private async Task <TokenResponseModel> RefreshToken(TokenRequestModel model)
{
try
{
if (_appSettings.AllowSiteWideTokenRefresh)
{
// STEP 1: Validate JWT Token
var jwtValidationResult = await ValidateAuthTokenAsync();
if (jwtValidationResult.IsValid && jwtValidationResult.Message == "Token Expired")
{
// check if there's an user with the refresh token's userId
var user = await _userManager.FindByEmailAsync(model.Email);
// also check if user is not admin / using admin cookie
if (user == null || user.UserRole == "Administrator")
{
// UserId not found or invalid
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
// check if the received refreshToken exists for the given clientId
var rt = _db.Tokens.FirstOrDefault(t =>
t.ClientId == _appSettings.ClientId &&
t.UserId == user.Id);
if (rt == null)
{
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
// check if refresh token is expired
if (rt.ExpiryTime < DateTime.UtcNow)
{
_cookieSvc.DeleteCookie("access_token");
_cookieSvc.DeleteCookie("refreshToken");
_cookieSvc.DeleteCookie("loginStatus");
_cookieSvc.DeleteCookie("username");
_cookieSvc.DeleteCookie("userRole");
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
/* Get the Data protection service instance */
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
/* Create a protector instance */
var protectorRt = protectorProvider.CreateProtector(rt.EncryptionKeyRt);
var unprotectedToken = protectorRt.Unprotect(_cookieSvc.Get("refreshToken"));
var decryptedToken = unprotectedToken.ToString();
if (rt.Value != decryptedToken)
{
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
var accessToken = await CreateAccessToken(user);
var expireTime = accessToken.Expiration.Subtract(DateTime.UtcNow).TotalMinutes;
var refreshTokenExpireTime = accessToken.RefreshTokenExpiration.Subtract(DateTime.UtcNow).TotalMinutes;
// set cookie for jwt and refresh token
// Expiry time for cookie - When Refresh token expires all other cookies should expire
// therefor set all the cookie expiry time to refresh token expiry time
_cookieSvc.SetCookie("access_token", accessToken.Token.ToString(), Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("refreshToken", accessToken.RefreshToken, Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("loginStatus", "1", Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("username", user.UserName, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("userRole", user.UserRole, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("user_id", accessToken.UserId, Convert.ToInt32(refreshTokenExpireTime));
accessToken.Principal = validateToken;
return(accessToken);
}
}
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
return(CreateErrorResponseToken($"Error => {ex.Message}", HttpStatusCode.Unauthorized));
}
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
