New token structure and generation mechanism

2021-11-12 01:37:10 +02:00 · 2021-11-12 01:37:10 +02:00 · 86a379bf17
parent 4f30ab0c98
commit 86a379bf17
24 changed files with 218 additions and 74 deletions
--- a/IdentityServer.Application/CommandHandlers/AuthorizeTokenHandler.cs
+++ b/IdentityServer.Application/CommandHandlers/AuthorizeTokenHandler.cs
@ -9,7 +9,7 @@ using System.Threading.Tasks;

 namespace IdentityServer.Application.CommandHandlers
 {
-    public class AuthorizeTokenHandler : IRequestHandler<AuthorizeToken, User>
+    public class AuthorizeTokenHandler : IRequestHandler<AuthorizeToken, TokenCore>
    {
        private readonly IUserService _userService;
        private readonly IMapper _mapper;
@ -22,18 +22,19 @@ namespace IdentityServer.Application.CommandHandlers
            _logger = logger;
        }

-        public async Task<User> Handle(AuthorizeToken command, CancellationToken cancellationToken)
+        public Task<TokenCore> Handle(AuthorizeToken command, CancellationToken cancellationToken)
        {
-            var appUser = await _userService.Authorize(command.Token);
-            if (appUser == null)
+            var tokenCore = _userService.Authorize(command.Token);
+            if (tokenCore == null)
            {
                _logger.LogDebug($"Authorization failed for token '{command.Token}'.");
                return null;
            }

            _logger.LogDebug($"Authorization succeeded for token '{command.Token}'.");
-            var user = _mapper.Map<User>(appUser);
-            return user;
+            var tokenCoreResult = _mapper.Map<TokenCore>(tokenCore);
+
+            return Task.FromResult(tokenCoreResult);
        }
    }
 }
--- a/IdentityServer.Application/Commands/AuthorizeToken.cs
+++ b/IdentityServer.Application/Commands/AuthorizeToken.cs
@ -3,7 +3,7 @@ using NDB.Application.DataContracts;

 namespace IdentityServer.Application.Commands
 {
-    public class AuthorizeToken : Command<User>
+    public class AuthorizeToken : Command<TokenCore>
    {
        public string Token { get; set; }
    }
--- a/IdentityServer.Application/DependencyInjectionExtensions.cs
+++ b/IdentityServer.Application/DependencyInjectionExtensions.cs
@ -9,6 +9,7 @@ namespace IdentityServer.Application
        public static void AddApplicationServices(this IServiceCollection services)
        {
            services.AddStores();
+            services.AddSingleton<ITokenService, TokenService>();
            services.AddScoped<IUserService, UserService>();
        }

--- a/IdentityServer.Application/IdentityServer.Application.csproj
+++ b/IdentityServer.Application/IdentityServer.Application.csproj
@ -12,6 +12,7 @@
    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="$(MicrosoftExtensionsPackageVersion)" />
    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsPackageVersion)" />
    <PackageReference Include="NDB.Application.DataContracts" Version="$(NDBApplicationPackageVersion)" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
  </ItemGroup>

  <ItemGroup>
--- a/IdentityServer.Application/Mappings/MappingProfile.cs
+++ b/IdentityServer.Application/Mappings/MappingProfile.cs
@ -1,5 +1,6 @@
 using AutoMapper;
 using IdentityServer.Domain.Entities;
+using System.Collections.Generic;
 using dto = IdentityServer.PublishedLanguage.Dto;
 using models = IdentityServer.Domain.Models;

@ -10,7 +11,21 @@ namespace IdentityServer.Application.Mappings
        public MappingProfile()
        {
            CreateMap<models.Token, dto.Token>();
-            CreateMap<AppUser, dto.User>();
+            CreateMap<models.TokenCore, dto.TokenCore>();
+            CreateMap<AppUser, dto.TokenCore>()
+                .ForMember(z => z.Claims, src => src.MapFrom(z => ComposeClaims(z.Claims)));
+        }
+
+        private Dictionary<string, string> ComposeClaims(ICollection<UserClaim> claims)
+        {
+            if (claims == null)
+                return null;
+
+            var result = new Dictionary<string, string>();
+            foreach (var claim in claims)
+                result.Add(claim.ClaimKey, claim.ClaimValue);
+
+            return result;
        }
    }
 }
--- a/IdentityServer.Application/Services/ITokenService.cs
+++ b/IdentityServer.Application/Services/ITokenService.cs
@ -0,0 +1,11 @@
+using IdentityServer.Domain.Entities;
+using IdentityServer.Domain.Models;
+
+namespace IdentityServer.Application.Services
+{
+    internal interface ITokenService
+    {
+        string GenerateTokenRaw(AppUser user);
+        TokenCore ExtractTokenCore(string tokenRaw);
+    }
+}
--- a/IdentityServer.Application/Services/IUserService.cs
+++ b/IdentityServer.Application/Services/IUserService.cs
@ -1,5 +1,4 @@
-using IdentityServer.Domain.Entities;
-using IdentityServer.Domain.Models;
+using IdentityServer.Domain.Models;
 using System.Threading.Tasks;

 namespace IdentityServer.Application.Services
@ -7,6 +6,6 @@ namespace IdentityServer.Application.Services
    public interface IUserService
    {
        Task<Token> Authenticate(string userName, string password);
-        Task<AppUser> Authorize(string token);
+        TokenCore Authorize(string token);
    }
 }
--- a/IdentityServer.Application/Services/TokenService.cs
+++ b/IdentityServer.Application/Services/TokenService.cs
@ -0,0 +1,65 @@
+using AutoMapper;
+using IdentityServer.Domain.Entities;
+using IdentityServer.Domain.Models;
+using Newtonsoft.Json;
+using System;
+using System.Text;
+using System.Text.RegularExpressions;
+
+namespace IdentityServer.Application.Services
+{
+    internal class TokenService : ITokenService
+    {
+        private readonly IMapper _mapper;
+
+        public TokenService(IMapper mapper)
+        {
+            _mapper = mapper;
+        }
+
+        public string GenerateTokenRaw(AppUser user)
+        {
+            var tokenCore = GenerateToken(user);
+            var tokenCoreString = JsonConvert.SerializeObject(tokenCore);
+            var tokenCoreBytes = Encoding.UTF8.GetBytes(tokenCoreString);
+            var tokenRaw = Convert.ToBase64String(tokenCoreBytes);
+            return tokenRaw;
+        }
+
+        private TokenCore GenerateToken(AppUser user)
+        {
+            var tokenCore = _mapper.Map<TokenCore>(user);
+            tokenCore.LockStamp = Regex.Replace(Convert.ToBase64String(Guid.NewGuid().ToByteArray()), "[/+=]", "");
+            return tokenCore;
+        }
+
+        public TokenCore ExtractTokenCore(string tokenRaw)
+        {
+            var valid = ValidateTokenRaw(tokenRaw);
+            if (!valid)
+                return null;
+
+            var tokenCoreBytes = Convert.FromBase64String(tokenRaw);
+            var tokenCoreString = Encoding.UTF8.GetString(tokenCoreBytes);
+            var tokenCore = JsonConvert.DeserializeObject<TokenCore>(tokenCoreString);
+            return tokenCore;
+        }
+
+        private bool ValidateTokenRaw(string tokenRaw)
+        {
+            if (string.IsNullOrWhiteSpace(tokenRaw))
+                return false;
+
+            if (!StringIsBase64(tokenRaw))
+                return false;
+
+            return true;
+        }
+
+        private bool StringIsBase64(string str)
+        {
+            str = str.Trim();
+            return (str.Length % 4 == 0) && Regex.IsMatch(str, @"^[a-zA-Z0-9+/]*={0,3}$", RegexOptions.None);
+        }
+    }
+}
--- a/IdentityServer.Application/Services/UserService.cs
+++ b/IdentityServer.Application/Services/UserService.cs
@ -1,5 +1,4 @@
 using IdentityServer.Application.Stores;
-using IdentityServer.Domain.Entities;
 using IdentityServer.Domain.Models;
 using IdentityServer.Domain.Repositories;
 using System;
@ -7,15 +6,17 @@ using System.Threading.Tasks;

 namespace IdentityServer.Application.Services
 {
-    public class UserService : IUserService
+    internal class UserService : IUserService
    {
        private readonly ISecurityStore _securityStore;
        private readonly IIdentityRepository _identityRepository;
+        private readonly ITokenService _tokenService;

-        public UserService(ISecurityStore securityStore, IIdentityRepository identityRepository)
+        public UserService(ISecurityStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService)
        {
            _securityStore = securityStore;
            _identityRepository = identityRepository;
+            _tokenService = tokenService;
        }

        public async Task<Token> Authenticate(string userName, string password)
@ -24,8 +25,7 @@ namespace IdentityServer.Application.Services
            if (user == null)
                return null;

-            var tokenRaw = $"{Guid.NewGuid()}-{Guid.NewGuid()}-{user.UserId}";
-
+            var tokenRaw = _tokenService.GenerateTokenRaw(user);
            var currentDate = DateTime.Now;
            var token = new Token() { Raw = tokenRaw, ValidFrom = currentDate, ValidUntil = currentDate.AddMonths(12) };
            _securityStore.SetToken(token, user.UserId);
@ -33,16 +33,13 @@ namespace IdentityServer.Application.Services
            return token;
        }

-        public async Task<AppUser> Authorize(string token)
+        public TokenCore Authorize(string token)
        {
-            var tokenValidation = _securityStore.ValidateToken(token);
-            if (tokenValidation.Success)
-            {
-                var user = await _identityRepository.GetAppUser(tokenValidation.UserId);
-                return user;
-            }
-
+            var tokenCore = _securityStore.ValidateAndGetTokenCore(token);
+            if (tokenCore == null)
                return null;
+
+            return tokenCore;
        }
    }
 }
--- a/IdentityServer.Application/Stores/ISecurityStore.cs
+++ b/IdentityServer.Application/Stores/ISecurityStore.cs
@ -2,9 +2,9 @@

 namespace IdentityServer.Application.Stores
 {
-    public interface ISecurityStore
+    internal interface ISecurityStore
    {
        void SetToken(Token token, int userId);
-        TokenValidation ValidateToken(string token);
+        TokenCore ValidateAndGetTokenCore(string token);
    }
 }
--- a/IdentityServer.Application/Stores/SecurityStore.cs
+++ b/IdentityServer.Application/Stores/SecurityStore.cs
@ -1,13 +1,20 @@
-using IdentityServer.Domain.Models;
-using System;
+using IdentityServer.Application.Services;
+using IdentityServer.Domain.Models;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;

 namespace IdentityServer.Application.Stores
 {
-    public class SecurityStore : ISecurityStore
+    internal class SecurityStore : ISecurityStore
    {
+        private readonly ITokenService _tokenService;
+
+        public SecurityStore(ITokenService tokenService)
+        {
+            _tokenService = tokenService;
+        }
+
        private ConcurrentDictionary<int, List<Token>> Tokens { get; }

        public SecurityStore()
@ -25,30 +32,21 @@ namespace IdentityServer.Application.Stores
                Tokens.TryAdd(userId, new List<Token>() { token });
        }

-        public TokenValidation ValidateToken(string token)
+        public TokenCore ValidateAndGetTokenCore(string token)
        {
-            var lastIndexOfSeparator = token.LastIndexOf('-');
-            if (lastIndexOfSeparator == -1)
-                return InvalidToken;
-
-            var indexOfNextCharacterAfterSeparator = lastIndexOfSeparator + 1;
-            var userIdString = token.Substring(indexOfNextCharacterAfterSeparator, token.Length - indexOfNextCharacterAfterSeparator);
-
-            if (!int.TryParse(userIdString, out int userId))
-                return InvalidToken;
-
-            var registered = Tokens.TryGetValue(userId, out List<Token> list);
+            var tokenCore = _tokenService.ExtractTokenCore(token);
+            if (tokenCore == null)
+                return null;

+            var registered = Tokens.TryGetValue(tokenCore.UserId, out List<Token> list);
            if (!registered)
-                return InvalidToken;
+                return null;

            var valid = list.FirstOrDefault(z => z.Raw == token);
-            if (valid != null)
-                return new TokenValidation() { Success = true, UserId = userId };
+            if (valid == null)
+                return null;

-            return InvalidToken;
-        }
-
-        private TokenValidation InvalidToken => new TokenValidation() { Success = false };
+            return tokenCore;
+        }
    }
 }
--- a/IdentityServer.Domain.Data/DbContexts/IdentityDbContext.cs
+++ b/IdentityServer.Domain.Data/DbContexts/IdentityDbContext.cs
@ -6,7 +6,7 @@ namespace IdentityServer.Domain.Data.DbContexts
 {
    public class IdentityDbContext : DbContext
    {
-        public DbSet<AppUser> AppUsers { get; set; }
+        public DbSet<AppUser> Users { get; set; }

        public IdentityDbContext(DbContextOptions<IdentityDbContext> options)
            : base(options)
@ -19,7 +19,9 @@ namespace IdentityServer.Domain.Data.DbContexts
        {
            base.OnModelCreating(modelBuilder);

+            modelBuilder.ApplyConfiguration(new UserStatusConfiguration());
            modelBuilder.ApplyConfiguration(new AppUserConfiguration());
+            modelBuilder.ApplyConfiguration(new UserClaimConfiguration());
        }
    }
 }
--- a/IdentityServer.Domain.Data/EntityTypeConfiguration/AppUserConfiguration.cs
+++ b/IdentityServer.Domain.Data/EntityTypeConfiguration/AppUserConfiguration.cs
@ -11,6 +11,7 @@ namespace IdentityServer.Domain.Data.EntityTypeConfiguration
            builder.ToTable("AppUser").HasKey(key => key.UserId);
            builder.Property(z => z.UserId).ValueGeneratedOnAdd();
            builder.HasOne(z => z.Status).WithMany().HasForeignKey(z => z.StatusId);
+            builder.HasMany(z => z.Claims).WithOne().HasForeignKey(z => z.UserId);
        }
    }
 }
--- a/IdentityServer.Domain.Data/EntityTypeConfiguration/UserClaimConfiguration.cs
+++ b/IdentityServer.Domain.Data/EntityTypeConfiguration/UserClaimConfiguration.cs
@ -0,0 +1,15 @@
+using IdentityServer.Domain.Entities;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+
+namespace IdentityServer.Domain.Data.EntityTypeConfiguration
+{
+    class UserClaimConfiguration : IEntityTypeConfiguration<UserClaim>
+    {
+        public void Configure(EntityTypeBuilder<UserClaim> builder)
+        {
+            builder.ToTable("UserStatus").HasKey(z => z.ClaimId);
+            builder.Property(z => z.ClaimId).ValueGeneratedOnAdd();
+        }
+    }
+}
--- a/IdentityServer.Domain.Data/Repositories/IdentityRepository.cs
+++ b/IdentityServer.Domain.Data/Repositories/IdentityRepository.cs
@ -15,14 +15,12 @@ namespace IdentityServer.Domain.Data.Repositories
            _dbContext = dbContext;
        }

-        public Task<AppUser> GetAppUser(int userId)
-        {
-            return _dbContext.AppUsers.FirstOrDefaultAsync(z => z.UserId == userId);
-        }
-
        public Task<AppUser> GetAppUser(string userName, string password)
        {
-            return _dbContext.AppUsers.FirstOrDefaultAsync(z => z.UserName == userName && z.Password == password);
+            return _dbContext.Users
+                .Include(z => z.Status)
+                .Include(z => z.Claims)
+                .FirstOrDefaultAsync(z => z.UserName == userName && z.Password == password);
        }
    }
 }
--- a/IdentityServer.Domain.Data/Scripts/1.0.1/02.New
+++ b/IdentityServer.Domain.Data/Scripts/1.0.1/02.New
@ -10,13 +10,13 @@ begin
 	create table AppUser
 	(
 		UserId int identity(0, 1) constraint PK_AppUser primary key,
-		UserName varchar(100) not null,
+		UserName varchar(100) not null constraint UQ_AppUser_UserName unique,
 		[Password] varchar(100) not null,
 		FirstName varchar(100),
 		LastName varchar(100),
-		Email varchar(100),
+		Email varchar(100) constraint UQ_AppUser_Email unique,
 		ProfilePictureUrl varchar(200),
-		SecurityStamp varchar(200),
+		SecurityStamp varchar(200) constraint UQ_AppUser_SecurityStamp unique,
 		StatusId int constraint FK_AppUser_UserStatus references UserStatus(StatusId),
 		CreationDate datetime constraint DF_AppUser_CreationDate default getdate(),
 		FailedLoginAttempts int,
--- a/IdentityServer.Domain.Data/Scripts/1.0.1/03.UserClaim
+++ b/IdentityServer.Domain.Data/Scripts/1.0.1/03.UserClaim
@ -0,0 +1,11 @@
+if not exists (select top 1 1 from sys.objects where name = 'UserClaim' and type = 'U')
+begin
+	create table UserClaim
+	(
+		ClaimId int identity(1, 1) constraint PK_UserClaim primary key,
+		UserId int constraint FK_UserClaim_AppUser foreign key references AppUser(UserId),
+		ClaimKey varchar(50) not null,
+		ClaimValue varchar(300) not null
+	)
+end
+go
--- a/IdentityServer.Domain/Entities/AppUser.cs
+++ b/IdentityServer.Domain/Entities/AppUser.cs
@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;

 namespace IdentityServer.Domain.Entities
 {
@ -18,5 +19,6 @@ namespace IdentityServer.Domain.Entities
        public DateTime LastLoginDate { get; set; }
        public DateTime PasswordChangeDate { get; set; }
        public UserStatus Status { get; set; }
+        public ICollection<UserClaim> Claims { get; set; }
    }
 }
--- a/IdentityServer.Domain/Entities/UserClaim.cs
+++ b/IdentityServer.Domain/Entities/UserClaim.cs
@ -0,0 +1,10 @@
+namespace IdentityServer.Domain.Entities
+{
+    public class UserClaim
+    {
+        public int ClaimId { get; set; }
+        public int UserId { get; set; }
+        public string ClaimKey { get; set; }
+        public string ClaimValue { get; set; }
+    }
+}
--- a/IdentityServer.Domain/Models/TokenCore.cs
+++ b/IdentityServer.Domain/Models/TokenCore.cs
@ -0,0 +1,17 @@
+using System.Collections.Generic;
+
+namespace IdentityServer.Domain.Models
+{
+    public class TokenCore
+    {
+        public int UserId { get; set; }
+        public string UserName { get; set; }
+        public string FirstName { get; set; }
+        public string LastName { get; set; }
+        public string Email { get; set; }
+        public string ProfilePictureUrl { get; set; }
+        public string SecurityStamp { get; set; }
+        public string LockStamp { get; set; }
+        public Dictionary<string, string> Claims { get; set; }
+    }
+}
--- a/IdentityServer.Domain/Models/TokenValidation.cs
+++ b/IdentityServer.Domain/Models/TokenValidation.cs
@ -1,8 +0,0 @@
-namespace IdentityServer.Domain.Models
-{
-    public class TokenValidation
-    {
-        public bool Success { get; set; }
-        public int UserId { get; set; }
-    }
-}
--- a/IdentityServer.Domain/Repositories/IIdentityRepository.cs
+++ b/IdentityServer.Domain/Repositories/IIdentityRepository.cs
@ -5,7 +5,6 @@ namespace IdentityServer.Domain.Repositories
 {
    public interface IIdentityRepository
    {
-        Task<AppUser> GetAppUser(int userId);
        Task<AppUser> GetAppUser(string userName, string password);
    }
 }
--- a/IdentityServer.PublishedLanguage/Dto/TokenCore.cs
+++ b/IdentityServer.PublishedLanguage/Dto/TokenCore.cs
@ -0,0 +1,17 @@
+using System.Collections.Generic;
+
+namespace IdentityServer.PublishedLanguage.Dto
+{
+    public class TokenCore
+    {
+        public int UserId { get; set; }
+        public string UserName { get; set; }
+        public string FirstName { get; set; }
+        public string LastName { get; set; }
+        public string Email { get; set; }
+        public string ProfilePictureUrl { get; set; }
+        public string SecurityStamp { get; set; }
+        public string LockStamp { get; set; }
+        public Dictionary<string, string> Claims { get; set; }
+    }
+}
--- a/IdentityServer.PublishedLanguage/Dto/User.cs
+++ b/IdentityServer.PublishedLanguage/Dto/User.cs
@ -1,8 +0,0 @@
-namespace IdentityServer.PublishedLanguage.Dto
-{
-    public class User
-    {
-        public int UserId { get; set; }
-        public string UserName { get; set; }
-    }
-}