public async Task it_should_add_a_refresh_token(DatabaseEngine engine)
{
// Arrange
await using var container = new DatabaseTestContainerBuilder().Build(engine);
var configuration = new ConfigurationBuilder().For(container).Build(engine);
var manager = new DatabaseManagerBuilder().With(configuration).Build(engine);
var runner = new MigratorRunnerBuilder().With(configuration).Build(engine);
var sut = new UserRepositoryBuilder().With(configuration).Build(engine);
await container.StartAsync();
await manager.EnsureDatabaseCreated();
runner.MigrateUp();
const string username = "******";
var user = new UserBuilder().WithUserName(username).Build();
await sut.CreateAsync(user);
// Act
var persistedUser = await sut.FindByNameAsync(username);
await sut.AssignRefreshToken("some_token", persistedUser !);
// Assert
var result = await sut.FindByNameAsync(username);
result !.RefreshTokens.Should().ContainSingle("some_token");
}
private RefreshTokens BuildRefreshToken(string userId, string clientAppId, string grantType, string authenToSystem, string authorizationCode)
{
var obj = new RefreshTokens();
obj.Id = Guid.NewGuid();
obj.AppAudienceId = clientAppId;
obj.IssuedDateTime = DateTimes.GetCurrentUtcDateTimeInThaiTimeZone(DateTimes.DateTimeFormat.YearMonthDayByDashTHourMinuteSecondByColonZ, DateTimes.LanguageCultureName.ENGLISH_UNITED_STATES, DateTimes.DateTimeUtcOffset.HHMMByColon);
var RefreshTokenExpiryDateTime = DateTime.UtcNow.AddSeconds(Convert.ToDouble(_config["Jwt:RefreshTokenExpires"]));
obj.ExpiryDateTime = DateTimes.ConvertToUtcDateTimeInThaiTimeZone(RefreshTokenExpiryDateTime, DateTimes.DateTimeFormat.YearMonthDayByDashTHourMinuteSecondByColonZ, DateTimes.LanguageCultureName.ENGLISH_UNITED_STATES, DateTimes.DateTimeUtcOffset.HHMMByColon);
obj.GrantType = grantType;
if (grantType == GRANT_TYPE_PASSWORD)
{
obj.ResourceOwnerId = userId;
obj.AuthenToSystem = authenToSystem;
}
if (grantType == GRANT_TYPE_AUTHORIZATION_CODE)
{
obj.AuthorizationCode = authorizationCode;
}
var key = Encoding.UTF8.GetBytes(obj.AppAudienceId);
var message = Encoding.UTF8.GetBytes(obj.Id.ToString("N"));
obj.RefreshToken = ReplaceInvalidCharacterForJwt(Convert.ToBase64String(HashingByHMACSHA256(message, key)));
obj.Status = true;
// Write Generated RefreshToken to AuthDB (For future checking)
var authRefreshToken = _authObj.PutRefreshTokens(obj);
return(obj);
}
/// <summary>
/// Метод добавляет токен в БД
/// </summary>
/// <param name="token"></param>
/// <returns>Возвращает true, если токен добавлен успешно в БД</returns>
public async Task <bool> AddToken(RefreshTokens token)
{
try
{
// Сперва ищем токен в БД по айди юзера
var searchedtoken = await DbUsers.db.RefreshTokens.FirstOrDefaultAsync(i => i.IdUser == token.IdUser && i.IsActive == true);
// Если токен найден, то необходимо обновить состояние токена на false, а также создать новый
if (searchedtoken != null)
{
searchedtoken.IsActive = false;
}
// Далее добавляем новый токен, а так-же сохраняем БД
await DbUsers.db.RefreshTokens.AddAsync(token);
await DbUsers.db.SaveChangesAsync();
return(true); // True, т.к. токен добавлен в БД
}
catch (Exception)
{
return(false); // false, т.к. невозможно добавить токен в БД
}
}
public async Task <Jwt> SignIn(string email, string password)
{
var user = await _db.Users.SingleOrDefaultAsync(u => u.Email == email);
if (user == null)
{
throw new Exception("Wrong email");
}
var comparisonResult = _passwordHasher.VerifyHashedPassword(user, user.Password, password);
if (comparisonResult == PasswordVerificationResult.Failed)
{
throw new Exception("Wrong password");
}
var jwt = _jwtHandler.Create(user);
var refreshToken = new RefreshTokens {
Token = _passwordHasher.HashPassword(user, Guid.NewGuid().ToString()).Replace("+", string.Empty).Replace("=", string.Empty).Replace("/", string.Empty),
UserId = user.UserId,
Revoked = false,
TimeCreated = DateTime.UtcNow
};
_db.RefreshTokens.Add(refreshToken);
await _db.SaveChangesAsync();
jwt.RefreshToken = refreshToken.Token;
return(jwt);
}
public async Task <TokenDto> SignIn(SignInDto signInDto)
{
var user = await userRepository.FindByLoginAsync(signInDto.Email);
TokenDto tokenDto = new TokenDto();
if (user == null || user.StatusOfVerification == "Processing" || user.StatusOfVerification == "Blocked")
{
tokenDto.Code = 401;
return(tokenDto);
}
if (signInDto.Email != user.Email || !VerifyPassword(signInDto.Password, user.HashPassword, user.Salt))
{
tokenDto.Code = 401;
return(tokenDto);
}
//Return two tokens Access, Refresh
tokenDto.Name = user.FirstName;
tokenDto.Code = 200;
tokenDto.AccessToken = token.GenerateToken(user);
tokenDto.RefreshToken = token.RefreshGenerateToken();
//Save To database Refresh token
RefreshTokens refreshToken = new RefreshTokens(tokenDto.RefreshToken, user.Id, true);
refreshRepository.Create(refreshToken);
await refreshRepository.SaveChangesAsync();
return(tokenDto);
}
public void RemoveRefreshToken(string refreshToken)
{
var token = RefreshTokens.SingleOrDefault(t => t.Token == refreshToken);
if (token != null)
{
RefreshTokens.Remove(token);
}
}
public async Task <UserDto> Handle(CurrentUserCommand request, CancellationToken cancellationToken)
{
var token = AppContext.Current.Request.Headers[HeaderNames.Authorization].ToString().Replace("Bearer ", "");
var refreshToken = AppContext.Current.Request.Cookies[Constants.RefreshToken];
var principal = _jwtGenerator.GetPrincipalFromExpiredToken(token);
var username = principal.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value;
var user = await _context.Users
.Where(x => x.UserName == username)
.Include(x => x.RefreshTokens)
.SingleOrDefaultAsync(x => x.RefreshTokens.Any(y => y.Token == refreshToken),
cancellationToken);
if (user == null)
{
ThrowUnauthorized();
}
var oldToken = user !.RefreshTokens.SingleOrDefault(x => x.Token == refreshToken);
if (oldToken != null && !oldToken.IsActive)
{
ThrowUnauthorized();
}
if (oldToken != null)
{
oldToken.Revoked = DateTime.UtcNow;
}
var newRefreshToken = _jwtGenerator.GenerateRefreshToken(user);
await _context.RefreshTokens.AddAsync(newRefreshToken, cancellationToken);
var revokedTokens = user.RefreshTokens.Where(x => x.IsExpired);
_context.RefreshTokens.RemoveRange(revokedTokens);
var success = await _context.SaveChangesAsync(cancellationToken) > 0;
if (success)
{
_cookieService.SetTokenCookie(newRefreshToken.Token);
return(new UserDto
{
UserName = user.UserName,
Token = _jwtGenerator.GenerateAccessToken(user),
RefreshToken = newRefreshToken.Token
});
}
throw new Exception(Constants.ServerSavingError);
}
public async Task <IActionResult> Refresh_Token(CancellationToken cancellationToken)
{
var command = new RefreshTokens {
RefreshToken = _cookieFactory.GetRefreshTokenFromCookie(this)
};
var token = await _mediator.Send(command, cancellationToken);
_cookieFactory.SetResponseRefreshTokenCookie(this, token.RefreshToken);
return(Accepted(token));
}
public async Task <bool> RemoveRefreshToken(string refreshToken)
{
var refreshTokenModel = await RefreshTokens.SingleAsync(i => i.Token == refreshToken);
if (refreshToken != null)
{
RefreshTokens.Remove(refreshTokenModel);
return(await SaveChangesAsync() > 0);
}
return(false);
}
public void InsertNew(RefreshToken token)
{
var tokenModel = RefreshTokens.SingleOrDefault(i => i.UserId == token.UserId);
if (tokenModel != null)
{
RefreshTokens.Remove(tokenModel);
SaveChanges();
}
RefreshTokens.Add(token);
SaveChanges();
}
/// <summary>
/// Save Refresh token to database
/// </summary>
/// <param name="id"></param>
/// <param name="refreshtoken"></param>
/// <param name="isvalid"></param>
/// <returns>return model TokenDto</returns>
public async Task <TokenDto> SaveRefreshTokenAsync(int id, string refreshtoken, bool isvalid)
{
RefreshTokens refresh = new RefreshTokens(refreshtoken, id, isvalid);
refreshRepository.Create(refresh);
await refreshRepository.SaveChangesAsync();
return(new TokenDto()
{
RefreshToken = refresh.Refresh
});
}
public async Task <IActionResult> Login(LoginAccountDto model)
{
var user = await _userManager.FindByNameAsync(model.UserName);
if (user == null)
{
throw new AppException("Wrong user or password!");
}
var emailConfirmation = await _userManager.IsEmailConfirmedAsync(user);
if (emailConfirmation == false)
{
throw new AppException("Precisas de confirmar o teu registo para continuar. Por favor confirma o teu email!");
}
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, isPersistent : false, lockoutOnFailure : true);
//if (!result.Succeeded)
// throw new AppException("Wrong user or password!");
await UserIsLockoutAsync(user, result);
await _userManager.ResetAccessFailedCountAsync(user);
var token = await GetJwtSecurityToken(user);
if (token == null)
{
throw new AppException("Error generating Token!");
}
var refreshToken = new RefreshTokens
{
Username = user.UserName,
Token = GenerateRefreshToken(user).Token,
Revoked = false,
IpAdress = _httpContext.HttpContext.Connection.RemoteIpAddress.ToString(),
};
_context.RefreshTokens.Add(refreshToken);
_context.SaveChanges();
return(Ok(new
{
message = "Login Successful!",
access_token = new JwtSecurityTokenHandler().WriteToken(token),
expiration = token.ValidTo,
refresh_token = refreshToken.Token,
}));
}
public async Task <bool> AddRefreshToken(RefreshToken token)
{
var existingToken = RefreshTokens.Where(r => r.UserId == token.UserId).SingleOrDefault();
if (existingToken != null)
{
var result = await RemoveRefreshToken(existingToken);
}
RefreshTokens.Add(token);
return(await SaveChangesAsync() > 0);
}
public async Task UpdateRefreshTokenCheckWhenRefreshTokenNull_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1
};
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(null); });
HttpStatusCodeException ex = await Assert.ThrowsExceptionAsync <HttpStatusCodeException>(() => _refreshTokenService.UpdateRefreshTokenAsync(refreshTokenInitialize.Id, RefreshToken, UserId, DaysToExpire));
Assert.AreEqual("Such refresh token doesn't exist", ex.Message);
}
// PUT https://undone-auth.firebaseio.com/RefreshTokens/<UNIQUE_ID>.json?access_token=<ACCESS_TOKEN>
public async Task <HttpResponseMessage> PutRefreshTokens(RefreshTokens token)
{
var client = new HttpClient();
client.BaseAddress = new Uri(projectUrl);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
var jsonString = JsonConvert.SerializeObject(token);
var uniqueId = token.RefreshToken;
var response = await client.PutAsync("RefreshTokens/" + uniqueId + ".json?access_token=" + accessToken, new StringContent(jsonString, Encoding.UTF8, "application/json"));
return(response);
}
/// <summary>
/// Метод, который возвращает Refresh-токен
/// </summary>
/// <param name="token"></param>
/// <returns>Возвращает RefreshToken из базы данных</returns>
public async Task <RefreshTokens> GetToken(RefreshTokens token)
{
// Ищем токен
var searchedtoken = await DbUsers.db.RefreshTokens.FirstOrDefaultAsync(i => i.TokenRefresh == token.TokenRefresh);
// Если дата токена вышла (или он неактивен), то не возвращай токен
if (searchedtoken.DateLifeEnd < DateTime.Now || searchedtoken.IsActive == false)
{
return(null);
}
// Иначе, если дата токена не истекла, а также он активен, то верни токен
return(searchedtoken);
}
public async Task <RefreshTokens> AddRefreshToken(RefreshTokens token)
{
var existingToken = db.RefreshTokens.SingleOrDefault(x => x.Subject == token.Subject && x.ClientId == token.ClientId);
if (existingToken != null)
{
var result = await RemoveRefreshToken(existingToken);
}
token.Id = Guid.NewGuid().ToString("n");
db.RefreshTokens.Add(token);
await db.SaveChangesAsync();
return(token);
}
public async Task CheckRefreshTokenInactive_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1,
IsActive = false,
};
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(refreshTokenInitialize); });
var ex = await Assert.ThrowsExceptionAsync <HttpStatusCodeException>(() => _refreshTokenService.CheckRefreshTokenAsync(RefreshToken));
Assert.AreEqual("Such refresh token is inactive", ex.Message);
Assert.AreEqual(HttpStatusCode.Unauthorized, ex.StatusCode);
}
public async Task CheckRefreshTokenDaysToExpireInactive_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1,
IsActive = true,
DaysToExpire = Convert.ToDateTime("13.07.2019 11:45:12")
};
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(refreshTokenInitialize); });
var ex = await Assert.ThrowsExceptionAsync <HttpStatusCodeException>(() => _refreshTokenService.CheckRefreshTokenAsync(_refreshTokenModel.RefreshToken));
Assert.AreEqual("Days to expire of refresh token is inactive", ex.Message);
Assert.AreEqual(HttpStatusCode.Unauthorized, ex.StatusCode);
}
public bool IsValidRefreshToken(string refreshToken)
{
//TODO: needs refactor
var token = RefreshTokens.SingleOrDefault(t => t.Token == refreshToken);
if (token == null)
{
return(false);
}
if (token.IsActive)
{
return(true);
}
RefreshTokens.Remove(token);
return(false);
}
public async Task GetAsyncCheckWhenRefreshTokenNotNull_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1,
UserId = 91,
IsActive = true,
RefreshToken = "4wjRDjmSi9YfgFYAVM2QWjJxY8w1Ao6U7S6ZWX9VDCQ=",
DaysToExpire = DateTime.Now.AddDays(1)
};
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(refreshTokenInitialize); });
var result = await _refreshTokenService.GetAsync(RefreshToken);
Assert.AreEqual(typeof(RefreshTokenDTO), result.GetType());
}
private RefreshTokens GenerateRefreshToken(UserEntity user)
{
var result = _passwordHasher.HashPassword(user, Guid.NewGuid().ToString())
.Replace("+", string.Empty)
.Replace("=", string.Empty)
.Replace("/", string.Empty);
var refreshToken = new RefreshTokens
{
Username = user.UserName,
Token = result,
Revoked = false,
IpAdress = _httpContext.HttpContext.Connection.RemoteIpAddress.ToString(),
};
return(refreshToken);
}
public async Task LogOut(string RefreshToken)
{
if (!_context.RefreshTokens.Any(x => x.Token == RefreshToken))
{
throw new AppException("Invalid Refresh Token!");
}
try
{
RefreshTokens NewRefreshToken = _context.RefreshTokens.Single(x => x.Token == RefreshToken);
NewRefreshToken.Revoked = true;
_context.RefreshTokens.Update(NewRefreshToken);
await _context.SaveChangesAsync();
}
catch (ArgumentNullException) { throw new AppException("Nao foi encontrado nenhum token!"); }
catch (InvalidOperationException) { throw new AppException("Existe mais que um token!"); }
catch (DbUpdateException) { throw new AppException("Foi encontrado um erro ao gravar o token na base de dados!"); }
}
public ActionResult <Response <string> > Logout([FromBody] RefreshTokens tokens)
{
var token = (
from refresh in this.__context.Tokens
// where refresh.Token == tokens.RefreshToken
select refresh
).FirstOrDefault();
this.__context.Remove(token);
this.__context.SaveChanges();
return(Ok(
new Response <string>()
{
Data = "You are logged out",
Success = true
}
));
}
public void UpdateRefreshTokenCheckWhenRefreshTokenNotNull_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1,
UserId = 91,
IsActive = true,
RefreshToken = "4wjRDjmSi9YfgFYAVM2QWjJxY8w1Ao6U7S6ZWX9VDCQ=",
DaysToExpire = DateTime.Now.AddDays(1)
};
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(refreshTokenInitialize); });
_refreshTokenRepositoryMock.Setup(repo => repo.UpdateAsync(refreshTokenInitialize)).Returns(async() => { return(refreshTokenInitialize); });
var result = _refreshTokenService.UpdateRefreshTokenAsync(refreshTokenInitialize.Id, RefreshToken, UserId, DaysToExpire);
Assert.IsTrue(result.IsCompleted);
}
public ActionResult <Response <RefreshTokens> > Refresh([FromBody] RefreshTokens tokens)
{
var jwttoken = new JwtSecurityToken(tokens.JwtToken);
var userId = Int32.Parse(jwttoken.Claims.Where(x => x.Type == ClaimTypes.NameIdentifier).FirstOrDefault()?.Value);
var newTokens = this.userServices.CheckRefreshToken(userId, tokens.RefreshToken, tokens.JwtToken);
if (newTokens != null)
{
return(Ok(
new Response <RefreshTokens>()
{
Data = newTokens,
Success = true
}
));
}
return(Unauthorized());
}
/// <summary>
/// Метод, который делает рефреш токена
/// </summary>
/// <param name="token"></param>
/// <returns>Возвращает обновленный Acess токен</returns>
public async Task <RefreshTokens> RefreshToken(RefreshTokens token)
{
// Обращаемся в БД и удостоверяемся, что рефреш токен правильный.
var SearchedToken = await tokensService.GetToken(token);
// Если токен не нашли, то верни null
if (SearchedToken == null)
{
return(null);
}
// Иначе, если токен найден, то сгенерируй новый AcessToken
SearchedToken.TokenAcess = await GenerateJWT(await _userManager.FindByIdAsync(SearchedToken.IdUser)); // Генерируем новый Acess Токен
// А также сбросить аутентификационные куки
var removed = await UnLoginUser(await _userManager.FindByIdAsync(SearchedToken.IdUser));
return(SearchedToken); // Возвращаем обновленный Acess токен
}
public async Task CheckRefreshTokenCheckUserIsNotExist_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1,
UserId = 91,
IsActive = true,
RefreshToken = "4wjRDjmSi9YfgFYAVM2QWjJxY8w1Ao6U7S6ZWX9VDCQ=",
DaysToExpire = DateTime.Now.AddDays(1)
};
_userService.Setup(service => service.GetByIdAsync(UserId)).Returns(async() => { return(null); });
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(refreshTokenInitialize); });
var ex = await Assert.ThrowsExceptionAsync <HttpStatusCodeException>(() => _refreshTokenService.CheckRefreshTokenAsync(_refreshTokenModel.RefreshToken));
Assert.AreEqual("Such user doesn't exist", ex.Message);
Assert.AreEqual(HttpStatusCode.NotFound, ex.StatusCode);
}
public async Task CheckRefreshTokenCheckReturnOK_Test()
{
refreshTokenInitialize = new RefreshTokens()
{
Id = 1,
UserId = 91,
IsActive = true,
RefreshToken = "4wjRDjmSi9YfgFYAVM2QWjJxY8w1Ao6U7S6ZWX9VDCQ=",
DaysToExpire = DateTime.Now.AddDays(1)
};
_refreshTokenRepositoryMock.Setup(repo => repo.GetAsync(It.IsAny <System.Linq.Expressions.Expression <Func <RefreshTokens, bool> > >())).Returns(async() => { return(refreshTokenInitialize); });
_userService.Setup(service => service.GetByIdAsync(UserId)).Returns(async() => { return(_applicationUserDTO); });
var actionResult = await _refreshTokenService.CheckRefreshTokenAsync(_refreshTokenModel.RefreshToken);
Assert.AreEqual(typeof(TokensResponse), actionResult.GetType());
Assert.IsNotNull(actionResult);
}
/// <summary>
/// Метод аутентификации, который возвращает JWT токен (При каждой аутентификации генерируется новый JWT токен)
/// </summary>
/// <param name="username">Логин</param>
/// <param name="password">Пароль</param>
/// <returns>Возвращает RefreshToken</returns>
public async Task <RefreshTokens> Authenticate(string username, string password)
{
// Ищем пользователя по email
User user = await _userManager.FindByEmailAsync(username);
// Если пользователь не найден, верни ошибку о том, что такого юзера нет
if (user == null)
{
return(null);
}
// Иначе, пользователь найден, тогда надо сбросить куки
var removed = await UnLoginUser(user);
// Далее проходим авторизацию
var result = await _signInManager.CheckPasswordSignInAsync(user, password, false);
// Если авторизация не прошла успешно, то верни null
if (!result.Succeeded)
{
return(null);
}
// Теперь генерируем данные для RefreshToken'a
var encodedJwt = await GenerateJWT(user); // JWT AcessToken
var RefreshToken = GenerateRefreshToken(); // RefreshToken
RefreshTokens token = new RefreshTokens {
TokenAcess = encodedJwt, IdUser = user.Id, TokenRefresh = RefreshToken, DateLifeStart = DateTime.Now, DateLifeEnd = DateTime.Now.AddDays(10), IsActive = true
};
// Добавляем этот токен в хранилище RefreshToken'ов
var added = await tokensService.AddToken(token);
return(token); // Возвращаем токен
}
