public async Task Auth_Should_Return_JsonResult_With_TokenResponseViewModel_If_Grant_Type_Is_refresh_token()
{
this.tokenServiceMock = new Mock <ITokenService>();
this.tokenServiceMock.Setup(m => m.ReplaceUserRefreshToken(It.IsAny <string>(), It.IsAny <string>()))
.Returns(Task.FromResult(new Token()
{
UserId = "user-id", Value = "token-value"
}));
this.Arrange_Configuration();
this.configurationMock = new Mock <IConfiguration>();
this.tokenController = new TokenController(this.tokenServiceMock.Object, this.configuration);
var model = this.CreateTokenRequestModelWithPasswordGrantType();
model.grant_type = "refresh_token";
IActionResult actionResult = await this.tokenController.Auth(model);
this.Annihilate();
var jsonResult = actionResult.Should().BeOfType <JsonResult>();
JsonResult result = actionResult as JsonResult;
TokenResponseViewModel tokenResponse = result.Value as TokenResponseViewModel;
Assert.NotNull(tokenResponse);
}
private async Task ExternalLoginCallback_OnUserNotExistingAndCouldCreateNewUser_ReturnsViewResultWithObject()
{
_userServiceMock.Setup(mock => mock.FindUserByEmail(It.IsAny <string>())).ReturnsAsync((AppUser)null);
_userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true);
UserRegisterViewModel model = new UserRegisterViewModel()
{
Email = _properEmail
};
_userServiceMock.Setup(mock => mock.GetRegisterModel(It.IsAny <ExternalLoginInfo>())).Returns(model);
IActionResult result = await _controller.ExternalLoginCallback(null);
ViewResult resultObject = result as ViewResult;
TokenResponseViewModel resultData = resultObject.ViewData.Model as TokenResponseViewModel;
Assert.NotNull(result);
Assert.IsType <ViewResult>(result);
Assert.Equal("foo1", resultData.DisplayName);
Assert.Equal("foo2", resultData.Email);
Assert.Equal("foo3", resultData.RefreshToken);
Assert.Equal("foo4", resultData.Role);
Assert.Equal("foo5", resultData.Token);
Assert.Equal("foo6", resultData.User);
}
private async Task <IActionResult> GetToken(TokenRequestViewModel viewModel)
{
var user = await _userAndRoleRepository.GetUserByNameAsync(viewModel.Username);
if (user == null && viewModel.Username.Contains("@"))
{
user = await _userAndRoleRepository.GetUserByEmailAsync(viewModel.Username);
}
if (user == null || !await _userAndRoleRepository.CheckPasswordAsync(user, viewModel.Password))
{
return(new UnauthorizedResult());
}
var token = _tokenService.GenerateRefreshToken(viewModel.ClientId, user.Id);
await _tokenRepository.AddRefreshToken(token);
var accessTokenData = _tokenService.CreateAccessToken(user.Id);
var response = new TokenResponseViewModel
{
Token = accessTokenData.EncodedToken,
Expiration = accessTokenData.ExporationTimeInMinutes,
RefreshToken = token.Value
};
return(Json(response));
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel)
{
var refreshToken =
await _tokenRepository.CheckRefreshTokenForClient(viewModel.ClientId, viewModel.RefreshToken);
if (refreshToken == null)
{
return(new UnauthorizedResult());
}
var user = await _userAndRoleRepository.GetUserById(refreshToken.UserId);
if (user == null)
{
return(new UnauthorizedResult());
}
var newRefreshToken = _tokenService.GenerateRefreshToken(refreshToken.ClientId, refreshToken.UserId);
await _tokenRepository.RemoveRefreshToken(refreshToken);
await _tokenRepository.AddRefreshToken(newRefreshToken);
var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId);
var response = new TokenResponseViewModel
{
Expiration = tokenData.ExporationTimeInMinutes,
RefreshToken = newRefreshToken.Value,
Token = tokenData.EncodedToken
};
return(Json(response));
}
public async Task <ActionResult <TokenResponseViewModel> > Post([FromBody] LogonViewModel credentials)
{
if (!ModelState.IsValid)
{
return(BadRequest(AuthenticationErrorViewModel.Init(ModelState)));
}
// user name used at logon is "email"
var identity = await GetClaimsIdentity(credentials.UserName, credentials.Password);
if (identity == null)
{
return(BadRequest(AuthenticationErrorViewModel.Init(Errors.AddErrorToModelState("login_failure", "User not known.", ModelState))));
}
var user = new UserViewModel {
UserName = identity.Name,
Id = identity.Claims.Single(c => c.Type == "id").Value
};
// log user immediately in
var result = await _signin.CheckPasswordSignInAsync(user, credentials.Password, true);
if (!result.Succeeded)
{
return(BadRequest(AuthenticationErrorViewModel.Init(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState))));
}
// Serialize and return the response
var response = new TokenResponseViewModel {
Id = identity.Claims.Single(c => c.Type == "id").Value,
AuthToken = await _jwtFactory.GenerateEncodedToken(credentials.UserName, identity),
ExpiresIn = (int)_jwtOptions.ValidFor.TotalSeconds
};
return(response);
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
// check if there's an user with the given username
var user = await _signInManager.UserManager.FindByNameAsync(model.username);
// fallback to support e-mail address instead of username
if (user == null && model.username.Contains("@"))
{
user = await _signInManager.UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await _signInManager.UserManager.CheckPasswordAsync(user, model.password))
{
return(new UnauthorizedResult());
}
// username & password matches: create and return the
DateTime now = DateTime.UtcNow;
// add the registered claims for JWT (RFC7519).
// For more info, see https://tools.ietf.org/html/rfc7519#section-4.1
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
};
var tokenExpirationMins = _configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes");
var issuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_configuration["Auth:Jwt:Key"]));
var token = new JwtSecurityToken(
issuer: _configuration["Auth:Jwt:Issuer"],
audience: _configuration["Auth:Jwt:Audience"],
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256)
);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
// build & return the response
var response = new TokenResponseViewModel()
{
token = encodedToken,
expiration = tokenExpirationMins
};
return(Json(response));
}
catch (Exception e)
{
return(new UnauthorizedResult());
}
}
public TokenControllerTests()
{
Thread.CurrentPrincipal = new TestPrincipalWrapper(new Claim(ClaimTypes.Email, _properEmail));
_externalLoginInfoInstance = new ExternalLoginInfo((ClaimsPrincipal)Thread.CurrentPrincipal, "Facebook", "providers_key", "some_display_name");
_returnedResponseTokenModel = new TokenResponseViewModel()
{
DisplayName = "foo1",
Email = "foo2",
RefreshToken = "foo3",
Role = "foo4",
Token = "foo5",
User = "******"
};
_properRevokeTokenModel = new RevokeTokenRequestViewModel()
{
UserName = _properName,
Token = _properToken,
RefreshToken = _properToken
};
_properRefreshTokenModel = new RefreshTokenRequestViewModel()
{
Email = _properEmail,
RefreshToken = _properToken
};
_properTokenRequestModel = new TokenRequestViewModel()
{
Email = _properEmail,
Password = _properPassword,
};
_properUser = new AppUser()
{
Email = _properEmail
};
DefaultHttpContext httpContext = new DefaultHttpContext();
TempDataDictionary tempData = new TempDataDictionary(httpContext, Mock.Of <ITempDataProvider>())
{
{ "requestIp", "127.0.0.1" }
};
_tokenServiceMock = new Mock <ITokenService>();
_userServiceMock = new Mock <IUserService>();
_userServiceMock.Setup(mock => mock.GetIpAddress(It.IsAny <DefaultHttpContext>())).Returns("127.0.0.1");
_userServiceMock.Setup(mock => mock.FindUserByEmail(_properEmail)).ReturnsAsync(_properUser);
_userServiceMock.Setup(mock => mock.FindUserByEmail(_wrongEmail)).ReturnsAsync((AppUser)null);
_userServiceMock.Setup(mock => mock.VerifyUsersPassword(It.IsAny <AppUser>(), It.IsAny <string>())).ReturnsAsync(true);
_userServiceMock.Setup(mock => mock.GetUserRoleAsync(It.IsAny <AppUser>())).ReturnsAsync("User");
_userServiceMock.Setup(mock => mock.GetExternalLogin()).ReturnsAsync(_externalLoginInfoInstance);
_userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true);
_tokenServiceMock.Setup(mock => mock.GenerateTokenResponse(It.IsAny <AppUser>(), It.IsAny <string>(), It.IsAny <string>())).Returns(_returnedResponseTokenModel);
_tokenServiceMock.Setup(mock => mock.VerifyRefreshToken(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>())).Returns(true);
_tokenServiceMock.Setup(mock => mock.RevokeTokens(_properRevokeTokenModel)).Returns(true);
_controller = new TokenController(_tokenServiceMock.Object, _userServiceMock.Object)
{
TempData = tempData
};
}
private async Task <TokenResponseViewModel> GenerateJWT(string email)
{
var user = await _userManager.FindByEmailAsync(email);
var claims = await _userManager.GetClaimsAsync(user);
var userRoles = await _userManager.GetRolesAsync(user);
//Adicionamos a coleção de Claims do Usuario, que nos informa o que ele tem permissão depois que ele já está autorizado a entrar no sistema.
claims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id));
claims.Add(new Claim(JwtRegisteredClaimNames.UniqueName, user.Email));
claims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, ToUnixEpochDate(DateTime.UtcNow).ToString()));
claims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
foreach (var role in userRoles)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(claims);
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = identityClaims,
Issuer = _appSettings.Emitter,
Audience = _appSettings.ValidIn,
Expires = DateTime.UtcNow.AddHours(_appSettings.ExpirationHours),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var encodedToken = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
var response = new TokenResponseViewModel
{
AccessToken = encodedToken,
ExpiresIn = TimeSpan.FromHours(_appSettings.ExpirationHours).TotalSeconds,
UserToken = new UserTokenViewModel
{
Claims = claims.Select(c => new ClaimViewModel {
Type = c.Type, Value = c.Value
}),
Email = user.Email,
Id = user.Id,
UniqueName = user.Email
}
};
return(response);
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel)
{
try
{
var refreshTokenResult = await _queryDispatcher.DispatchAsync <GetTokenQuery, GetTokenQueryResult>(new GetTokenQuery
{
ClientId = viewModel.ClientId,
RefreshToken = viewModel.RefreshToken
});
if (refreshTokenResult.Token == null)
{
return(new UnauthorizedResult());
}
var userResult = await _queryDispatcher.DispatchAsync <GetUserByIdQuery, GetUserQueryResult>(new GetUserByIdQuery
{
UserId = refreshTokenResult.Token.UserId
});
if (userResult.User == null)
{
return(new UnauthorizedResult());
}
var newRefreshToken = _tokenService.GenerateRefreshToken(refreshTokenResult.Token.ClientId,
refreshTokenResult.Token.UserId);
await _commandDispatcher.DispatchAsync <RemoveTokenCommand>(new RemoveTokenCommand
{
Id = refreshTokenResult.Token.Id
});
await _commandDispatcher.DispatchAsync <AddTokenCommand>(new AddTokenCommand
{
Token = refreshTokenResult.Token
});
var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId);
var response = new TokenResponseViewModel
{
Expiration = tokenData.ExporationTimeInMinutes,
RefreshToken = newRefreshToken.Value,
Token = tokenData.EncodedToken
};
return(Json(response));
}
catch (Exception)
{
return(new UnauthorizedResult());
}
}
public static async Task <TokenResponseViewModel> GenerateJwt(ClaimsIdentity identity, IJwtFactory jwtFactory, string userName, JwtIssuerOptions jwtOptions, JsonSerializerSettings serializerSettings)
{
var response = new TokenResponseViewModel
{
id = identity.Claims.Single(c => c.Type == "id").Value,
auth_token = await jwtFactory.GenerateEncodedToken(userName, identity),
expires_in = (int)jwtOptions.ValidFor.TotalSeconds
};
//return JsonConvert.SerializeObject(response, serializerSettings);
return(response);
}
private async Task <ActionResult <TokenResponseViewModel> > GetToken(TokenRequestViewModel model)
{
try
{
var user = await userManager.FindByNameAsync(model.UserName);
if (user == null && model.UserName.Contains("@"))
{
user = await userManager.FindByEmailAsync(model.UserName);
}
if (user == null || !await userManager.CheckPasswordAsync(user, model.Password))
{
return(new UnauthorizedResult());
}
var roles = await userManager.GetRolesAsync(user);
var now = DateTime.UtcNow;
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
};
var tokenExpirationMins = config.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes");
var issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["Auth:Jwt:Key"]));
var token = new JwtSecurityToken(
issuer: config["Auth:Jwt:Issuer"],
audience: config["Auth:Jwt:Audience"],
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256)
);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
var response = new TokenResponseViewModel
{
Token = encodedToken,
Expiration = tokenExpirationMins,
UserName = user.UserName,
FullName = $"{user.FirstName} {user.LastName}",
Roles = roles.ToArray <string>()
};
return(response);
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel viewModel)
{
try
{
var userResult = await _queryDispatcher.DispatchAsync <GetUserByNameQuery, GetUserQueryResult>(new GetUserByNameQuery
{
UserName = viewModel.Username
});
if (userResult.User == null && viewModel.Username.Contains("@"))
{
userResult = await _queryDispatcher.DispatchAsync <GetUserByEmailQuery, GetUserQueryResult>(new GetUserByEmailQuery
{
Email = viewModel.Username
});
}
var checkUserPasswordResult = await _queryDispatcher.DispatchAsync <CheckUserPasswordQuery, CheckUserPasswordQueryResult>(new CheckUserPasswordQuery
{
User = userResult.User,
Password = viewModel.Password
});
if (userResult.User == null || !checkUserPasswordResult.IsCorrect)
{
return(new UnauthorizedResult());
}
var token = _tokenService.GenerateRefreshToken(viewModel.ClientId, userResult.User.Id);
await _commandDispatcher.DispatchAsync <AddTokenCommand>(new AddTokenCommand
{
Token = token
});
var accessTokenData = _tokenService.CreateAccessToken(userResult.User.Id);
var response = new TokenResponseViewModel
{
Token = accessTokenData.EncodedToken,
Expiration = accessTokenData.ExporationTimeInMinutes,
RefreshToken = token.Value
};
return(Json(response));
}
catch (Exception)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
var user = await _userManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await _userManager.FindByEmailAsync(model.username);
}
if (user == null || !await _userManager.CheckPasswordAsync(user, model.password))
{
return(Unauthorized(new UnauthorizedError()));
}
DateTime now = DateTime.Now;
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now)
.ToUnixTimeSeconds().ToString())
};
var tokenExpirationMins =
_configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes");
var issuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_configuration["Auth:Jwt:Key"])
);
var token = new JwtSecurityToken(
issuer: _configuration["Auth:Jwt:Issuer"],
audience: _configuration["Auth:Jwt:Audience"],
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
signingCredentials: new SigningCredentials(issuerSigningKey,
SecurityAlgorithms.HmacSha256));
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
var response = new TokenResponseViewModel()
{
token = encodedToken,
expiration = tokenExpirationMins
};
return(Json(response));
}
catch (Exception ex)
{
return(Unauthorized(new UnauthorizedError()));
}
}
private async Task ExternalLoginCallback_OnNoRemoteErrorAndInfoReceivedAndUserExisting_ReturnsViewResultWithObject()
{
IActionResult result = await _controller.ExternalLoginCallback(null);
ViewResult resultObject = result as ViewResult;
TokenResponseViewModel resultData = resultObject.ViewData.Model as TokenResponseViewModel;
Assert.NotNull(result);
Assert.IsType <ViewResult>(result);
Assert.Equal("foo1", resultData.DisplayName);
Assert.Equal("foo2", resultData.Email);
Assert.Equal("foo3", resultData.RefreshToken);
Assert.Equal("foo4", resultData.Role);
Assert.Equal("foo5", resultData.Token);
Assert.Equal("foo6", resultData.User);
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
Token refreshToken = await this.tokenService.CreateUserRefreshToken(model.username, model.password, model.client_id);
CurrentlyLoggedInUsersSingleton.AddNewEntry(model.username, refreshToken.UserId);
TokenResponseViewModel tokenResponse = this.CreateAccessToken(refreshToken.UserId, refreshToken.Value, model.username);
return(Json(tokenResponse));
}
catch (VideoChatWebAppMainException e) when(e is UserNotFoundException || e is UserPasswordMissmatchException)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
//check if there's an user with the givem username
var user = await UserManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
//check for authorization
if (user == null || !await UserManager.CheckPasswordAsync(user, model.password))
{
return(new UnauthorizedResult());
}
DateTime now = DateTime.UtcNow;
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
};
var roles = await UserManager.GetRolesAsync(user);
claims.AddRange(roles.Select(role => new Claim(ClaimsIdentity.DefaultRoleClaimType, role)));
var tokenExpirationMins = Configuration.GetValue <int>("Customer:Jwt:TokenExpirationInMinutes");
var issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Customer:Jwt:Key"]));
var token = new JwtSecurityToken(issuer: Configuration["Customer:Jwt:Issuer"], audience: Configuration["Customer:Jwt:Audience"],
claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256));
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
var response = new TokenResponseViewModel()
{
token = encodedToken,
expiration = tokenExpirationMins
};
return(Json(response));
}
catch (Exception)
{
return(new UnauthorizedResult());
}
}
public async Task <IActionResult> SignIn(Credentials credentials)
{
string jwtString;
try
{
jwtString = await this.authService.GetJwt(credentials.Login, credentials.Password);
}
catch (UserNotFoundException)
{
return(BadRequest("Invalid login or password."));
}
var tokenViewModel = new TokenResponseViewModel()
{
login = credentials.Login,
access_token = jwtString
};
return(Ok(tokenViewModel));
}
private TokenResponseViewModel CreateAccessToken(string userId, string refreshToken)
{
DateTime now = DateTime.UtcNow;
// add the registered claims for JWT (RFC7519)
// for more info, see: https://tools.ietf.org/html/rfc7519#section-4.1
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, userId),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()),
// TODO: add additional claims here
};
var tokenExpirationMins = Configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes");
var issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"]));
var token = new JwtSecurityToken(
issuer: Configuration["Auth:Jwt:Issuer"],
audience: Configuration["Auth:Jwt:Audience"],
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256)
);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
// build and return the response
var response = new TokenResponseViewModel()
{
token = encodedToken,
expiration = tokenExpirationMins,
refresh_token = refreshToken
};
return(response);
}
public static void StoreToken(TokenResponseViewModel token)
{
var session = HttpContext.Current.Session;
session["Token"] = token;
}
public async Task <ActionResult> Login(LoginViewModel model)
{
if (ModelState.IsValid)
{
const String URI_ADDRESS = "api/Accounts/Login";
try
{
var client = GlobalWebApiClient.GetClient();
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair <string, string>("grant_type", "password"),
new KeyValuePair <string, string>("email", model.Email),
new KeyValuePair <string, string>("password", model.Password)
});
var response = await client.PostAsync(URI_ADDRESS, content);
if (response.IsSuccessStatusCode)
{
var tokenResponse = await response.Content.ReadAsStringAsync();
var vmTokenResponse = new TokenResponseViewModel
{
AccessToken = tokenResponse
};
GlobalWebApiClient.StoreToken(vmTokenResponse);
if (vmTokenResponse != null)
{
Session["Email"] = vmTokenResponse.Username.ToString();
var clientUser = GlobalWebApiClient.GetClient();
var resultLoggedUser = clientUser.GetAsync("api/Accounts/LoggedUser").Result;
var resultLoggedEmail = clientUser.GetAsync(@"api/profiles/profile/" + Session["Email"].ToString().EncodeBase64()).Result;
if (!resultLoggedEmail.IsSuccessStatusCode)
{
if (resultLoggedUser.IsSuccessStatusCode)
{
if (resultLoggedUser != null)
{
var vmUser = await resultLoggedUser.Content.ReadAsAsync <ProfileViewModel>();
Session["UserId"] = vmUser.ProfileVmId;
return(RedirectToAction("Index", "Home"));
}
}
}
else
{
var vmUser = await resultLoggedEmail.Content.ReadAsAsync <ProfileViewModel>();
Session["UserId"] = vmUser.ProfileVmId;
return(RedirectToAction("Index", "Home"));
}
}
return(View(model));
}
return(View(model));
}
catch (Exception ex)
{
var result = ex.Message;
}
}
return(View(model));
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
// check if there's an user with the given username
var user = await _usermanager.FindByNameAsync(model.username);
// fallback to support e-mail address instead of username
if (user == null && model.username.Contains("@"))
{
user = await _usermanager.FindByEmailAsync(model.username);
}
if (user == null ||
!await _usermanager.CheckPasswordAsync(user, model.password))
{
// user does not exists or password mismatch
return(new UnauthorizedResult());
}
// username & password matches: create and return the Jwt token.
DateTime now = DateTime.UtcNow;
// add the registered claims for JWT (RFC7519).
// For more info, see https://tools.ietf.org/html/rfc7519#section-4.1
var claims = new List <Claim>()
{
new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.NameId, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat,
new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
// TODO: add additional claims here
};
// build claims user roles
var userClaims = await _usermanager.GetClaimsAsync(user);
var userRoles = await _usermanager.GetRolesAsync(user);
if (userClaims != null)
{
claims.AddRange(userClaims);
}
foreach (var userRole in userRoles)
{
claims.Add(new Claim(ClaimTypes.Role, userRole));
var role = await _rolemanager.FindByNameAsync(userRole);
if (role != null)
{
var roleClaims = await _rolemanager.GetClaimsAsync(role);
foreach (Claim roleClaim in roleClaims)
{
claims.Add(roleClaim);
}
}
}
var tokenExpirationMins = (int)TokenExpiration.TotalMinutes;
// Configuration.GetValue<int>("Auth:Jwt:TokenExpirationInMinutes");
//var issuerSigningKey = new SymmetricSecurityKey(
//Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"]));
var issuerSigningKey = SecurityKey;
var token = new JwtSecurityToken(
issuer: Issuer, // Configuration["Auth:Jwt:Issuer"],
//audience: Configuration["Auth:Jwt:Audience"],
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
signingCredentials: new SigningCredentials(
issuerSigningKey, SecurityAlgorithms.HmacSha256)
);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
// build & return the response
var response = new TokenResponseViewModel()
{
token = encodedToken,
expiration = tokenExpirationMins
};
return(Json(response));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
public TokenResponseViewModel GenerateTokenResponse(AuthenticationTicket ticket)
{
#region Generate JWT Token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.Default.GetBytes(JWT.SECRET_KEY);
var issuer = JWT.ISSUER;
var audience = JWT.AUDIENCE;
var identity = ticket.Principal.Identity as ClaimsIdentity;
identity.AddClaim(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
identity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, ticket.Principal.Identity.Name));
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = issuer,
Audience = audience,
Subject = identity,
IssuedAt = ticket.Properties.IssuedUtc?.UtcDateTime,
Expires = ticket.Properties.ExpiresUtc?.UtcDateTime,
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature),
NotBefore = ticket.Properties.IssuedUtc?.UtcDateTime
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
#endregion
var resp = new TokenResponseViewModel();
resp.access_token = tokenString;
resp.token_type = "bearer";
if (ticket.Properties.ExpiresUtc != null)
{
resp.expires_utc = ticket.Properties.ExpiresUtc?.ToString("yyyy-MM-ddTHH:mm:ssZ");
}
if (ticket.Properties.IssuedUtc != null)
{
resp.issued_utc = ticket.Properties.IssuedUtc?.ToString("yyyy-MM-ddTHH:mm:ssZ");
}
#region Refresh Token
key = Encoding.Default.GetBytes(JWT.REFRESH_SECRET_KEY);
issuer = JWT.REFRESH_ISSUER;
audience = JWT.REFRESH_AUDIENCE;
var id = identity.Name;
var refreshIdentity = new ClaimsIdentity(
identity.Claims.Where(c => c.Type == identity.NameClaimType),
identity.AuthenticationType);
var refresh_expires = ticket.Properties.IssuedUtc?.UtcDateTime
.AddDays(App.Instance.TokenValidHours * 2);
tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = issuer,
Audience = audience,
Subject = refreshIdentity,
IssuedAt = ticket.Properties.IssuedUtc?.UtcDateTime,
Expires = refresh_expires,
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature),
NotBefore = ticket.Properties.IssuedUtc?.UtcDateTime
};
token = tokenHandler.CreateToken(tokenDescriptor);
tokenString = tokenHandler.WriteToken(token);
resp.refresh_token = tokenString;
#endregion
resp.employee_code = identity.FindFirst(AppClaimTypes.EmployeeCode).Value;
resp.username = identity.FindFirst(AppClaimTypes.Username).Value;
resp.role = identity.FindFirst(AppClaimTypes.Role)?.Value;
resp.user_id = identity.Name;
return(resp);
}
