Beispiel #1
0
        public void CanUpdateEncryptedRefreshTokenTest()
        {
            IMateDAO <Mate> MateDAO  = new MateDAO(_connection);
            Mate            testMate = new Mate();

            testMate.FirstName   = "Miguel";
            testMate.LastName    = "Dev";
            testMate.UserName    = "******";
            testMate.Password    = "******";
            testMate.Email       = "*****@*****.**";
            testMate.Description = "Lorem Ipsum is simply dummy text of the printing and typesetting industry.";
            testMate.Address     = "Figueiró";
            testMate.Categories  = new[] { Categories.CLEANING, Categories.PLUMBING };
            testMate.Rank        = Ranks.SUPER_MATE;
            testMate.Range       = 20;

            Mate returned = MateDAO.Create(testMate);

            string          refreshToken    = RefreshTokenHelper.generateRefreshToken();
            RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection);

            refreshTokenDAO.saveEncryptedRefreshToken(refreshToken, returned.Email);

            string secondRefreshToken = RefreshTokenHelper.generateRefreshToken();
            bool   updated            = refreshTokenDAO.updateEncryptedRefreshToken(secondRefreshToken, returned.Email);
            EncryptedRefreshTokenModel returnedToken = refreshTokenDAO.GetEncryptedRefreshTokenModel(returned.Email);

            Assert.True(updated);
            Assert.True(PasswordOperations.VerifyHash(secondRefreshToken, returnedToken.Hash, returnedToken.Salt));

            _fixture.Dispose();
        }
Beispiel #2
0
        /// <summary>
        /// Overload do método Autenticate , que cria um novo token
        /// com as claims do token antigo e cria um novo refresh token
        /// </summary>
        /// <param name="email">Email do utilizador</param>
        /// <param name="secret">Secret para criar o token de acesso</param>
        /// <param name="claims">Claims do token de acesso antigo</param>
        /// <returns>Retorna um objeto ResponseTokens, com o token de acesso novo
        /// e o refresh token novo </returns>
        public ResponseTokens Authenticate(string email, string secret, Claim[] claims)
        {
            var tokenHandler    = new JwtSecurityTokenHandler();
            var key             = Encoding.ASCII.GetBytes(secret);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new Claim[]
                {
                    new Claim(ClaimTypes.SerialNumber, claims[0].Value),
                    new Claim(ClaimTypes.Role, claims[1].Value),
                    new Claim(ClaimTypes.Email, claims[2].Value)
                }),

                Expires            = DateTime.UtcNow.AddHours(2),
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
            };

            SecurityToken token       = tokenHandler.CreateToken(tokenDescriptor);
            string        tokenString = tokenHandler.WriteToken(token);

            string tokenRefresh = RefreshTokenHelper.generateRefreshToken();

            RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection);

            try{
                if (refreshTokenDAO.GetEncryptedRefreshTokenModel(email) == null)
                {
                    refreshTokenDAO.saveEncryptedRefreshToken(tokenRefresh, email);
                }
                else
                {
                    refreshTokenDAO.updateEncryptedRefreshToken(tokenRefresh, email);
                }
            } catch (Exception e) {
                throw new Exception(e.Message);
            }

            return(new ResponseTokens
            {
                Token = tokenString,
                RefreshToken = tokenRefresh
            });
        }