public IActionResult Post(RevocationDTO revoke)
{
string tmp = string.Empty;
try
{
IRevocationService rs = new RevocationService(
_refreshService,
_configuration,
_tSLogger,
_tokenService,
_tokenServiceDbContext,
_encryptionService);
tmp = rs.TokenRevocation(revoke);
}
catch (InvalidTokenException exToken)
{
return(Unauthorized(new UnauthorizedError(exToken.Message)));
}
catch (InvalidUserException exUser)
{
return(Unauthorized(new UnauthorizedError(exUser.Message)));
}
catch (Exception ex)
{
return(Unauthorized(new UnauthorizedError(ex.Message)));
}
return(Ok(tmp));
}
public string TokenRevocation(RevocationDTO revocationDTO)
{
try
{
ValidationResult results1 = userloginvalidation.Validate(revocationDTO.user);
ValidationResult results2 = refreshvalidation.Validate(revocationDTO.refresh);
string refresh_token = HttpUtility.UrlDecode(revocationDTO.token);
Authorize authorize = oauth.Authorize.SingleOrDefault(x => x.Code == refresh_token);
User user = oauth.User.Where(x => x.UserId == authorize.UserId).FirstOrDefault();
UserDTO userLoginDTO = mapper.Map <UserDTO>(user);
//Check user is authenticated
var handler = new UserAuthenticationHandler();
handler.Handle(userLoginDTO);
revocationDTO.user = userLoginDTO;
//Check refresh token provided is real
var refreshhandler = new RefreshTokenAuthenticationHandler();
refreshhandler.Handle(revocationDTO);
//Set the refresh token to null
authorize.Code = null;
oauth.SaveChanges();
return(TokenConstants.RevokedToken);
}
catch (InvalidTokenException) { throw; }
catch (InvalidUserException) { throw; }
catch (Exception ex)
{
Log.Log.Error(ex, TokenConstants.InvalidUser);
throw new InvalidUserException(TokenConstants.InvalidUser);
}
}
