public async Task <ActionResult> RevokeTokenAsync([FromBody] TokenRevokeRequest request)
{
var requestDTO = new TokenRevokeDTO
{
RefreshToken = request.RefreshToken,
UserName = User.Identity.Name
};
await authService.RevokeTokenAsync(requestDTO);
return(Ok());
}
public async Task <IActionResult> RevokeAsync()
{
string userEmail = User.Identity.Name;
string refreshToken = HttpContext.Request.Cookies["refreshToken"];
var request = new TokenRevokeDTO
{
Email = userEmail,
RefreshToken = refreshToken
};
await authService.RevokeTokenAsync(request);
return(Ok());
}
public async Task RevokeTokenAsync(TokenRevokeDTO revokeRequest)
{
var user = await usersRepository.GetUserOrDefaultByUserNameAsync(revokeRequest.UserName);
if (user == null)
{
throw new BadRequestException("Not valid user!");
}
bool validRefreshToken = await usersRepository.HasRefreshTokenAsync(user, revokeRequest.RefreshToken);
if (!validRefreshToken)
{
throw new BadRequestException("Not valid refresh token!");
}
await usersRepository.DeleteRefreshTokenAsync(user, revokeRequest.RefreshToken);
}
public async Task RevokeTokenAsync(TokenRevokeDTO request)
{
User user = await usersRepository.FindByEmailAsync(request.Email);
if (user == null)
{
throw new BadRequestException("User does not exist!");
}
RefreshToken refreshToken = usersRepository.GetRefreshToken(user, request.RefreshToken);
if (refreshToken == null)
{
throw new ForbiddenException("Refresh token is not valid!");
}
await usersRepository.DeleteRefreshTokenAsync(refreshToken);
}
