public async Task <LoginResponseModel> LoginUser(LoginRequestModel model)
{
var getUserIdByCredentialsRequest = new GetUserIdByCredentialsRequest
{
Email = model.Email,
Password = _sha512Service.GetBase64Hash(model.Password)
};
var userIdResponse = await _userManagementService.GetIdByCredentials(getUserIdByCredentialsRequest);
var randomString = _randomStringService.GetRandomString(128);
var accessToken = _accessTokenService.Create(new UserAccessTokenPayload
{
Id = userIdResponse.Id
}, randomString);
await _userManagementService.UpdateRefreshToken(new UpdateUserRefreshTokenRequest
{
Id = userIdResponse.Id,
RefreshToken = randomString
});
return(new LoginResponseModel
{
RefreshToken = randomString,
AccessToken = accessToken
});
}
public async Task <TokenResponse> Handle(SignUpCommand request, CancellationToken cancellationToken)
{
var otherUser = await _userRepository.GetByEmailAsync(request.Email);
if (otherUser != null)
{
throw new IdentityDomainException("Other user has the same email");
}
var password = _passwordHasher.Hash(request.Password);
var user = new User(request.Email, password, Role.User);
user.SetLastLoginToNow();
_userRepository.AddUser(user);
await _userRepository.UnitOfWork.SaveChangesAndDispatchDomainEventsAsync(cancellationToken);
var userClaims = user.ExtractUserClaims();
var accessToken = _accessTokenService.Create(userClaims);
var refreshToken = await _refreshTokenService.GetOrCreateAsync(user);
_httpContext.Response.Cookies.Append("accessToken", accessToken, CookieSettings.PrivateCookie);
_httpContext.Response.Cookies.Append("refreshToken", refreshToken.Token, CookieSettings.PrivateCookie);
var accessTokenExp = DateTimeOffset.UtcNow
.AddMinutes(_jwtConfig.AccessTokenExpirationInMinutes).ToUnixTimeSeconds();
_httpContext.Response.Cookies.Append("accessTokenExp", $"{accessTokenExp}", CookieSettings.PublicCookie);
return(new TokenResponse
{
AccessToken = accessToken,
RefreshToken = refreshToken.Token
});
}
public async Task <TokenResponse> Handle(SignInCommand request, CancellationToken cancellationToken)
{
var user = await _userRepository.GetByEmailAsync(request.Email);
if (user == null)
{
throw new UnauthorizedException();
}
var isPasswordValid = _passwordHasher.Verify(request.Password, user.HashedPassword);
if (!isPasswordValid)
{
throw new UnauthorizedException();
}
if (user.IsLocked)
{
throw new ForbiddenException();
}
var userClaims = user.ExtractUserClaims();
var accessToken = _accessTokenService.Create(userClaims);
var refreshToken = await _refreshTokenService.GetOrCreateAsync(user);
user.SetLastLoginToNow();
_userRepository.Update(user);
await _userRepository.UnitOfWork.SaveChangesAndDispatchDomainEventsAsync(cancellationToken);
_httpContext.Response.Cookies.Append("accessToken", accessToken, CookieSettings.PrivateCookie);
_httpContext.Response.Cookies.Append("refreshToken", refreshToken.Token, CookieSettings.PrivateCookie);
var accessTokenExp = DateTimeOffset.UtcNow
.AddMinutes(_jwtConfig.AccessTokenExpirationInMinutes).ToUnixTimeSeconds();
_httpContext.Response.Cookies.Append("accessTokenExp", $"{accessTokenExp}", CookieSettings.PublicCookie);
return(new TokenResponse
{
AccessToken = accessToken,
RefreshToken = refreshToken.Token
});
}
public async Task <string> RefreshAccessToken(string refreshTokenStr)
{
var decodedRefreshToken = _refreshTokenDecoder.Decode(refreshTokenStr);
if (decodedRefreshToken == null)
{
_logger.LogWarning("Cannot refresh access token - decoding failure");
return(null);
}
var refreshToken = await _refreshTokenRepository.GetByIdAsync(decodedRefreshToken.Id);
if (refreshToken?.IsRevoked ?? false)
{
_logger.LogWarning("Cannot refresh access token - no such refresh token or token is revoked");
return(null);
}
return(_accessTokenService.Create(decodedRefreshToken.UserClaims));
}
private async Task <AccessTokenModel> GenerateRefreshAndAccessToken(Guid userId)
{
var refreshToken = _randomStringGenerationService.Generate(length: 128);
var token = _accessTokenService.Create(new AuthPayload
{
UserId = userId
},
refreshToken);
await CommandBus.Execute(new SetRefreshTokenCommand
{
UserId = userId,
RefreshToken = refreshToken
});
return(new AccessTokenModel
{
RefreshToken = refreshToken,
AccessToken = token
});
}