public async Task <Results <RefreshTokenContract> > Login(PandaUserLoginContract account)
{
var refreshTokenIsNullOrEmpty = await _userLogic.RefreshTokenIsNullOrEmpty(account.Email);
if (!refreshTokenIsNullOrEmpty)
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>("User still loged in."));
}
var signInResult = await _userLogic.Login(account);
if (signInResult.IsError())
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>(signInResult.Errors.ToArray()));
}
account.Id = signInResult.Data.Id;
var token = _jwtTokenService.GenerateToken(account.Email, account.Id.ToString());
var refreshToken = _jwtTokenService.GenerateRefreshToken();
var tokenData = new RefreshTokenContract {
RefreshToken = refreshToken, Token = token
};
var refreshTokenResult = await _userLogic.UpdateRefreshTokenToUser(account.Email, refreshToken);
if (refreshTokenResult.IsError())
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>(refreshTokenResult.Errors.ToArray()));
}
return(PandaResponse.CreateSuccessResponse(tokenData));
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenContract token)
{
if (!ModelState.IsValid)
{
return(StatusCode(500,
new
{
Error = ModelState.Values.SelectMany(s => s.Errors.Select(ss => ss.ErrorMessage)).ToList(),
Structure = new RefreshTokenContract {
}
}
));
}
var result = await _gatewayFacade.GateWayInvoke(
method : BaseMethod,
token : Token,
path : BasePath,
token,
query : BaseQueryString
);
if (result.IsError())
{
return(StatusCode(500, result));
}
return(Ok(result));
}
public async Task <Results <RefreshTokenContract> > RefreshToken(RefreshTokenContract token)
{
var principal = _jwtTokenService.GetPrincipalFromExpiredToken(token.Token);
if (principal == null)
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>("Invalid refresh token"));
}
var email = _jwtTokenService.GetValueFromClaimType(principal, JwtRegisteredClaimNames.Email);
if (string.IsNullOrEmpty(email))
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>("Invalid claim email"));
}
var userId = _jwtTokenService.GetValueFromClaimType(principal, JwtRegisteredClaimNames.NameId);
if (string.IsNullOrEmpty(userId))
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>("Invalid claim userId"));
}
var tokenValid = await _userLogic.ValidateRefreshToken(email, token.RefreshToken);
if (tokenValid.IsError())
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>(tokenValid.Errors.ToArray()));
}
var newJwtToken = _jwtTokenService.GenerateToken(email, userId);
var newRefreshToken = _jwtTokenService.GenerateRefreshToken();
var updateRefreshTokenResult = await _userLogic.UpdateRefreshTokenToUser(email, newRefreshToken);
if (updateRefreshTokenResult.IsError())
{
return(PandaResponse.CreateErrorResponse <RefreshTokenContract>(updateRefreshTokenResult.Errors.ToArray()));
}
var result = PandaResponse.CreateSuccessResponse <RefreshTokenContract>(
new RefreshTokenContract
{
Token = newJwtToken,
RefreshToken = newRefreshToken
});
return(result);
}
public async Task <IActionResult> SignIn([FromBody] GenericUserContract account)
{
GenericUser accountData = await _accountFacade.SignIn(account);
var response = LinqExtensions.CreateErrorResponse <RefreshTokenContract>("Unauthorized");
if (accountData != null)
{
var token = _jwtTokenService.GenerateToken(accountData.Email, accountData.Id.ToString());
var refreshToken = _jwtTokenService.GenerateRefreshToken();
var tokenData = new RefreshTokenContract {
RefreshToken = refreshToken, Token = token
};
response = LinqExtensions.CreateSuccessResponse(tokenData);
}
return(Ok(response));
}
public RefreshTokenResult RefreshToken([FromBody] RefreshTokenContract contract)
{
ClaimsPrincipal сlaimsPrincipal = null;
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("authentification_security_key!qwe123"));
try
{
сlaimsPrincipal = new JwtSecurityTokenHandler().ValidateToken(contract.AccessToken, new TokenValidationParameters
{
ValidIssuer = "VelevetechTestIssuer",
ValidAudience = "VelevetechTest",
IssuerSigningKey = key,
ValidateLifetime = false,
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero
}, out var securityToken);
if (!(securityToken is JwtSecurityToken jwtSecurityToken) || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
{
throw new SecurityTokenException("Invalid token");
}
}
catch
{
// invalid token/signing key was passed and we can't extract user claims
return(null);
}
var userIdStr = сlaimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
var login = сlaimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimsIdentity.DefaultNameClaimType)?.Value;
if (!Guid.TryParse(userIdStr, out Guid userId))
{
return(null);
}
var newRefreshToken = Guid.NewGuid();
_authenticationService.UpdateRefreshToken(userId, contract.RefreshToken, newRefreshToken);
var claims = new List <Claim>
{
new Claim(ClaimsIdentity.DefaultNameClaimType, login),
new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
};
var identity = new ClaimsIdentity(claims, "Token", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
var now = DateTime.UtcNow;
var jwt = new JwtSecurityToken(
issuer: "VelevetechTestIssuer",
audience: "VelevetechTest",
notBefore: now,
claims: identity.Claims,
expires: now.Add(TimeSpan.FromMinutes(30)),
signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256));
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return(new RefreshTokenResult
{
AccessToken = encodedJwt,
RefreshToken = newRefreshToken,
ExpirationTime = DateTime.Now.AddMinutes(30),
});
}
