public async Task <TokensCortage> Login(string email, string password)
{
var user = await _userManager.FindByNameAsync(email);
if (user == null)
{
throw new AuthenticationException();
}
var checkResult = await _userManager.CheckPasswordAsync(user, password);
if (!checkResult)
{
throw new AuthenticationException();
}
var refreshToken = _tokenGenerator.GenerateRefreshToken();
await _tokenService.AddRefreshToken(refreshToken, user);
return(new TokensCortage()
{
Token = _tokenGenerator.GenerateAccessToken(user),
RefreshToken = refreshToken
});
}
private TokenResponse GetTokenResponse(User user)
{
var accessTokenExpiry = DateTime.UtcNow.AddMinutes(_config.JWT_EXPIRE_MINUTES);
var principal = ClaimsPrincipalHelper.Create <User>(user);
var identity = (ClaimsIdentity)principal.Identity;
var securityTokenDescriptor = new SecurityTokenDescriptor
{
SigningCredentials = _signingCredentials,
Subject = identity,
Expires = accessTokenExpiry
};
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(securityTokenDescriptor);
var accessToken = handler.WriteToken(securityToken);
Logger.Info("User login: {0}", user.UserName);
var refreshToken = _tokenGenerator.GenerateRefreshToken();
var expiration = DateTime.UtcNow.AddDays(_config.JWT_REFRESH_TOKEN_EXPIRE_IN_DAYS);
_usersService.UpdateRefreshToken(user, refreshToken, expiration);
return(new TokenResponse()
{
access_token = accessToken,
refresh_token = refreshToken,
token_type = "Bearer",
expires_in = (int)TimeSpan.FromMinutes(_config.JWT_EXPIRE_MINUTES).TotalSeconds,
user_id = user.Id,
user_name = user.Name,
user_role = user.Role
});
}
public async Task <ApiResponse> Login([FromBody] LoginModel model)
{
if (!ModelState.IsValid)
{
throw new ApiException(ModelState.AllErrors(), StatusCodes.Status401Unauthorized);
}
var result = await _signInManager.PasswordSignInAsync(model.Email,
model.Password,
model.RememberLogin,
false);
if (!result.Succeeded)
{
ModelState.AddModelError(string.Empty, "Invalid email or password");
throw new ApiException(ModelState.AllErrors(), StatusCodes.Status401Unauthorized);
}
var user = await _userManager.FindByNameAsync(model.Email);
var token = _tokenGenerator.GenerateJwtToken(user.AppUserId);
var refreshToken = _tokenGenerator.GenerateRefreshToken();
user.RefreshTokens.Add(refreshToken);
_dbContext.Set <AuthUser>().Update(user);
await _dbContext.SaveChangesAsync();
var refreshTokenByteArray = Encoding.ASCII.GetBytes(JsonConvert.SerializeObject(refreshToken));
try
{
var jwtToken = new JwtSecurityTokenHandler().WriteToken(token);
return(new ApiResponse(new
{
token = jwtToken,
expires = token.ValidTo,
refreshToken = Convert.ToBase64String(refreshTokenByteArray)
}));
}
catch (Exception ex)
{
throw new ApiException(ex);
}
}
public TokenDTO ValidateCredentials(UserDTO userDTO)
{
string encryptesdPassword = ComputeHash(userDTO.password, new SHA256CryptoServiceProvider());
var user = _userRepository.GetAll()
.Where(u => u.Email.Equals(userDTO.email) && u.Password == encryptesdPassword)
.FirstOrDefault();
if (user == null)
{
return(null);
}
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, user.Email)
};
var accessToken = _tokenService.GenerateAccessToken(claims);
var refreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = refreshToken;
user.RefreshTokenExpiryDate = DateTime.Now.AddDays(_configuration.DaysToExpiry);
_userRepository.Update(user);
DateTime createDate = DateTime.Now;
DateTime expirationDate = createDate.AddMinutes(_configuration.Minutes);
return(new TokenDTO(
true,
createDate.ToString(DATE_FORMAT),
expirationDate.ToString(DATE_FORMAT),
accessToken,
refreshToken
));
}
public async Task <TokensCortage> RefreshToken(string token, string refreshToken)
{
var principal = GetPrincipalFromExpiredToken(token);
var userId = principal.GetUserId();
var savedToken = await _context.RefreshTokens.ByUser(userId).FirstAsync();
if (savedToken == null || savedToken.Token != refreshToken)
{
throw new SecurityTokenException("Invalid refresh token");
}
var newToken = _tokenGenerator.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenGenerator.GenerateRefreshToken();
await UpdateRefreshToken(userId, newRefreshToken);
return(new TokensCortage()
{
Token = newToken, RefreshToken = newRefreshToken
});
}
public async Task <IActionResult> TokenAsync(
string grant_type,
string code,
string redirect_uri,
string client_id,
string code_verifier,
string client_secret
)
{
var clientid = Guid.Parse(client_id);
var clientsecret = Guid.Parse(client_secret);
var client = await dataContext.OAuthClients.Where(x => x.ClientId == clientid &&
x.ClientSecret == clientsecret).AsNoTracking().FirstOrDefaultAsync();
if (client is not null)
{
var user = await dataContext.Users.Where(x => x.UserName == StaticData.CurrentUserName).AsNoTracking().FirstOrDefaultAsync();
var access_token = await tokenGenerator.GenerateAccessToken(user);
var refresh_token = tokenGenerator.GenerateRefreshToken(user);
var responseObject = new
{
access_token,
refresh_token,
token_type = "bearer"
};
var responseJson = JsonConvert.SerializeObject(responseObject);
var responseBytes = Encoding.UTF8.GetBytes(responseJson);
await Response.Body.WriteAsync(responseBytes, 0, responseBytes.Length);
return(Redirect(redirect_uri));
}
return(View());
}
