From 74924d975db8731f6ada55d923c2a2045f227980 Mon Sep 17 00:00:00 2001
From: Erik Pique <epique@plainconcepts.com>
Date: Thu, 11 Oct 2018 16:55:27 +0200
Subject: [PATCH] Token lifetime handling #118

https://github.com/dotnet-architecture/eShopOnContainers/issues/118
---
 .../Controllers/AccountController.cs          | 31 ++++++++++++-------
 .../Identity.API/Services/EFLoginService.cs   | 20 ++++++++----
 .../Identity.API/Services/ILoginService.cs    |  5 +++
 3 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/src/Services/Identity/Identity.API/Controllers/AccountController.cs b/src/Services/Identity/Identity.API/Controllers/AccountController.cs
index 79e9c247e..85d17228c 100644
--- a/src/Services/Identity/Identity.API/Controllers/AccountController.cs
+++ b/src/Services/Identity/Identity.API/Controllers/AccountController.cs
@@ -1,4 +1,9 @@
-using IdentityModel;
+using System;
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using IdentityModel;
 using IdentityServer4;
 using IdentityServer4.Models;
 using IdentityServer4.Services;
@@ -11,11 +16,6 @@ using Microsoft.eShopOnContainers.Services.Identity.API.Models;
 using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels;
 using Microsoft.eShopOnContainers.Services.Identity.API.Services;
 using Microsoft.Extensions.Logging;
-using System;
-using System.Linq;
-using System.Security.Claims;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
 
 namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
 {
@@ -79,9 +79,16 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
             if (ModelState.IsValid)
             {
                 var user = await _loginService.FindByUsername(model.Email);
+
                 if (await _loginService.ValidateCredentials(user, model.Password))
                 {
-                    AuthenticationProperties props = null;
+                    var props = new AuthenticationProperties
+                    {
+                        ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2),
+                        AllowRefresh = true,
+                        RedirectUri = model.ReturnUrl
+                    };
+
                     if (model.RememberMe)
                     {
                         props = new AuthenticationProperties
@@ -91,8 +98,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
                         };
                     };
 
-                    await _loginService.SignIn(user);
-                   
+                    await _loginService.SignInAsync(user, props);
+
                     // make sure the returnUrl is still valid, and if yes - redirect back to authorize endpoint
                     if (_interaction.IsValidReturnUrl(model.ReturnUrl))
                     {
@@ -113,7 +120,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
             return View(vm);
         }
 
-        async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl, AuthorizationRequest context)
+        private async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl, AuthorizationRequest context)
         {
             var allowLocal = true;
             if (context?.ClientId != null)
@@ -132,7 +139,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
             };
         }
 
-        async Task<LoginViewModel> BuildLoginViewModelAsync(LoginViewModel model)
+        private async Task<LoginViewModel> BuildLoginViewModelAsync(LoginViewModel model)
         {
             var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
             var vm = await BuildLoginViewModelAsync(model.ReturnUrl, context);
@@ -193,7 +200,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
 
                 try
                 {
-                    
+
                     // hack: try/catch to handle social providers that throw
                     await HttpContext.SignOutAsync(idp, new AuthenticationProperties
                     {
diff --git a/src/Services/Identity/Identity.API/Services/EFLoginService.cs b/src/Services/Identity/Identity.API/Services/EFLoginService.cs
index 63c4d4b7e..f3a9d5a03 100644
--- a/src/Services/Identity/Identity.API/Services/EFLoginService.cs
+++ b/src/Services/Identity/Identity.API/Services/EFLoginService.cs
@@ -1,15 +1,17 @@
-using Microsoft.AspNetCore.Identity;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.eShopOnContainers.Services.Identity.API.Models;
-using System.Threading.Tasks;
 
 namespace Microsoft.eShopOnContainers.Services.Identity.API.Services
 {
     public class EFLoginService : ILoginService<ApplicationUser>
     {
-        UserManager<ApplicationUser> _userManager;
-        SignInManager<ApplicationUser> _signInManager;
+        private UserManager<ApplicationUser> _userManager;
+        private SignInManager<ApplicationUser> _signInManager;
 
-        public EFLoginService(UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager) {
+        public EFLoginService(UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager)
+        {
             _userManager = userManager;
             _signInManager = signInManager;
         }
@@ -24,8 +26,14 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Services
             return await _userManager.CheckPasswordAsync(user, password);
         }
 
-        public Task SignIn(ApplicationUser user) {
+        public Task SignIn(ApplicationUser user)
+        {
             return _signInManager.SignInAsync(user, true);
         }
+
+        public Task SignInAsync(ApplicationUser user, AuthenticationProperties properties, string authenticationMethod = null)
+        {
+            return _signInManager.SignInAsync(user, properties, authenticationMethod);
+        }
     }
 }
diff --git a/src/Services/Identity/Identity.API/Services/ILoginService.cs b/src/Services/Identity/Identity.API/Services/ILoginService.cs
index 7bff7f272..8a977205b 100644
--- a/src/Services/Identity/Identity.API/Services/ILoginService.cs
+++ b/src/Services/Identity/Identity.API/Services/ILoginService.cs
@@ -1,11 +1,16 @@
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 
 namespace Microsoft.eShopOnContainers.Services.Identity.API.Services
 {
     public interface ILoginService<T>
     {
         Task<bool> ValidateCredentials(T user, string password);
+
         Task<T> FindByUsername(string user);
+
         Task SignIn(T user);
+
+        Task SignInAsync(T user, AuthenticationProperties properties, string authenticationMethod = null);
     }
 }