(feature): user authentication init

2022-10-25 23:17:24 +02:00 · 2022-10-25 23:17:24 +02:00 · 8fc1611d9b
commit 8fc1611d9b
parent 4abe7718eb
15 changed files with 263 additions and 86 deletions
--- a/db/DML/user.json
+++ b/db/DML/user.json
@ -7,25 +7,26 @@
    "created": {
      "$date": "2022-01-01T00:00:00.000Z"
    },
-    "nickaName": "hailstrike",
+    "nickaName": "admin",
    "passwords": {
-      "pwHash": "",
-      "pwSalt": "",
-      "created": {
-        "$date": "2022-01-01T00:00:00.000Z"
+      "password": {
+        "hash": "pznndK3nv9bftf/qQxqBy4VjH7Ow9vx2Kd6376oJuqQ=",
+        "salt": "gkEl1zxGJSLue262mUu5VA==",
+        "created": {
+          "$date": "2022-01-01T00:00:00.000Z"
+        }
      },
+      
      "expiration": {
-        "$date": "2023-01-01T00:00:00.000Z"
+        "enabled": false,
+        "days": "180"
      },
      "expired": [
        {
-          "pwHash": "",
-          "pwSalt": "",
+          "hash": "",
+          "salt": "",
          "created": {
            "$date": "2022-01-01T00:00:00.000Z"
-          },
-          "expiration": {
-            "$date": "2023-01-01T00:00:00.000Z"
          }
        }
      ]
@ -35,7 +36,7 @@
    "contacts": [
      {
        "type": 0,
-        "value": "john.doe@maks-it.com",
+        "value": "john.doe@contoso.com",
        "confirmed": false
      },
      {
--- a/webapi/Core/DomainObjects/Documents/User.cs
+++ b/webapi/Core/DomainObjects/Documents/User.cs
@ -21,7 +21,7 @@ namespace Core.DomainObjects {
    
    public Address ShippingAddress { get; set; }

-    public List<string> Tokens { get; set; }
+    public List<Token> Tokens { get; set; }

    public override int GetHashCode() {
      throw new NotImplementedException();
--- a/webapi/Core/DomainObjects/Password.cs
+++ b/webapi/Core/DomainObjects/Password.cs
@ -0,0 +1,24 @@
+using Core.Abstractions.DomainObjects;
+
+namespace Core.DomainObjects {
+  public class Password : DomainObjectBase<Password> {
+
+    public string Hash { get; set; }
+
+    public string Salt { get; set; }
+
+    public DateTime Created { get; set; }
+
+    public Password(string hash, string salt, DateTime? created) {
+      Hash = hash;
+      Salt = salt;
+      Created = created ?? DateTime.UtcNow;
+    }
+
+    public Password Prototype() => new (Hash, Salt, Created);
+
+    public override int GetHashCode() {
+      throw new NotImplementedException();
+    }
+  }
+}
--- a/webapi/Core/DomainObjects/PasswordExpiration.cs
+++ b/webapi/Core/DomainObjects/PasswordExpiration.cs
@ -0,0 +1,17 @@
+using Core.Abstractions.DomainObjects;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Core.DomainObjects {
+  public class PasswordExpiration : DomainObjectBase<PasswordExpiration> {
+    public bool Enabled { get; set; }
+    public int Days { get; set; }
+
+    public override int GetHashCode() {
+      throw new NotImplementedException();
+    }
+  }
+}
--- a/webapi/Core/DomainObjects/Passwords.cs
+++ b/webapi/Core/DomainObjects/Passwords.cs
@ -6,17 +6,14 @@ using System.Text;
 using System.Threading.Tasks;

 namespace Core.DomainObjects {
+
  public class Passwords : DomainObjectBase<Passwords> {

-    public string PwHash { get; set; }
+    public Password? Password { get; set; }

-    public string PwSalt { get; set; }
+    public PasswordExpiration Expiration { get; set; } 

-    public DateTime Created { get; set; }
-
-    public DateTime? Expiration { get; set; }
-
-    public List<Passwords> Expired { get; set; }
+    public List<Password> Expired { get; set; }

    public override int GetHashCode() {
      throw new NotImplementedException();
--- a/webapi/Core/DomainObjects/Token.cs
+++ b/webapi/Core/DomainObjects/Token.cs
@ -0,0 +1,20 @@
+using Core.Abstractions.DomainObjects;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Core.DomainObjects {
+  public class Token : DomainObjectBase<Token> {
+
+    public string Value { get; set; }
+
+    public DateTime Created { get; set; }
+    public DateTime Expires { get; set; }
+
+    public override int GetHashCode() {
+      throw new NotImplementedException();
+    }
+  }
+}
--- a/webapi/DataProviders/Collections/ShopCartDataProvider.cs
+++ b/webapi/DataProviders/Collections/ShopCartDataProvider.cs
@ -21,6 +21,7 @@ namespace DataProviders.Collections {

  public class ShopCartDataProvider : CollectionDataProviderBase<ShopCartItem>, IShopCartDataProvider {
    private const string _collectionName = "shopcart";
+
    public ShopCartDataProvider(
      ILogger<CollectionDataProviderBase<ShopCartItem>> logger,
      IMongoClient client,
--- a/webapi/DataProviders/Collections/UserDataProvider.cs
+++ b/webapi/DataProviders/Collections/UserDataProvider.cs
@ -1,4 +1,10 @@
-using System;
+using Core.DomainObjects;
+using DataProviders.Abstractions;
+using DomainResults.Common;
+using Microsoft.Extensions.Logging;
+using MongoDB.Bson.Serialization;
+using MongoDB.Driver;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
@ -7,11 +13,38 @@ using System.Threading.Tasks;
 namespace DataProviders.Collections {

  public interface IUserDataProvider {
+    (User?, IDomainResult) Get(Guid userId);

+    (User?, IDomainResult) GetByNickName(string nickName);
  }

-  internal class UserDataProvider : IUserDataProvider {
+  public class UserDataProvider : CollectionDataProviderBase<User>, IUserDataProvider {

+    private const string _collectionName = "users";

+    public UserDataProvider(
+      ILogger<UserDataProvider> logger,
+      IMongoClient client,
+      IIdGenerator idGenerator,
+      ISessionService sessionService) : base(logger, client, idGenerator, sessionService) {
+    }
+
+    public (User?, IDomainResult) Get( Guid userId) {
+      var (list, result) = GetWithPredicate(x => x.Id == userId, _collectionName);
+
+      if (!result.IsSuccess || list == null)
+        return (null, result);
+
+      return (list.First(), result);
+    }
+
+    public (User?, IDomainResult) GetByNickName(string nickName) {
+      var (list, result) = GetWithPredicate(x => x.NickName == nickName, _collectionName);
+
+      if (!result.IsSuccess || list == null)
+        return (null, result);
+
+      return (list.First(), result);
+    }
  }
 }
--- a/webapi/Services/JWTService/IJWTServiceConfig.cs
+++ b/webapi/Services/JWTService/IJWTServiceConfig.cs
@ -7,11 +7,11 @@ namespace JWTService {

  public interface IJwtConfig {
    public string? Secret { get; set; }
-    public double? Expires { get; set; }
+    public int? Expires { get; set; }
  }

  public class JwtConfig : IJwtConfig {
    public string? Secret { get; set; }
-    public double? Expires { get; set; }
+    public int? Expires { get; set; }
  }
 }
--- a/webapi/Services/JWTService/JWTService.cs
+++ b/webapi/Services/JWTService/JWTService.cs
@ -1,87 +1,66 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
+using DomainResults.Common;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Tokens;

 namespace JWTService {

  public interface IJWTService {
-    string CreateJwtToken();
-    JwtSecurityToken ReadJwtToken(string token);
+  
+    string CreateJwtToken(DateTime expires, List<KeyValuePair<string, string>>? claims);
+    (List<KeyValuePair<string, string>>?, IDomainResult) JwtTokenClaims(string token);
  }
+
  public class JWTService : IJWTService {

    private readonly ILogger<JWTService> _logger;
+    private readonly IJwtConfig _configuration;

-    private readonly JwtSecurityTokenHandler _tokenHandler;
-    private readonly IJwtConfig _serviceConfig;
-
-    /// <summary>
-    /// 
-    /// </summary>
-    /// <param name="serviceConfig"></param>
    public JWTService(
      ILogger<JWTService> logger,
-      IJwtConfig serviceConfig
-      
+      IJwtConfig configuration
    ) {
      _logger = logger;
-      _serviceConfig = serviceConfig;
-      _tokenHandler = new JwtSecurityTokenHandler();
+      _configuration = configuration;
    }

-    public string? CreateJwtToken() {
-      if (_serviceConfig.Secret == null)
-        return null;
+    public string CreateJwtToken(DateTime expires, List<KeyValuePair<string, string>>? claims) =>
+      CreateJwtToken(_configuration.Secret, expires, claims);

-      if (_serviceConfig.Expires == null)
-        return null;
-
-
-      var key = Convert.FromBase64String(_serviceConfig.Secret);
+    public string CreateJwtToken(string secret, DateTime expires, List<KeyValuePair<string, string>>? claims) {

      // add roles to claims identity from database
-      var claims = new List<Claim>() {};
+      var tokenClaims = new List<Claim>();

+      if (claims != null)
+        foreach (var claim in claims)
+          tokenClaims.Add(new Claim(claim.Key, claim.Value));

-      var token = _tokenHandler.CreateToken(new SecurityTokenDescriptor {
+      var tokenHandler = new JwtSecurityTokenHandler();
+
+      var securityToken = tokenHandler.CreateToken(new SecurityTokenDescriptor {
        IssuedAt = DateTime.UtcNow,
-        Subject = new ClaimsIdentity(claims),
-        Expires = DateTime.UtcNow.AddDays(_serviceConfig.Expires.Value),
-        SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature),
+        Subject = new ClaimsIdentity(tokenClaims),
+        Expires = expires,
+        SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Convert.FromBase64String(secret)), SecurityAlgorithms.HmacSha512Signature),
      });
+      _logger.LogInformation($"Creted new JWT {securityToken}");

-      return _tokenHandler.WriteToken(token);
+      return tokenHandler.WriteToken(securityToken);
    }

-    
-    //public string CreateJwtToken(IEnumerable<string> issuer, DateTime expires, string userId, string userEmail, string userName, IEnumerable<string> userRoles) {
-    //  var key = Convert.FromBase64String(_serviceConfig.Secret);
+    public (List<KeyValuePair<string, string>>?, IDomainResult) JwtTokenClaims(string token) {

-    //  // add roles to claims identity from database
-    //  var claims = new List<Claim>() {
-    //    new Claim(ClaimTypes.Actor, userId),
-    //    new Claim(ClaimTypes.Email, userEmail),
-    //    new Claim(ClaimTypes.NameIdentifier, userName),
-    //    // new Claim(ClaimTypes.Webpage, issuer)
-    //  };
+      var securityToken = new JwtSecurityTokenHandler().ReadToken(token) as JwtSecurityToken;
+      var claims = securityToken?.Claims?.Select(x => new KeyValuePair<string, string>(x.Type, x.Value));

-    //  foreach (var role in userRoles)
-    //    claims.Add(new Claim(ClaimTypes.Role, role));
+      if (claims == null)
+        return IDomainResult.Failed<List<KeyValuePair<string, string>>?>();

-    //  foreach (var iss in issuer)
-    //    claims.Add(new Claim(ClaimTypes.Webpage, iss));
-
-    //  var token = _tokenHandler.CreateToken(new SecurityTokenDescriptor {
-    //    IssuedAt = DateTime.UtcNow,
-    //    Subject = new ClaimsIdentity(claims),
-    //    Expires = expires,
-    //    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature),
-    //  });
-
-    //  return _tokenHandler.WriteToken(token);
-    //}
-
-    public JwtSecurityToken ReadJwtToken(string token) => _tokenHandler.ReadJwtToken(token);
+      return claims.Count() > 0
+        ? IDomainResult.Success(claims.ToList())
+        : IDomainResult.NotFound<List<KeyValuePair<string, string>>?>();
+    }
  }
 }
--- a/webapi/WeatherForecast/Controllers/PasswordController.cs
+++ b/webapi/WeatherForecast/Controllers/PasswordController.cs
@ -17,6 +17,10 @@ public class PasswordController : ControllerBase {

  private readonly IPasswordService _passwordService;

+  /// <summary>
+  /// 
+  /// </summary>
+  /// <param name="passwordService"></param>
  public PasswordController(
    IPasswordService passwordService
  ) {
--- a/webapi/WeatherForecast/Controllers/UserController.cs
+++ b/webapi/WeatherForecast/Controllers/UserController.cs
@ -0,0 +1,18 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace WeatherForecast.Controllers;
+
+/// <summary>
+/// 
+/// </summary>
+[Authorize]
+[ApiController]
+[Route("api/[controller]")]
+public class UserController : ControllerBase {
+
+  /// <summary>
+  /// 
+  /// </summary>
+  public UserController() { }
+}
--- a/webapi/WeatherForecast/Services/AutheticationService.cs
+++ b/webapi/WeatherForecast/Services/AutheticationService.cs
@ -1,6 +1,9 @@
 using Core.Abstractions;
+using Core.DomainObjects;
 using DataProviders.Collections;
 using DomainResults.Common;
+using ExtensionMethods;
+using HashService;
 using JWTService;
 using WeatherForecast.Models.Requests;

@ -26,6 +29,7 @@ namespace WeatherForecast.Services {
  public class AutheticationService : ServiceBase<AutheticationService>, IAuthenticationService {

    private readonly IUserDataProvider _userDataProvider;
+    private readonly IHashService _hashService;
    private readonly IJWTService _jwtService;
    
    /// <summary>
@ -33,13 +37,16 @@ namespace WeatherForecast.Services {
    /// </summary>
    /// <param name="logger"></param>
    /// <param name="userDataProvider"></param>
+    /// <param name="hashService"></param>
    /// <param name="jwtService"></param>
    public AutheticationService (
      ILogger<AutheticationService> logger,
      IUserDataProvider userDataProvider,
+      IHashService hashService,
      IJWTService jwtService
    ) : base(logger) {
      _userDataProvider = userDataProvider;
+      _hashService = hashService;
      _jwtService = jwtService;
    }

@ -49,18 +56,77 @@ namespace WeatherForecast.Services {
    /// <param name="siteId"></param>
    /// <param name="requestData"></param>
    /// <returns></returns>
-    public (string?, IDomainResult) Post (Guid siteId, AuthenticationRequestModel requestData) {
-      try {
-        var token = _jwtService.CreateJwtToken();
+    public (string?, IDomainResult) Post(Guid siteId, AuthenticationRequestModel requestData) {
+      var opId = Guid.NewGuid();
+
+      // Retrieve user from database by userName
+      var (user, getUserResult) = _userDataProvider.GetByNickName(requestData.Username);
+      if (!getUserResult.IsSuccess || user == null)
+        return IDomainResult.NotFound<string?>();
+
+      if (user.Passwords.Password == null)
+        return IDomainResult.Failed<string?>($"Opid = [{opId}] Password is not set, create new password.");
+
+      // Check provided password hash with the stored one
+      var (salt, hash) = _hashService.CreateSaltedHash(requestData.Password);
+      if (!_hashService.ValidateHash(requestData.Password, salt, hash))
+        return IDomainResult.Unauthorized<string?>();
+
+      // Check password expiration if enabled
+      if (user.Passwords.Expiration.Enabled && DateTime.UtcNow > user.Passwords.Password.Created.AddDays(user.Passwords.Expiration.Days)) {
+        user.Passwords.Expired.Add(user.Passwords.Password.Prototype());
+        user.Passwords.Password = null;

-        return token != null
-          ? IDomainResult.Success(token)
-          : IDomainResult.Failed<string?>();
-      }
-      catch (Exception ex) {
-        _logger.LogError("Unhandled exception", ex);
        return IDomainResult.Failed<string?>();
      }
+
+      // Creating JWT token
+      var claims = new List<KeyValuePair<string, string>> {
+        new KeyValuePair<string, string>("UserId", $"{user.Id}")
+      };
+
+      var created = DateTime.UtcNow;
+      var expires = created.AddDays(365);
+
+      var token = _jwtService.CreateJwtToken(expires, claims);
+
+      user.Tokens.Add(new Token {
+        Value = token,
+        Created = created,
+        Expires = expires,
+      });
+
+      return IDomainResult.Success(token);
+    }
+
+    /// <summary>
+    /// 
+    /// </summary>
+    /// <param name="token"></param>
+    /// <returns></returns>
+    public IDomainResult Get(string token) {
+
+      #region Retrieve user id from token claim
+      var (claims, getClaimsResult) = _jwtService.JwtTokenClaims(token);
+      if (!getClaimsResult.IsSuccess || claims == null)
+        return IDomainResult.Failed();
+
+      var userId = claims.SingleOrDefault(x => x.Key == "UserId").Value.ToGuid();
+      if(userId == Guid.Empty)
+        return IDomainResult.Failed();
+      #endregion
+
+      var (user, getUserRersult) = _userDataProvider.Get(userId);
+      if(!getUserRersult.IsSuccess || user == null)
+        return IDomainResult.Failed();
+
+      // remove expired tokens
+      user.Tokens = user.Tokens.Where(x => x.Expires < DateTime.UtcNow).ToList();
+
+      if (!user.Tokens.Any(x => x.Value == token))
+        return IDomainResult.Failed();
+
+      return IDomainResult.Success();
    }
  }
 }
--- a/webapi/WeatherForecast/Services/UserService.cs
+++ b/webapi/WeatherForecast/Services/UserService.cs
@ -0,0 +1,16 @@
+namespace WeatherForecast.Services {
+
+  /// <summary>
+  /// 
+  /// </summary>
+  public interface IUserService {
+  
+  }
+
+  /// <summary>
+  /// 
+  /// </summary>
+  public class UserService : IUserService {
+  
+  }
+}
--- a/webapi/WeatherForecast/Startup.cs
+++ b/webapi/WeatherForecast/Startup.cs
@ -84,6 +84,7 @@ namespace WeatherForecast {
      services.AddScoped<IBlogItemsService, BlogItemsService>();
      services.AddScoped<ICategoryItemService, CategoryItemService>();
      services.AddScoped<ICategoryItemsService, CategoryItemsService>();
+      services.AddScoped<IUserService, UserService>();

      services.AddScoped<IFileService, FileService>();
      services.AddScoped<IFilesService, FilesService>();