public string CreateEncryptedLoginToken(LoginUsr usr, int defCompanyId, int defProjectId, byte defSystemId, UsrCurr curr, UsrImpr impr, string resources, string secret)
{
RintagiLoginToken loginToken = new RintagiLoginToken()
{
UsrId = usr.UsrId,
LoginName = usr.LoginName,
UsrName = usr.UsrName,
UsrEmail = usr.UsrEmail,
UsrGroup = impr.UsrGroups,
RowAuthority = impr.RowAuthoritys,
SystemId = curr.SystemId,
CompanyId = curr.CompanyId,
ProjectId = curr.ProjectId,
DefSystemId = defSystemId,
DefCompanyId = defCompanyId,
DefProjectId = defProjectId,
DbId = curr.DbId,
Resources = resources,
};
string json = Newtonsoft.Json.JsonConvert.SerializeObject(loginToken);
SHA256CryptoServiceProvider hashsha256 = new SHA256CryptoServiceProvider();
string hash = BitConverter.ToString(hashsha256.ComputeHash(UTF8Encoding.UTF8.GetBytes(json))).Replace("-", "");
string encrypted = RO.Common3.Utils.ROEncryptString(hash.Left(32) + json, secret);
return(encrypted);
}
public RintagiLoginToken DecryptLoginToken(string encryptedToken, string secret)
{
string decryptedToken = RO.Common3.Utils.RODecryptString(encryptedToken, secret);
RintagiLoginToken token = Newtonsoft.Json.JsonConvert.DeserializeObject <RintagiLoginToken>(decryptedToken.Substring(32));
return(token);
}
public SerializableDictionary <string, string> GetToken(string client_id, string scope, string grant_type, string code, string code_verifier, string redirect_url, string client_secret, string appPath, string appDomain, Func <string, string> getStoredToken, Func <LoginUsr, UsrCurr, UsrImpr, UsrPref, string, bool, bool> ValidateScope, bool reAuth = false)
{
Dictionary <string, object> scopeContext = Newtonsoft.Json.JsonConvert.DeserializeObject <Dictionary <string, object> >(scope);
byte? systemId = null;
int? companyId = null;
int? projectId = null;
short?cultureId = null;
int access_token_validity = 5 * 60; // 20 minutes
int refresh_token_validity = 60 * 60 * 24 * 14; // 14 days
try { systemId = byte.Parse(scopeContext["SystemId"].ToString()); }
catch { };
try { companyId = int.Parse(scopeContext["CompanyId"].ToString()); }
catch { };
try { projectId = int.Parse(scopeContext["ProjectId"].ToString()); }
catch { };
try { cultureId = short.Parse(scopeContext["ProjectId"].ToString()); }
catch { };
//var context = HttpContext.Current;
//string appPath = context.Request.ApplicationPath;
//string domain = context.Request.Url.GetLeftPart(UriPartial.Authority);
//HttpSessionState Session = HttpContext.Current.Session;
//System.Web.Caching.Cache cache = HttpContext.Current.Cache;
string storedToken;
RintagiLoginJWT loginJWT = new Func <RintagiLoginJWT>(() =>
{
if (grant_type == "authorization_code")
{
storedToken = getStoredToken(code);
try
{
return(GetLoginUsrInfo(storedToken) ?? new RintagiLoginJWT());
}
catch
{
};
}
else if (grant_type == "refresh_token")
{
try
{
return(GetLoginUsrInfo(code) ?? new RintagiLoginJWT());
}
catch { }
}
return(new RintagiLoginJWT());
})();
UsrCurr LCurr;
UsrImpr LImpr;
LoginUsr LUser;
UsrPref LPref;
var utc0 = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
var currTime = DateTime.Now.ToUniversalTime().Subtract(utc0).TotalSeconds;
var nbf = loginJWT.nbf - 20; // margin for multiple server clock skew(max 20s)
var expiredOn = loginJWT.exp + 20; // margin for multiple server clock skew(max 20s)
int remainingSeconds = expiredOn - (int)currTime;
var currentHandle = loginJWT.handle;
bool keepRefreshToken = remainingSeconds > 120 && !reAuth && grant_type == "refresh_token";
try
{
if (currTime > nbf && currTime < expiredOn && ValidateJWTHandle(currentHandle))
{
string signingKey = GetSessionSigningKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString());
string encryptionKey = GetSessionEncryptionKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString());
RintagiLoginToken loginToken = DecryptLoginToken(loginJWT.loginToken, encryptionKey);
LCurr = new UsrCurr(companyId ?? loginToken.CompanyId, projectId ?? loginToken.ProjectId, systemId ?? loginToken.SystemId, systemId ?? loginToken.SystemId);
LImpr = null;
LImpr = SetImpersonation(LImpr, loginToken.UsrId, systemId ?? loginToken.SystemId, companyId ?? loginToken.CompanyId, projectId ?? loginToken.ProjectId);
LUser = new LoginUsr();
LUser.UsrId = loginToken.UsrId;
LUser.LoginName = loginToken.LoginName;
LUser.DefCompanyId = loginToken.DefCompanyId;
LUser.DefProjectId = loginToken.DefProjectId;
LUser.DefSystemId = loginToken.DefSystemId;
LUser.UsrName = loginToken.UsrName;
LUser.InternalUsr = "******";
LUser.CultureId = 1;
LUser.HasPic = false;
LPref = (new LoginSystem()).GetUsrPref(LUser.UsrId, LCurr.CompanyId, LCurr.ProjectId, LCurr.SystemId);
string refreshTag = keepRefreshToken ? currentHandle : Guid.NewGuid().ToString().Replace("-", "").ToLower();
string loginTag = Guid.NewGuid().ToString().Replace("-", "").ToLower();
if (ValidateScope(LUser, LCurr, LImpr, LPref, currentHandle, true))
{
string loginTokenJWT = CreateLoginJWT(LUser, loginToken.DefCompanyId, loginToken.DefProjectId, loginToken.DefSystemId, LCurr, LImpr, appPath, access_token_validity, loginTag);
string refreshTokenJWT = CreateLoginJWT(LUser, loginToken.DefCompanyId, loginToken.DefProjectId, loginToken.DefSystemId, LCurr, LImpr, appPath, keepRefreshToken ? remainingSeconds : refresh_token_validity, refreshTag);
string token_scope = string.Format("s{0}c{1}p{2}", LCurr.SystemId, LCurr.CompanyId, LCurr.ProjectId);
var Token = new SerializableDictionary <string, string> {
{ "access_token", loginTokenJWT },
{ "token_type", "Bearer" },
{ "iat", currTime.ToString() },
{ "expires_in", (access_token_validity - 1).ToString() },
{ "scope", token_scope },
{ "resources", appPath },
{ "refresh_token", refreshTokenJWT },
};
return(Token);
}
else
{
return(new SerializableDictionary <string, string>()
{
{ "error", "access_denied" },
{ "message", "cannot issue token" },
});
}
}
}
catch {
}
return(new SerializableDictionary <string, string>()
{
{ "error", "invalid_token" },
{ "message", "cannot issue token" },
});
}