};
var result = await _userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
var errorMessages = result.Errors.Select(e => e.Description).Aggregate((en, enn) => en + ", " + enn);
return(Conflict(new { Status = "Error", Message = errorMessages }));
}
//await SendEmailConfirmationAsync(model, user); TODO send email confirmation
var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV);
var jwtToken = JwtTokenizer.GenerateJwtToken(user.Id, user.Email);
//CreateAuthenticatedCookie(jwtToken);
return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken }));
}
public virtual async Task <IHttpActionResult> Refresh()
{
Identity identity = this.GetIdentity();
if (identity == null || identity.Client.IsBlocked)
{
return(this.Unauthorized());
}
if (!JwtTokenizer.IsValid(
identity.User.Credential.ApiKey.Key,
identity.Client.ApiKey.Key,
identity.Refresh))
{
return(this.Unauthorized());
}
this.GetToken(identity);
this._repository.Update(identity);
await this._repository.CommitAsync();
return(this.Ok(new TokenResponse {
Access = identity.Access, Refresh = identity.Refresh
}));
}
public async Task <IActionResult> Login([FromBody] EmailPasswordModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest("Invalid user name or password"));
}
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(Conflict("Bad user name password combination"));
}
if (!await _userManager.CheckPasswordAsync(user, model.Password))
{
return(Conflict("Bad user name password combination"));
}
//TODO: implement user account lockout to avoid guess password with brute force
var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV);
var jwtToken = JwtTokenizer.GenerateJwtToken(user.Id, user.Email);
//CreateAuthenticatedCookie(jwtToken);
return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken }));
}
public override void Customize(IFixture fixture)
{
base.Customize(fixture);
Fixture fixtureUser = new Fixture();
fixtureUser.Customize(new UserCustomization());
var user = fixtureUser.Create <User>();
Fixture fixtureClient = new Fixture();
fixtureClient.Customize(new ClientCustomization());
var client = fixtureClient.Create <Client>();
fixture.Customize <Identity>(e => e
.Without(p => p.User)
.Without(p => p.Client)
.Without(p => p.Access)
.Without(p => p.Refresh)
.Do(o =>
{
o.User = user;
o.Client = client;
o.Access = JwtTokenizer.Encode(o.User.Credential.ApiKey.Key, o.Client.ApiKey.Key, 10);
o.Refresh = JwtTokenizer.Encode(o.User.Credential.ApiKey.Key, o.Client.ApiKey.Key, 100);
}));
}
public User Authenticate(string userName, string password)
{
int tokenExpiryInDays = 1;
User user = new User
{
UserId = Guid.NewGuid()
};
try
{
// Note: Passwords should really be encrypted at rest (doing this for simplicity)
user = _context.Users
.FirstOrDefault(u => u.UserName == userName && u.Password == password);
// return null if user not found
if (user == null)
{
return(null);
}
// generate an JWT for this user (it will be stored in a domain specific cookie)
user.JwtToken = JwtTokenizer.CreateJWT(_appSettings.SecretKey, user.UserId.ToString(), tokenExpiryInDays, _logger);
// remove password before returning
user.Password = null;
}
catch (Exception ex)
{
_logger.LogError(ex);
}
return(user);
}
public User Authenticate(string userName, string password, ref bool noDatabaseConnection)
{
User user = new User();
user.UserId = Guid.NewGuid();
int tokenExpiryInDays = 1;
try
{
// Always ensure the user has a valid connection string before attempting to log in
noDatabaseConnection = TestInvalidDatabaseConnection();
// Note: Passwords should really be hashed when stored (doing this for simplicity)
// To Do: Encrypt user passwords/tokens?
user = _context.Users
.FirstOrDefault(u => u.Username == userName && u.Password == password);
if (user != null)
{
// generate an JWT for this user (it will be stored in a domain specific cookie)
user.AccessToken = JwtTokenizer.CreateJWT(_appSettings.SecretKey, user.UserId.ToString(), tokenExpiryInDays);
// remove password before returning
user.Password = null;
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return(user);
}
public Identity CreateIdentity(
User user = null,
Client client = null,
bool push = true)
{
var fixture = new Fixture();
fixture.Customize(new IdentityCustomization());
user = user ?? this.CreateUser();
client = client ?? this.CreateClient();
var identity = fixture.Create <Identity>();
identity.User = user;
identity.Client = client;
identity.Access = JwtTokenizer.Encode(identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, 5);
identity.Refresh = JwtTokenizer.Encode(identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, 1000);
if (!push)
{
return(identity);
}
using (var repository = this.CreateRepository <Identity>(this.Context, false))
{
repository.Insert(identity);
repository.Commit();
}
return(identity);
}
protected void GetToken(Identity identity)
{
identity.Access = JwtTokenizer.Encode(
identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, this._expirationTimeAccess);
identity.Refresh = JwtTokenizer.Encode(
identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, this._expirationTimeRefresh);
}
public void Refresh_WithExpiredToken()
{
var identity = this.CreateIdentity();
identity.Access = JwtTokenizer.Encode(identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, -0.01);
identity.Refresh = JwtTokenizer.Encode(identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, -0.01);
this.CreateAuthentifiedUser(identity);
var request = this.CreateRequest(HttpMethod.Get, uriEndPoint: "refresh");
var response = this.Client.SendAsync(request).Result;
Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode);
}
public bool ValidIdentity(Identity identity)
{
return(JwtTokenizer.IsValid(identity.User.Credential.ApiKey.Key, identity.Client.ApiKey.Key, identity.Access));
}