public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenRequest request)
{
ClaimsPrincipal validatedToken = _tokenService.IsTokenAuthentic(request.Token);
if (validatedToken == null)
{
return(BadRequest(new ErrorResponse {
Message = "This token has been tampered with."
}));
}
RefreshToken refreshToken = await _tokenService.CanTokenBeRefreshedAsync(validatedToken, request.RefreshToken);
if (refreshToken == null)
{
return(BadRequest(new ErrorResponse {
Message = "Invalid Token, cannot refresh."
}));
}
string organisationID = ClaimHelper.GetNamedClaim(validatedToken, "OrganisationID");
var transaction = _unitOfWork.RefreshTokenRepository.BeginTransaction();
RefreshTokenResponse refreshTokenResponse = await _tokenService.RefreshTokenAsync(validatedToken, refreshToken, organisationID);
transaction.Commit();
return(Ok(new Response <RefreshTokenResponse>(refreshTokenResponse)));
}
public static string GetOrganisationID(this HttpContext httpContext)
{
ClaimsPrincipal user = httpContext.User;
if (user == null)
{
return(String.Empty);
}
return(ClaimHelper.GetNamedClaim(user, "OrganisationID"));
}
public async Task <RefreshTokenResponse> RefreshTokenAsync(ClaimsPrincipal validatedToken, RefreshToken storedRefreshToken, string organisationID)
{
storedRefreshToken.Used = true;
_unitOfWork.RefreshTokenRepository.Update(storedRefreshToken);
await _unitOfWork.CompleteAsync();
string userID = ClaimHelper.GetNamedClaim(validatedToken, "ID");
User user = await _unitOfWork.UserRepository.GetWithDetailsAsync(userID, organisationID);
Dictionary <string, string> tokens = await GetTokensAsync(user);
tokens.TryGetValue("SecurityToken", out string securityToken);
tokens.TryGetValue("RefreshToken", out string newRefreshToken);
return(new RefreshTokenResponse
{
Email = user.Email,
Token = securityToken,
RefreshToken = newRefreshToken,
});
}