From 05974551806e88d7b41f2ae60907b920ba60e15f Mon Sep 17 00:00:00 2001 From: Uncled1023 Date: Thu, 31 Jan 2019 22:56:12 -0800 Subject: [PATCH] Removed unused Logout Session manager middleware --- Teknik.sln | 4 +++ .../Areas/User/Controllers/UserController.cs | 5 +-- Teknik/Security/CookieEventHandler.cs | 7 ++-- Teknik/Security/LogoutSessionManager.cs | 36 ------------------- Teknik/Startup.cs | 20 ++++++----- Utilities/Cryptography/AesCounterMode.cs | 5 ++- 6 files changed, 22 insertions(+), 55 deletions(-) delete mode 100644 Teknik/Security/LogoutSessionManager.cs diff --git a/Teknik.sln b/Teknik.sln index 5ab30b7..74a8e9d 100644 --- a/Teknik.sln +++ b/Teknik.sln @@ -17,6 +17,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution .gitattributes = .gitattributes .gitignore = .gitignore global.json = global.json + Performance1.psess = Performance1.psess README.md = README.md EndProjectSection EndProject @@ -29,6 +30,9 @@ EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ServiceWorker", "ServiceWorker\ServiceWorker.csproj", "{0B712243-994C-4AC3-893C-B86B59F63F53}" EndProject Global + GlobalSection(Performance) = preSolution + HasPerformanceSessions = true + EndGlobalSection GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU Release|Any CPU = Release|Any CPU diff --git a/Teknik/Areas/User/Controllers/UserController.cs b/Teknik/Areas/User/Controllers/UserController.cs index a67e6d8..8c9c951 100644 --- a/Teknik/Areas/User/Controllers/UserController.cs +++ b/Teknik/Areas/User/Controllers/UserController.cs @@ -49,11 +49,8 @@ namespace Teknik.Areas.Users.Controllers private readonly IHttpContextAccessor _httpContextAccessor; private ISession _session => _httpContextAccessor.HttpContext.Session; - private readonly LogoutSessionManager _logoutSessions; - - public UserController(ILogger logger, Config config, TeknikEntities dbContext, LogoutSessionManager logoutSessions, IHttpContextAccessor httpContextAccessor) : base(logger, config, dbContext) + public UserController(ILogger logger, Config config, TeknikEntities dbContext, IHttpContextAccessor httpContextAccessor) : base(logger, config, dbContext) { - _logoutSessions = logoutSessions; _httpContextAccessor = httpContextAccessor; } diff --git a/Teknik/Security/CookieEventHandler.cs b/Teknik/Security/CookieEventHandler.cs index 72a4103..d703f95 100644 --- a/Teknik/Security/CookieEventHandler.cs +++ b/Teknik/Security/CookieEventHandler.cs @@ -13,13 +13,10 @@ namespace Teknik.Security { public class CookieEventHandler : CookieAuthenticationEvents { - public CookieEventHandler(LogoutSessionManager logoutSessions) + public CookieEventHandler() { - _LogoutSessions = logoutSessions; } - - private static LogoutSessionManager _LogoutSessions; - + public override async Task RedirectToAccessDenied(RedirectContext context) { context.Response.StatusCode = 403; diff --git a/Teknik/Security/LogoutSessionManager.cs b/Teknik/Security/LogoutSessionManager.cs deleted file mode 100644 index 701a9b9..0000000 --- a/Teknik/Security/LogoutSessionManager.cs +++ /dev/null @@ -1,36 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Threading.Tasks; - -namespace Teknik.Security -{ - public class LogoutSessionManager - { - private static List _sessions = new List(); - - public void Add(string sub, string sid) - { - _sessions.Add(new Session { Sub = sub, Sid = sid }); - } - - public bool IsLoggedOut(string sub, string sid) - { - var matches = _sessions.Any(s => s.IsMatch(sub, sid)); - return matches; - } - - private class Session - { - public string Sub { get; set; } - public string Sid { get; set; } - - public bool IsMatch(string sub, string sid) - { - return (Sid == sid && Sub == sub) || - (Sid == sid && Sub == null) || - (Sid == null && Sub == sub); - } - } - } -} diff --git a/Teknik/Startup.cs b/Teknik/Startup.cs index 6870fca..bafc878 100644 --- a/Teknik/Startup.cs +++ b/Teknik/Startup.cs @@ -136,7 +136,7 @@ namespace Teknik }); // Sessions - services.AddResponseCaching(); + //services.AddResponseCaching(); services.AddMemoryCache(); services.AddSession(); @@ -153,7 +153,6 @@ namespace Teknik services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); services.AddTransient(); - services.AddSingleton(); services.AddAuthentication(options => { @@ -285,6 +284,15 @@ namespace Teknik } }); + // Compress Reponse + //app.UseResponseCompression(); + + // Cache Responses + //app.UseResponseCaching(); + + // Force a HTTPS redirection (301) + app.UseHttpsRedirection(); + // Use Exception Handling app.UseErrorHandler(config); @@ -297,13 +305,7 @@ namespace Teknik app.UseCSP(); app.UseSecurityHeaders(); - // Cache Responses - app.UseResponseCaching(); - - // Force a HTTPS redirection (301) - app.UseHttpsRedirection(); - - // Setup static files anc cache them client side + // Setup static files and cache them client side app.UseStaticFiles(new StaticFileOptions { OnPrepareResponse = ctx => diff --git a/Utilities/Cryptography/AesCounterMode.cs b/Utilities/Cryptography/AesCounterMode.cs index f98d116..af37fd2 100644 --- a/Utilities/Cryptography/AesCounterMode.cs +++ b/Utilities/Cryptography/AesCounterMode.cs @@ -101,6 +101,9 @@ namespace Teknik.Utilities.Cryptography _SymmetricAlgorithm = symmetricAlgorithm; + // Initialize the encrypted counter + _EncryptedCounter = new byte[_SymmetricAlgorithm.BlockSize / 8]; + _IV = new byte[iv.Length]; iv.CopyTo(_IV, 0); @@ -157,7 +160,7 @@ namespace Teknik.Utilities.Cryptography public void EncryptCounter() { // Clear the encrypted counter - _EncryptedCounter = new byte[_SymmetricAlgorithm.BlockSize / 8]; + Array.Clear(_EncryptedCounter, 0, _EncryptedCounter.Length); // Encrypt the current counter to the encrypted counter _CounterEncryptor.TransformBlock(_Counter, 0, _Counter.Length, _EncryptedCounter, 0);