public void Can_retrieve_IAuthSession_with_global_ExcludeTypeInfo_set()
{
JsConfig.ExcludeTypeInfo = true;
IAuthSession session = new CustomAuthSession
{
Id = "sess-1",
UserAuthId = "1",
Custom = "custom"
};
var sessionKey = SessionFeature.GetSessionKey(session.Id);
Cache.Set(sessionKey, session, SessionFeature.DefaultSessionExpiry);
var sessionCache = Cache.Get <IAuthSession>(sessionKey);
Assert.That(sessionCache, Is.Not.Null);
var typedSession = sessionCache as CustomAuthSession;
Assert.That(typedSession, Is.Not.Null);
Assert.That(typedSession.Custom, Is.EqualTo("custom"));
JsConfig.Reset();
}
public static void Init(IAppHost appHost, Func <IAuthSession> sessionFactory, params IAuthProvider[] authProviders)
{
if (authProviders.Length == 0)
{
throw new ArgumentNullException("authProviders");
}
DefaultOAuthProvider = authProviders[0].Provider;
DefaultOAuthRealm = authProviders[0].AuthRealm;
AuthProviders = authProviders;
if (sessionFactory != null)
{
CurrentSessionFactory = sessionFactory;
}
var test = appHost != null;
if (test)
{
appHost.RegisterService <AuthService>();
appHost.RegisterService <AssignRolesService>();
appHost.RegisterService <UnAssignRolesService>();
SessionFeature.Init(appHost);
}
}
public void PreAuthenticate(IRequest req, IResponse res)
{
var digestAuth = req.GetDigestAuth();
if (digestAuth != null)
{
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using (var authService = HostContext.ResolveService <AuthenticateService>(req))
{
var response = authService.Post(new Authenticate
{
provider = Name,
nonce = digestAuth["nonce"],
uri = digestAuth["uri"],
response = digestAuth["response"],
qop = digestAuth["qop"],
nc = digestAuth["nc"],
cnonce = digestAuth["cnonce"],
UserName = digestAuth["username"]
});
}
}
}
public virtual async Task PreAuthenticateWithApiKeyAsync(IRequest req, IResponse res, ApiKey apiKey)
{
if (RequireSecureConnection && !req.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.ApiKeyRequiresSecureConnection.Localize(req));
}
ValidateApiKey(req, apiKey);
var apiSessionKey = GetSessionKey(apiKey.Id);
if (await HasCachedSessionAsync(req, apiSessionKey).ConfigAwait())
{
req.Items[Keywords.ApiKey] = apiKey;
return;
}
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using var authService = HostContext.ResolveService <AuthenticateService>(req);
var response = await authService.PostAsync(new Authenticate
{
provider = Name,
UserName = "******",
Password = apiKey.Id,
}).ConfigAwait();
await CacheSessionAsync(req, apiSessionKey);
}
public async Task Can_retrieve_TimeToLive_on_IAuthSession()
{
IAuthSession session = new CustomAuthSession
{
Id = "sess-1",
UserAuthId = "1",
Custom = "custom"
};
var sessionKey = SessionFeature.GetSessionKey(session.Id);
await Cache.RemoveAsync(sessionKey);
var ttl = await Cache.GetTimeToLiveAsync(sessionKey);
Assert.That(ttl, Is.Null);
await Cache.SetAsync(sessionKey, session);
ttl = await Cache.GetTimeToLiveAsync(sessionKey);
Assert.That(ttl.Value, Is.EqualTo(TimeSpan.MaxValue));
var sessionExpiry = SessionFeature.DefaultSessionExpiry;
await Cache.SetAsync(sessionKey, session, sessionExpiry);
ttl = await Cache.GetTimeToLiveAsync(sessionKey);
Assert.That(ttl.Value, Is.GreaterThan(TimeSpan.FromSeconds(0)));
Assert.That(ttl.Value, Is.LessThan(sessionExpiry).
Or.EqualTo(sessionExpiry).Within(TimeSpan.FromSeconds(1)));
}
public void Can_retrieve_TimeToLive_on_IAuthSession()
{
IAuthSession session = new CustomAuthSession
{
Id = "sess-1",
UserAuthId = "1",
Custom = "custom"
};
var sessionKey = SessionFeature.GetSessionKey(session.Id);
Cache.Remove(sessionKey);
var ttl = Cache.GetTimeToLive(sessionKey);
Assert.That(ttl, Is.Null);
Cache.Set(sessionKey, session);
ttl = Cache.GetTimeToLive(sessionKey);
Assert.That(ttl.Value, Is.EqualTo(TimeSpan.MaxValue));
var sessionExpiry = SessionFeature.DefaultSessionExpiry;
Cache.Set(sessionKey, session, sessionExpiry);
ttl = Cache.GetTimeToLive(sessionKey);
var roundedToSec = new TimeSpan(ttl.Value.Ticks - (ttl.Value.Ticks % 1000));
Assert.That(roundedToSec, Is.GreaterThan(TimeSpan.FromSeconds(0)));
Assert.That(roundedToSec, Is.LessThanOrEqualTo(sessionExpiry));
}
public virtual T GetSession <T>() where T : class, IAuthSession
{
if (userSession != null)
{
return((T)userSession);
}
return((T)(userSession = SessionFeature.GetOrCreateSession <T>(Cache, Request, Response)));
}
public virtual T GetSession <T>() where T : class, IAuthSession, new()
{
if (userSession != null)
{
return((T)userSession);
}
return((T)(userSession = SessionFeature.GetOrCreateSession <T>(Cache)));
}
//public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
//{
// base.OnAuthenticated(authService, this, tokens, authInfo);
// ILog log = LogManager.GetLogger(GetType());
// var user = session.ConvertTo<User>();
// user.Id = (session as CustomUserSession).Uid;
// foreach (var authToken in session.ProviderOAuthAccess)
// {
// if (authToken.Provider == FacebookAuthProvider.Name)
// {
// user.UserName = authToken.DisplayName;
// user.FirstName = authToken.FirstName;
// user.LastName = authToken.LastName;
// user.Email = authToken.Email;
// }
// }
//}
public override void OnLogout(IServiceBase authService)
{
base.OnLogout(authService);
using (var cache = authService.TryResolve <ICacheClient>())
{
var sessionKey = SessionFeature.GetSessionKey(this.Id);
cache.Remove(sessionKey);
}
}
public override void Execute(IRequest req, IResponse res, object requestDto)
{
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
req.Items["TriedMyOwnAuthFirst"] = true; // let's simulate some sort of auth _before_ relaying to base class.
base.Execute(req, res, requestDto);
}
public object Get(ResetUserAuth request)
{
this.Cache.Remove(SessionFeature.GetSessionKey(Request));
Db.DeleteAll <UserAuth>();
Db.DeleteAll <UserOAuthProvider>();
return(HttpResult.Redirect(Request.UrlReferrer.AbsoluteUri));
}
public bool ValidUpdater(UpdateFulfillment instance, string fulfiller)
{
var key = SessionFeature.GetSessionKey();
var currentUser = CacheClient.Get <AuthUserSession>(key);
if (instance.Status == "Completed" && fulfiller != currentUser.UserName)
{
return(false);
}
return(true);
}
public AuthUserSession CurrentSession()
{
var httpCookie = Request.Cookies["X-ESQTV-SID"];
if (httpCookie != null)
{
var currentSession = httpCookie.Value;
return(Cache.Get <AuthUserSession>(SessionFeature.GetSessionKey(currentSession)));
}
return(null);
}
public object Get(ResetUserAuth request)
{
this.Cache.Remove(SessionFeature.GetSessionKey(Request));
Db.DeleteAll <UserAuth>();
Db.DeleteAll <UserAuthDetails>();
var referrer = Request.UrlReferrer != null
? Request.UrlReferrer.AbsoluteUri
: HostContext.Config.WebHostUrl;
return(HttpResult.Redirect(referrer));
}
public object Get(ResetUserAuth request)
{
this.Cache.Remove(SessionFeature.GetSessionKey(Request));
Db.DeleteAll <UserAuth>();
Db.DeleteAll <UserAuthDetails>();
var referrer = Request.UrlReferrer != null
? Request.UrlReferrer.AbsoluteUri
: HttpHandlerFactory.GetBaseUrl();
return(HttpResult.Redirect(referrer));
}
/// <summary>
/// Logg off and clear session in service stack.
/// </summary>
public void ServiceStackLogOff()
{
try
{
var httpCookie = Request.Cookies["X-ESQTV-SID"];
if (httpCookie != null)
{
var currentSession = httpCookie.Value;
Cache.Remove(SessionFeature.GetSessionKey(currentSession));
}
}
catch { }
}
private static void PreAuthenticateWithApiKey(IRequest req, IResponse res, string apiKey)
{
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using (var authService = HostContext.ResolveService <AuthenticateService>(req))
{
var response = authService.Post(new Authenticate
{
provider = Name,
UserName = "******",
Password = apiKey,
});
}
}
public IAuthSession CreateSessionFromPayload(IRequest req, JsonObject jwtPayload)
{
AssertJwtPayloadIsValid(jwtPayload);
var sessionId = jwtPayload.GetValue("jid", SessionExtensions.CreateRandomSessionId);
var session = SessionFeature.CreateNewSession(req, sessionId);
session.AuthProvider = Name;
session.PopulateFromMap(jwtPayload);
PopulateSessionFilter?.Invoke(session, jwtPayload, req);
HostContext.AppHost.OnSessionFilter(session, sessionId);
return(session);
}
public static void AddGuidRecordsToCache <T>(IWebEasRepositoryBase repository, IEnumerable <KeyValuePair <string, string> > recordsToCache, string hashId = null)
{
if (recordsToCache.Any())
{
hashId ??= UrnId.Create <T>(repository.Session.Id);
repository.Redis.Remove(hashId);
repository.Redis.SetRangeInHash(hashId, recordsToCache);
var sessionKey = SessionFeature.GetSessionKey(repository.Session.Id);
var ttl = repository.Redis.GetTimeToLive(sessionKey);
if (ttl.HasValue)
{
repository.Redis.ExpireEntryIn(hashId, ttl.Value);
}
}
}
public static void Init(IAppHost appHost, Func <IAuthSession> sessionFactory, params AuthConfig[] authConfigs)
{
if (authConfigs.Length == 0)
{
throw new ArgumentNullException("authConfigs");
}
DefaultOAuthProvider = authConfigs[0].Provider;
DefaultOAuthRealm = authConfigs[0].AuthRealm;
AuthConfigs = authConfigs;
SessionFactory = sessionFactory;
appHost.RegisterService <AuthService>();
SessionFeature.Init(appHost);
}
protected virtual TUserSession SessionAs<TUserSession>()
{
if (HostContext.TestMode)
{
var mockSession = TryResolve<TUserSession>();
if (Equals(mockSession, default(TUserSession)))
mockSession = TryResolve<IAuthSession>() is TUserSession
? (TUserSession) TryResolve<IAuthSession>()
: default(TUserSession);
if (!Equals(mockSession, default(TUserSession)))
return mockSession;
}
return SessionFeature.GetOrCreateSession<TUserSession>(Cache, Request, Response);
}
public void PreAuthenticateWithApiKey(IRequest req, IResponse res, ApiKey apiKey)
{
if (RequireSecureConnection && !req.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.ApiKeyRequiresSecureConnection.Localize(req));
}
ValidateApiKey(req, apiKey);
var apiSessionKey = GetSessionKey(apiKey.Id);
if (SessionCacheDuration != null)
{
var session = req.GetCacheClient().Get <IAuthSession>(apiSessionKey);
if (session != null)
{
session = HostContext.AppHost.OnSessionFilter(req, session, session.Id);
}
if (session != null)
{
req.Items[Keywords.ApiKey] = apiKey;
req.Items[Keywords.Session] = session;
return;
}
}
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using (var authService = HostContext.ResolveService <AuthenticateService>(req))
{
var response = authService.Post(new Authenticate
{
provider = Name,
UserName = "******",
Password = apiKey.Id,
});
}
if (SessionCacheDuration != null)
{
var session = req.GetSession();
req.GetCacheClient().Set(apiSessionKey, session, SessionCacheDuration);
}
}
/// <summary>
/// Invokes the logic of the middleware.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/>.</param>
/// <returns>A <see cref="Task"/> that completes when the middleware has completed processing.</returns>
public async Task Invoke(HttpContext context)
{
var isNewSessionKey = false;
Func <bool> tryEstablishSession = ReturnTrue;
//var cookieValue = context.Request.Cookies[_options.Cookie.Name]; //old code
//var sessionKey = CookieProtection.Unprotect(_dataProtector, cookieValue, _logger); //old code
var sessionInfo = this.getSessionKeyInfo(context);
var sessionKey = sessionInfo.Item1;
if (sessionInfo.Item2) //string.IsNullOrWhiteSpace(sessionKey) || sessionKey.Length != SessionKeyLength)
{
var establisher = new SessionEstablisher(context, sessionKey, _options); // cookieValue, _options);
tryEstablishSession = establisher.TryEstablishSession;
isNewSessionKey = true;
}
var feature = new SessionFeature();
feature.Session = _sessionStore.Create(sessionKey, _options.IdleTimeout, _options.IOTimeout, tryEstablishSession, isNewSessionKey);
context.Features.Set <ISessionFeature>(feature);
try
{
await _next(context);
}
finally
{
context.Features.Set <ISessionFeature>(null);
if (feature.Session != null)
{
try
{
await feature.Session.CommitAsync(context.RequestAborted);
}
catch (OperationCanceledException)
{
_logger.SessionCommitCanceled();
}
catch (Exception ex)
{
_logger.ErrorClosingTheSession(ex);
}
}
}
}
/// <summary>
/// Invokes the logic of the middleware.
/// </summary>
/// <param name="context">The <see cref="HttpContext"/>.</param>
/// <returns>A <see cref="Task"/> that completes when the middleware has completed processing.</returns>
public async Task Invoke(HttpContext context)
{
var isNewSessionKey = false;
Func <bool> tryEstablishSession = ReturnTrue;
var cookieValue = context.Request.Headers[_options.Cookie.Name];
var sessionKey = CookieProtection.Unprotect(_dataProtector, cookieValue, _logger);
if (string.IsNullOrWhiteSpace(sessionKey) || sessionKey.Length != SessionKeyLength)
{
// No valid cookie, new session.
var guidBytes = new byte[16];
CryptoRandom.GetBytes(guidBytes);
sessionKey = new Guid(guidBytes).ToString();
cookieValue = CookieProtection.Protect(_dataProtector, sessionKey);
var establisher = new SessionEstablisher(context, cookieValue, _options);
tryEstablishSession = establisher.TryEstablishSession;
isNewSessionKey = true;
}
var feature = new SessionFeature();
feature.Session = _sessionStore.Create(sessionKey, TimeSpan.FromMinutes(120.0), TimeSpan.FromMinutes(3.0), tryEstablishSession, isNewSessionKey);
context.Features.Set <ISessionFeature>(feature);
try
{
await _next(context);
}
finally
{
context.Features.Set <ISessionFeature>(null);
if (feature.Session != null)
{
try
{
await feature.Session.CommitAsync(context.RequestAborted);
}
catch (OperationCanceledException ex)
{
_logger.LogError(ex.Message);
}
}
}
}
public async Task Index_ReturnsCartItems_WhenItemsInCart()
{
// Arrange
var cartId = "CartId_A";
var sessionFeature = new SessionFeature()
{
Session = CreateTestSession(),
};
var httpContext = new DefaultHttpContext();
httpContext.SetFeature <ISessionFeature>(sessionFeature);
httpContext.Session.SetString("Session", cartId);
var dbContext = _serviceProvider.GetRequiredService <MusicStoreContext>();
var cartItems = CreateTestCartItems(
cartId,
itemPrice: 10,
numberOfItem: 5);
dbContext.AddRange(cartItems.Select(n => n.Album).Distinct());
dbContext.AddRange(cartItems);
dbContext.SaveChanges();
var controller = new ShoppingCartController()
{
DbContext = dbContext,
};
controller.ActionContext.HttpContext = httpContext;
// Act
var result = await controller.Index();
// Assert
var viewResult = Assert.IsType <ViewResult>(result);
Assert.NotNull(viewResult.ViewData);
Assert.Null(viewResult.ViewName);
var model = Assert.IsType <ShoppingCartViewModel>(viewResult.ViewData.Model);
Assert.Equal(5, model.CartItems.Count);
Assert.Equal(5 * 10, model.CartTotal);
}
public void Register(IAppHost appHost)
{
appHost.PreRequestFilters.Add((req, res) =>
{
var cultureName = req.GetHeader("X-Culture");
if (string.IsNullOrEmpty(cultureName))
{
cultureName = System.Globalization.CultureInfo.CurrentCulture.Name;
}
var culture = System.Globalization.CultureInfo.GetCultureInfo(cultureName);
System.Threading.Thread.CurrentThread.CurrentCulture = culture;
System.Threading.Thread.CurrentThread.CurrentUICulture = culture;
});
appHost.GlobalRequestFilters.Add((req, res, requestDto) =>
{
SessionFeature.AddSessionIdToRequestFilter(req, res, requestDto);
});
}
protected bool IsUserAuthorized(IRequest thisRequest)
{
try
{
// Within the hub itself we can get the request directly from the context.
//Microsoft.AspNet.SignalR.IRequest myRequest = this.Context.Request; // Unfortunately this is a signalR IRequest, not a ServiceStack IRequest, but we can still use it to get the cookies.
bool perm = thisRequest.Cookies["ss-opt"].Value == "perm";
string sessionID = perm ? thisRequest.Cookies["ss-pid"].Value : thisRequest.Cookies["ss-id"].Value;
var sessionKey = SessionFeature.GetSessionKey(sessionID);
CustomUserSession session = HostContext.Cache.Get <CustomUserSession>(sessionKey);
return(session.IsAuthenticated);
}
catch (Exception ex)
{
// probably not auth'd so no cookies, session etc.
}
return(false);
}
public void PreAuthenticate(IRequest req, IResponse res)
{
var signature = req.Headers[WebhookEventConstants.SecretSignatureHeaderName];
if (signature.HasValue())
{
if (RequireSecureConnection && !req.IsSecureConnection)
{
throw HttpError.Forbidden(Resources.HmacAuthProvider_NotHttps);
}
var eventName = req.Headers[WebhookEventConstants.EventNameHeaderName];
if (OnGetSecret != null)
{
Secret = OnGetSecret(req, eventName);
}
if (!Secret.HasValue())
{
throw HttpError.Unauthorized(Resources.HmacAuthProvider_IncorrectlyConfigured);
}
var isValidSecret = req.VerifySignature(signature, Secret);
if (!isValidSecret)
{
throw new HttpError(HttpStatusCode.Unauthorized);
}
var requestId = req.Headers[WebhookEventConstants.RequestIdHeaderName];
var userId = requestId.HasValue() ? requestId : Guid.NewGuid().ToString("N");
var username = req.GetUrlHostName();
var sessionId = SessionExtensions.CreateRandomSessionId();
var session = SessionFeature.CreateNewSession(req, sessionId);
session.UserAuthId = userId;
session.UserAuthName = username;
session.UserName = username;
session.IsAuthenticated = true;
session.CreatedAt = SystemTime.UtcNow;
HostContext.AppHost.OnSessionFilter(req, session, sessionId);
req.Items[Keywords.Session] = session;
}
}
public void PreAuthenticate(IRequest req, IResponse res)
{
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
var userPass = req.GetBasicAuthUserAndPassword();
if (userPass != null)
{
var authService = req.TryResolve <AuthenticateService>();
authService.Request = req;
var response = authService.Post(new Authenticate
{
provider = Name,
UserName = userPass.Value.Key,
Password = userPass.Value.Value
});
}
}
public virtual void PreAuthenticate(IRequest req, IResponse res)
{
//API Keys are sent in Basic Auth Username and Password is Empty
var userPass = req.GetBasicAuthUserAndPassword();
if (!string.IsNullOrEmpty(userPass?.Value))
{
//Need to run SessionFeature filter since its not executed before this attribute (Priority -100)
SessionFeature.AddSessionIdToRequestFilter(req, res, null); //Required to get req.GetSessionId()
using var authService = HostContext.ResolveService <AuthenticateService>(req);
var response = authService.Post(new Authenticate
{
provider = Name,
UserName = userPass.Value.Key,
Password = userPass.Value.Value
});
}
}
