public IActionResult RefreshToken()
{
// Get refresh token
var refreshToken = Request.Cookies[refreshTokenCookie];
var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]).Parameter;
// Validate tokens
var authModel = ValidateTokens(authToken, refreshToken);
if (authModel == null)
{
return(BadRequest());
}
// Generate new tokens
var newRefreshToken = GenerateRefreshToken(authModel.User);
var newAuthToken = GenerateJWT(authModel.User, config);
// Revoke old refresh token
authModel.RefreshToken.Revoked = DateTime.UtcNow;
authModel.RefreshToken.ReplacedBy = newRefreshToken.Token;
// Add new refresh token
authUnit.Tokens.AddToken(newRefreshToken);
// Update existing tokens
authUnit.Tokens.UpdateToken(authModel.RefreshToken);
// Save context
authUnit.Complete();
// Append to cookies
SetCookie(newRefreshToken);
return(Ok(new UserLoginResponse(newAuthToken)));
}
public IActionResult EditProfile(string username, [FromForm] UserEditProfileRequest editProfileRequest)
{
if (authUnit.Users.GetUserByUsername(username) == null)
{
return(NotFound());
}
var userId = AuthController.GetUserIdFromPrincipal(Request, config.Secret);
var user = authUnit.Users.GetUserById(userId);
// Validate user
if (user == null)
{
return(NotFound());
}
if (user.Username != username)
{
return(Unauthorized());
}
if (editProfileRequest.Username != user.Username)
{
if (editProfileRequest.Username == string.Empty ||
authUnit.Users.GetUserByUsername(editProfileRequest.Username) != null)
{
return(BadRequest());
}
}
// Apply mapping and update user
mapper.Map(editProfileRequest, user);
authUnit.Users.UpdateUser(user);
authUnit.Complete();
return(NoContent());
}