public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenDTO model)
{
Logger.LogError("RefreshToken method called");
if (!ModelState.IsValid)
{
return(BadRequest(new ModelStateErrorResponseDTO(HttpStatusCode.BadRequest, ModelState)));
}
var user = await UserManager.FindByIdAsync(model.UserId);
if (user == null || user.ShouldDelete)
{
return(NotFound(new ErrorResponseDTO(HttpStatusCode.NotFound,
new string[] { "The user was not found" })));
}
var token = RefreshTokenRepository
.Get(x => x.RefreshTokenId == model.RefreshToken && x.ExpiryTime > DateTime.UtcNow)
.FirstOrDefault();
if (token != null)
{
RefreshTokenRepository.Delete(model.RefreshToken);
return(Ok(GetJWTToken(user)));
}
return(BadRequest(new ErrorResponseDTO(HttpStatusCode.BadRequest,
new string[] { "The token is invalid" })));
}
private Property Deleteable(RefreshToken token, RefreshTokenRepository tokens)
{
tokens.Delete(token);
var equal = tokens.Get(token.AccountId) == null;
return(equal.ToProperty());
}
public IActionResult Refresh([FromBody] string refreshToken)
{
if (string.IsNullOrWhiteSpace(refreshToken))
{
return(BadRequest("The specified token is blank."));
}
if (!TokenValidator.TryParseAndValidateToken(refreshToken, out JwtSecurityToken parsedRefreshJwt))
{
return(Unauthorized());
}
var refreshTokenIdString = parsedRefreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault()?.Value;
if (string.IsNullOrEmpty(refreshTokenIdString))
{
return(Unauthorized());
}
if (!Guid.TryParse(refreshTokenIdString, out Guid refreshTokenId))
{
return(Unauthorized());
}
var refreshTokenRecord = RefreshTokenRepository.Get(refreshTokenId);
if (refreshTokenRecord == default(RefreshToken) || refreshTokenRecord.Expires <= DateTime.UtcNow)
{
return(Unauthorized());
}
var account = AccountRepository.Get(refreshTokenRecord.AccountId);
if (account == default(Account))
{
return(Unauthorized());
}
var accessJwt = TokenFactory.GetAccessToken(account, refreshTokenRecord.Id);
var refreshJwt = TokenFactory.GetRefreshToken(refreshTokenId, refreshTokenRecord.Expires, refreshTokenRecord.Issued);
var response = new TokenResponse(accessJwt, refreshJwt);
return(Ok(response));
}
public IActionResult Logout([FromBody] LogoutRequestDTO model)
{
Logger.LogError("Logout method called");
if (!ModelState.IsValid)
{
return(BadRequest(new ModelStateErrorResponseDTO(
HttpStatusCode.BadRequest, ModelState)));
}
var currentUserId = User.FindFirst(ClaimTypes.NameIdentifier).Value;
var token = RefreshTokenRepository
.Get(x => x.RefreshTokenId == model.RefreshToken && x.User.Id == new Guid(currentUserId))
.FirstOrDefault();
if (token != null)
{
RefreshTokenRepository.Delete(model.RefreshToken);
}
return(Ok(new DataResponseDTO <string>("Logout successful")));
}
