public async Task <IActionResult> Create(Guid clientId, Guid clientSecret) { var result = new CommonResult(); if (clientId.IsEmptyGuid() || clientSecret.IsEmptyGuid()) { result.Messages.Add("some parameters are missing! (token, projectUid, labelKey)"); return(Json(result)); } var request = new TokenCreateRequest(clientId, clientSecret, HttpContext.Connection.RemoteIpAddress); var response = await _integrationService.CreateToken(request); if (response.Status.IsNotSuccess) { result.Messages = response.ErrorMessages; return(StatusCode(401, result)); } var model = new TokenResult { IsOk = true, Token = response.Item.AccessToken, CreatedAt = GetDateTimeAsString(response.Item.CreatedAt), ExpiresAt = GetDateTimeAsString(response.Item.ExpiresAt) }; return(Json(model)); }
public void ValidateTokenCountExceeded() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); Assert.NotNull(createResult.JwtToken); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken receivedToken = tokenHandler.ReadJwtToken(createResult.JwtToken); Assert.NotNull(receivedToken); // create validation request from the data used to create the token TokenValidateRequest validateThis = ttu.BuildTokenValidateRequest(createResult.JwtToken, request.ProtectedResource); // first one should succeed TokenValidateResponse response1 = serviceUnderTest.ValidateToken(validateThis); // Lets jam a context validation into this test also. probably should be broken out into its own test in the future Assert.NotNull(response1.Context); try { // usage count was set to one so should now fail TokenValidateResponse response2 = serviceUnderTest.ValidateToken(validateThis); // Lets jam a context validation into this test also. probably should be broken out into its own test in the future Assert.False(true, "Did not catch exception when usage count exceeded"); } catch (ViolationException e) { _output.WriteLine("Caught expected exception: " + e.Message + " " + e.ServiceResponse); } }
public void ValidateTokenNotEffective() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); // make effective and expiration time in the past request.EffectiveTime = DateTime.Now.AddDays(+20); TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken receivedToken = tokenHandler.ReadJwtToken(createResult.JwtToken); // create validation request from the data used to create the token TokenValidateRequest validateThis = ttu.BuildTokenValidateRequest(createResult.JwtToken, request.ProtectedResource); try { // should fail as expired TokenValidateResponse response = serviceUnderTest.ValidateToken(validateThis); Assert.False(true, "Did not catch exception when token not yet effective"); } catch (ViolationException e) { // TODO should validate the message or something... _output.WriteLine("Caught expected exception: " + e.Message + " " + e.ServiceResponse); } }
public async Task <TokenCreateResponse> CreateToken(TokenCreateRequest request) { var response = new TokenCreateResponse(); var integrationClient = await _integrationClientRepository.Select(x => x.ClientId == request.ClientId && x.ClientSecret == request.ClientSecret); if (integrationClient.IsNotExist()) { response.SetInvalidBecauseNotFound("integration_client"); return(response); } if (await _organizationRepository.Any(x => x.Id == integrationClient.OrganizationId && !x.IsActive) || await _integrationRepository.Any(x => x.Id == integrationClient.IntegrationId && !x.IsActive)) { response.SetInvalid(); response.ErrorMessages.Add("integration_client_not_found"); return(response); } var token = _tokenFactory.CreateEntityFromRequest(request, integrationClient); var id = await _tokenRepository.Insert(integrationClient.Id, token); if (id > 0) { response.Item = _tokenFactory.CreateDtoFromEntity(token); response.Status = ResponseStatus.Success; return(response); } response.SetFailed(); return(response); }
public void ValidateEncodedJwtBadId() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); // added this catch block in when we failed creating tokens because regex didn't fit in URL validation. // The tangled web we weave try { TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); Assert.NotNull(createResult.JwtToken); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken receivedToken = tokenHandler.ReadJwtToken(createResult.JwtToken); TokenEntity badEntity = new TokenEntity(null, null) { JwtUniqueIdentifier = "dogfood" }; try { serviceUnderTest.ValidateEncodedJwt(receivedToken, badEntity); Assert.False(true, "Expected FailedException"); } catch (ConsistencyException e) { _output.WriteLine("Caught expected exception: " + e.Message); } } catch (BadArgumentException e) { Assert.False(true, "Caught unexpected exception: " + e.Message + " " + e.ServiceResponse); } }
public Token CreateEntityFromRequest(TokenCreateRequest request, IntegrationClient integrationClient) { var entity = CreateEntity(integrationClient); entity.Ip = request.IP.ToString(); return(entity); }
public Task <TokenCreateResponse> CreateAsync(TokenCreateRequest tokenCreateRequest, CancellationToken cancellationToken = default(CancellationToken)) { if (tokenCreateRequest == null) { throw new ArgumentNullException(nameof(tokenCreateRequest)); } return(InternalCreateAsync(tokenCreateRequest, cancellationToken)); }
internal TokenCreateRequest BuildTokenCreateRequest() { TokenIdentity obo = new TokenIdentity(null, "testid"); TokenCreateRequest request = new TokenCreateRequest(obo) { MaxUsageCount = 1, ProtectedResource = bogusTestUrl, Context = JObject.Parse(@"{ ""x"":""value""}"), }; return(request); }
private async Task <TokenCreateResponse> InternalCreateAsync(TokenCreateRequest tokenCreateRequest, CancellationToken cancellationToken = default(CancellationToken)) { //TODO business rule: should we receive a deviceId to "connect" the token with that device? var generatedToken = _tokenGenerator.Generate(new Card(tokenCreateRequest.CardNumber, tokenCreateRequest.Cvv), _tokenGeneratorClock.Now()); var tokenRegistration = new TokenRegistration(generatedToken.Value, tokenCreateRequest.CardNumber, generatedToken.GeneratedAt); _databaseContext.TokenRegistrations.Add(tokenRegistration); await _databaseContext.SaveChangesAsync(cancellationToken); return(new TokenCreateResponse(generatedToken.GeneratedAt, generatedToken.Value)); }
public void CreateTokenHappyPath() { TokenController controller = new TokenController(serviceUnderTest, serviceUnderTest, controllerLogger); TokenCreateRequest request = ttu.BuildTokenCreateRequest(); CreatedResult result = controller.Create(request) as CreatedResult; TokenCreateResponse response = result.Value as TokenCreateResponse; Assert.NotNull(response); Assert.Equal("1.0", response.ModelVersion); Assert.NotEmpty(response.JwtToken); // shouldn't be any messages Assert.Equal(0, response.Messages.Count); }
public void ValidateTokenHappyPath() { TokenController controller = new TokenController(serviceUnderTest, serviceUnderTest, controllerLogger); TokenCreateRequest request = ttu.BuildTokenCreateRequest(); CreatedResult result = controller.Create(request) as CreatedResult; TokenCreateResponse response = result.Value as TokenCreateResponse; // assume CreateTokenHappyPath() validates the create path so now lets run the validate path TokenValidateRequest validateThis = ttu.BuildTokenValidateRequest(response.JwtToken, request.ProtectedResource); Assert.Equal(validateThis.JwtToken, response.JwtToken); // shouldn't be any messages Assert.Equal(0, response.Messages.Count); }
public void CreateTokenSuccess() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); Assert.NotNull(createResult); Assert.NotNull(createResult.JwtToken); _output.WriteLine("Calculated Token Encoded : " + createResult.JwtToken); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken foundToken = tokenHandler.ReadJwtToken(createResult.JwtToken); Assert.NotNull(foundToken); Assert.Equal(ttu.bogusTestUrl, foundToken.Payload.Sub); }
public void CreateTokenForceValidationError() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); request.ModelVersion = null; try { TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); Assert.False(true, "Create Token should have failed model validation"); } catch (BadArgumentException e) { _output.WriteLine("Received expected BadArgumentException when mandatory aTribute not set: " + e.ServiceResponse); } }
public void CreateTokenInvalidObject() { // set no mandatory properties TokenCreateRequest request = new TokenCreateRequest(null); try { TokenCreateResponse response = serviceUnderTest.CreateToken(request); Assert.True(false, "Should have thrown an exception"); } catch (BadArgumentException e) { Assert.NotNull(e.ServiceResponse); _output.WriteLine("validation messages included " + e.ServiceResponse); } }
private void DeserializeSerializeCompare(string jsonRep) { // convert the JSON to objects. Convert the objects to JSON. TokenCreateRequest hydrated = JsonConvert.DeserializeObject <TokenCreateRequest>(jsonRep); Assert.NotNull(hydrated); output.WriteLine("Original=" + jsonRep); string serialized = JsonConvert.SerializeObject(hydrated, Formatting.Indented); output.WriteLine("Serialized=" + serialized); // compare original JSON with results of deserialize / serialize var nodeSet1 = JsonConvert.DeserializeObject <JObject>(jsonRep); var nodeSet2 = JsonConvert.DeserializeObject <JObject>(serialized); Assert.True(JToken.DeepEquals(nodeSet1, nodeSet2), "Original JSON and results of deserialize,serialize are different token graphs"); }
/// <summary> /// Creates a token and returns it in the response. /// Throws an exception wrapping the response if there is an error. /// Throws BadArgumentException if the request is bad /// FailedException if there was some other problem /// </summary> /// <param name="request"></param> /// <returns>A response containing the token</returns> public TokenCreateResponse CreateToken(TokenCreateRequest request) { ValidateRequest(request); // yeah its circular because we store the JWT in the entity and JWT creation uses the entity fields. TokenEntity entity = CreateTokenEntity(request); string newJwt = CreateJwt(entity); entity.JwtToken = newJwt; // save the entity, create a response and get out of here _repository.Create(entity); TokenCreateResponse response = new TokenCreateResponse() { JwtToken = newJwt, }; return(response); }
public async Task <TokenCreateResponse> Create([FromBody] TokenCreateRequest request) { var identity = await GetIdentityAsync(request.UserId); var claims = new[] { new Claim("sub", request.UserId), new Claim("given_name", identity.FirstName), new Claim("family_name", identity.LastName), new Claim("iat", DateTimeOffset.Now.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), }; var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256); var token = new JwtSecurityToken(claims: claims, signingCredentials: signingCredentials); return(new TokenCreateResponse { Token = new JwtSecurityTokenHandler().WriteToken(token), }); }
/// <summary> /// Creates an entity from a submitted requests. The entity is not complete until a JWT has been added to it. /// This means the entity must be muta)ble :-( /// </summary> /// <param name="request"></param> /// <returns></returns> internal TokenEntity CreateTokenEntity(TokenCreateRequest request) { DateTime now = DateTime.Now; // TODO create initiator for this constructor. Get initiator from request or security context. We set obo as property below. // Consumed by is initially empty and updated by Validate() TokenEntity entity = new TokenEntity(new TokenIdentityEntity(request.OnBehalfOf.ProviderName, request.OnBehalfOf.UserName), null) { Context = request.Context, MaxUseCount = request.MaxUsageCount, EffectiveTime = request.EffectiveTime, ExpirationIntervalSec = request.ExpirationIntervalSeconds, ExpirationTime = request.EffectiveTime.AddSeconds(request.ExpirationIntervalSeconds), InitiationTime = now, JwtUniqueIdentifier = Guid.NewGuid().ToString(), JwtSecret = SecretKey(), ProtectedResource = request.ProtectedResource, }; return(entity); }
public void ValidateProtectedExactMatch() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); Assert.NotNull(createResult.JwtToken); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken receivedToken = tokenHandler.ReadJwtToken(createResult.JwtToken); Assert.NotNull(receivedToken); TokenEntity foundEntity = inMemoryRepo.GetById(receivedToken.Id); Assert.NotNull(foundEntity); try { serviceUnderTest.ValidateResourceAllowed(receivedToken, foundEntity, foundEntity.ProtectedResource); } catch (ViolationException e) { Assert.False(true, "Caught unexpected exception: " + e.Message + " " + e.ServiceResponse); } }
public void ValidateProtectedExtraSuffixFails() { TokenCreateRequest request = ttu.BuildTokenCreateRequest(); TokenCreateResponse createResult = serviceUnderTest.CreateToken(request); Assert.NotNull(createResult.JwtToken); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken receivedToken = tokenHandler.ReadJwtToken(createResult.JwtToken); Assert.NotNull(receivedToken); TokenEntity foundEntity = inMemoryRepo.GetById(receivedToken.Id); Assert.NotNull(foundEntity); try { serviceUnderTest.ValidateResourceAllowed(receivedToken, foundEntity, foundEntity.ProtectedResource + "/some-suffix"); Assert.False(true, "Expected FailedException"); } catch (ViolationException e) { _output.WriteLine("Caught expected exception: " + e.Message); } }
public IActionResult Create([FromBody] TokenCreateRequest value) { TokenCreateResponse response = _creationService.CreateToken(value); return(Created("../Validate", response)); }
public async Task <TokenCreateResponse> Post([FromBody] TokenCreateRequest tokenCreateRequest, CancellationToken cancellationToken = default(CancellationToken)) { return(await _tokenCreateService.CreateAsync(tokenCreateRequest, cancellationToken)); }
public ActionResult <Token> CreateToken([FromForm] TokenCreateRequest request) { if (request.GrantType == GrantTypes.AuthorizationCode) { if (string.IsNullOrEmpty(request.ClientId)) { return(ErrorObjectResultFactory.InvalidClient()); } var application = _authorizeService.GetApplication(request.ClientId); if (application == null) { return(ErrorObjectResultFactory.InvalidClient()); } if (!application.GrantTypes.Contains(GrantTypes.AuthorizationCode)) { return(ErrorObjectResultFactory.InvalidGrantType()); } if (string.IsNullOrEmpty(request.Code)) { return(ErrorObjectResultFactory.InvalidCode()); } var authorizationCode = _authorizeService.GetAuthorizationCode(request.Code); if (authorizationCode == null) { return(ErrorObjectResultFactory.InvalidCode()); } if (application.ApplicationId != authorizationCode.ApplicationId) { return(ErrorObjectResultFactory.InvalidCode()); } var accessToken = _authorizeService.CreateAccessToken( application.ApplicationId, authorizationCode.AccountId, null); _authorizeService.UseAuthorizationCode(request.Code); return(new Token { AccessToken = accessToken.TokenId, ExpiresIn = _appSetgings.AccessTokenExpiresIn, Scope = string.Join(' ', accessToken.Scopes), TokenType = "Bearer", }); } else if (request.GrantType == GrantTypes.ClientCredentials) { if (string.IsNullOrEmpty(request.ClientId)) { return(ErrorObjectResultFactory.InvalidClient()); } var application = _authorizeService.GetApplication(request.ClientId); if (application == null || application.ClientSecret != request.ClientSecret) { return(ErrorObjectResultFactory.InvalidClient()); } if (!application.GrantTypes.Contains(GrantTypes.ClientCredentials)) { return(ErrorObjectResultFactory.InvalidGrantType()); } IList <string> scopes = new List <string>(); if (!string.IsNullOrEmpty(request.Scope)) { scopes = request.Scope.Split(' ', ','); foreach (string scope in scopes) { if (!application.Scopes.Contains(scope)) { return(ErrorObjectResultFactory.InvalidScope()); } } } var accessToken = _authorizeService.CreateAccessToken(application.ApplicationId, scopes); return(new Token { AccessToken = accessToken.TokenId, ExpiresIn = _appSetgings.AccessTokenExpiresIn, Scope = string.Join(' ', accessToken.Scopes), TokenType = "Bearer", }); } else { throw new NotImplementedException(); } }