yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Completed No-op lookup normalizer and OWIN daa protection token provider

Browse Source
This commit is contained in:
Scott Brady
2020-04-22 20:05:06 +01:00
parent 16a19b941e
commit 4763c28c4a
5 changed files with 323 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/Umbraco.Web/Security/OwinDataProtectorTokenProvider.cs
View File

@@ -15,6 +15,7 @@ namespace Umbraco.Web.Security
public class OwinDataProtectorTokenProvider<TUser> : IUserTwoFactorTokenProvider<TUser> where TUser : BackOfficeIdentityUser
{
public TimeSpan TokenLifespan { get; set; }
private static readonly Encoding _defaultEncoding = new UTF8Encoding(false, true);
private readonly IDataProtector _protector;
public OwinDataProtectorTokenProvider(IDataProtector protector)
@@ -25,12 +26,13 @@ namespace Umbraco.Web.Security
public async Task<string> GenerateAsync(string purpose, UserManager<TUser> manager, TUser user)
{
if (manager == null) throw new ArgumentNullException(nameof(manager));
if (user == null) throw new ArgumentNullException(nameof(user));
var ms = new MemoryStream();
using (var writer = ms.CreateWriter())
using (var writer = new BinaryWriter(ms, _defaultEncoding, true))
{
writer.Write(DateTimeOffset.UtcNow);
writer.Write(DateTimeOffset.UtcNow.UtcTicks);
writer.Write(Convert.ToString(user.Id, CultureInfo.InvariantCulture));
writer.Write(purpose ?? "");
@@ -48,13 +50,17 @@ namespace Umbraco.Web.Security
public async Task<bool> ValidateAsync(string purpose, string token, UserManager<TUser> manager, TUser user)
{
if (string.IsNullOrWhiteSpace(token)) throw new ArgumentNullException(nameof(token));
if (manager == null) throw new ArgumentNullException(nameof(manager));
if (user == null) throw new ArgumentNullException(nameof(user));
try
{
var unprotectedData = _protector.Unprotect(Convert.FromBase64String(token));
var ms = new MemoryStream(unprotectedData);
using (var reader = ms.CreateReader())
using (var reader = new BinaryReader(ms, _defaultEncoding, true))
{
var creationTime = reader.ReadDateTimeOffset();
var creationTime = new DateTimeOffset(reader.ReadInt64(), TimeSpan.Zero);
var expirationTime = creationTime + TokenLifespan;
if (expirationTime < DateTimeOffset.UtcNow)
{
@@ -103,29 +109,4 @@ namespace Umbraco.Web.Security
return Task.FromResult(false);
}
}
internal static class StreamExtensions
{
private static readonly Encoding DefaultEncoding = new UTF8Encoding(false, true);
public static BinaryReader CreateReader(this Stream stream)
{
return new BinaryReader(stream, DefaultEncoding, true);
}
public static BinaryWriter CreateWriter(this Stream stream)
{
return new BinaryWriter(stream, DefaultEncoding, true);
}
public static DateTimeOffset ReadDateTimeOffset(this BinaryReader reader)
{
return new DateTimeOffset(reader.ReadInt64(), TimeSpan.Zero);
}
public static void Write(this BinaryWriter writer, DateTimeOffset value)
{
writer.Write(value.UtcTicks);
}
}
}