/// <summary>
/// Purges the Db for invalidated tokens. That is, TokenStore objects that
/// have a false IsValid flag
/// </summary>
/// <param name="serviceProvider">NET core service locator</param>
/// <param name="tokenService">Token related services</param>
public static void RemoveInvalidatedTokens(IServiceProvider serviceProvider, JWTAuthTokenServices tokenService)
{
var dbContext = serviceProvider.GetService(typeof(ApplicationDbContext)) as ApplicationDbContext;
dbContext.TokenStore.RemoveRange(dbContext.TokenStore
.Where(t => !t.IsValid));
dbContext.SaveChanges();
}
public void ExtractJWTTokenFromHttpRequest_MissingToken()
{
//Arrange
HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext());
//Act
var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest);
//Assert
Assert.IsTrue(string.IsNullOrEmpty(extractedToken));
}
public void GetTokenExpirationDateTime_Test()
{
//Arrange
ulong expectedExpTime = 1491701955;
//Act
var expTime = JWTAuthTokenServices.GetTokenExpirationDateTime(testToken);
//Assert
Assert.IsTrue(expTime == expectedExpTime);
}
public async Task Logout()
{
var token = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(HttpContext.Request);
if (string.IsNullOrEmpty(token))
{
return;
}
await _authData.AddToken(token, false);
}
public void ExtractJWTTokenFromHttpRequest_MissingBearer()
{
//Arrange
HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext());
httpRequest.Headers.Add("Authorization", testToken);
//Act
var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest);
//Assert
Assert.IsTrue(string.IsNullOrEmpty(extractedToken));
}
public void ExtractTokenFromHttpRequest_ValidTokenHeaderTest()
{
//Arrange
HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext());
httpRequest.Headers.Add("Authorization", string.Format("Bearer {0}", testToken));
//Act
var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest);
//Assert
Assert.AreEqual(testToken, extractedToken);
}
public async Task AddToken(string token, bool isValidToken)
{
var tokenStoreEntity = new TokenStore();
tokenStoreEntity.Token = token;
tokenStoreEntity.IsValid = isValidToken;
var tokenExpirationTime = JWTAuthTokenServices.GetTokenExpirationDateTime(token);
if (tokenExpirationTime != 0)
{
tokenStoreEntity.ExpirationTime = tokenExpirationTime;
}
await AddToken(tokenStoreEntity);
}
public async Task <IActionResult> Login([FromBody] NewUserViewModel userViewModel)
{
if (userViewModel == null)
{
return(BadRequest("Enter valid user credentials"));
}
var token = await JWTAuthTokenServices.GetJWTToken(userViewModel.Username, userViewModel.Password);
if (string.IsNullOrEmpty(token))
{
return(BadRequest("Invalid username or password"));
}
var responseObject = new {
accessToken = token
};
var redirectUrl = "api/heroes";
var successResponse = Utilities.CreateJsonSuccessReponse(responseObject, redirectUrl);
return(successResponse);
}
public async Task Invoke(HttpContext context)
{
var token = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(context.Request);
var isTokenValid = false;
//No token found. Continue pipeline and let other validation decide (controller, token gen, etc...)
if (string.IsNullOrEmpty(token))
{
isTokenValid = true;
}
TokenStore tokenStoreEntity;
//TODO: create method to check cache and if not in cache go to db
//not found in cache, check db
tokenStoreEntity = await _authData.GetToken(token);
//Console.WriteLine("token: {0} \nis valid: {1}", tokenStoreEntity?.Token, tokenStoreEntity?.IsValid);
//if token is not in db or is valid and not expired- consider token not invalidated
if (tokenStoreEntity == null || (tokenStoreEntity.IsValid && !JWTAuthTokenServices.IsTokenExpired(tokenStoreEntity.Token)))
{
isTokenValid = true;
}
if (!isTokenValid)
{
//token was found and is invalid
context.Response.StatusCode = 401;
await context.Response.WriteAsync("invalid token");
return;
}
await _next(context);
}
