mirror of
https://github.com/bitwarden/mobile.git
synced 2024-12-24 16:38:22 +01:00
token service
This commit is contained in:
parent
a0f6af8097
commit
929727ba41
29
src/Core/Abstractions/ITokenService.cs
Normal file
29
src/Core/Abstractions/ITokenService.cs
Normal file
@ -0,0 +1,29 @@
|
||||
using System;
|
||||
using System.Threading.Tasks;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace Bit.Core.Abstractions
|
||||
{
|
||||
public interface ITokenService
|
||||
{
|
||||
Task ClearTokenAsync();
|
||||
Task ClearTwoFactorTokenAsync(string email);
|
||||
JObject DecodeToken();
|
||||
string GetEmail();
|
||||
bool GetEmailVerified();
|
||||
string GetIssuer();
|
||||
string GetName();
|
||||
bool GetPremium();
|
||||
Task<string> GetRefreshTokenAsync();
|
||||
Task<string> GetTokenAsync();
|
||||
DateTime? GetTokenExpirationDate();
|
||||
Task<string> GetTwoFactorTokenAsync(string email);
|
||||
string GetUserId();
|
||||
Task SetRefreshTokenAsync(string refreshToken);
|
||||
Task SetTokenAsync(string token);
|
||||
Task SetTokensAsync(string accessToken, string refreshToken);
|
||||
Task SetTwoFactorTokenAsync(string token, string email);
|
||||
bool TokenNeedsRefresh(int minutes = 5);
|
||||
int TokenSecondsRemaining();
|
||||
}
|
||||
}
|
229
src/Core/Services/TokenService.cs
Normal file
229
src/Core/Services/TokenService.cs
Normal file
@ -0,0 +1,229 @@
|
||||
using Bit.Core.Abstractions;
|
||||
using Bit.Core.Utilities;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using System;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Bit.Core.Services
|
||||
{
|
||||
public class TokenService : ITokenService
|
||||
{
|
||||
private readonly IStorageService _storageService;
|
||||
|
||||
private string _token;
|
||||
private JObject _decodedToken;
|
||||
private string _refreshToken;
|
||||
|
||||
private const string Keys_AccessToken = "accessToken";
|
||||
private const string Keys_RefreshToken = "refreshToken";
|
||||
private const string Keys_TwoFactorTokenFormat = "twoFactorToken_{0}";
|
||||
|
||||
public TokenService(IStorageService storageService)
|
||||
{
|
||||
_storageService = storageService;
|
||||
}
|
||||
|
||||
public async Task SetTokensAsync(string accessToken, string refreshToken)
|
||||
{
|
||||
await Task.WhenAll(
|
||||
SetTokenAsync(accessToken),
|
||||
SetRefreshTokenAsync(refreshToken));
|
||||
}
|
||||
|
||||
public async Task SetTokenAsync(string token)
|
||||
{
|
||||
_token = token;
|
||||
_decodedToken = null;
|
||||
await _storageService.SaveAsync(Keys_AccessToken, token);
|
||||
}
|
||||
|
||||
public async Task<string> GetTokenAsync()
|
||||
{
|
||||
if(_token != null)
|
||||
{
|
||||
return _token;
|
||||
}
|
||||
_token = await _storageService.GetAsync<string>(Keys_AccessToken);
|
||||
return _token;
|
||||
}
|
||||
|
||||
public async Task SetRefreshTokenAsync(string refreshToken)
|
||||
{
|
||||
_refreshToken = refreshToken;
|
||||
await _storageService.SaveAsync(Keys_RefreshToken, refreshToken);
|
||||
}
|
||||
|
||||
public async Task<string> GetRefreshTokenAsync()
|
||||
{
|
||||
if(_refreshToken != null)
|
||||
{
|
||||
return _refreshToken;
|
||||
}
|
||||
_refreshToken = await _storageService.GetAsync<string>(Keys_RefreshToken);
|
||||
return _refreshToken;
|
||||
}
|
||||
|
||||
public async Task SetTwoFactorTokenAsync(string token, string email)
|
||||
{
|
||||
await _storageService.SaveAsync(string.Format(Keys_TwoFactorTokenFormat, email), token);
|
||||
}
|
||||
|
||||
public async Task<string> GetTwoFactorTokenAsync(string email)
|
||||
{
|
||||
return await _storageService.GetAsync<string>(string.Format(Keys_TwoFactorTokenFormat, email));
|
||||
}
|
||||
|
||||
public async Task ClearTwoFactorTokenAsync(string email)
|
||||
{
|
||||
await _storageService.RemoveAsync(string.Format(Keys_TwoFactorTokenFormat, email));
|
||||
}
|
||||
|
||||
public async Task ClearTokenAsync()
|
||||
{
|
||||
_token = null;
|
||||
_decodedToken = null;
|
||||
_refreshToken = null;
|
||||
await Task.WhenAll(
|
||||
_storageService.RemoveAsync(Keys_AccessToken),
|
||||
_storageService.RemoveAsync(Keys_RefreshToken));
|
||||
}
|
||||
|
||||
public JObject DecodeToken()
|
||||
{
|
||||
if(_decodedToken != null)
|
||||
{
|
||||
return _decodedToken;
|
||||
}
|
||||
if(_token == null)
|
||||
{
|
||||
throw new InvalidOperationException("Token not found.");
|
||||
}
|
||||
var parts = _token.Split('.');
|
||||
if(parts.Length != 3)
|
||||
{
|
||||
throw new InvalidOperationException("JWT must have 3 parts.");
|
||||
}
|
||||
var decodedBytes = Base64UrlDecode(parts[1]);
|
||||
if(decodedBytes == null || decodedBytes.Length < 1)
|
||||
{
|
||||
throw new InvalidOperationException("Cannot decode the token.");
|
||||
}
|
||||
_decodedToken = JObject.Parse(Encoding.UTF8.GetString(decodedBytes));
|
||||
return _decodedToken;
|
||||
}
|
||||
|
||||
public DateTime? GetTokenExpirationDate()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["exp"] == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
return CoreHelpers.Epoc.AddSeconds(Convert.ToDouble(decoded["exp"].Value<long>()));
|
||||
}
|
||||
|
||||
public int TokenSecondsRemaining()
|
||||
{
|
||||
var d = GetTokenExpirationDate();
|
||||
if(d == null)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
var timeRemaining = d.Value - DateTime.UtcNow;
|
||||
return (int)timeRemaining.TotalSeconds;
|
||||
}
|
||||
|
||||
public bool TokenNeedsRefresh(int minutes = 5)
|
||||
{
|
||||
var sRemaining = TokenSecondsRemaining();
|
||||
return sRemaining < (60 * minutes);
|
||||
}
|
||||
|
||||
public string GetUserId()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["sub"] == null)
|
||||
{
|
||||
throw new Exception("No user id found.");
|
||||
}
|
||||
return decoded["sub"].Value<string>();
|
||||
}
|
||||
|
||||
public string GetEmail()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["email"] == null)
|
||||
{
|
||||
throw new Exception("No email found.");
|
||||
}
|
||||
return decoded["email"].Value<string>();
|
||||
}
|
||||
|
||||
public bool GetEmailVerified()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["email_verified"] == null)
|
||||
{
|
||||
throw new Exception("No email verification found.");
|
||||
}
|
||||
return decoded["email_verified"].Value<bool>();
|
||||
}
|
||||
|
||||
public string GetName()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["name"] == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
return decoded["name"].Value<string>();
|
||||
}
|
||||
|
||||
public bool GetPremium()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["premium"] == null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return decoded["premium"].Value<bool>();
|
||||
}
|
||||
|
||||
public string GetIssuer()
|
||||
{
|
||||
var decoded = DecodeToken();
|
||||
if(decoded?["iss"] == null)
|
||||
{
|
||||
throw new Exception("No issuer found.");
|
||||
}
|
||||
return decoded["iss"].Value<string>();
|
||||
}
|
||||
|
||||
private byte[] Base64UrlDecode(string input)
|
||||
{
|
||||
var output = input;
|
||||
// 62nd char of encoding
|
||||
output = output.Replace('-', '+');
|
||||
// 63rd char of encoding
|
||||
output = output.Replace('_', '/');
|
||||
// Pad with trailing '='s
|
||||
switch(output.Length % 4)
|
||||
{
|
||||
case 0:
|
||||
// No pad chars in this case
|
||||
break;
|
||||
case 2:
|
||||
// Two pad chars
|
||||
output += "=="; break;
|
||||
case 3:
|
||||
// One pad char
|
||||
output += "="; break;
|
||||
default:
|
||||
throw new InvalidOperationException("Illegal base64url string!");
|
||||
}
|
||||
// Standard base64 decoder
|
||||
return Convert.FromBase64String(output);
|
||||
}
|
||||
}
|
||||
}
|
18
src/Core/Utilities/CoreHelpers.cs
Normal file
18
src/Core/Utilities/CoreHelpers.cs
Normal file
@ -0,0 +1,18 @@
|
||||
using System;
|
||||
|
||||
namespace Bit.Core.Utilities
|
||||
{
|
||||
public static class CoreHelpers
|
||||
{
|
||||
public static readonly DateTime Epoc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
|
||||
|
||||
public static bool InDebugMode()
|
||||
{
|
||||
#if DEBUG
|
||||
return true;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user