Ejemplo n.º 1
0
        public async Task <ActionResult <AuthorizationResponse> > Authenticate([FromBody] AuthorizationRequest authorizationRequest)
        {
            RoadkillIdentityUser identityUser = await _userManager.FindByEmailAsync(authorizationRequest.Email);

            if (identityUser == null)
            {
                return(NotFound($"The user with the email {authorizationRequest.Email} could not be found."));
            }

            SignInResult result = await _signInManager.PasswordSignInAsync(identityUser, authorizationRequest.Password, true, false);

            if (result.Succeeded)
            {
                IList <Claim> existingClaims = await _userManager.GetClaimsAsync(identityUser);

                if (existingClaims.Count == 0)
                {
                    return(StatusCode(StatusCodes.Status403Forbidden));
                }

                // When testing on localhost, RemoteIpAddress is null.
                var    ipAddress = HttpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback;
                string ip        = ipAddress.ToString();
                var    token     = new AuthorizationResponse()
                {
                    JwtToken     = _jwtTokenService.CreateToken(existingClaims, identityUser.Email),
                    RefreshToken = await _jwtTokenService.CreateRefreshToken(identityUser.Email, ip)
                };

                return(Ok(token));
            }

            // don't use Forbid() as it goes through ASP.NET Core's authentication middleware
            return(StatusCode(StatusCodes.Status403Forbidden));
        }
Ejemplo n.º 2
0
        public async Task Authenticate_should_return_jwt_and_refresh_token_logging_ip()
        {
            // given
            string ipAddress    = "9.8.7.6";
            string refreshToken = "refresh token";
            string jwtToken     = "jwt token";
            string email        = "*****@*****.**";
            string password     = "******";

            var roadkillUser = new RoadkillIdentityUser()
            {
                Id                 = "1",
                UserName           = email,
                NormalizedUserName = email.ToUpperInvariant(),
                Email              = email,
                NormalizedEmail    = email.ToUpperInvariant(),
                RoleClaims         = new List <string>()
            };

            var model = new AuthorizationRequest()
            {
                Email    = email,
                Password = password
            };

            _userManagerMock.FindByEmailAsync(email)
            .Returns(Task.FromResult(roadkillUser));

            _signinManagerMock.PasswordSignInAsync(roadkillUser, password, true, false)
            .Returns(Task.FromResult(SignInResult.Success));

            var claims = new List <Claim>()
            {
                new Claim("any", "thing")
            } as IList <Claim>;

            _userManagerMock.GetClaimsAsync(roadkillUser)
            .Returns(Task.FromResult(claims));

            _jwtTokenService
            .CreateToken(claims, roadkillUser.Email)
            .Returns(jwtToken);

            var httpContext = new DefaultHttpContext();

            httpContext.Connection.RemoteIpAddress = IPAddress.Parse(ipAddress);
            _authorizationController.ControllerContext.HttpContext = httpContext;

            _jwtTokenService
            .CreateRefreshToken(roadkillUser.Email, ipAddress)
            .Returns(refreshToken);

            // when
            ActionResult <AuthorizationResponse> actionResult = await _authorizationController.Authenticate(model);

            // then
            actionResult.Result.ShouldBeOfType <OkObjectResult>();
            var okResult = actionResult.Result as OkObjectResult;
            var response = okResult.Value as AuthorizationResponse;

            response.ShouldNotBeNull();
            response.JwtToken.ShouldBe(jwtToken);
            response.RefreshToken.ShouldBe(refreshToken);
        }