public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenDTO model) { Logger.LogError("RefreshToken method called"); if (!ModelState.IsValid) { return(BadRequest(new ModelStateErrorResponseDTO(HttpStatusCode.BadRequest, ModelState))); } var user = await UserManager.FindByIdAsync(model.UserId); if (user == null || user.ShouldDelete) { return(NotFound(new ErrorResponseDTO(HttpStatusCode.NotFound, new string[] { "The user was not found" }))); } var token = RefreshTokenRepository .Get(x => x.RefreshTokenId == model.RefreshToken && x.ExpiryTime > DateTime.UtcNow) .FirstOrDefault(); if (token != null) { RefreshTokenRepository.Delete(model.RefreshToken); return(Ok(GetJWTToken(user))); } return(BadRequest(new ErrorResponseDTO(HttpStatusCode.BadRequest, new string[] { "The token is invalid" }))); }
private Property Deleteable(RefreshToken token, RefreshTokenRepository tokens) { tokens.Delete(token); var equal = tokens.Get(token.AccountId) == null; return(equal.ToProperty()); }
public IActionResult Refresh([FromBody] string refreshToken) { if (string.IsNullOrWhiteSpace(refreshToken)) { return(BadRequest("The specified token is blank.")); } if (!TokenValidator.TryParseAndValidateToken(refreshToken, out JwtSecurityToken parsedRefreshJwt)) { return(Unauthorized()); } var refreshTokenIdString = parsedRefreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault()?.Value; if (string.IsNullOrEmpty(refreshTokenIdString)) { return(Unauthorized()); } if (!Guid.TryParse(refreshTokenIdString, out Guid refreshTokenId)) { return(Unauthorized()); } var refreshTokenRecord = RefreshTokenRepository.Get(refreshTokenId); if (refreshTokenRecord == default(RefreshToken) || refreshTokenRecord.Expires <= DateTime.UtcNow) { return(Unauthorized()); } var account = AccountRepository.Get(refreshTokenRecord.AccountId); if (account == default(Account)) { return(Unauthorized()); } var accessJwt = TokenFactory.GetAccessToken(account, refreshTokenRecord.Id); var refreshJwt = TokenFactory.GetRefreshToken(refreshTokenId, refreshTokenRecord.Expires, refreshTokenRecord.Issued); var response = new TokenResponse(accessJwt, refreshJwt); return(Ok(response)); }
public IActionResult Logout([FromBody] LogoutRequestDTO model) { Logger.LogError("Logout method called"); if (!ModelState.IsValid) { return(BadRequest(new ModelStateErrorResponseDTO( HttpStatusCode.BadRequest, ModelState))); } var currentUserId = User.FindFirst(ClaimTypes.NameIdentifier).Value; var token = RefreshTokenRepository .Get(x => x.RefreshTokenId == model.RefreshToken && x.User.Id == new Guid(currentUserId)) .FirstOrDefault(); if (token != null) { RefreshTokenRepository.Delete(model.RefreshToken); } return(Ok(new DataResponseDTO <string>("Logout successful"))); }