public LoginResponseDTO CreateToken(AppUser user, string[] role)
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.Role, role[0]),
// new Claim(ClaimTypes.Role, role[1]),
//roleAssigned == Role.User ? new Claim("Create Role", "Create Role") : null,
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
//insert information into token
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddMinutes(7),
SigningCredentials = credentials
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
var refreshToken = _refreshTokenGenerator.GenerateRefreshToken();
return(new LoginResponseDTO
{
AccessToken = tokenHandler.WriteToken(token),
expires_in = (tokenDescriptor.Expires).ToString(),
RefreshToken = refreshToken
});
}
public async Task <User> Handle(Query request, CancellationToken cancellationToken)
{
var user = await userManager.FindByEmailAsync(request.Email);
if (user == null)
{
throw new RestException(System.Net.HttpStatusCode.Unauthorized);
}
await context.Images.LoadAsync(cancellationToken : cancellationToken);
var result = await SignInManager.PasswordSignInAsync(user, request.Password, request.RememberMe, false);
if (result.Succeeded)
{
var refreshToken = refreshTokenGenerator.GenerateRefreshToken(request.Ip);
user.RefreshTokens.Add(refreshToken);
await userManager.UpdateAsync(user);
return(new User()
{
ImageUrl = user.Photo == null ? "" : user.Photo.Url,
JwtToken = await jwtGenerator.CreateToken(user),
Username = user.UserName,
RefreshToken = refreshToken.Token
});
}
throw new RestException(System.Net.HttpStatusCode.Unauthorized);
}
private void GenerateRefreshToken()
{
_refreshToken = _refreshTokenGenerator.GenerateRefreshToken(
_application.ApplicationId,
_redirectUri,
_code.UserId.GetValueOrDefault(),
_code.Scope);
_refreshToken.AccessTokenId = _jwtToken.TokenId;
_refreshToken.Code = _code.Code;
}
public async Task <User> Handle(Query request, CancellationToken cancellationToken)
{
if (string.IsNullOrEmpty(request.Token))
{
throw new RestException(HttpStatusCode.BadRequest, new { Message = "Token must not be empty" });
}
var user = await context.AppUsers
.Include(x => x.RefreshTokens)
.Include(x => x.Photo)
.SingleOrDefaultAsync(u => u.RefreshTokens.Any(t => t.Token == request.Token),
cancellationToken: cancellationToken);
if (user == null)
{
throw new RestException(System.Net.HttpStatusCode.NotFound);
}
var refreshToken = user.RefreshTokens.Single(x => x.Token == request.Token);
if (!refreshToken.IsActive)
{
throw new RestException(System.Net.HttpStatusCode.Forbidden);
}
var newRefreshToken = refreshTokenGenerator.GenerateRefreshToken(request.Ip);
refreshToken.Revoked = DateTime.Now;
refreshToken.RevokedByIp = request.Ip;
refreshToken.ReplacedByToken = newRefreshToken.Token;
user.RefreshTokens.Add(newRefreshToken);
context.Update(user);
await context.SaveChangesAsync(cancellationToken);
var jwtToken = await jwtGenerator.CreateToken(user);
return(new User()
{
Username = user.UserName,
ImageUrl = user.Photo.Url,
JwtToken = jwtToken,
RefreshToken = newRefreshToken.Token
});
}
