public AuthController(RefreshTokenRepository refreshTokenRepository, UserRepository userRepository,
AccessTokenService accessTokenServices)
{
_refreshTokenRepository = refreshTokenRepository;
_userRepository = userRepository;
_accessTokenServices = accessTokenServices;
}
private Property Deleteable(RefreshToken token, RefreshTokenRepository tokens)
{
tokens.Delete(token);
var equal = tokens.Get(token.AccountId) == null;
return(equal.ToProperty());
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenDTO model)
{
Logger.LogError("RefreshToken method called");
if (!ModelState.IsValid)
{
return(BadRequest(new ModelStateErrorResponseDTO(HttpStatusCode.BadRequest, ModelState)));
}
var user = await UserManager.FindByIdAsync(model.UserId);
if (user == null || user.ShouldDelete)
{
return(NotFound(new ErrorResponseDTO(HttpStatusCode.NotFound,
new string[] { "The user was not found" })));
}
var token = RefreshTokenRepository
.Get(x => x.RefreshTokenId == model.RefreshToken && x.ExpiryTime > DateTime.UtcNow)
.FirstOrDefault();
if (token != null)
{
RefreshTokenRepository.Delete(model.RefreshToken);
return(Ok(GetJWTToken(user)));
}
return(BadRequest(new ErrorResponseDTO(HttpStatusCode.BadRequest,
new string[] { "The token is invalid" })));
}
private Property Insertable(RefreshToken token, RefreshTokenRepository tokens)
{
var inserted = tokens.Create(token);
var equal = inserted.Equals(token);
return(equal.ToProperty());
}
private Property Lifecycle(RefreshToken token, RefreshTokenRepository repository)
{
return(Insertable(token, repository)
.And(Updateable(token, repository))
.And(Gettable(token, repository))
.And(Deleteable(token, repository)));
}
public async Task <JsonWebToken> Handle(RefreshAccessToken request,
CancellationToken cancellationToken)
{
var token = request.Token;
var refreshToken = await RefreshTokenRepository.GetAsync(token);
if (refreshToken == null)
{
throw new IdentityException(Codes.RefreshTokenNotFound,
"Refresh accessToken was not found.");
}
if (refreshToken.Revoked)
{
throw new IdentityException(Codes.RefreshTokenAlreadyRevoked,
$"Refresh accessToken: '{refreshToken.Id}' was revoked.");
}
var user = await GetUserOrThrowAsync(refreshToken.UserId);
var claims = await ClaimsProvider.GetAsync(user.Id);
var jwt = JwtService.CreateToken(user.Id.ToString("N"), user.Role, claims);
jwt.RefreshToken = refreshToken.Token;
var @event = new AccessTokenRefreshedIntegrationEvent(user.Id);
BusPublisher.Publish(@event);
return(jwt);
}
public AuthController(IOptions <JwtBearerTokenSettings> jwtTokenOptions, UserManager <User> userManager, RoleManager <IdentityRole> roleManager, RefreshTokenRepository refreshTokenRepository)
{
this.jwtBearerTokenSettings = jwtTokenOptions.Value;
this.userManager = userManager;
this.roleManager = roleManager;
this.refreshTokenRepository = refreshTokenRepository;
}
public ApplicationRepository()
{
_ctx = new AuthContext();
_userManager = new UserManager<IdentityUser>(new UserStore<IdentityUser>(_ctx));
RefreshTokens = new RefreshTokenRepository(_ctx);
Audiences = new AudienceRepository(_ctx);
Files = new FileRepository(_ctx);
}
private RefreshToken GetCurrentRefreshTokenRecordFor(Guid accountId)
{
return(RefreshTokenRepository.GetAll(new RefreshTokenFilters {
AccountId = accountId
})
.Where(r => r.Expires >= DateTime.UtcNow)
.FirstOrDefault());
}
private DataResponseDTO <LoginResponseDTO> GetJWTToken(ApplicationUser user)
{
var currentTime = DateTime.UtcNow;
var userRoles = UserManager.GetRolesAsync(user).Result;
Logger.LogError($"-------- There are {userRoles.Count} roles in GetJWTToken for user {user.Email}");
IdentityOptions identityOptions = new IdentityOptions();
var claims = new List <Claim>
{
new Claim(identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()),
new Claim(identityOptions.ClaimsIdentity.UserNameClaimType, user.UserName)
};
foreach (var role in userRoles)
{
claims.Add(new Claim(identityOptions.ClaimsIdentity.RoleClaimType, role));
Logger.LogError($"---------- ADDING ROLE {role} to the roles for user {user.Email}");
}
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims.ToArray()),
Expires = currentTime.AddHours(2),
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT_Secret"].ToString())),
SecurityAlgorithms.HmacSha256Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(securityToken);
var refreshToken = new RefreshToken
{
UserId = user.Id,
ExpiryTime = currentTime.AddDays(30),
GeneratedTime = currentTime
};
do
{
refreshToken.RefreshTokenId = Helper.GetRandomToken(96);
}while (RefreshTokenRepository.GetByID(refreshToken.RefreshTokenId) != null);
RefreshTokenRepository.Insert(refreshToken);
return(new DataResponseDTO <LoginResponseDTO>(new LoginResponseDTO
{
Id = user.Id,
Token = token,
RefreshToken = refreshToken.RefreshTokenId,
ExpiryTime = tokenDescriptor.Expires.ToString(),
Roles = userRoles,
Fullname = string.Join(" ", new List <string> {
user.FirstName, user?.MiddleName, user.LastName
}),
BVN = user.BVN
}));
}
private Property Updateable(RefreshToken token, RefreshTokenRepository tokens)
{
token.Id = Guid.NewGuid();
token.Issued = DateTime.Now;
token.Expires = DateTime.Now;
var updated = tokens.Update(token);
var equal = updated.Equals(token);
return(equal.ToProperty());
}
public ApplicationRepository()
{
_ctx = new ApplicationDbContext();
_userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>(_ctx));
RefreshTokens = new RefreshTokenRepository(_ctx);
Clients = new ClientRepository(_ctx);
Exercise = new ExerciseRepository(_ctx);
Schedules = new ScheduleRepository(_ctx);
Practices = new PracticeRepository(_ctx);
}
public async Task <Unit> Handle(CreateAccessToken request, CancellationToken cancellationToken)
{
var userId = request.UserId;
var user = await GetUserOrThrowAsync(userId);
await RefreshTokenRepository.AddAndSaveAsync(new RefreshToken(user, _passwordHasher));
return(Unit.Value);
}
public RepositoryFixture()
{
Database = new IntegrationDbFixture();
RefreshTokens = new RefreshTokenRepository(Database.Ctx);
Reservations = new ReservationRepository(Database.Ctx);
ReservationStatuses = new ReservationStatusRepository(Database.Ctx);
Resources = new ResourceRepository(Database.Ctx);
Roles = new RolesRepository(Database.Ctx);
Users = new UserRepository(Database.Ctx, Roles);
}
private void PurgeExpiredRefreshTokensFor(Guid accountId)
{
var expiredRecords = RefreshTokenRepository.GetAll(new RefreshTokenFilters {
AccountId = accountId
})
.Where(r => r.Expires < DateTime.UtcNow);
foreach (var record in expiredRecords)
{
RefreshTokenRepository.Delete(record.Id);
}
}
public UnitOfWork()
{
_context = new EventerDbContext();
ActivityLogRepository = new ApiActivityLogRepository(_context);
CategoryRepository = new CategoryRepository(_context);
CityRepository = new CityRepository(_context);
ClientRepository = new ClientRepository(_context);
ErrorLogRepository = new ErrorLogRepository(_context);
EventRepository = new EventRepository(_context);
RefreshTokenRepository = new RefreshTokenRepository(_context);
StateRepository = new StateRepository(_context);
}
public IActionResult Logout()
{
var refreshTokenIdString = User?.Claims?.Where(c => c.Type == "jti")?.SingleOrDefault()?.Value;
if (Guid.TryParse(refreshTokenIdString, out var refreshTokenId))
{
RefreshTokenRepository.Delete(refreshTokenId);
return(NoContent());
}
return(StatusCode(500, new Exception($"The 'jti' claim is missing or contains an invalid id ({refreshTokenIdString}).")));
}
public UnitOfWork(TpContext context, ITimeService timeService)
{
_context = context;
AppUsers = new AppUserRepository(_context);
AppProfiles = new AppProfileRepository(_context);
RefreshTokens = new RefreshTokenRepository(_context);
DayPunches = new DayPunchRepository(_context, AppUsers);
WeekPunches = new WeekPunchRepository(_context, timeService, AppUsers);
MonthPunches = new MonthPunchRepository(_context, timeService, AppUsers);
YearPunches = new YearPunchRepository(_context, timeService, AppUsers);
Punches = new PunchRepository(_context, timeService, AppUsers);
MonthStates = new MonthStateRepository(_context);
PunchStates = new PunchStateRepository(_context);
}
public async Task <AuthResult> RefreshTokenAsync(string token, string refreshToken)
{
var claimsPrincipal = GetClaimsPrincipalFromToken(token);
if (claimsPrincipal == null)
{
return(new AuthResult
{
Success = false,
ErrorMessages = new[] { "This token is invalid." }
});
}
long expiryDateInSeconds = long.Parse(claimsPrincipal.FindFirstValue(JwtRegisteredClaimNames.Exp));
var expiryDate = DateTime.UnixEpoch.AddSeconds(expiryDateInSeconds);
if (expiryDate > DateTime.UtcNow)
{
return(new AuthResult
{
Success = false,
ErrorMessages = new[] { "This token is still valid." }
});
}
var storedRefreshToken = await RefreshTokenRepository.GetByTokenAsync(refreshToken);
string jwtId = claimsPrincipal.FindFirstValue(JwtRegisteredClaimNames.Jti);
if (storedRefreshToken == null ||
DateTime.UtcNow > storedRefreshToken.ExpiryDate ||
storedRefreshToken.Invalidated ||
storedRefreshToken.Used ||
storedRefreshToken.JwtId != jwtId)
{
return(new AuthResult
{
Success = false,
ErrorMessages = new[] { "This refresh token is invalid." }
});
}
await RefreshTokenRepository.SetUsedAsync(storedRefreshToken.Id);
var user = await UserManager.FindByNameAsync(claimsPrincipal.FindFirstValue("username"));
return(await GenerateAuthResultForUserAsync(user));
}
public RefreshTokenRepository_Base(DatabaseFixture fixture)
{
var database = fixture.Client.GetDatabase("IntegrationTest");
_collection = database.GetCollection <RefreshToken>("TestAuthTokens");
_collection.DeleteMany(new BsonDocument());
_collection.InsertMany(new RefreshToken[] { _existing1, _existing2, _existing3 });
Assert.NotNull(_existing1.Id);
_expectedTokens = new HashSet <RefreshToken>();
_expectedTokens.Add(_existing1);
_expectedTokens.Add(_existing2);
_expectedTokens.Add(_existing3);
_repo = new RefreshTokenRepository(_collection);
}
private void InitRepositories()
{
// Ubication
Countries = new CountryRepository(this);
States = new StateRepository(this);
Cities = new CityRepository(this);
// Authorization
Users = new UserRepository(this);
UsersRoles = new UserRoleRepository(this);
UsersLogins = new UserLoginRepository(this);
Roles = new RoleRepository(this);
RoleControls = new RoleControlRepository(this);
UserClaims = new UserClaimRepository(this);
RefreshTokens = new RefreshTokenRepository(this);
}
public TokenController(IOptions <JwtOptions> jwtOptions, RefreshTokenRepository refreshTokenRepository, AdminAuthenticationProvider adminAuthenticationProvider, IHostingEnvironment hostingEnvironment, SigningCredentialsProvider signingCredentialsProvider)
{
_refreshTokenRepository = refreshTokenRepository;
_adminAuthenticationProvider = adminAuthenticationProvider;
_accessTokenLifetime = TimeSpan.FromSeconds(jwtOptions.Value.AccessTokenLifetimeSeconds);
_refreshTokenLifetime = TimeSpan.FromSeconds(jwtOptions.Value.RefreshTokenLifetimeSeconds);
_jwtIssuer = jwtOptions.Value.Issuer;
_jwtAudience = jwtOptions.Value.Audience;
_signingCredentialsProvider = signingCredentialsProvider;
_log.Warn(jwtOptions.Value.AccessTokenLifetimeSeconds);
if (hostingEnvironment.IsDevelopment())
{
_cookieOptions.Secure = false;
}
}
public UnitOfWork(
IDataMapper mapper,
ClinicDb context)
{
_mapper = mapper;
_context = context;
UserRepository = new UserRepository(mapper, context);
BookingRepository = new BookingRepository(mapper, context);
RefreshTokenRepository = new RefreshTokenRepository(mapper, context);
ClinicClinicianRepository = new ClinicClinicianRepository(context);
DocumentRepository = new DocumentRepository(context);
ClinicRepository = new ClinicRepository(mapper, context);
ClinicianRepository = new ClinicianRepository(mapper, context);
PatientRepository = new PatientRepository(context);
}
public IActionResult Login([FromBody] TokenRequest credentials)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState.GetReadableString()));
}
var accountRecord = AccountRepository.GetAll()
.Where(a => a.Name.ToLower() == credentials.Name.ToLower())
.Where(a => a.PasswordHash == Utility.ComputeSHA512Hash(credentials.Password))
.FirstOrDefault();
if (accountRecord == default(Account))
{
return(StatusCode(401, "Login failed."));
}
PurgeExpiredRefreshTokensFor(accountRecord.Id);
var refreshTokenRecord = GetCurrentRefreshTokenRecordFor(accountRecord.Id);
JwtSecurityToken refreshJwt;
if (refreshTokenRecord == default(RefreshToken))
{
refreshJwt = TokenFactory.GetRefreshToken();
refreshTokenRecord = new RefreshToken()
{
Id = Guid.Parse(refreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault().Value),
AccountId = accountRecord.Id,
Issued = refreshJwt.ValidFrom,
Expires = refreshJwt.ValidTo,
};
RefreshTokenRepository.Create(refreshTokenRecord);
}
else
{
refreshJwt = TokenFactory.GetRefreshToken(refreshTokenRecord.Id, refreshTokenRecord.Expires, refreshTokenRecord.Issued);
}
var accessJwt = TokenFactory.GetAccessToken(accountRecord, refreshTokenRecord.Id);
var response = new TokenResponse(accessJwt, refreshJwt);
return(Ok(response));
}
public async Task <Unit> Handle(RevokeRefreshToken request, CancellationToken cancellationToken)
{
var token = request.Token;
var userId = request.UserId;
var refreshToken = await RefreshTokenRepository.GetAsync(token);
if (refreshToken == null || refreshToken.UserId != userId)
{
throw new IdentityException(Codes.RefreshTokenNotFound,
"Refresh accessToken was not found.");
}
refreshToken.Revoke();
await RefreshTokenRepository.UpdateAndSaveAsync(refreshToken);
return(Unit.Value);
}
public IActionResult Refresh([FromBody] string refreshToken)
{
if (string.IsNullOrWhiteSpace(refreshToken))
{
return(BadRequest("The specified token is blank."));
}
if (!TokenValidator.TryParseAndValidateToken(refreshToken, out JwtSecurityToken parsedRefreshJwt))
{
return(Unauthorized());
}
var refreshTokenIdString = parsedRefreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault()?.Value;
if (string.IsNullOrEmpty(refreshTokenIdString))
{
return(Unauthorized());
}
if (!Guid.TryParse(refreshTokenIdString, out Guid refreshTokenId))
{
return(Unauthorized());
}
var refreshTokenRecord = RefreshTokenRepository.Get(refreshTokenId);
if (refreshTokenRecord == default(RefreshToken) || refreshTokenRecord.Expires <= DateTime.UtcNow)
{
return(Unauthorized());
}
var account = AccountRepository.Get(refreshTokenRecord.AccountId);
if (account == default(Account))
{
return(Unauthorized());
}
var accessJwt = TokenFactory.GetAccessToken(account, refreshTokenRecord.Id);
var refreshJwt = TokenFactory.GetRefreshToken(refreshTokenId, refreshTokenRecord.Expires, refreshTokenRecord.Issued);
var response = new TokenResponse(accessJwt, refreshJwt);
return(Ok(response));
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("ou:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string hashedTokenId = Utility.GetHash(context.Token);
using (RefreshTokenRepository _refreshTokenRepository = new RefreshTokenRepository())
{
var refreshToken = await _refreshTokenRepository.FindRefreshToken(hashedTokenId);
if (refreshToken != null)
{
context.DeserializeTicket(refreshToken.ProtectedTicket);
await _refreshTokenRepository.RemoveRefreshToken(hashedTokenId);
}
}
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
using (UnitOfWork _uow = new UnitOfWork())
{
var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime");
var token = new RefreshToken()
{
Id = refreshTokenId.GetHash(),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
using (RefreshTokenRepository _repo = new RefreshTokenRepository(_uow))
{
_repo.AddRefreshToken(token);
await _uow.SaveAsync();
}
context.SetToken(refreshTokenId);
}
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string hashedTokenId = context.Token.GetHash();
using(UnitOfWork uow = new UnitOfWork())
{
using (RefreshTokenRepository _repo = new RefreshTokenRepository(uow))
{
var refreshToken = await _repo.FindRefreshToken(hashedTokenId);
if (refreshToken != null)
{
//Get protectedTicket from refreshToken class
context.DeserializeTicket(refreshToken.ProtectedTicket);
var result = await _repo.RemoveRefreshToken(hashedTokenId);
}
}
}
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
using (UnitOfWork _uow = new UnitOfWork())
{
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var token = new RefreshToken()
{
Id = refreshTokenId.GetHash(),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
using (RefreshTokenRepository _repo = new RefreshTokenRepository(_uow))
{
_repo.AddRefreshToken(token);
await _uow.SaveAsync();
}
context.SetToken(refreshTokenId);
}
}
public IActionResult Logout([FromBody] LogoutRequestDTO model)
{
Logger.LogError("Logout method called");
if (!ModelState.IsValid)
{
return(BadRequest(new ModelStateErrorResponseDTO(
HttpStatusCode.BadRequest, ModelState)));
}
var currentUserId = User.FindFirst(ClaimTypes.NameIdentifier).Value;
var token = RefreshTokenRepository
.Get(x => x.RefreshTokenId == model.RefreshToken && x.User.Id == new Guid(currentUserId))
.FirstOrDefault();
if (token != null)
{
RefreshTokenRepository.Delete(model.RefreshToken);
}
return(Ok(new DataResponseDTO <string>("Logout successful")));
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string hashedTokenId = context.Token.GetHash();
using (UnitOfWork uow = new UnitOfWork())
{
using (RefreshTokenRepository _repo = new RefreshTokenRepository(uow))
{
var refreshToken = await _repo.FindRefreshToken(hashedTokenId);
if (refreshToken != null)
{
//Get protectedTicket from refreshToken class
context.DeserializeTicket(refreshToken.ProtectedTicket);
var result = await _repo.RemoveRefreshToken(hashedTokenId);
}
}
}
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["ou:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
using (RefreshTokenRepository _refreshTokenRepository = new RefreshTokenRepository())
{
var refreshTokenLifeTime = context.OwinContext.Get <string>("ou:clientRefreshTokenLifeTime");
var token = new RefreshToken()
{
RefreshTokenId = Utility.GetHash(refreshTokenId),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedOn = DateTime.UtcNow,
ExpiresOn = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedOn;
context.Ticket.Properties.ExpiresUtc = token.ExpiresOn;
token.ProtectedTicket = context.SerializeTicket();
var result = await _refreshTokenRepository.AddRefreshToken(token);
if (result)
{
context.SetToken(refreshTokenId);
}
}
}
