remember me

2025-06-21 11:41:53 +02:00 · 2025-06-21 11:41:53 +02:00 · 8629883f88
commit 8629883f88
parent dac3acfecf
10 changed files with 278 additions and 96 deletions
--- a/Femto.Modules.Auth/Application/Services/AuthService.cs
+++ b/Femto.Modules.Auth/Application/Services/AuthService.cs
@ -7,7 +7,7 @@ using Femto.Modules.Auth.Infrastructure;
 using Femto.Modules.Auth.Models;
 using Microsoft.EntityFrameworkCore;

-namespace Femto.Modules.Auth.Application.Services;
+namespace Femto.Modules.Auth.Application;

 internal class AuthService(
    AuthContext context,
@ -15,10 +15,11 @@ internal class AuthService(
    IDbConnectionFactory connectionFactory
 ) : IAuthService
 {
-    public async Task<UserAndSession?> GetUserWithCredentials(string username,
+    public async Task<UserAndSession?> AuthenticateUserCredentials(
+        string username,
        string password,
-        bool createLongTermSession,
-        CancellationToken cancellationToken = default)
+        CancellationToken cancellationToken = default
+    )
    {
        var user = await context
            .Users.Where(u => u.Username == username)
@ -48,7 +49,7 @@ internal class AuthService(
            .SingleOrDefaultAsync(cancellationToken);
    }

-    public async Task<Session> CreateStrongSession(Guid userId)
+    public async Task<Session> CreateNewSession(Guid userId)
    {
        var session = new Session(userId, true);

@ -76,11 +77,12 @@ internal class AuthService(
        await storage.DeleteSession(sessionId);
    }

-    public async Task<UserAndSession> CreateUserWithCredentials(string username,
+    public async Task<UserAndSession> CreateUserWithCredentials(
+        string username,
        string password,
        string signupCode,
-        bool createLongTermSession,
-        CancellationToken cancellationToken = default)
+        CancellationToken cancellationToken = default
+    )
    {
        var now = DateTimeOffset.UtcNow;

@ -166,24 +168,61 @@ internal class AuthService(
            .ToList();
    }

-    public async Task<LongTermSession> CreateLongTermSession(Guid userId, bool isStrong)
+    public async Task<NewRememberMeToken> CreateRememberMeToken(Guid userId)
    {
-        throw new NotImplementedException();
+        var (rememberMeToken, verifier) = LongTermSession.Create(userId);
+
+        await context.AddAsync(rememberMeToken);
+        await context.SaveChangesAsync();
+
+        return new(rememberMeToken.Selector, verifier, rememberMeToken.Expires);
    }

-    public async Task<LongTermSession> DeleteLongTermSession(string sessionId)
+    public async Task<(UserInfo?, NewRememberMeToken?)> GetUserWithRememberMeToken(
+        RememberMeToken rememberMeToken
+    )
    {
-        throw new NotImplementedException();
+        var token = await context.LongTermSessions.SingleOrDefaultAsync(t =>
+            t.Selector == rememberMeToken.Selector
+        );
+
+        if (token is null)
+            return (null, null);
+
+        if (!token.Validate(rememberMeToken.Verifier))
+            return (null, null);
+
+        var user = await context.Users.SingleOrDefaultAsync(u => u.Id == token.UserId);
+
+        if (user is null)
+            return (null, null);
+
+        if (token.ExpiresSoon)
+        {
+            var (newToken, verifier) = LongTermSession.Create(user.Id);
+            await context.AddAsync(newToken);
+            await context.SaveChangesAsync();
+
+            return (new(user), new(newToken.Selector, verifier, newToken.Expires));
+        }
+
+        return (new(user), null);
    }

-    public async Task<LongTermSession> RefreshLongTermSession(string sessionId)
+    public async Task DeleteRememberMeToken(RememberMeToken rememberMeToken)
    {
-        throw new NotImplementedException();
-    }
+        var session = await context.LongTermSessions.SingleOrDefaultAsync(s =>
+            s.Selector == rememberMeToken.Selector
+        );

-    public async Task<ValidateSessionResult> ValidateLongTermSession(string sessionId)
-    {
-        throw new NotImplementedException();
+        if (session is null)
+            return;
+
+        if (!session.Validate(rememberMeToken.Verifier))
+            return;
+
+        context.Remove(session);
+        await context.SaveChangesAsync();
    }

    private class GetSignupCodesQueryResultRow
--- a/Femto.Modules.Auth/Application/AuthStartup.cs
+++ b/Femto.Modules.Auth/Application/AuthStartup.cs
@ -3,7 +3,6 @@ using Femto.Common.Infrastructure;
 using Femto.Common.Infrastructure.DbConnection;
 using Femto.Common.Infrastructure.Outbox;
 using Femto.Common.Integration;
-using Femto.Modules.Auth.Application.Services;
 using Femto.Modules.Auth.Data;
 using Femto.Modules.Auth.Infrastructure;
 using MediatR;
--- a/Femto.Modules.Auth/Application/Dto/RememberMeToken.cs
+++ b/Femto.Modules.Auth/Application/Dto/RememberMeToken.cs
@ -0,0 +1,18 @@
+using Femto.Modules.Auth.Models;
+
+namespace Femto.Modules.Auth.Application.Dto;
+
+public record RememberMeToken(string Selector, string Verifier)
+{
+    public static RememberMeToken FromCode(string code)
+    {
+        var parts = code.Split('.');
+        return new RememberMeToken(parts[0], parts[1]);
+    }
+    
+};
+
+public record NewRememberMeToken(string Selector, string Verifier, DateTimeOffset Expires)
+{
+    public string Code => $"{Selector}.{Verifier}";
+}
--- a/Femto.Modules.Auth/Application/Services/IAuthService.cs
+++ b/Femto.Modules.Auth/Application/Services/IAuthService.cs
@ -1,7 +1,7 @@
 using Femto.Modules.Auth.Application.Dto;
 using Femto.Modules.Auth.Models;

-namespace Femto.Modules.Auth.Application.Services;
+namespace Femto.Modules.Auth.Application;

 /// <summary>
 /// I broke off IAuthService from IAuthModule because the CQRS distinction is cumbersome when doing auth handling,
@ -11,17 +11,16 @@ namespace Femto.Modules.Auth.Application.Services;
 /// </summary>
 public interface IAuthService
 {
-    public Task<UserAndSession?> GetUserWithCredentials(
+    public Task<UserAndSession?> AuthenticateUserCredentials(
        string username,
        string password,
-        bool createLongTermSession,
        CancellationToken cancellationToken = default
    );
    public Task<UserInfo?> GetUserWithId(
        Guid? userId,
        CancellationToken cancellationToken = default
    );
-    public Task<Session> CreateStrongSession(Guid userId);
+    public Task<Session> CreateNewSession(Guid userId);
    public Task<Session> CreateWeakSession(Guid userId);
    public Task<Session?> GetSession(string sessionId);
    public Task DeleteSession(string sessionId);
@ -29,7 +28,6 @@ public interface IAuthService
    public Task<UserAndSession> CreateUserWithCredentials(string username,
        string password,
        string signupCode,
-        bool createLongTermSession,
        CancellationToken cancellationToken = default);

    public Task AddSignupCode(
@ -41,6 +39,10 @@ public interface IAuthService
    public Task<ICollection<SignupCodeDto>> GetSignupCodes(
        CancellationToken cancellationToken = default
    );
+
+    Task<NewRememberMeToken> CreateRememberMeToken(Guid userId);
+    Task<(UserInfo?, NewRememberMeToken?)> GetUserWithRememberMeToken(RememberMeToken rememberMeToken);
+    Task DeleteRememberMeToken(RememberMeToken rememberMeToken);
 }

-public record UserAndSession(UserInfo User, Session Session);
+public record UserAndSession(UserInfo User, Session Session);