wip session auth
This commit is contained in:
parent
aa4394fd21
commit
7b6c155a73
23 changed files with 321 additions and 90 deletions
|
|
@ -1,7 +1,9 @@
|
|||
using Femto.Common.Domain;
|
||||
using Femto.Common.Infrastructure.DbConnection;
|
||||
using Femto.Modules.Auth.Application.Dto;
|
||||
using Femto.Modules.Auth.Data;
|
||||
using Femto.Modules.Auth.Errors;
|
||||
using Femto.Modules.Auth.Models;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace Femto.Modules.Auth.Application.Interface.ValidateSession;
|
||||
|
|
@ -13,22 +15,97 @@ internal class ValidateSessionCommandHandler(AuthContext context)
|
|||
ValidateSessionCommand request,
|
||||
CancellationToken cancellationToken
|
||||
)
|
||||
{
|
||||
try
|
||||
{
|
||||
return new ValidateSessionResult(await DoSessionValidation(request, cancellationToken));
|
||||
}
|
||||
finally
|
||||
{
|
||||
await context.SaveChangesAsync(cancellationToken);
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<SessionDto> DoSessionValidation(
|
||||
ValidateSessionCommand request,
|
||||
CancellationToken cancellationToken
|
||||
)
|
||||
{
|
||||
var now = DateTimeOffset.UtcNow;
|
||||
|
||||
var user = await context.Users.SingleOrDefaultAsync(
|
||||
u => u.Sessions.Any(s => s.Id == request.SessionId && s.Expires > now),
|
||||
var session = await context.Sessions.SingleOrDefaultAsync(
|
||||
s => s.Id == request.SessionId,
|
||||
cancellationToken
|
||||
);
|
||||
|
||||
if (user is null)
|
||||
var rememberMe = request.RememberMe;
|
||||
|
||||
if (session is null)
|
||||
{
|
||||
(session, rememberMe) = await this.TryAuthenticateWithRememberMeToken(
|
||||
request.User,
|
||||
request.RememberMe,
|
||||
cancellationToken
|
||||
);
|
||||
}
|
||||
|
||||
if (session.UserId != request.User.Id)
|
||||
{
|
||||
context.Remove(session);
|
||||
throw new InvalidSessionError();
|
||||
}
|
||||
|
||||
if (session.Expires < now)
|
||||
{
|
||||
context.Remove(session);
|
||||
throw new InvalidSessionError();
|
||||
}
|
||||
|
||||
if (session.ShouldRefresh)
|
||||
{
|
||||
context.Remove(session);
|
||||
session = Session.Weak(session.UserId);
|
||||
await context.AddAsync(session, cancellationToken);
|
||||
}
|
||||
|
||||
return new SessionDto(session, rememberMe);
|
||||
}
|
||||
|
||||
private async Task<(Session, string)> TryAuthenticateWithRememberMeToken(
|
||||
UserInfo user,
|
||||
string? rememberMeToken,
|
||||
CancellationToken cancellationToken
|
||||
)
|
||||
{
|
||||
if (rememberMeToken is null)
|
||||
throw new InvalidSessionError();
|
||||
|
||||
var session = user.PossiblyRefreshSession(request.SessionId);
|
||||
var parts = rememberMeToken.Split('.');
|
||||
if (parts.Length != 2)
|
||||
throw new InvalidSessionError();
|
||||
|
||||
return new ValidateSessionResult(
|
||||
new Session(session.Id, session.Expires),
|
||||
new UserInfo(user)
|
||||
var selector = parts[0];
|
||||
var verifier = parts[1];
|
||||
|
||||
var longTermSession = await context.LongTermSessions.SingleOrDefaultAsync(
|
||||
s => s.Selector == selector,
|
||||
cancellationToken
|
||||
);
|
||||
|
||||
if (longTermSession is null)
|
||||
throw new InvalidSessionError();
|
||||
|
||||
context.Remove(longTermSession);
|
||||
|
||||
if (!longTermSession.Validate(verifier))
|
||||
throw new InvalidSessionError();
|
||||
|
||||
var session = Session.Weak(user.Id);
|
||||
await context.AddAsync(session, cancellationToken);
|
||||
|
||||
(longTermSession, rememberMeToken) = LongTermSession.Create(user.Id);
|
||||
await context.AddAsync(longTermSession, cancellationToken);
|
||||
|
||||
return (session, rememberMeToken);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue