public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenDTO model) { Logger.LogError("RefreshToken method called"); if (!ModelState.IsValid) { return(BadRequest(new ModelStateErrorResponseDTO(HttpStatusCode.BadRequest, ModelState))); } var user = await UserManager.FindByIdAsync(model.UserId); if (user == null || user.ShouldDelete) { return(NotFound(new ErrorResponseDTO(HttpStatusCode.NotFound, new string[] { "The user was not found" }))); } var token = RefreshTokenRepository .Get(x => x.RefreshTokenId == model.RefreshToken && x.ExpiryTime > DateTime.UtcNow) .FirstOrDefault(); if (token != null) { RefreshTokenRepository.Delete(model.RefreshToken); return(Ok(GetJWTToken(user))); } return(BadRequest(new ErrorResponseDTO(HttpStatusCode.BadRequest, new string[] { "The token is invalid" }))); }
private Property Deleteable(RefreshToken token, RefreshTokenRepository tokens) { tokens.Delete(token); var equal = tokens.Get(token.AccountId) == null; return(equal.ToProperty()); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var refreshToken = _refreshTokenRepository.Read().FirstOrDefault(e => e.TokenId == context.Token); if (refreshToken != null) { context.DeserializeTicket(refreshToken.ProtectedTicket); _refreshTokenRepository.Delete(refreshToken.Id); } }
private void PurgeExpiredRefreshTokensFor(Guid accountId) { var expiredRecords = RefreshTokenRepository.GetAll(new RefreshTokenFilters { AccountId = accountId }) .Where(r => r.Expires < DateTime.UtcNow); foreach (var record in expiredRecords) { RefreshTokenRepository.Delete(record.Id); } }
public IActionResult Logout() { var refreshTokenIdString = User?.Claims?.Where(c => c.Type == "jti")?.SingleOrDefault()?.Value; if (Guid.TryParse(refreshTokenIdString, out var refreshTokenId)) { RefreshTokenRepository.Delete(refreshTokenId); return(NoContent()); } return(StatusCode(500, new Exception($"The 'jti' claim is missing or contains an invalid id ({refreshTokenIdString})."))); }
public IActionResult Logout([FromBody] LogoutRequestDTO model) { Logger.LogError("Logout method called"); if (!ModelState.IsValid) { return(BadRequest(new ModelStateErrorResponseDTO( HttpStatusCode.BadRequest, ModelState))); } var currentUserId = User.FindFirst(ClaimTypes.NameIdentifier).Value; var token = RefreshTokenRepository .Get(x => x.RefreshTokenId == model.RefreshToken && x.User.Id == new Guid(currentUserId)) .FirstOrDefault(); if (token != null) { RefreshTokenRepository.Delete(model.RefreshToken); } return(Ok(new DataResponseDTO <string>("Logout successful"))); }