Update key store to validate account and site
Docker Build and Release Upload / build (push) Successful in 1m24s
Docker Build and Release Upload / build (push) Successful in 1m24s
This commit is contained in:
@@ -43,7 +43,7 @@ export class LoginComponent {
|
|||||||
}
|
}
|
||||||
|
|
||||||
this.errorMsgs.push("Waiting for response from server");
|
this.errorMsgs.push("Waiting for response from server");
|
||||||
this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn, "SameSite": (this.returnURL == '/') }, { responseType: 'text' } ).subscribe({
|
this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn, "Site": this.returnURL }, { responseType: 'text' } ).subscribe({
|
||||||
next: data => {
|
next: data => {
|
||||||
this.errorMsgs = [ "Login Token: " + data ];
|
this.errorMsgs = [ "Login Token: " + data ];
|
||||||
window.location.href = this.returnURL + "?LoginToken=" + data;
|
window.location.href = this.returnURL + "?LoginToken=" + data;
|
||||||
|
|||||||
@@ -52,14 +52,14 @@ namespace Auth.Controllers {
|
|||||||
test.CurrentPasswordAttempts = 0;
|
test.CurrentPasswordAttempts = 0;
|
||||||
await _databaseService.SetAccount(test);
|
await _databaseService.SetAccount(test);
|
||||||
|
|
||||||
if (request.SameSite) {
|
if (request.Site == "/") {
|
||||||
SignIn(Response, AuthJWT.GenereateJWTToken(test, request.StayLoggedIn));
|
SignIn(Response, AuthJWT.GenereateJWTToken(test, request.Site, request.StayLoggedIn));
|
||||||
} else {
|
} else {
|
||||||
string Ticket = Guid.NewGuid().ToString().Replace("-", "");
|
string Ticket = Guid.NewGuid().ToString().Replace("-", "");
|
||||||
string JWT = AuthJWT.GenereateJWTToken(test, request.StayLoggedIn);
|
string JWT = AuthJWT.GenereateJWTToken(test, request.Site, request.StayLoggedIn);
|
||||||
AuthJWT.LoginSessions[Ticket] = new JWTMemCache {
|
AuthJWT.LoginSessions[Ticket] = new JWTMemCache {
|
||||||
JWT = JWT,
|
JWT = JWT,
|
||||||
ExpiresAt = DateTime.UtcNow.AddSeconds(30)
|
ExpiresAt = DateTime.UtcNow.AddSeconds(20)
|
||||||
};
|
};
|
||||||
|
|
||||||
return Ok(Ticket);
|
return Ok(Ticket);
|
||||||
|
|||||||
@@ -2,6 +2,8 @@ using Microsoft.AspNetCore.Mvc;
|
|||||||
using System.Web.Http;
|
using System.Web.Http;
|
||||||
using StackExchange.Redis;
|
using StackExchange.Redis;
|
||||||
using Auth.Services.DatabaseService;
|
using Auth.Services.DatabaseService;
|
||||||
|
using Auth.Services;
|
||||||
|
using Auth.Entities;
|
||||||
|
|
||||||
namespace Auth.Controllers {
|
namespace Auth.Controllers {
|
||||||
[ApiController]
|
[ApiController]
|
||||||
@@ -18,16 +20,26 @@ namespace Auth.Controllers {
|
|||||||
|
|
||||||
[Route("get")]
|
[Route("get")]
|
||||||
[HttpGet]
|
[HttpGet]
|
||||||
public async Task<ActionResult<string>> Get(string key) {
|
public async Task<ActionResult<string>> Get(string JWT, string key) {
|
||||||
RedisValue result = await _redisdb.StringGetAsync(key);
|
Account? account = AuthJWT.ValidateJWTToken(JWT);
|
||||||
return Ok(result.ToString());
|
if (account != null) {
|
||||||
|
RedisValue result = await _redisdb.StringGetAsync( account.Site + key);
|
||||||
|
return Ok(result.ToString());
|
||||||
|
} else {
|
||||||
|
return BadRequest("JWT Not Valid");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
[Route("set")]
|
[Route("set")]
|
||||||
[HttpGet]
|
[HttpGet]
|
||||||
public async Task<ActionResult> Set(string key, string value) {
|
public async Task<ActionResult> Set(string JWT, string key, string value) {
|
||||||
await _redisdb.StringSetAsync(key, value);
|
Account? account = AuthJWT.ValidateJWTToken(JWT);
|
||||||
return Ok();
|
if (account != null) {
|
||||||
|
await _redisdb.StringSetAsync(account.Site + key, value);
|
||||||
|
return Ok();
|
||||||
|
} else {
|
||||||
|
return BadRequest("JWT Not Valid");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,8 +3,8 @@ namespace Auth.DTO {
|
|||||||
public class LoginRequest {
|
public class LoginRequest {
|
||||||
public string UserName { get; set; } = "";
|
public string UserName { get; set; } = "";
|
||||||
public string Password { get; set; } = "";
|
public string Password { get; set; } = "";
|
||||||
|
public string Site { get; set; } = "";
|
||||||
public bool StayLoggedIn { get; set; }
|
public bool StayLoggedIn { get; set; }
|
||||||
public bool SameSite { get; set; }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public class JWTRenewRequest {
|
public class JWTRenewRequest {
|
||||||
|
|||||||
@@ -14,5 +14,6 @@ namespace Auth.Entities {
|
|||||||
public string PasswordToken { get; set; } = "";
|
public string PasswordToken { get; set; } = "";
|
||||||
public DateTime PasswordTokenCreated { get; set; }
|
public DateTime PasswordTokenCreated { get; set; }
|
||||||
public string DataServer { get; set; } = "";
|
public string DataServer { get; set; } = "";
|
||||||
|
public string Site { get; set; } = "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,10 +1,6 @@
|
|||||||
using Auth.Services;
|
using Auth.Services;
|
||||||
using Auth.Services.DatabaseService;
|
using Auth.Services.DatabaseService;
|
||||||
using System.Security.Claims;
|
|
||||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||||
using Microsoft.IdentityModel.Tokens;
|
|
||||||
using System.IdentityModel.Tokens.Jwt;
|
|
||||||
using System.Text;
|
|
||||||
|
|
||||||
var builder = WebApplication.CreateBuilder(args);
|
var builder = WebApplication.CreateBuilder(args);
|
||||||
|
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ namespace Auth.Services {
|
|||||||
ClockSkew = TimeSpan.FromMinutes(1)
|
ClockSkew = TimeSpan.FromMinutes(1)
|
||||||
};
|
};
|
||||||
|
|
||||||
public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
|
public static string GenereateJWTToken(Account account, string RequestedSite, bool StayLoggedIn) {
|
||||||
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
|
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
|
||||||
SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
|
SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
|
||||||
Subject = new ClaimsIdentity([
|
Subject = new ClaimsIdentity([
|
||||||
@@ -34,6 +34,7 @@ namespace Auth.Services {
|
|||||||
new Claim(ClaimTypes.Email, account.Email),
|
new Claim(ClaimTypes.Email, account.Email),
|
||||||
new Claim(ClaimTypes.Role, account.Role),
|
new Claim(ClaimTypes.Role, account.Role),
|
||||||
new Claim(ClaimTypes.UserData, account.DataServer),
|
new Claim(ClaimTypes.UserData, account.DataServer),
|
||||||
|
new Claim(ClaimTypes.Dns, RequestedSite),
|
||||||
new Claim(ClaimTypes.IsPersistent, StayLoggedIn.ToString()),
|
new Claim(ClaimTypes.IsPersistent, StayLoggedIn.ToString()),
|
||||||
]),
|
]),
|
||||||
Expires = DateTime.UtcNow.AddDays(7),
|
Expires = DateTime.UtcNow.AddDays(7),
|
||||||
@@ -47,14 +48,33 @@ namespace Auth.Services {
|
|||||||
return tokenHandler.WriteToken(token);
|
return tokenHandler.WriteToken(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Account? ValidateJWTToken(string Token) {
|
||||||
|
try {
|
||||||
|
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
|
||||||
|
ClaimsPrincipal principal = tokenHandler.ValidateToken( Token, TokenParameters, out SecurityToken validatedToken );
|
||||||
|
return new Account {
|
||||||
|
ID = Convert.ToInt32(principal.FindFirstValue(ClaimTypes.NameIdentifier)),
|
||||||
|
UserName = principal.FindFirstValue(ClaimTypes.Name)!,
|
||||||
|
Email = principal.FindFirstValue(ClaimTypes.Email)!,
|
||||||
|
Role = principal.FindFirstValue(ClaimTypes.Role)!,
|
||||||
|
DataServer = principal.FindFirstValue(ClaimTypes.UserData)!,
|
||||||
|
Site = principal.FindFirstValue(ClaimTypes.Dns)!
|
||||||
|
};
|
||||||
|
} catch (Exception) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static string RenewJWTToken(ClaimsPrincipal principal) {
|
public static string RenewJWTToken(ClaimsPrincipal principal) {
|
||||||
return GenereateJWTToken(new Account {
|
return GenereateJWTToken(new Account {
|
||||||
ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value),
|
ID = Convert.ToInt32(principal.FindFirstValue(ClaimTypes.NameIdentifier)),
|
||||||
UserName = principal.FindFirst(ClaimTypes.Name)!.Value,
|
UserName = principal.FindFirstValue(ClaimTypes.Name)!,
|
||||||
Email = principal.FindFirst(ClaimTypes.Email)!.Value,
|
Email = principal.FindFirstValue(ClaimTypes.Email)!,
|
||||||
Role = principal.FindFirst(ClaimTypes.Role)!.Value,
|
Role = principal.FindFirstValue(ClaimTypes.Role)!,
|
||||||
DataServer = principal.FindFirst(ClaimTypes.UserData)!.Value
|
DataServer = principal.FindFirstValue(ClaimTypes.UserData)!
|
||||||
}, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
|
},
|
||||||
|
principal.FindFirstValue(ClaimTypes.Dns)!,
|
||||||
|
Convert.ToBoolean(principal.FindFirstValue(ClaimTypes.IsPersistent)!));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static RsaSecurityKey LoadRSAKey(string KeyPath) {
|
public static RsaSecurityKey LoadRSAKey(string KeyPath) {
|
||||||
|
|||||||
Reference in New Issue
Block a user