Ejemplo n.º 1
0
        public async Task <AuthenticationResponse> AuthenticateAsync(AuthenticationRequest request, string ipAddress)
        {
            _logger.LogDebug("Authenticating a user");
            //  get a user if user exist create token for that user
            var user = _context.Api_Users.SingleOrDefault(a => a.Username == request.Username);

            if (user == null)
            {
                return(null);
            }
            if (!CryptoService.VerifyPassword(request.Password, user.PasswordHash, user.Salt))
            {
                return(null);
            }
            var jwtToken     = CreateJwtToken(user);
            var refreshToken = CreateRefreshToken(ipAddress);

            user.Refresh_Tokens.Add(refreshToken);
            _context.Update(user);
            await _context.SaveChangesAsync();

            var response = new AuthenticationResponse(user, jwtToken, refreshToken.Token);

            if (_jwtOptions.KeepSecretValues)
            {
                return(response.HideKeys());
            }

            return(response);
        }
Ejemplo n.º 2
0
        public AuthenticationResponse?RefreshToken(string token, string ipAddress)
        {
            _logger.LogDebug("Refreshing token");
            var user = _context.Api_Users.SingleOrDefault(u => u.Refresh_Tokens.Any(t => t.Token == token));

            if (user == null)
            {
                return(null);
            }

            var refreshToken = user.Refresh_Tokens.Single(x => x.Token == token);

            // return null if token is no longer active
            if (!refreshToken.IsActive)
            {
                return(null);
            }

            // replace old refresh token with a new one and save
            var newRefreshToken = CreateRefreshToken(ipAddress);

            refreshToken.Revoked         = DateTime.UtcNow;
            refreshToken.RevokedByIp     = ipAddress;
            refreshToken.ReplacedByToken = newRefreshToken.Token;
            user.Refresh_Tokens.Add(newRefreshToken);

            //TODO
            _context.Update(user);
            _context.SaveChanges();

            // generate new jwt
            var jwtToken = CreateJwtToken(user);

            var response = new AuthenticationResponse(user, jwtToken, newRefreshToken.Token);

            if (_jwtOptions.KeepSecretValues)
            {
                return(response.HideKeys());
            }
            return(response);
        }