/// <summary>
/// Perform any initialisation tasks
/// </summary>
/// <param name="pipelines">Application pipelines</param>
public void Initialize(IPipelines pipelines)
{
pipelines.AfterRequest.AddItemToEndOfPipeline(
context =>
{
if (context.Response == null || context.Response.Cookies == null)
{
return;
}
if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, (string)context.Items[CsrfToken.DEFAULT_CSRF_KEY], true));
return;
}
if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]);
return;
}
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(CryptographyConfiguration.HmacProvider);
var tokenString = ObjectSerializer.Serialize(token);
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString;
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true));
});
}
/// <summary>
/// Creates a new csrf token for this response with an optional salt.
/// Only necessary if a particular route requires a new token for each request.
/// </summary>
/// <param name="module">Nancy module</param>
/// <returns></returns>
public static void CreateNewCsrfToken(this INancyModule module)
{
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(CsrfApplicationStartup.CryptographyConfiguration.HmacProvider);
var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token);
module.Context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString;
}
/// <summary>
/// Creates a new csrf token with an optional salt.
/// Does not store the token in context.
/// </summary>
/// <returns>The generated token</returns>
internal static string GenerateTokenString(CryptographyConfiguration cryptographyConfiguration = null)
{
cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration;
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(cryptographyConfiguration.HmacProvider);
var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token);
return(tokenString);
}
/// <summary>
/// Creates a new csrf token for this response with an optional salt.
/// Only necessary if a particular route requires a new token for each request.
/// </summary>
/// <param name="module">Nancy module</param>
/// <returns></returns>
public static void CreateNewCsrfToken(this NancyModule module)
{
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(CsrfApplicationStartup.CryptographyConfiguration.HmacProvider);
var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token);
module.Context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString;
}
/// <summary>
/// Enables Csrf token generation.
/// This is disabled by default.
/// </summary>
/// <param name="pipelines">Application pipelines</param>
public static void Enable(IPipelines pipelines, CryptographyConfiguration cryptographyConfiguration = null)
{
cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration;
var postHook = new PipelineItem<Action<NancyContext>>(
CsrfHookName,
context =>
{
if (context.Response == null || context.Response.Cookies == null || context.Request.Method.Equals("OPTIONS", StringComparison.OrdinalIgnoreCase))
{
return;
}
if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY,
(string)context.Items[CsrfToken.DEFAULT_CSRF_KEY],
true));
return;
}
if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
var decodedValue = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]);
var cookieToken = CsrfApplicationStartup.ObjectSerializer.Deserialize(decodedValue) as CsrfToken;
if (CsrfApplicationStartup.TokenValidator.CookieTokenStillValid(cookieToken))
{
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = decodedValue;
return;
}
}
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(cryptographyConfiguration.HmacProvider);
var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token);
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString;
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true));
});
pipelines.AfterRequest.AddItemToEndOfPipeline(postHook);
}
/// <summary>
/// Enables Csrf token generation.
/// This is disabled by default.
/// </summary>
/// <param name="pipelines">Application pipelines</param>
public static void Enable(IPipelines pipelines, CryptographyConfiguration cryptographyConfiguration = null)
{
cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration;
var postHook = new PipelineItem <Action <NancyContext> >(
CsrfHookName,
context =>
{
if (context.Response == null || context.Response.Cookies == null || context.Request.Method.Equals("OPTIONS", StringComparison.OrdinalIgnoreCase))
{
return;
}
if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY,
(string)context.Items[CsrfToken.DEFAULT_CSRF_KEY],
true));
return;
}
if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
var decodedValue = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]);
var cookieToken = CsrfApplicationStartup.ObjectSerializer.Deserialize(decodedValue) as CsrfToken;
if (CsrfApplicationStartup.TokenValidator.CookieTokenStillValid(cookieToken))
{
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = decodedValue;
return;
}
}
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(cryptographyConfiguration.HmacProvider);
var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token);
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString;
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true));
});
pipelines.AfterRequest.AddItemToEndOfPipeline(postHook);
}
/// <summary>
/// Creates a new csrf token with an optional salt.
/// Does not store the token in context.
/// </summary>
/// <returns>The generated token</returns>
internal static string GenerateTokenString(CryptographyConfiguration cryptographyConfiguration = null)
{
cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration;
var token = new CsrfToken
{
CreatedDate = DateTimeOffset.Now
};
token.CreateRandomBytes();
token.CreateHmac(cryptographyConfiguration.HmacProvider);
var builder = new StringBuilder();
builder.AppendFormat("RandomBytes{0}{1}", ValueDelimiter, Convert.ToBase64String(token.RandomBytes));
builder.Append(PairDelimiter);
builder.AppendFormat("Hmac{0}{1}", ValueDelimiter, Convert.ToBase64String(token.Hmac));
builder.Append(PairDelimiter);
builder.AppendFormat("CreatedDate{0}{1}", ValueDelimiter, token.CreatedDate.ToString("o", CultureInfo.InvariantCulture));
return(builder.ToString());
}
/// <summary>
/// Creates a new csrf token with an optional salt.
/// Does not store the token in context.
/// </summary>
/// <returns>The generated token</returns>
internal static string GenerateTokenString(CryptographyConfiguration cryptographyConfiguration = null)
{
cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration;
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(cryptographyConfiguration.HmacProvider);
var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token);
return tokenString;
}
/// <summary>
/// Perform any initialisation tasks
/// </summary>
/// <param name="pipelines">Application pipelines</param>
public void Initialize(IPipelines pipelines)
{
pipelines.AfterRequest.AddItemToEndOfPipeline(
context =>
{
if (context.Response == null || context.Response.Cookies == null)
{
return;
}
if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, (string)context.Items[CsrfToken.DEFAULT_CSRF_KEY], true));
return;
}
if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY))
{
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]);
return;
}
var token = new CsrfToken
{
CreatedDate = DateTime.Now,
};
token.CreateRandomBytes();
token.CreateHmac(CryptographyConfiguration.HmacProvider);
var tokenString = ObjectSerializer.Serialize(token);
context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString;
context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true));
});
}
