optimize cache cleanup

Author: tinohager

src/Backend/Nager.AuthenticationService.Abstraction/Models/AuthenticationInfo.cs

@@ -9,5 +9,10 @@ public class AuthenticationInfo
         public DateTime LastInvalid { get; set; }
 
         public int InvalidCount { get; set; }
+
+        public override string ToString()
+        {
+            return $"LastValid:{this.LastValid} LastInvalid:{this.LastInvalid} InvalidCount:{this.InvalidCount}";
+        }
     }
 }

src/Backend/Nager.AuthenticationService.Abstraction/Models/ValidateTokenRequest.cs

@@ -0,0 +1,23 @@
+namespace Nager.AuthenticationService.Abstraction.Models
+{
+    /// <summary>
+    /// Validate Token Request
+    /// </summary>
+    public class ValidateTokenRequest
+    {
+        /// <summary>
+        /// Mfa Identifier from Authenticate request
+        /// </summary>
+        public required string MfaIdentifier { get; set; }
+
+        /// <summary>
+        /// Mfa Token
+        /// </summary>
+        public required string Token { get; set; }
+
+        /// <summary>
+        /// IpAddress
+        /// </summary>
+        public string? IpAddress { get; set; }
+    }
+}

src/Backend/Nager.AuthenticationService.Abstraction/Services/IUserAuthenticationService.cs

@@ -20,8 +20,7 @@ Task<AuthenticationResult> ValidateCredentialsAsync(
             CancellationToken cancellationToken = default);
 
         Task<ValidateTokenResult> ValidateTokenAsync(
-            string mfaIdentifier,
-            string token,
+            ValidateTokenRequest validateTokenRequest,
             CancellationToken cancellationToken = default);
 
         /// <summary>

src/Backend/Nager.AuthenticationService.WebApi/Controllers/AuthenticationController.cs

@@ -200,7 +200,14 @@ public async Task<ActionResult<AuthenticationResponseDto>> AuthenticateMfaTokenA
             [Required][FromBody] AuthenticationMfaTokenRequestDto request,
             CancellationToken cancellationToken = default)
         {
-            var validateTokenResult = await this._userAuthenticationService.ValidateTokenAsync(request.MfaIdentifier, request.Token, cancellationToken);
+            var ipAddress = HttpContext.GetIpAddress();
+
+            var validateTokenResult = await this._userAuthenticationService.ValidateTokenAsync(new ValidateTokenRequest
+            {
+                MfaIdentifier = request.MfaIdentifier,
+                Token = request.Token,
+                IpAddress = ipAddress
+            }, cancellationToken);
             if (!validateTokenResult.Success)
             {
                 return StatusCode(StatusCodes.Status400BadRequest);
@@ -224,12 +231,10 @@ public async Task<ActionResult<AuthenticationResponseDto>> AuthenticateMfaTokenA
         /// <returns></returns>
         /// <response code="204">Token valid</response>
         /// <response code="401">Token invalid</response>
-        /// <response code="500">Unexpected error</response>
         [HttpPost]
         [Route("Validate")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
-        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
         public ActionResult<AuthenticationResponseDto> Validate()
         {
             return StatusCode(StatusCodes.Status204NoContent);

src/Backend/Nager.AuthenticationService.WebApi/Controllers/MonitoringController.cs

@@ -1,6 +1,7 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Caching.Memory;
+using Nager.AuthenticationService.Abstraction.Models;
 using Nager.AuthenticationService.WebApi.Dtos;
 
 namespace Nager.AuthenticationService.WebApi.Controllers
@@ -53,9 +54,9 @@ public ActionResult<CacheItemDto> GetCacheSnapshot(
                         break;
                     }
 
-                    if (this._memoryCache.TryGetValue<int>(key, out var value))
+                    if (this._memoryCache.TryGetValue<AuthenticationInfo>(key, out var authenticationInfo))
                     {
-                        cacheItems.Add(new CacheItemDto { Key = $"{key}", Value = $"{value}" });
+                        cacheItems.Add(new CacheItemDto { Key = $"{key}", Value = $"{authenticationInfo}" });
                     }
                 }
 

src/Backend/Nager.AuthenticationService.WebApi/Controllers/UserManagementController.cs

@@ -87,7 +87,7 @@ public async Task<ActionResult<UserInfoDto[]>> QueryUsersAsync(
                 EmailAddress = userInfo.EmailAddress,
                 Firstname = userInfo.Firstname,
                 Lastname = userInfo.Lastname,
-                Roles = userInfo.Roles,
+                Roles = userInfo.Roles ?? [],
                 LastFailedValidationTimestamp = userInfo.LastFailedValidationTimestamp,
                 LastSuccessfulValidationTimestamp  = userInfo.LastSuccessfulValidationTimestamp,
                 MfaActive = userInfo.MfaActive

src/Backend/Nager.AuthenticationService.WebApi/Dtos/AuthenticationMfaTokenRequestDto.cs

@@ -1,13 +1,18 @@
-using System.ComponentModel.DataAnnotations;
-
-namespace Nager.AuthenticationService.WebApi.Dtos
+namespace Nager.AuthenticationService.WebApi.Dtos
 {
+    /// <summary>
+    /// Authentication Mfa Token Request Dto
+    /// </summary>
     public class AuthenticationMfaTokenRequestDto
     {
-        [Required]
-        public string MfaIdentifier { get; set; }
+        /// <summary>
+        /// Mfa Identifier from Authenticate request
+        /// </summary>
+        public required string MfaIdentifier { get; set; }
 
-        [Required]
-        public string Token { get; set; }
+        /// <summary>
+        /// The one Time Token
+        /// </summary>
+        public required string Token { get; set; }
     }
 }

src/Backend/Nager.AuthenticationService.WebApi/Services/UserAuthenticationService.cs

@@ -18,6 +18,7 @@ public class UserAuthenticationService : IUserAuthenticationService
         private readonly IMemoryCache _memoryCache;
         private readonly string _cacheKeyPrefix = "AuthenticationInfo";
         private readonly TimeSpan _cacheLiveTime = TimeSpan.FromMinutes(10);
+        private readonly TimeSpan _mfaTokenAcceptanceWindow = TimeSpan.FromMinutes(2);
         private readonly int _delayTimeMultiplier = 400; //ms
         private readonly int _maxInvalidLogins = 10;
         private readonly int _maxInvalidLoginsBeforeDelay = 3;
@@ -116,10 +117,7 @@ public async Task<AuthenticationResult> ValidateCredentialsAsync(
             AuthenticationRequest authenticationRequest,
             CancellationToken cancellationToken = default)
         {
-            if (authenticationRequest == null)
-            {
-                throw new ArgumentNullException(nameof(authenticationRequest));
-            }
+            ArgumentNullException.ThrowIfNull(authenticationRequest);
 
             if (string.IsNullOrEmpty(authenticationRequest.IpAddress))
             {
@@ -185,7 +183,7 @@ public async Task<AuthenticationResult> ValidateCredentialsAsync(
 
                     this._memoryCache.Set(cacheKey, authenticationRequest.EmailAddress, new MemoryCacheEntryOptions
                     {
-                        AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(120)
+                        AbsoluteExpirationRelativeToNow = this._mfaTokenAcceptanceWindow
                     });
 
                     return new AuthenticationResult
@@ -242,11 +240,10 @@ await this._userRepository.SetLastValidationTimestampAsync(o => o.Id == userEnti
 
         /// <inheritdoc />
         public async Task<ValidateTokenResult> ValidateTokenAsync(
-            string mfaIdentifier,
-            string token,
+            ValidateTokenRequest validateTokenRequest,
             CancellationToken cancellationToken = default)
         {
-            var cacheKey = this.GetCacheKey(mfaIdentifier);
+            var cacheKey = this.GetCacheKey(validateTokenRequest.MfaIdentifier);
             if (!this._memoryCache.TryGetValue<string>(cacheKey, out var emailAddress))
             {
                 this._logger.LogError($"{nameof(ValidateTokenAsync)} - CacheKey {cacheKey} not found");
@@ -267,8 +264,6 @@ public async Task<ValidateTokenResult> ValidateTokenAsync(
                 };
             }
 
-            var timeTolerance = TimeSpan.FromSeconds(20);
-
             var userEntity = await this._userRepository.GetAsync(o => o.EmailAddress == emailAddress);
             if (userEntity == null)
             {
@@ -280,13 +275,20 @@ public async Task<ValidateTokenResult> ValidateTokenAsync(
                 };
             }
 
+            var timeTolerance = TimeSpan.FromSeconds(20);
             var twoFactorAuthenticator = new TwoFactorAuthenticator();
-            var isTokenValid = twoFactorAuthenticator.ValidateTwoFactorPIN(userEntity.MfaSecret, token, timeTolerance);
+            var isTokenValid = twoFactorAuthenticator.ValidateTwoFactorPIN(userEntity.MfaSecret, validateTokenRequest.Token, timeTolerance);
 
             if (isTokenValid)
             {
                 this._memoryCache.Remove(cacheKey);
 
+                if (!string.IsNullOrEmpty(validateTokenRequest.IpAddress))
+                {
+                    this.SetValidLogin(validateTokenRequest.IpAddress);
+                }
+                this.SetValidLogin(emailAddress);
+
                 using var cancellationTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(this._timeoutDatabaseUpdate));
                 await this._userRepository.SetLastSuccessfulValidationTimestampAsync(o => o.Id == userEntity.Id, cancellationTokenSource.Token)
                     .ContinueWith(task => { });