protected async Task <IActionResult> RefreshUserToken(Guid userId)
{
// Look up the user by its refresh token
var user = _userService.GetUserById(userId);
if (user == null)
{
return(Ok(new { Errors = new[] { "UserNotExist" } }));
}
// Reject if user has been locked out
if (user.LockoutEnd >= DateTimeOffset.UtcNow)
{
return(Ok(new { Errors = new[] { "UserLockedOut" } }));
}
// Get roles of current user
var roles = await _userManager.GetRolesAsync(user);
// Generate claims and JWT token
var langs = Utils.GetAllLanguages();
var claims = ClaimHelper.GetClaims(user, roles, langs);
// Generate token
var token = TokenGenerator.Generate(claims, roles, _config, user.SecurityStamp);
return(Ok(token));
}
public async Task AddPermissionsToRole(List <string> controllers, string roleName)
{
var role = await _roleManager.FindByNameAsync(roleName);
var claims = _claimHelper.GetClaims();
foreach (var item in controllers)
{
claims = claims.Where(x => x.Contains(item)).ToList();
}
foreach (var claim in claims)
{
await _roleManager.AddClaimAsync(role, new Claim(claim, role.Id));
}
}
private async Task <IActionResult> GenerateTokenWithRoles(User user, GenerateTokenViewModel model, List <string> requiredRoles)
{
if (user == null)
{
return(Ok(new { Errors = new[] { "IncorrectLogin" } }));
}
//// Verify the password provided
var result = await _signInManager.CheckPasswordSignInAsync(user, model.Password, true);
if (result.IsLockedOut)
{
return(Ok(user.LockoutEnd == DateTimeOffset.MaxValue
? new { Errors = new[] { "UserDeactivated" } }
: new { Errors = new[] { "UserLockedOut" } }));
}
if (result.IsNotAllowed)
{
return(Ok(new { Errors = new[] { "EmailNotConfirmed" } }));
}
if (!result.Succeeded)
{
await _userManager.AccessFailedAsync(user);
return(Ok(new { Errors = new[] { "IncorrectLogin" } }));
}
var activePlanId = string.Empty;
// Get roles of current user
var roles = await _userManager.GetRolesAsync(user);
if (!requiredRoles.Any(requiredRole => roles.Contains(requiredRole)))
{
return(Ok(new { Errors = new[] { "UnauthorizedRole" } }));
}
// Generate claims and JWT token
var langs = Utils.GetAllLanguages();
var claims = ClaimHelper.GetClaims(user, roles, langs);
_userService.UpdateLastLogin(user.Id);
// Generate token
var token = TokenGenerator.Generate(claims, roles, _config, user.SecurityStamp);
return(Ok(token));
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext <ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthorization(option =>
{
ClaimHelper claimHelper = new ClaimHelper();
var claims = claimHelper.GetClaims();
foreach (var item in claims)
{
option.AddPolicy(item, policy => policy.RequireClaim(item));
}
});
services.Configure <IdentityOptions>(options =>
{
// Default User settings.
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@";
options.User.RequireUniqueEmail = true;
// Default Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// Default Password settings.
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 4;
options.Password.RequiredUniqueChars = 0;
// Default SignIn settings.
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
});
services.AddSingleton <IEmailSender, EmailSender>();
services.AddTransient <SeedData>();
services.AddTransient <IImagePath, ImagePath>();
services.AddScoped <IUnitOfWork, UnitOfWork.UnitOfWork>();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
.AddRazorPagesOptions(options =>
{
options.AllowAreas = true;
options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
});
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = $"/Identity/Account/Login";
options.LogoutPath = $"/Identity/Account/Logout";
options.AccessDeniedPath = $"/Identity/Account/AccessDenied";
options.Cookie.Name = "Alphasoft";
});
services.Configure <SecurityStampValidatorOptions>(options =>
{
// enables immediate logout, after updating the user's state.
options.ValidationInterval = TimeSpan.Zero;
});
}
