public static async Task <IActionResult> Login(
[HttpTrigger(AuthorizationLevel.Anonymous, Global.HttpVerbPost, Route = null)] HttpRequest req,
[Table(Global.UserTableName, Connection = Global.AzureWebJobsStorage)] CloudTable userCloudTable,
ILogger log)
{
using (var sr = new StreamReader(req.Body)) {
var requestBodyJson = sr.ReadToEnd();
var userLoginModel = JsonConvert.DeserializeObject <UserLoginModel>(requestBodyJson);
if (!userLoginModel.IsValid())
{
log.LogWarning(GlobalMessages.LoginFailedDueToInvalidData);
return(new BadRequestObjectResult(GlobalMessages.InvalidDataOneOrMoreValuesWasEmpty));
}
var userEntity = await GetUserEntityByUserName(userCloudTable, userLoginModel.UserName);
if (userEntity == null)
{
log.LogWarning(String.Format(GlobalMessages.LoginFailedUserNotInDatabaseFormat, userLoginModel.UserName));
return(new UnauthorizedResult());
}
if (userLoginModel.UserName.Equals(userEntity.UserName, StringComparison.OrdinalIgnoreCase) &&
PasswordHashing.VerifyHashedPassword(userEntity.PasswordHash, userLoginModel.Password))
{
var jwtTools = new JwtTools();
var subject = new ClaimsIdentity(new[] {
new Claim(Global.ClaimUserName, userEntity.UserName),
new Claim(Global.ClaimUserId, userEntity.RowKey)
});
var utcExpiresDateTime = DateTime.UtcNow.AddHours(4); // you can change this to meet your requirements for token expiration.
var token = jwtTools.CreateToken(Global.Issuer, Global.Audience, subject, utcExpiresDateTime, Global.EncryptionKey);
var tokenItemModel = new TokenItemModel {
Token = token
};
log.LogInformation(String.Format(GlobalMessages.LoginSuccessfulFormat, userLoginModel.UserName));
return(new OkObjectResult(tokenItemModel));
}
log.LogWarning(String.Format(GlobalMessages.LoginFailedFormat, userLoginModel.UserName));
return(new UnauthorizedResult());
}
}
public void CreateAndDecypherTokens()
{
var authId = Guid.NewGuid();
var sessionId = Guid.NewGuid();
var scope = new Uri("http://api.example.com/System1");
Func <string, bool> assertFailedReturnFalse = (why) =>
{
Assert.Fail(why);
return(false);
};
var success = JwtTools.CreateToken(sessionId, authId, scope,
TimeSpan.FromDays(1.0),
(jwtToken) =>
{
return(jwtToken.ParseToken(
(claims) =>
{
Assert.AreEqual(sessionId, claims.GetSessionId(sId => sId));
Assert.AreEqual(authId, claims.GetAuthId(aId => aId));
return true;
},
(why) => assertFailedReturnFalse(why),
(setting) => assertFailedReturnFalse(setting),
(setting, why) => assertFailedReturnFalse(setting + ":" + why),
"Example.issuer",
"Example.key"));
},
(setting) => assertFailedReturnFalse(setting),
(setting, why) => assertFailedReturnFalse(setting + ":" + why),
"Example.issuer",
"Example.key");
Assert.IsTrue(success);
}
public Task <IHttpResponse> HandleRouteAsync(Type controllerType, IInvokeResource resourceInvoker,
IApplication httpApp, IHttpRequest request,
RouteHandlingDelegate continueExecution)
{
if (!request.RequestUri.TryGetQueryParam(ParameterName, out string apiVoucher))
{
if (!request.TryGetHeader(ParameterName, out apiVoucher))
{
return(continueExecution(controllerType, httpApp, request));
}
}
if (request.TryGetAuthorization(out string auth))
{
return(continueExecution(controllerType, httpApp, request));
}
return(EastFive.Security.VoucherTools.ValidateUrlToken(apiVoucher,
async(voucherTokenId) =>
{
return await await voucherTokenId.AsRef <VoucherToken>()
.StorageGetAsync(
voucherToken =>
{
return EastFive.Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
var tokenExpiration = TimeSpan.FromMinutes(1.0);
request.RequestUri = request.RequestUri.RemoveQueryParameter("api-voucher");
var sessionId = apiVoucher.MD5HashGuid();
var claims = voucherToken.claims;
return JwtTools.CreateToken(sessionId,
scope, tokenExpiration, claims,
(tokenNew) =>
{
request.SetAuthorization(tokenNew);
return continueExecution(controllerType, httpApp, request);
},
(missingConfig) => continueExecution(controllerType, httpApp, request),
(configName, issue) => continueExecution(controllerType, httpApp, request));
},
(why) => continueExecution(controllerType, httpApp, request));
},
() => request
.CreateResponse(System.Net.HttpStatusCode.Unauthorized)
.AddReason("Voucher token does not exist.")
.AsTask());
},
why => request
.CreateResponse(System.Net.HttpStatusCode.Unauthorized)
.AddReason(why)
.AsTask(),
why => request
.CreateResponse(System.Net.HttpStatusCode.Unauthorized)
.AddReason(why)
.AsTask(),
why => request
.CreateResponse(System.Net.HttpStatusCode.Unauthorized)
.AddReason(why)
.AsTask(),
why => request
.CreateResponse(System.Net.HttpStatusCode.Unauthorized)
.AddReason(why)
.AsTask(),
(name, why) => request
.CreateResponse(System.Net.HttpStatusCode.Unauthorized)
.AddReason(why)
.AsTask()));
}
public Task <IHttpResponse> HandleRouteAsync(Type controllerType, IInvokeResource resourceInvoker,
IApplication httpApp, IHttpRequest request,
RouteHandlingDelegate continueExecution)
{
if (!request.RequestUri.TryGetQueryParam(
AccessTokenAccountExtensions.QueryParameter,
out string accessToken))
{
return(continueExecution(controllerType, httpApp, request));
}
if (request.GetAuthorization().HasBlackSpace())
{
return(continueExecution(controllerType, httpApp, request));
}
return(request.RequestUri.ValidateAccessTokenAccount(
accessTokenInfo =>
{
return EastFive.Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
var tokenExpiration = TimeSpan.FromMinutes(1.0);
request.RequestUri = request.RequestUri.RemoveQueryParameter(
AccessTokenAccountExtensions.QueryParameter);
var sessionId = accessTokenInfo.sessionId;
var authId = accessTokenInfo.accountId;
var duration = accessTokenInfo.expirationUtc - DateTime.UtcNow;
return JwtTools.CreateToken(sessionId, authId, scope, duration,
tokenCreated:
(tokenNew) =>
{
request.SetAuthorization(tokenNew);
return continueExecution(controllerType, httpApp, request);
},
missingConfigurationSetting:
(configName) => continueExecution(controllerType, httpApp, request),
invalidConfigurationSetting:
(configName, issue) => continueExecution(controllerType, httpApp, request));
},
(why) => continueExecution(controllerType, httpApp, request),
() => continueExecution(controllerType, httpApp, request));
},
onAccessTokenNotProvided: () => continueExecution(controllerType, httpApp, request),
onAccessTokenInvalid:
() =>
{
return request
.CreateResponse(System.Net.HttpStatusCode.Forbidden)
.AddReason("Access token is invalid")
.AsTask();
},
onAccessTokenExpired:
() =>
{
return request
.CreateResponse(System.Net.HttpStatusCode.Forbidden)
.AddReason("Access token is expired")
.AsTask();
},
onInvalidSignature:
() =>
{
return request
.CreateResponse(System.Net.HttpStatusCode.Forbidden)
.AddReason("Access token has an invalid signature")
.AsTask();
},
onSystemNotConfigured: () => continueExecution(controllerType, httpApp, request)));
}
