public async Task <IActionResult> Refresh(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = GetPrincipalFromExpiredToken(accessToken);
var username = principal.Identity.Name; //this is mapped to the Name claim by default
var user = _userManager.Users.SingleOrDefault(u => u.UserName == username);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var roles = await _userManager.GetRolesAsync(user);
var newAccessToken = GenerateJwt(user, roles);
var newRefreshToken = GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
user.RefreshTokenExpiryTime = DateTime.Now.AddMinutes(10);
await _userManager.UpdateAsync(user);
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
public async Task <IActionResult> RefreshToken(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _tokenService.GetPrincipalFromExpiredToken(accessToken);
var username = principal.Identity.Name; //this is mapped to the Name claim by default
_logger.LogInformation(principal.Identity.Name);
var user = await _usersContext.AppUsers.SingleOrDefaultAsync(u => u.UserName == username);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
await _usersContext.SaveChangesAsync();
return(new ObjectResult(new
{
AccessToken = newAccessToken,
RefreshToken = newRefreshToken
}));
}
public IActionResult Refresh(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _tokenManager.GetPrincipalFromExpiredToken(accessToken);
var Id = principal.Identity.Name; //this is mapped to the Name claim by default
var user = _unitOfWork.UserRepository.FirstOrDefault(u => u.Id == Id);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenManager.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenManager.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
_unitOfWork.Save();
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
public async Task <IActionResult> RefreshAsync([FromBody] TokenApiModel tokenApiModel)
{
if (tokenApiModel is null || tokenApiModel.AccessToken == String.Empty || tokenApiModel.RefreshToken == String.Empty)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _tokenService.GetPrincipalFromExpiredToken(accessToken);
var user = await _userService.GetUserFromPrincipalAsync(principal);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
await _userService.UpdateUserAsync(user);
var result = new TokenApiModel(newAccessToken, newRefreshToken);
return(new JsonResult(result));
}
public IActionResult Refresh(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = tokenService.GetPrincipalFromExpiredToken(accessToken);
var username = principal.Identity.Name; //this is mapped to the Name claim by default
var user = userContext.LoginModels.SingleOrDefault(u => u.UserName == username);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
userContext.SaveChanges();
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
public async Task <IActionResult> Refresh(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
var cookies = Request.Cookies;
string accessToken = tokenApiModel.AccessToken;
string refreshToken = cookies.First(o => o.Key == "refreshToken").Value;
var principal = _tokenService.GetPrincipalFromExpiredToken(accessToken);
var username = principal.Identity.Name; //this is mapped to the Name claim by default
var user = _dbContext.AspNetUsers.SingleOrDefault(u => u.Email == username);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = await _tokenService.GenerateRefreshToken(user.Email);
user.RefreshToken = newRefreshToken;
_dbContext.SaveChanges();
setTokenCookie(newRefreshToken);
return(Ok(new
{
accessToken = newAccessToken
}));
}
public IActionResult Refresh(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _tokenService.GetPrincipalFromExpiredToken(accessToken);
var userId = principal.Identity.Name;
var user = _userService.GetById(int.Parse(userId));
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenService.GenerateAccessToken(user);
var newRefreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
_userService.Update(user);
return(Ok(new { accessToken = newAccessToken, refreshToken = newRefreshToken }));
}
public async Task GetToken_ReturnsValue()
{
// Arrange
var token = new TokenApiModel()
{
AccessToken = "1234ExampleToken",
AccessTokenType = "Bearer",
Audience = "https://management.azure.com/",
Authority = "https://login.microsoftonline.com/12345/"
};
var response = new HttpResponse
{
StatusCode = HttpStatusCode.OK,
IsSuccessStatusCode = true,
Content = JsonConvert.SerializeObject(token)
};
this.mockHttpClient
.Setup(x => x.GetAsync(It.IsAny <IHttpRequest>()))
.ReturnsAsync(response);
// Act
var result = await this.client.GetTokenAsync();
// Assert
this.mockHttpClient
.Verify(x => x.GetAsync(It.Is <IHttpRequest>(r => r.Check($"{MOCK_SERVICE_URI}/users/default/token"))), Times.Once);
Assert.Equal(token.AccessToken, result);
}
public async Task <TokenApiModel> GetTokenResponse(HttpResponseMessage response)
{
var jsonMessage = await GetJsonMessage(response);
TokenApiModel tokenResponse = (TokenApiModel)JsonConvert.DeserializeObject
(jsonMessage, typeof(TokenApiModel));
return(tokenResponse);
}
public async Task <string> GetTokenAsync()
{
// Note: The DEFAULT_USER_ID is set to any value. The user management service doesn't
// currently use the user ID information, but if this API is updated in the future, we
// will need to grab the user ID from the request JWT token and pass in here.
var url = $"{this.ServiceUri}/users/{DefaultUserId}/token";
TokenApiModel tokenModel = await this.RequestHelper.ProcessRequestAsync <TokenApiModel>(HttpMethod.Get, url);
return(tokenModel.AccessToken);
}
public async Task UpdateToken(TokenApiModel tokens)
{
await _jSRuntime.SetInLocalStorage(jwtKey, tokens.Token);
await _jSRuntime.SetInLocalStorage(tokenRefreshKey, tokens.RefreshToken);
var authState = BuildAuthenticationState(tokens.Token);
NotifyAuthenticationStateChanged(Task.FromResult(authState));
}
public async Task <IActionResult> Revoke(TokenApiModel tokenApiModel)
{
var apiKeyAuthenticate = APICredentialAuth.APIKeyCheck(Request.Headers[NamePars.APIKeyStr]);
if (apiKeyAuthenticate.StatusCode == ResponseCode.Error)
{
return(BadRequest(new ResponseDetails()
{
StatusCode = ResponseCode.Exception, Message = apiKeyAuthenticate.Message
}));
}
if (tokenApiModel is null)
{
return(BadRequest(new ResponseDetails()
{
Message = "Token body truyền vào không hợp lệ", StatusCode = ResponseCode.Error
}));
}
var principal = _tokenService.GetPrincipalFromExpiredToken(tokenApiModel.AccessToken, _config);
if (principal == null)
{
return(BadRequest(new ResponseDetails()
{
Message = "Token không được cấp quyền", StatusCode = ResponseCode.Error
}));
}
var userID = principal.Claims?.FirstOrDefault(x => x.Type.Equals(NamePars.ClaimSid, StringComparison.OrdinalIgnoreCase))?.Value;
var user = await _repository.User.GetUserByIDAsync(userID);
if (user == null || user.RefreshToken != tokenApiModel.RefreshToken)
{
return(BadRequest(new ResponseDetails()
{
Message = "các giá trị token không khớp với dữ liệu trong database", StatusCode = ResponseCode.Error
}));
}
ResponseDetails response = _repository.User.UpdateUserRefreshToken(user, null, null);
if (response.StatusCode == ResponseCode.Success)
{
_repository.Save();
}
else
{
_logger.LogError($"Lỗi khi revoke token cho user với id {user.UserID}");
}
return(Ok());
}
public async Task <IActionResult> RefreshToken([FromBody] TokenApiModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(new MessageApiModel()
{
Message = ModelState.Select(x => x.Value.Errors).FirstOrDefault().ToString()
}));
}
var resultRefreshToken = await _accountService.RefreshTokenAsync(model);
return(Ok(resultRefreshToken));
}
public IActionResult Refresh(TokenApiModel tokenApiModel)
{
_iLogger.LogInformation("POST Token.refresh called");
if (tokenApiModel is null)
{
_iLogger.LogWarning("Bad/empty request");
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _tokenService.GetPrincipalFromToken(accessToken);
var userId = this.User.GetUserId(); //this is mapped to the Name claim by default
_iLogger.LogWarning(userId == null
? "Unable to retrieve user Id from claim"
: "user Id retrieved from claim");
var user = _userContext.LoginModel.SingleOrDefault(u => u.Id == userId);
_iLogger.LogWarning(user == null
? "Unable to retrieve user from db"
: "user retrieved from db");
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
_iLogger.LogWarning("Could not refresh token. Mismatching or expired refresh.");
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
user.RefreshTokenExpiryTime = _tokenService.RefreshTokenTime;
_iLogger.LogInformation("Refresh token established");
_userContext.SaveChanges();
_iLogger.LogInformation("Refresh token saved to db");
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
private TokenApiModel GenerateToken(HttpContext context)
{
var username = context.Request.Form["username"];
var password = context.Request.Form["password"];
var now = DateTime.UtcNow;
var identity = _identityProvider.GetIdentity(new LoginApiModel {
Email = username, Password = password
});
if (identity == null)
{
return(null);
}
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, username),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().Second.ToString(), ClaimValueTypes.Integer64)
};
claims.AddRange(identity);
var jwt = new JwtSecurityToken(
issuer: _options.Issuer,
audience: _options.Audience,
claims: claims,
notBefore: now,
expires: now.Add(_options.Expiration),
signingCredentials: _options.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var token = new TokenApiModel
{
Token = encodedJwt,
ExpiresIn = (long)_options.Expiration.TotalSeconds
};
_logger.LogInformation($"Token was successfuly generated for user with email: {username} ");
return(token);
}
public async Task <IActionResult> RefreshToken(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string token = tokenApiModel.Token;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _authManager.GetPrincipalFromExpiredToken(token);
var username = principal.Identity.Name; //this is mapped to the Name claim by default
var user = await _userManager.FindByNameAsync(username);
if (user == null)
{
return(BadRequest("user nor found"));
}
if (user.RefreshToken != refreshToken)
{
return(BadRequest("refresh token is not the same"));
}
if (user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("refresh token has expired"));
}
var newAccessToken = _authManager.GenerateAccessToken(principal.Claims);
var newRefreshToken = _authManager.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
await _repository.SaveAsync();
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
public IActionResult Refresh(TokenApiModel tokenApiModel)
{
if (tokenApiModel is null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
//var principal = tokenService.GetPrincipalFromExpiredToken(accessToken);
var principal = tokenService.GetPrincipalFromExpiredToken(accessToken, new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.GetValue <string>("SecretKey"))));
var username = principal.Identity.Name; //this is mapped to the Name claim by default
//En lugar de usar la conexión por contexto, usamos la conexión mediante los servicios ya creados.
//var user = userContext.LoginModels.SingleOrDefault(u => u.UserName == username);
//Conexión mediante clase Login
var ConnectionStringLocal = _configuration.GetValue <string>("ServidorLocal");
using (IUser User = Factorizador.CrearConexionServicio(APIUsers.Library.Models.ConnectionType.MSSQL, ConnectionStringLocal))
{
APIUsers.Library.Models.User user = User.GetUser(username);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
//var newAccessToken = tokenService.GenerateAccessToken(principal.Claims);
var newAccessToken = tokenService.GenerateAccessToken(principal.Claims, new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.GetValue <string>("SecretKey"))));
var newRefreshToken = tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
//userContext.SaveChanges();
User.UpdateRefreshToken(user);
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
}
public async Task <TokenApiModel> RefreshTokenAsync(TokenApiModel model)
{
return(await _httpService.Post <TokenApiModel, TokenApiModel>(ApiUrls.RefreshTokenUrl, model));
}
