From b7675a21ebd6ef6c2e0bbf5e256238a3e99c51c1 Mon Sep 17 00:00:00 2001
From: Shaun Walker <shaun.walker@siliqon.com>
Date: Tue, 29 Mar 2022 08:38:46 -0400
Subject: [PATCH] jwt changes

---
 Oqtane.Client/Modules/Admin/Users/Index.razor | 29 ++++++++++++++++++-
 Oqtane.Server/Controllers/UserController.cs   |  6 ++--
 .../Middleware/JwtMiddleware.cs               |  5 ++--
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/Oqtane.Client/Modules/Admin/Users/Index.razor b/Oqtane.Client/Modules/Admin/Users/Index.razor
index 3101d04b..a902d90e 100644
--- a/Oqtane.Client/Modules/Admin/Users/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Index.razor
@@ -274,7 +274,25 @@ else
 						</div>
 					</div>					
 					<div class="row mb-1 align-items-center">
-						<Label Class="col-sm-3" For="token" HelpText="Select the Create Token button to generate an access token. The token will be valid for 1 year. Be sure to save this token in a safe place as you will not be able to view it in the future." ResourceKey="Token">Access Token:</Label>
+						<Label Class="col-sm-3" For="issuer" HelpText="Optionally provide the issuer of the token" ResourceKey="Secret">Issuer:</Label>
+						<div class="col-sm-9">
+							<input id="issuer" class="form-control" @bind="@_issuer" />
+						</div>
+					</div>					
+					<div class="row mb-1 align-items-center">
+						<Label Class="col-sm-3" For="audience" HelpText="Optionally provide the audience for the token" ResourceKey="Secret">Audience:</Label>
+						<div class="col-sm-9">
+							<input id="audience" class="form-control" @bind="@_audience" />
+						</div>
+					</div>					
+					<div class="row mb-1 align-items-center">
+						<Label Class="col-sm-3" For="lifetime" HelpText="The number of minutes for which a token should be valid" ResourceKey="Secret">Lifetime:</Label>
+						<div class="col-sm-9">
+							<input id="lifetime" class="form-control" @bind="@_lifetime" />
+						</div>
+					</div>					
+					<div class="row mb-1 align-items-center">
+						<Label Class="col-sm-3" For="token" HelpText="Select the Create Token button to generate an access token. Be sure to save this token in a safe place as you will not be able to view it in the future." ResourceKey="Token">Access Token:</Label>
 						<div class="col-sm-9">
 							<div class="input-group">
 								<input id="token" class="form-control" @bind="@_token" />
@@ -325,6 +343,9 @@ else
 	private string _allowsitelogin;
 
 	private string _secret;
+	private string _issuer;
+	private string _audience;
+	private string _lifetime;
 	private string _token;
 
 	public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.Admin;
@@ -368,6 +389,9 @@ else
 		_allowsitelogin = SettingService.GetSetting(settings, "ExternalLogin:AllowSiteLogin", "true");
 
 		_secret = SettingService.GetSetting(settings, "JwtOptions:Secret", "");
+		_issuer = SettingService.GetSetting(settings, "JwtOptions:Issuer", PageState.Uri.Scheme + "://" + PageState.Alias.Name);
+		_audience = SettingService.GetSetting(settings, "JwtOptions:Audience", "");
+		_lifetime = SettingService.GetSetting(settings, "JwtOptions:Lifetime", "20");
 	}
 
 	private List<UserRole> Search(string search)
@@ -468,6 +492,9 @@ else
 
 			if (!string.IsNullOrEmpty(_secret) && _secret.Length < 16) _secret = (_secret + "????????????????").Substring(0, 16);
 			settings = SettingService.SetSetting(settings, "JwtOptions:Secret", _secret, true);
+			settings = SettingService.SetSetting(settings, "JwtOptions:Issuer", _issuer, true);
+			settings = SettingService.SetSetting(settings, "JwtOptions:Audience", _audience, true);
+			settings = SettingService.SetSetting(settings, "JwtOptions:Lifetime", _lifetime, true);
 
 			await SettingService.UpdateSiteSettingsAsync(settings, site.SiteId);
 			await SettingService.ClearSiteSettingsCacheAsync(site.SiteId);
diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
index bf19e391..e9c23318 100644
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@@ -529,10 +529,12 @@ namespace Oqtane.Controllers
             var user = _users.GetUser(User.Identity.Name);
             if (user != null)
             {
-                var secret = HttpContext.GetSiteSettings().GetValue("JwtOptions:Secret", "");
+                var sitesettings = HttpContext.GetSiteSettings();
+                var secret = sitesettings.GetValue("JwtOptions:Secret", "");
                 if (!string.IsNullOrEmpty(secret))
                 {
-                    token = _jwtManager.GenerateToken(_tenantManager.GetAlias(), user, secret, "", "", 525600); // 1 year
+                    var lifetime = 525600; // long-lived token set to 1 year
+                    token = _jwtManager.GenerateToken(_tenantManager.GetAlias(), user, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""), lifetime);
                 }
             }
             return token;
diff --git a/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs b/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
index cfc93d76..0787c354 100644
--- a/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
+++ b/Oqtane.Server/Infrastructure/Middleware/JwtMiddleware.cs
@@ -25,14 +25,15 @@ namespace Oqtane.Infrastructure
                 var alias = context.GetAlias();
                 if (alias != null)
                 {
-                    var secret = context.GetSiteSettings().GetValue("JwtOptions:Secret", "");
+                    var sitesettings = context.GetSiteSettings();
+                    var secret = sitesettings.GetValue("JwtOptions:Secret", "");
                     if (!string.IsNullOrEmpty(secret))
                     {
                         var logger = context.RequestServices.GetService(typeof(ILogManager)) as ILogManager;
                         var jwtManager = context.RequestServices.GetService(typeof(IJwtManager)) as IJwtManager;
 
                         var token = context.Request.Headers["Authorization"].First().Split(" ").Last();
-                        var user = jwtManager.ValidateToken(token, secret, "", "");
+                        var user = jwtManager.ValidateToken(token, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""));
                         if (user != null)
                         {
                             // populate principal (reload user roles to ensure most accurate permission assigments)