jwt improvements
This commit is contained in:
Shaun Walker
parent
a97af42e4b
commit
b7a1d2df75
|
|
@ -532,7 +532,7 @@ namespace Oqtane.Controllers
|
||||||
var secret = HttpContext.GetSiteSettings().GetValue("JwtOptions:Secret", "");
|
var secret = HttpContext.GetSiteSettings().GetValue("JwtOptions:Secret", "");
|
||||||
if (!string.IsNullOrEmpty(secret))
|
if (!string.IsNullOrEmpty(secret))
|
||||||
{
|
{
|
||||||
token = _jwtManager.GenerateToken(user, secret);
|
token = _jwtManager.GenerateToken(_tenantManager.GetAlias(), user, secret, "", "", 525600); // 1 year
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return token;
|
return token;
|
||||||
|
|
|
||||||
|
|
@ -32,10 +32,10 @@ namespace Oqtane.Infrastructure
|
||||||
var jwtManager = context.RequestServices.GetService(typeof(IJwtManager)) as IJwtManager;
|
var jwtManager = context.RequestServices.GetService(typeof(IJwtManager)) as IJwtManager;
|
||||||
|
|
||||||
var token = context.Request.Headers["Authorization"].First().Split(" ").Last();
|
var token = context.Request.Headers["Authorization"].First().Split(" ").Last();
|
||||||
var user = jwtManager.ValidateToken(token, secret);
|
var user = jwtManager.ValidateToken(token, secret, "", "");
|
||||||
if (user != null)
|
if (user != null)
|
||||||
{
|
{
|
||||||
// populate principal
|
// populate principal (reload user roles to ensure most accurate permission assigments)
|
||||||
var _userRoles = context.RequestServices.GetService(typeof(IUserRoleRepository)) as IUserRoleRepository;
|
var _userRoles = context.RequestServices.GetService(typeof(IUserRoleRepository)) as IUserRoleRepository;
|
||||||
var principal = (ClaimsIdentity)context.User.Identity;
|
var principal = (ClaimsIdentity)context.User.Identity;
|
||||||
UserSecurity.ResetClaimsIdentity(principal);
|
UserSecurity.ResetClaimsIdentity(principal);
|
||||||
|
|
|
||||||
|
|
@ -10,27 +10,30 @@ namespace Oqtane.Security
|
||||||
{
|
{
|
||||||
public interface IJwtManager
|
public interface IJwtManager
|
||||||
{
|
{
|
||||||
string GenerateToken(User user, string secret);
|
string GenerateToken(Alias alias, User user, string secret, string issuer, string audience, int lifetime);
|
||||||
User ValidateToken(string token, string secret);
|
User ValidateToken(string token, string secret, string issuer, string audience);
|
||||||
}
|
}
|
||||||
|
|
||||||
public class JwtManager : IJwtManager
|
public class JwtManager : IJwtManager
|
||||||
{
|
{
|
||||||
public string GenerateToken(User user, string secret)
|
public string GenerateToken(Alias alias, User user, string secret, string issuer, string audience, int lifetime)
|
||||||
{
|
{
|
||||||
var tokenHandler = new JwtSecurityTokenHandler();
|
var tokenHandler = new JwtSecurityTokenHandler();
|
||||||
var key = Encoding.ASCII.GetBytes(secret);
|
var key = Encoding.ASCII.GetBytes(secret);
|
||||||
|
var identity = UserSecurity.CreateClaimsIdentity(alias, user);
|
||||||
var tokenDescriptor = new SecurityTokenDescriptor
|
var tokenDescriptor = new SecurityTokenDescriptor
|
||||||
{
|
{
|
||||||
Subject = new ClaimsIdentity(new[] { new Claim("id", user.UserId.ToString()), new Claim("name", user.Username) }),
|
Subject = new ClaimsIdentity(identity),
|
||||||
Expires = DateTime.UtcNow.AddYears(1),
|
Issuer = issuer,
|
||||||
|
Audience = audience,
|
||||||
|
Expires = DateTime.UtcNow.AddMinutes(lifetime),
|
||||||
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
|
||||||
};
|
};
|
||||||
var token = tokenHandler.CreateToken(tokenDescriptor);
|
var token = tokenHandler.CreateToken(tokenDescriptor);
|
||||||
return tokenHandler.WriteToken(token);
|
return tokenHandler.WriteToken(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
public User ValidateToken(string token, string secret)
|
public User ValidateToken(string token, string secret, string issuer, string audience)
|
||||||
{
|
{
|
||||||
if (!string.IsNullOrEmpty(token))
|
if (!string.IsNullOrEmpty(token))
|
||||||
{
|
{
|
||||||
|
|
@ -40,10 +43,13 @@ namespace Oqtane.Security
|
||||||
{
|
{
|
||||||
tokenHandler.ValidateToken(token, new TokenValidationParameters
|
tokenHandler.ValidateToken(token, new TokenValidationParameters
|
||||||
{
|
{
|
||||||
ValidateIssuerSigningKey = true,
|
|
||||||
IssuerSigningKey = new SymmetricSecurityKey(key),
|
IssuerSigningKey = new SymmetricSecurityKey(key),
|
||||||
ValidateIssuer = false,
|
ValidIssuer = issuer,
|
||||||
ValidateAudience = false,
|
ValidAudience = audience,
|
||||||
|
ValidateIssuerSigningKey = true,
|
||||||
|
ValidateIssuer = (!string.IsNullOrEmpty(issuer)),
|
||||||
|
ValidateAudience = (!string.IsNullOrEmpty(audience)),
|
||||||
|
ValidateLifetime = true,
|
||||||
ClockSkew = TimeSpan.Zero
|
ClockSkew = TimeSpan.Zero
|
||||||
}, out SecurityToken validatedToken);
|
}, out SecurityToken validatedToken);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user