public void ReturnExceptionWhenEmailDontExistSaveEncryptTokenTest()
{
IMateDAO <Mate> MateDAO = new MateDAO(_connection);
Mate testMate = new Mate();
testMate.FirstName = "Miguel";
testMate.LastName = "Dev";
testMate.UserName = "******";
testMate.Password = "******";
testMate.Email = "*****@*****.**";
testMate.Description = "Lorem Ipsum is simply dummy text of the printing and typesetting industry.";
testMate.Address = "Figueiró";
testMate.Categories = new[] { Categories.CLEANING, Categories.PLUMBING };
testMate.Rank = Ranks.SUPER_MATE;
testMate.Range = 20;
Mate returned = MateDAO.Create(testMate);
string refreshToken = RefreshTokenHelper.generateRefreshToken();
RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection);
Assert.Throws <Exception>(() => refreshTokenDAO.saveEncryptedRefreshToken(refreshToken, "*****@*****.**"));
_fixture.Dispose();
}
public void CanGetEncryptedTokenTest()
{
IMateDAO <Mate> MateDAO = new MateDAO(_connection);
Mate testMate = new Mate();
testMate.FirstName = "Miguel";
testMate.LastName = "Dev";
testMate.UserName = "******";
testMate.Password = "******";
testMate.Email = "*****@*****.**";
testMate.Description = "Lorem Ipsum is simply dummy text of the printing and typesetting industry.";
testMate.Address = "Figueiró";
testMate.Categories = new[] { Categories.CLEANING, Categories.PLUMBING };
testMate.Rank = Ranks.SUPER_MATE;
testMate.Range = 20;
Mate returned = MateDAO.Create(testMate);
string refreshToken = RefreshTokenHelper.generateRefreshToken();
RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection);
refreshTokenDAO.saveEncryptedRefreshToken(refreshToken, returned.Email);
EncryptedRefreshTokenModel returnedToken = refreshTokenDAO.GetEncryptedRefreshTokenModel(returned.Email);
Assert.Equal(returned.Email, returnedToken.Email);
Assert.True(PasswordOperations.VerifyHash(refreshToken, returnedToken.Hash, returnedToken.Salt));
_fixture.Dispose();
}
/// <summary>
/// Overload do método Autenticate , que cria um novo token
/// com as claims do token antigo e cria um novo refresh token
/// </summary>
/// <param name="email">Email do utilizador</param>
/// <param name="secret">Secret para criar o token de acesso</param>
/// <param name="claims">Claims do token de acesso antigo</param>
/// <returns>Retorna um objeto ResponseTokens, com o token de acesso novo
/// e o refresh token novo </returns>
public ResponseTokens Authenticate(string email, string secret, Claim[] claims)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.SerialNumber, claims[0].Value),
new Claim(ClaimTypes.Role, claims[1].Value),
new Claim(ClaimTypes.Email, claims[2].Value)
}),
Expires = DateTime.UtcNow.AddHours(2),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
string tokenString = tokenHandler.WriteToken(token);
string tokenRefresh = RefreshTokenHelper.generateRefreshToken();
RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection);
try{
if (refreshTokenDAO.GetEncryptedRefreshTokenModel(email) == null)
{
refreshTokenDAO.saveEncryptedRefreshToken(tokenRefresh, email);
}
else
{
refreshTokenDAO.updateEncryptedRefreshToken(tokenRefresh, email);
}
} catch (Exception e) {
throw new Exception(e.Message);
}
return(new ResponseTokens
{
Token = tokenString,
RefreshToken = tokenRefresh
});
}
/// <summary>
/// Método que faz o refresh de um token.
/// É utilizado o token antigo para validação e para ir buscar as claims
/// </summary>
/// <param name="tokens">Objeto ResponseTokens com o token antigo
/// e token de resfresh</param>
/// <param name="secret">Secret para criar um token de acesso novo</param>
/// <returns>Retorna um objeto ResponseTokens com o token novo
/// e token de resfresh novo</returns>
public ResponseTokens Refresh(ResponseTokens tokens, string secret)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(secret);
SecurityToken validatedToken;
var principal = tokenHandler.ValidateToken(tokens.Token,
new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = false
}, out validatedToken);
var jwtToken = validatedToken as JwtSecurityToken;
if (jwtToken == null || !jwtToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
{
throw new SecurityTokenException("Token Inválido!");
}
string email = ClaimHelper.GetEmailFromClaimIdentity((ClaimsIdentity)principal.Identity);
RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection);
EncryptedRefreshTokenModel encToken = refreshTokenDAO.GetEncryptedRefreshTokenModel(email);
if (encToken == null)
{
throw new Exception("O token nao existe para o email pretendido!");
}
if (PasswordOperations.VerifyHash(tokens.RefreshToken, encToken.Hash, encToken.Salt) == false)
{
throw new SecurityTokenException("Token Inválido!");
}
return(Authenticate(email, secret, principal.Claims.ToArray()));
}
public UserService(UserDAO userDao, RefreshTokenDAO refreshTokenDao, IPasswordEncoder passwordEncoder)
{
_userDao = userDao;
_refreshTokenDao = refreshTokenDao;
_passwordEncoder = passwordEncoder;
}
