Defer cors to host/middleware/user code

author: vnugent <public@vaughnnugent.com> 2023-03-25 14:25:21 -0400
committer: vnugent <public@vaughnnugent.com> 2023-03-25 14:25:21 -0400
commit: 1dc1ac2e53f25528aacd1510da928d5f56e3dad7 (patch)
tree: ce8ed59ec116fe615f4bdb70099ac641da3f0153 /plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PkiLoginEndpoint.cs
parent: 78901f761e5b8358d02d1841bee4c60d97c94760 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PkiLoginEndpoint.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PkiLoginEndpoint.cs
index 06ccd60..e7c8a86 100644
--- a/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PkiLoginEndpoint.cs
+++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PkiLoginEndpoint.cs
@@ -120,7 +120,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
             JsonWebToken jwt;
             try
             {
-                //We can try to recover the jwt data
+                //We can try to recover the jwt data, if the data is invalid, 
                 jwt = JsonWebToken.Parse(login.LoginJwt);
             }
             catch (KeyNotFoundException)
@@ -197,7 +197,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
                 if (webm.Assert(user.PKIVerifyUserJWT(jwt, authInfo.KeyId) == true, INVALID_MESSAGE))
                 {
                     //increment flc on invalid signature
-                    user.FailedLoginIncrement();
+                    user.FailedLoginIncrement(entity.RequestedTimeUtc);
                     await user.ReleaseAsync();
 
                     entity.CloseResponse(webm);
@@ -399,7 +399,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
             if (flc.LastModified.AddSeconds(_config.FailedCountTimeoutSec) < now)
             {
                 //clear flc flag
-                user.FailedLoginCount(0);
+                user.ClearFailedLoginCount();
                 return false;
             }
 
@@ -430,7 +430,11 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
                 RuleFor(l => l.LoginJwt)
                     .NotEmpty()
                     .MinimumLength(50)
-                    .IllegalCharacters();
+                    //Token should not contain illegal chars, only base64url + '.'
+                    .IllegalCharacters()
+                    //Make sure the jwt contains exacly 2 '.' chracters
+                    .Must(static l => l.Where(static c => c == '.').Count() == 2)
+                    .WithMessage("Your credential is not a valid Json Web Token");
             }
         }
author	vnugent <public@vaughnnugent.com>	2023-03-25 14:25:21 -0400
committer	vnugent <public@vaughnnugent.com>	2023-03-25 14:25:21 -0400
commit	1dc1ac2e53f25528aacd1510da928d5f56e3dad7 (patch)
tree	ce8ed59ec116fe615f4bdb70099ac641da3f0153 /plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/PkiLoginEndpoint.cs
parent	78901f761e5b8358d02d1841bee4c60d97c94760 (diff)