2 years ago · 0597455180
--- a/Teknik.sln
+++ b/Teknik.sln
@@ -17,6 +17,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		.gitattributes = .gitattributes
 		.gitignore = .gitignore
 		global.json = global.json
 		Performance1.psess = Performance1.psess
 		README.md = README.md
 	EndProjectSection
 EndProject
@@ -29,6 +30,9 @@ EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "ServiceWorker", "ServiceWorker\ServiceWorker.csproj", "{0B712243-994C-4AC3-893C-B86B59F63F53}"
 EndProject
 Global
 	GlobalSection(Performance) = preSolution
 		HasPerformanceSessions = true
 	EndGlobalSection
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
--- a/Teknik/Areas/User/Controllers/UserController.cs
+++ b/Teknik/Areas/User/Controllers/UserController.cs
@@ -49,11 +49,8 @@ namespace Teknik.Areas.Users.Controllers
        private readonly IHttpContextAccessor _httpContextAccessor;
        private ISession _session => _httpContextAccessor.HttpContext.Session;

        private readonly LogoutSessionManager _logoutSessions;

        public UserController(ILogger<Logger> logger, Config config, TeknikEntities dbContext, LogoutSessionManager logoutSessions, IHttpContextAccessor httpContextAccessor) : base(logger, config, dbContext)
        public UserController(ILogger<Logger> logger, Config config, TeknikEntities dbContext, IHttpContextAccessor httpContextAccessor) : base(logger, config, dbContext)
        {
            _logoutSessions = logoutSessions;
            _httpContextAccessor = httpContextAccessor;
        }

--- a/Teknik/Security/CookieEventHandler.cs
+++ b/Teknik/Security/CookieEventHandler.cs
@@ -13,13 +13,10 @@ namespace Teknik.Security
 {
    public class CookieEventHandler : CookieAuthenticationEvents
    {
        public CookieEventHandler(LogoutSessionManager logoutSessions)
        public CookieEventHandler()
        {
            _LogoutSessions = logoutSessions;
        }

        private static LogoutSessionManager _LogoutSessions;

        
        public override async Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context)
        {
            context.Response.StatusCode = 403;
--- a/Teknik/Security/LogoutSessionManager.cs
+++ b/Teknik/Security/LogoutSessionManager.cs
@@ -1,36 +0,0 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;

 namespace Teknik.Security
 {
    public class LogoutSessionManager
    {
        private static List<Session> _sessions = new List<Session>();

        public void Add(string sub, string sid)
        {
            _sessions.Add(new Session { Sub = sub, Sid = sid });
        }

        public bool IsLoggedOut(string sub, string sid)
        {
            var matches = _sessions.Any(s => s.IsMatch(sub, sid));
            return matches;
        }

        private class Session
        {
            public string Sub { get; set; }
            public string Sid { get; set; }

            public bool IsMatch(string sub, string sid)
            {
                return (Sid == sid && Sub == sub) ||
                       (Sid == sid && Sub == null) ||
                       (Sid == null && Sub == sub);
            }
        }
    }
 }
--- a/Teknik/Startup.cs
+++ b/Teknik/Startup.cs
@@ -136,7 +136,7 @@ namespace Teknik
            });

            // Sessions
            services.AddResponseCaching();
            //services.AddResponseCaching();
            services.AddMemoryCache();
            services.AddSession();

@@ -153,7 +153,6 @@ namespace Teknik
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

            services.AddTransient<CookieEventHandler>();
            services.AddSingleton<LogoutSessionManager>();

            services.AddAuthentication(options =>
            {
@@ -285,6 +284,15 @@ namespace Teknik
                }
            });

            // Compress Reponse
            //app.UseResponseCompression();

            // Cache Responses
            //app.UseResponseCaching();

            // Force a HTTPS redirection (301)
            app.UseHttpsRedirection();

            // Use Exception Handling
            app.UseErrorHandler(config);

@@ -297,13 +305,7 @@ namespace Teknik
            app.UseCSP();
            app.UseSecurityHeaders();

            // Cache Responses
            app.UseResponseCaching();

            // Force a HTTPS redirection (301)
            app.UseHttpsRedirection();

            // Setup static files anc cache them client side
            // Setup static files and cache them client side
            app.UseStaticFiles(new StaticFileOptions
            {
                OnPrepareResponse = ctx =>
--- a/Utilities/Cryptography/AesCounterMode.cs
+++ b/Utilities/Cryptography/AesCounterMode.cs
@@ -101,6 +101,9 @@ namespace Teknik.Utilities.Cryptography

            _SymmetricAlgorithm = symmetricAlgorithm;

            // Initialize the encrypted counter
            _EncryptedCounter = new byte[_SymmetricAlgorithm.BlockSize / 8];

            _IV = new byte[iv.Length];
            iv.CopyTo(_IV, 0);

@@ -157,7 +160,7 @@ namespace Teknik.Utilities.Cryptography
        public void EncryptCounter()
        {
            // Clear the encrypted counter
            _EncryptedCounter = new byte[_SymmetricAlgorithm.BlockSize / 8];
            Array.Clear(_EncryptedCounter, 0, _EncryptedCounter.Length);

            // Encrypt the current counter to the encrypted counter
            _CounterEncryptor.TransformBlock(_Counter, 0, _Counter.Length, _EncryptedCounter, 0);