Browse Source
Check `SessionId` in the `TryRevokeOldAccessTokensAsync` method
pull/19479/head
maliming
2 years ago
No known key found for this signature in database
GPG Key ID: A646B9CB645ECEA4
6 changed files with
43 additions and
0 deletions
-
Directory.Packages.props
-
framework/src/Volo.Abp.AspNetCore.Components.WebAssembly/Volo.Abp.AspNetCore.Components.WebAssembly.csproj
-
framework/src/Volo.Abp.AspNetCore.Components.WebAssembly/Volo/Abp/AspNetCore/Components/WebAssembly/WebAssemblyAuthenticationStateProvider.cs
-
modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IIdentitySessionRepository.cs
-
modules/identity/src/Volo.Abp.Identity.EntityFrameworkCore/Volo/Abp/Identity/EntityFrameworkCore/EfCoreIdentitySessionRepository.cs
-
modules/identity/src/Volo.Abp.Identity.MongoDB/Volo/Abp/Identity/MongoDB/MongoIdentitySessionRepository.cs
|
|
|
@ -161,6 +161,7 @@ |
|
|
|
<PackageVersion Include="System.Text.Encoding.CodePages" Version="8.0.0" /> |
|
|
|
<PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" /> |
|
|
|
<PackageVersion Include="System.Text.Json" Version="8.0.0" /> |
|
|
|
<PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="7.5.1" /> |
|
|
|
<PackageVersion Include="TimeZoneConverter" Version="6.1.0" /> |
|
|
|
<PackageVersion Include="Unidecode.NET" Version="2.1.0" /> |
|
|
|
<PackageVersion Include="xunit" Version="2.6.1" /> |
|
|
|
|
|
|
|
@ -27,6 +27,7 @@ |
|
|
|
<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" /> |
|
|
|
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" /> |
|
|
|
<PackageReference Include="Microsoft.AspNetCore.WebUtilities" /> |
|
|
|
<PackageReference Include="System.IdentityModel.Tokens.Jwt" /> |
|
|
|
<PackageReference Include="IdentityModel" /> |
|
|
|
</ItemGroup> |
|
|
|
|
|
|
|
|
|
|
|
@ -1,5 +1,6 @@ |
|
|
|
using System; |
|
|
|
using System.Collections.Concurrent; |
|
|
|
using System.IdentityModel.Tokens.Jwt; |
|
|
|
using System.Linq; |
|
|
|
using System.Net.Http; |
|
|
|
using System.Security.Claims; |
|
|
|
@ -13,6 +14,7 @@ using Microsoft.Extensions.Logging; |
|
|
|
using Microsoft.Extensions.Logging.Abstractions; |
|
|
|
using Microsoft.Extensions.Options; |
|
|
|
using Microsoft.JSInterop; |
|
|
|
using Volo.Abp.Security.Claims; |
|
|
|
|
|
|
|
namespace Volo.Abp.AspNetCore.Components.WebAssembly; |
|
|
|
|
|
|
|
@ -138,6 +140,17 @@ public class WebAssemblyAuthenticationStateProvider<TRemoteAuthenticationState, |
|
|
|
continue; |
|
|
|
} |
|
|
|
|
|
|
|
if (!accessToken.IsNullOrWhiteSpace() && !currentAccessToken.IsNullOrWhiteSpace()) |
|
|
|
{ |
|
|
|
var handler = new JwtSecurityTokenHandler(); |
|
|
|
var currentSessionId = handler.ReadJwtToken(currentAccessToken)?.Claims?.FirstOrDefault(x => x.Type == AbpClaimTypes.SessionId); |
|
|
|
var sessionId = handler.ReadJwtToken(accessToken)?.Claims?.FirstOrDefault(x => x.Type == AbpClaimTypes.SessionId); |
|
|
|
if (sessionId?.Value == currentSessionId?.Value) |
|
|
|
{ |
|
|
|
continue; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
var httpClient = HttpClientFactory.CreateClient(nameof(WebAssemblyAuthenticationStateProvider<TRemoteAuthenticationState, TAccount, TProviderOptions>)); |
|
|
|
var result = await httpClient.RevokeTokenAsync(new TokenRevocationRequest |
|
|
|
{ |
|
|
|
|
|
|
|
@ -12,6 +12,10 @@ public interface IIdentitySessionRepository : IBasicRepository<IdentitySession, |
|
|
|
|
|
|
|
Task<IdentitySession> GetAsync(string sessionId, CancellationToken cancellationToken = default); |
|
|
|
|
|
|
|
Task<bool> ExistAsync(Guid id, CancellationToken cancellationToken = default); |
|
|
|
|
|
|
|
Task<bool> ExistAsync(string sessionId, CancellationToken cancellationToken = default); |
|
|
|
|
|
|
|
Task<List<IdentitySession>> GetListAsync( |
|
|
|
string sorting = null, |
|
|
|
int maxResultCount = int.MaxValue, |
|
|
|
|
|
|
|
@ -36,6 +36,16 @@ public class EfCoreIdentitySessionRepository : EfCoreRepository<IIdentityDbConte |
|
|
|
return session; |
|
|
|
} |
|
|
|
|
|
|
|
public virtual async Task<bool> ExistAsync(Guid id, CancellationToken cancellationToken = default) |
|
|
|
{ |
|
|
|
return await (await GetDbSetAsync()).AnyAsync(x => x.Id == id, GetCancellationToken(cancellationToken)); |
|
|
|
} |
|
|
|
|
|
|
|
public virtual async Task<bool> ExistAsync(string sessionId, CancellationToken cancellationToken = default) |
|
|
|
{ |
|
|
|
return await (await GetDbSetAsync()).AnyAsync(x => x.SessionId == sessionId, GetCancellationToken(cancellationToken)); |
|
|
|
} |
|
|
|
|
|
|
|
public virtual async Task<List<IdentitySession>> GetListAsync( |
|
|
|
string sorting = null, |
|
|
|
int maxResultCount = int.MaxValue, |
|
|
|
|
|
|
|
@ -39,6 +39,20 @@ public class MongoIdentitySessionRepository : MongoDbRepository<IAbpIdentityMong |
|
|
|
return session; |
|
|
|
} |
|
|
|
|
|
|
|
public virtual async Task<bool> ExistAsync(Guid id, CancellationToken cancellationToken = default) |
|
|
|
{ |
|
|
|
return await (await GetMongoQueryableAsync(GetCancellationToken(cancellationToken))) |
|
|
|
.As<IMongoQueryable<IdentitySession>>() |
|
|
|
.AnyAsync(x => x.Id == id, GetCancellationToken(cancellationToken)); |
|
|
|
} |
|
|
|
|
|
|
|
public virtual async Task<bool> ExistAsync(string sessionId, CancellationToken cancellationToken = default) |
|
|
|
{ |
|
|
|
return await (await GetMongoQueryableAsync(GetCancellationToken(cancellationToken))) |
|
|
|
.As<IMongoQueryable<IdentitySession>>() |
|
|
|
.AnyAsync(x => x.SessionId == sessionId, GetCancellationToken(cancellationToken)); |
|
|
|
} |
|
|
|
|
|
|
|
public virtual async Task<List<IdentitySession>> GetListAsync( |
|
|
|
string sorting = null, |
|
|
|
int maxResultCount = int.MaxValue, |
|
|
|
|
