public ActionResult <RefreshRequest> Refresh([FromBody] RefreshRequest refreshRequest)
{
DealingWithRefreshToken dealingWithRefreshToken = new DealingWithRefreshToken();
string refreshToken = Request.Headers["Authorization"].ToString().Split(" ")[1];
refreshRequest.RefreshToken = refreshToken;
int userId = dealingWithRefreshToken.GetUserIdFromAccessToken(refreshRequest.AccessToken, _jwtSettings.SecretKey);
Users userFromDbViaAccessToken = _context.Users.FirstOrDefault(u => u.Id == userId);
TblRefreshToken refreshTokenUser = _context.TblRefreshToken
.Where(rt => rt.RefreshToken == refreshToken)
.OrderByDescending(x => x.ExpiryDate)
.FirstOrDefault();
if (userFromDbViaAccessToken != null && dealingWithRefreshToken.ValidateRefreshToken(refreshTokenUser, userFromDbViaAccessToken, refreshToken))
{
UserDTO userWithTokens = _mapper.Map <UserDTO>(userFromDbViaAccessToken);
userWithTokens.Token = GenerateJWT.CreateJWT(userFromDbViaAccessToken.Id, _jwtSettings.SecretKey, DateTime.UtcNow.AddSeconds(_expiryTimeSeconds));
RefreshRequest userTokens = new RefreshRequest();
var userFromDb = _context.TblRefreshToken.FirstOrDefault(x => x.User.RegistrationToken == refreshRequest.AccessToken);
userFromDb.User.RegistrationToken = userWithTokens.Token;
string newRefreshToken = Guid.NewGuid().ToString();
userFromDb.RefreshToken = newRefreshToken;
_context.SaveChanges();
userTokens.AccessToken = userWithTokens.Token;
userTokens.RefreshToken = newRefreshToken;
return(Ok(userTokens));
}
return(null);
}
public async Task <ActionResult <UserWithToken> > Login([FromBody] TblUser user)
{
user = await _context.TblUsers.Include(u => u.Role)
.Where(u => u.Login == user.Login &&
u.Password == user.Password).FirstOrDefaultAsync();
UserWithToken userWithToken = null;
if (user != null)
{
TblRefreshToken refreshToken = GenerateRefreshToken();
user.TblRefreshTokens.Add(refreshToken);
await _context.SaveChangesAsync();
userWithToken = new UserWithToken(user);
userWithToken.RefreshToken = refreshToken.Token;
}
if (userWithToken == null)
{
return(NotFound());
}
//sign your token here here..
userWithToken.AccessToken = GenerateAccessToken(user.Id);
return(userWithToken);
}
public async Task <ActionResult <UserWithToken> > RegisterUser([FromBody] TblUser user)
{
user.Password = _crypto.GenerateSaltedHash(Encoding.ASCII.GetBytes(user.Password), Encoding.ASCII.GetBytes(_salt));
_context.TblUsers.Add(user);
await _context.SaveChangesAsync();
//load role for registered user
user = await _context.TblUsers.Include(u => u.Role)
.Where(u => u.Id == user.Id).FirstOrDefaultAsync();
UserWithToken userWithToken = null;
if (user != null)
{
TblRefreshToken refreshToken = GenerateRefreshToken();
user.TblRefreshTokens.Add(refreshToken);
await _context.SaveChangesAsync();
userWithToken = new UserWithToken(user);
userWithToken.RefreshToken = refreshToken.Token;
}
if (userWithToken == null)
{
return(NotFound());
}
//sign your token here here..
userWithToken.AccessToken = GenerateAccessToken(user.Id);
return(userWithToken);
}
public async Task <ActionResult <UserDTO> > Login([FromBody] LoginDTO userClaims)
{
DealingWithRefreshToken dealingWithRefreshToken = new DealingWithRefreshToken();
Users user = _loginRepository.GetUserOrDefault(userClaims);
if (user == null)
{
return(BadRequest(new { message = "Username or password is incorrect..." }));
}
UserDTO userDTO = _mapper.Map <UserDTO>(user);
TblRefreshToken refreshToken = dealingWithRefreshToken.GenerateRefreshToken(_expiryTimeSeconds);
user.TblRefreshToken.Add(refreshToken);
var tokenHandler = new JwtSecurityTokenHandler();
string accessToken = GenerateJWT.CreateJWT(userDTO.Id, _jwtSettings.SecretKey, DateTime.UtcNow.AddSeconds(_expiryTimeSeconds));
userDTO.RefreshToken = refreshToken.RefreshToken;
userDTO.Token = accessToken;
user.RegistrationToken = accessToken;
await _context.SaveChangesAsync();
return(userDTO);
}
public TblRefreshToken GenerateRefreshToken(int _expiryTimeSeconds)
{
TblRefreshToken refreshToken = new TblRefreshToken();
refreshToken.RefreshToken = Guid.NewGuid().ToString();
refreshToken.ExpiryDate = DateTime.UtcNow.AddSeconds(_expiryTimeSeconds); //TODO Change the expiry time
return(refreshToken);
}
public bool ValidateRefreshToken(TblRefreshToken refreshTokenUser, Users userFromDbViaAccessToken, string refreshToken)
{
if (refreshTokenUser != null && refreshTokenUser.UserId == userFromDbViaAccessToken.Id &&
refreshTokenUser.ExpiryDate > DateTime.UtcNow)
{
return(true);
}
return(false);
}
public void SaveRefreshToken(SaveRefreshTokenDTO tokenDto)
{
TblRefreshToken tblRefreshToken = new TblRefreshToken
{
ExpiryDate = DateTime.Now.AddMinutes(tokenDto.ExpiryMinute),
RefreshToken = tokenDto.RefreshToken,
UserId = tokenDto.UserId
};
db_Evoucher.TblRefreshToken.Add(tblRefreshToken);
DeleteExpiryRefreshToken();
db_Evoucher.SaveChanges();
}
private TblRefreshToken GenerateRefreshToken()
{
TblRefreshToken refreshToken = new TblRefreshToken();
var randomNumber = new byte[32];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(randomNumber);
refreshToken.Token = Convert.ToBase64String(randomNumber);
}
refreshToken.ExpiryDate = DateTime.UtcNow.AddMonths(6);
return(refreshToken);
}
