/// <summary> /// Perform any initialisation tasks /// </summary> /// <param name="pipelines">Application pipelines</param> public void Initialize(IPipelines pipelines) { pipelines.AfterRequest.AddItemToEndOfPipeline( context => { if (context.Response == null || context.Response.Cookies == null) { return; } if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY)) { context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, (string)context.Items[CsrfToken.DEFAULT_CSRF_KEY], true)); return; } if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY)) { context.Items[CsrfToken.DEFAULT_CSRF_KEY] = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]); return; } var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(CryptographyConfiguration.HmacProvider); var tokenString = ObjectSerializer.Serialize(token); context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString; context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true)); }); }
/// <summary> /// Creates a new csrf token for this response with an optional salt. /// Only necessary if a particular route requires a new token for each request. /// </summary> /// <param name="module">Nancy module</param> /// <returns></returns> public static void CreateNewCsrfToken(this INancyModule module) { var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(CsrfApplicationStartup.CryptographyConfiguration.HmacProvider); var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token); module.Context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString; }
/// <summary> /// Creates a new csrf token with an optional salt. /// Does not store the token in context. /// </summary> /// <returns>The generated token</returns> internal static string GenerateTokenString(CryptographyConfiguration cryptographyConfiguration = null) { cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration; var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(cryptographyConfiguration.HmacProvider); var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token); return(tokenString); }
/// <summary> /// Creates a new csrf token for this response with an optional salt. /// Only necessary if a particular route requires a new token for each request. /// </summary> /// <param name="module">Nancy module</param> /// <returns></returns> public static void CreateNewCsrfToken(this NancyModule module) { var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(CsrfApplicationStartup.CryptographyConfiguration.HmacProvider); var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token); module.Context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString; }
/// <summary> /// Enables Csrf token generation. /// This is disabled by default. /// </summary> /// <param name="pipelines">Application pipelines</param> public static void Enable(IPipelines pipelines, CryptographyConfiguration cryptographyConfiguration = null) { cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration; var postHook = new PipelineItem<Action<NancyContext>>( CsrfHookName, context => { if (context.Response == null || context.Response.Cookies == null || context.Request.Method.Equals("OPTIONS", StringComparison.OrdinalIgnoreCase)) { return; } if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY)) { context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, (string)context.Items[CsrfToken.DEFAULT_CSRF_KEY], true)); return; } if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY)) { var decodedValue = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]); var cookieToken = CsrfApplicationStartup.ObjectSerializer.Deserialize(decodedValue) as CsrfToken; if (CsrfApplicationStartup.TokenValidator.CookieTokenStillValid(cookieToken)) { context.Items[CsrfToken.DEFAULT_CSRF_KEY] = decodedValue; return; } } var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(cryptographyConfiguration.HmacProvider); var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token); context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString; context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true)); }); pipelines.AfterRequest.AddItemToEndOfPipeline(postHook); }
/// <summary> /// Enables Csrf token generation. /// This is disabled by default. /// </summary> /// <param name="pipelines">Application pipelines</param> public static void Enable(IPipelines pipelines, CryptographyConfiguration cryptographyConfiguration = null) { cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration; var postHook = new PipelineItem <Action <NancyContext> >( CsrfHookName, context => { if (context.Response == null || context.Response.Cookies == null || context.Request.Method.Equals("OPTIONS", StringComparison.OrdinalIgnoreCase)) { return; } if (context.Items.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY)) { context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, (string)context.Items[CsrfToken.DEFAULT_CSRF_KEY], true)); return; } if (context.Request.Cookies.ContainsKey(CsrfToken.DEFAULT_CSRF_KEY)) { var decodedValue = HttpUtility.UrlDecode(context.Request.Cookies[CsrfToken.DEFAULT_CSRF_KEY]); var cookieToken = CsrfApplicationStartup.ObjectSerializer.Deserialize(decodedValue) as CsrfToken; if (CsrfApplicationStartup.TokenValidator.CookieTokenStillValid(cookieToken)) { context.Items[CsrfToken.DEFAULT_CSRF_KEY] = decodedValue; return; } } var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(cryptographyConfiguration.HmacProvider); var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token); context.Items[CsrfToken.DEFAULT_CSRF_KEY] = tokenString; context.Response.Cookies.Add(new NancyCookie(CsrfToken.DEFAULT_CSRF_KEY, tokenString, true)); }); pipelines.AfterRequest.AddItemToEndOfPipeline(postHook); }
/// <summary> /// Creates a new csrf token with an optional salt. /// Does not store the token in context. /// </summary> /// <returns>The generated token</returns> internal static string GenerateTokenString(CryptographyConfiguration cryptographyConfiguration = null) { cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration; var token = new CsrfToken { CreatedDate = DateTimeOffset.Now }; token.CreateRandomBytes(); token.CreateHmac(cryptographyConfiguration.HmacProvider); var builder = new StringBuilder(); builder.AppendFormat("RandomBytes{0}{1}", ValueDelimiter, Convert.ToBase64String(token.RandomBytes)); builder.Append(PairDelimiter); builder.AppendFormat("Hmac{0}{1}", ValueDelimiter, Convert.ToBase64String(token.Hmac)); builder.Append(PairDelimiter); builder.AppendFormat("CreatedDate{0}{1}", ValueDelimiter, token.CreatedDate.ToString("o", CultureInfo.InvariantCulture)); return(builder.ToString()); }
/// <summary> /// Creates a new csrf token with an optional salt. /// Does not store the token in context. /// </summary> /// <returns>The generated token</returns> internal static string GenerateTokenString(CryptographyConfiguration cryptographyConfiguration = null) { cryptographyConfiguration = cryptographyConfiguration ?? CsrfApplicationStartup.CryptographyConfiguration; var token = new CsrfToken { CreatedDate = DateTime.Now, }; token.CreateRandomBytes(); token.CreateHmac(cryptographyConfiguration.HmacProvider); var tokenString = CsrfApplicationStartup.ObjectSerializer.Serialize(token); return tokenString; }