public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenDTO model)
{
Logger.LogError("RefreshToken method called");
if (!ModelState.IsValid)
{
return(BadRequest(new ModelStateErrorResponseDTO(HttpStatusCode.BadRequest, ModelState)));
}
var user = await UserManager.FindByIdAsync(model.UserId);
if (user == null || user.ShouldDelete)
{
return(NotFound(new ErrorResponseDTO(HttpStatusCode.NotFound,
new string[] { "The user was not found" })));
}
var token = RefreshTokenRepository
.Get(x => x.RefreshTokenId == model.RefreshToken && x.ExpiryTime > DateTime.UtcNow)
.FirstOrDefault();
if (token != null)
{
RefreshTokenRepository.Delete(model.RefreshToken);
return(Ok(GetJWTToken(user)));
}
return(BadRequest(new ErrorResponseDTO(HttpStatusCode.BadRequest,
new string[] { "The token is invalid" })));
}
private Property Deleteable(RefreshToken token, RefreshTokenRepository tokens)
{
tokens.Delete(token);
var equal = tokens.Get(token.AccountId) == null;
return(equal.ToProperty());
}
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var refreshToken = _refreshTokenRepository.Read().FirstOrDefault(e => e.TokenId == context.Token);
if (refreshToken != null)
{
context.DeserializeTicket(refreshToken.ProtectedTicket);
_refreshTokenRepository.Delete(refreshToken.Id);
}
}
private void PurgeExpiredRefreshTokensFor(Guid accountId)
{
var expiredRecords = RefreshTokenRepository.GetAll(new RefreshTokenFilters {
AccountId = accountId
})
.Where(r => r.Expires < DateTime.UtcNow);
foreach (var record in expiredRecords)
{
RefreshTokenRepository.Delete(record.Id);
}
}
public IActionResult Logout()
{
var refreshTokenIdString = User?.Claims?.Where(c => c.Type == "jti")?.SingleOrDefault()?.Value;
if (Guid.TryParse(refreshTokenIdString, out var refreshTokenId))
{
RefreshTokenRepository.Delete(refreshTokenId);
return(NoContent());
}
return(StatusCode(500, new Exception($"The 'jti' claim is missing or contains an invalid id ({refreshTokenIdString}).")));
}
public IActionResult Logout([FromBody] LogoutRequestDTO model)
{
Logger.LogError("Logout method called");
if (!ModelState.IsValid)
{
return(BadRequest(new ModelStateErrorResponseDTO(
HttpStatusCode.BadRequest, ModelState)));
}
var currentUserId = User.FindFirst(ClaimTypes.NameIdentifier).Value;
var token = RefreshTokenRepository
.Get(x => x.RefreshTokenId == model.RefreshToken && x.User.Id == new Guid(currentUserId))
.FirstOrDefault();
if (token != null)
{
RefreshTokenRepository.Delete(model.RefreshToken);
}
return(Ok(new DataResponseDTO <string>("Logout successful")));
}
