public async Task <ExchangeRefreshTokenResponse?> Handle(ExchangeRefreshTokenRequest message) { var claimsPrincipal = _jwtValidator.GetPrincipalFromToken(message.AccessToken); if (claimsPrincipal == null) { // invalid token/signing key was passed and we can't extract user claims return(ReturnError(AuthenticationError.InvalidToken)); } var id = claimsPrincipal.Claims.First(x => x.Type == "id"); var user = await _userRepository.FindById(id.Value); if (user == null) { return(ReturnError(AuthenticationError.UserNotFound)); } if (!user.HasValidRefreshToken(message.RefreshToken)) { return(ReturnError(AuthenticationError.InvalidToken)); } var jwToken = await _jwtFactory.GenerateEncodedToken(user.Id, user.UserName); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); user.AddRefreshToken(refreshToken, message.RemoteIpAddress); await _userRepository.Update(user); return(new ExchangeRefreshTokenResponse(jwToken, refreshToken)); }
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName, new List <string> { "ROLE_ADMINISTRADOR" }); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one await _userRepository.Update(user); outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); return(true); } } outputPort.Handle(new ExchangeRefreshTokenResponse(false, "Invalid token.")); return(false); }
public async Task Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { if (!message.IsValid()) { NotifyValidationErrors(message); return; } var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one _userRepository.Update(user); if (Commit()) { outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken)); return; } } } await Bus.RaiseEvent(new DomainNotification(message.MessageType, "Failed to refresh token")); }
public async Task <ExchangeRefreshTokenResponse> ExchangeRefreshTokenAsync(ExchangeRefreshTokenRequest message) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp == null) { return(new ExchangeRefreshTokenResponse(false, "Invalid token.")); } var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (!user.HasValidRefreshToken(message.RefreshToken)) { return(new ExchangeRefreshTokenResponse(false, "Invalid token.")); } var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.Username); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one await _userRepository.Update(user); return(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); }
//FINISH THIS public async Task <LoginResponse> RefreshToken(ExchangeRefreshTokenRequest refreshTokenRequest) { var claimPrincipal = this.jwtTokenValidator.GetPrincipalFromToken(refreshTokenRequest.AccessToken, "ArminVanBuurenMottyzeRuleTheWorldForever2010"); if (claimPrincipal != null) { var id = claimPrincipal.Claims.First(c => c.Type == "id"); var user = await this.repository.GetSingleBySpec(new UserSpecification(id.Value)); var appUser = await this.userManager.FindByIdAsync(user.IdentityId).ConfigureAwait(false); if (user.HasValidRefreshToken(refreshTokenRequest.RefreshToken)) { var jwtToken = await this.jwtFactory.GenerateEncodedToken(user.IdentityId, appUser.Email); var refreshToken = this.tokenFactory.GenerateToken(); user.RemoveRefreshToken(refreshTokenRequest.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(new RefreshToken(refreshToken, DateTime.UtcNow.AddDays(5), user.Identity.Email, string.Empty)); // add the new one await this.repository.Update(user); return(new LoginResponse(jwtToken, refreshToken, true)); } } return(null); }
public async Task <ActionResult> RfrshTkn([FromBody] ExchangeRefreshTokenRequest loginUser) { _logger.LogInfo($"refresh token."); if (!ModelState.IsValid) { _logger.LogInfo("All required"); return(BadRequest(ModelState)); } }
public async Task <ActionResult> RefreshToken([FromBody] ExchangeRefreshTokenRequest request) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } await exchangeRefreshTokenUseCase.Handle( new Core.Dto.UseCaseRequests.ExchangeRefreshTokenRequest(request.AccessToken, request.RefreshToken, authSettings.SecretKey), exchangeRefreshTokenPresenter); return(exchangeRefreshTokenPresenter.ContentResult); }
private async Task ExchangeRefreshTokenAsync(string accessToken, string refreshToken, CancellationToken cancellationToken) { var exchangeRefreshTokenRequest = new ExchangeRefreshTokenRequest { AccessToken = accessToken, RefreshToken = refreshToken }; _settingsService.AuthAccessToken = string.Empty; var result = await PostAsync <ExchangeRefreshTokenRequest, ExchangeRefreshTokenResponse>($"{MiscConstants.StockAlertsApiBaseUri}refresh-tokens", exchangeRefreshTokenRequest); _settingsService.AuthAccessToken = result.AccessToken.Token; _settingsService.AuthRefreshToken = result.RefreshToken; }
public async Task <ActionResult> RefreshToken([FromBody] ExchangeRefreshTokenRequest request) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var response = await _authService.ExchangeRefreshTokenAsync( new ExchangeRefreshTokenRequest(request.AccessToken, request.RefreshToken, _authSettings.SecretKey)); return(Ok(response)); }
public async Task <ActionResult <AuthTokenResult> > RefreshToken( [FromBody] ExchangeRefreshTokenRequest request) { var userName = _jwtFactory.DecodeToken(request.AccessToken); if (userName == null) { return(BadRequest("No user with that auth token")); } var user = await _userManager .Users .Include(u => u.RefreshTokens) .SingleOrDefaultAsync( r => r.UserName == userName && r.RefreshTokens.Any(p => p.Token.Equals(request.RefreshToken) && p.CreateDate >= System.DateTime.Now.AddDays(-28))); if (user == null) { return(BadRequest("Cannot find your refresh token")); } var roles = await _userManager.GetRolesAsync(user); var identity = _jwtFactory.GenerateClaimsIdentity(userName, user.Id); try { var(token, refresh) = await _getTokenAndRefresh(identity, userName, roles.ToArray <string>(), user); return(Ok(new AuthTokenResult { Id = user.Id, Slug = user.Slug, Name = user.GetBestGuessName(), Auth = refresh })); } catch (DbUpdateConcurrencyException e) { _logger.LogError($"Error updating user's token.\n{e.Message}"); return(StatusCode(503)); } }
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { Claim claim = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(claim.Value)); if (user != null && user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, ""); // add the new one await _userRepository.Update(user); outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); return(true); } else if (user == null) { outputPort.Handle(new ExchangeRefreshTokenResponse(new List <Error>() { new Error(HttpStatusCode.BadRequest.ToString(), "Invalid user!") })); } } outputPort.Handle(new ExchangeRefreshTokenResponse(new List <Error>() { new Error(HttpStatusCode.BadRequest.ToString(), "Invalid token!") })); return(false); }
public async Task <ActionResult <ExchangeRefreshTokenResponseModel> > RefreshToken([FromBody] ExchangeRefreshTokenRequest request) { if (request == null) { ModelState.AddModelError("Message", "Unable to locate payload for refresh token request"); return(BadRequest(ModelState)); } var userName = _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value; var userFromManager = await _userManager.FindByNameAsync(userName); var userFromRepo = await _userRepository.GetAsync(u => u.UserName == userName); if (userFromManager != null && userFromRepo != null) { if (userFromManager.Active == false) { return(StatusCode(401, "User no longer active")); } if (userFromRepo.HasValidRefreshToken(request.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(userFromRepo, await _userManager.GetRolesAsync(userFromManager)); // delete existing refresh token _refreshTokenRepository.Delete(userFromRepo.RefreshTokens.Single(a => a.Token == request.RefreshToken)); // generate refresh token var refreshToken = _tokenFactory.GenerateToken(); userFromRepo.AddRefreshToken(refreshToken, HttpContext?.Connection?.RemoteIpAddress?.ToString()); _userRepository.Update(userFromRepo); await _unitOfWork.CompleteAsync(); return(new ExchangeRefreshTokenResponseModel() { AccessToken = jwtToken, RefreshToken = refreshToken }); } } return(StatusCode(404, "User does not have valid refresh token")); }
public async Task <IActionResult> ExchangeRefreshTokenAsync([FromBody] ExchangeRefreshTokenRequest exchangeRefreshTokenRequest, CancellationToken cancellationToken) { var result = await _authService.ExchangeRefreshTokenAsync(exchangeRefreshTokenRequest.AccessToken, exchangeRefreshTokenRequest.RefreshToken, cancellationToken); return(new OkObjectResult(result)); }