private async Task <IActionResult> GetTokenByRefreshToken(TokenRequestViewModel model)
{
if (string.IsNullOrWhiteSpace(model.RefreshToken) || string.IsNullOrWhiteSpace(model.ClientId))
{
return(Unauthorized());
}
var refreshToken = await _context.Tokens.SingleOrDefaultAsync(t => t.ClientId == model.ClientId && t.Value == model.RefreshToken);
if (refreshToken == null)
{
return(Unauthorized());
}
var user = await _userManager.FindByIdAsync(refreshToken.UserId);
if (user == null)
{
return(Unauthorized());
}
_context.Remove(refreshToken);
return(await CreateTokenResponse(user, model.ClientId));
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model)
{
try {
var rt = DbContext.Tokens
.FirstOrDefault(t => t.ClientId == model.client_id &&
t.Value == model.refresh_token);
if (rt == null)
{
return(Unauthorized());
}
var user = await UserManager.FindByIdAsync(rt.UserId);
if (user == null)
{
return(Unauthorized());
}
var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId);
DbContext.Tokens.Remove(rt);
DbContext.Tokens.Add(rtNew);
DbContext.SaveChanges();
var response = CreateAccessToken(rtNew.UserId, rtNew.Value);
return(Json(response));
}
catch (Exception ex) {
Console.WriteLine(ex.Message);
return(Unauthorized());
}
}
public void Auth_WhenBodyViewModelWithRefreshTokenGrantTypeAndInvalidRefreshToken_ShouldReturnUnauthorizedResult()
{
//Arrange
var userName = _fixture.Create <string>();
var password = _fixture.Create <string>();
var clientId = Guid.NewGuid().ToString();
TokenRequestViewModel viewModel = new TokenRequestViewModel
{
Username = userName,
ClientId = clientId,
Password = password,
GrantType = "refresh_token"
};
_queryDispatcherMock.Setup(x => x.DispatchAsync <CheckUserPasswordQuery, CheckUserPasswordQueryResult>(It.IsAny <CheckUserPasswordQuery>()))
.Returns(Task.FromResult(new CheckUserPasswordQueryResult
{
IsCorrect = false
}));
//Act
var result = _controller.Auth(viewModel).Result;
//Assert
Assert.IsInstanceOf <UnauthorizedResult>(result);
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
// check if there's an user with the given username
var user = await UserManager.FindByNameAsync(model.username);
// fallback to support e-mail address instead of username
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null ||
!await UserManager.CheckPasswordAsync(user, model.password))
{
// user does not exists or password mismatch
return(new UnauthorizedResult());
}
// create & return the access token
var t = CreateAccessToken(user.Id, model.username);
return(Json(t));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
public void Auth_WhenBodyViewModelWithPasswordGrantTypeAndEmail_ShouldReturnTokenResponse()
{
//Arrange
var userName = $"{_fixture.Create<string>()}@test.com";
var password = _fixture.Create <string>();
var token = _fixture.Create <Token>();
var tokenData = new TokenData
{
ExporationTimeInMinutes = 60,
EncodedToken = token.Value
};
TokenRequestViewModel viewModel = new TokenRequestViewModel
{
Username = userName,
ClientId = token.ClientId,
Password = password,
GrantType = "password"
};
var userResult = new GetUserQueryResult
{
User = new ApplicationUser
{
Id = token.UserId,
UserName = userName
}
};
_serviceMock.Setup(x => x.GenerateRefreshToken(token.ClientId, token.UserId)).Returns(token);
_serviceMock.Setup(x => x.CreateAccessToken(token.UserId)).Returns(tokenData);
_queryDispatcherMock.Setup(x => x.DispatchAsync <GetUserByNameQuery, GetUserQueryResult>(It.IsAny <GetUserByNameQuery>()))
.Returns(Task.FromResult(new GetUserQueryResult()));
_queryDispatcherMock.Setup(x => x.DispatchAsync <GetUserByEmailQuery, GetUserQueryResult>(It.IsAny <GetUserByEmailQuery>()))
.Returns(Task.FromResult(userResult));
_queryDispatcherMock.Setup(x => x.DispatchAsync <CheckUserPasswordQuery, CheckUserPasswordQueryResult>(It.IsAny <CheckUserPasswordQuery>()))
.Returns(Task.FromResult(new CheckUserPasswordQueryResult
{
IsCorrect = true
}));
_commandDispatcherMock.Setup(x => x.DispatchAsync <AddTokenCommand>(It.IsAny <AddTokenCommand>()))
.Returns(Task.CompletedTask);
//Act
var result = _controller.Auth(viewModel).Result as JsonResult;
//Assert
Assert.IsNotNull(result);
var json = new JsonResult(new TokenResponseViewModel
{
Expiration = tokenData.ExporationTimeInMinutes,
RefreshToken = tokenData.EncodedToken,
Token = token.Value
});
Assert.AreEqual(result.Value.ToString(), json.Value.ToString());
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
var user = await this.UserManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await this.UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await this.UserManager.CheckPasswordAsync(user, model.password))
{
return(Unauthorized());
}
var refreshToken = this.CreateRefreshToken(model.client_id, user.Id);
this.Db.Tokens.Add(refreshToken);
this.Db.SaveChanges();
var token = this.CreateAccessToken(user.Id, refreshToken.Value);
return(Json(token));
}
catch (Exception ex)
{
return(Unauthorized());
}
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model)
{
try
{
// check if the received refreshToken exists for the given clientId
var rt = this.Db.Tokens
.FirstOrDefault(t => t.ClientId == model.client_id &&
t.Value == model.refresh_token);
if (rt == null)
{
return(Unauthorized());
}
var rtNew = this.CreateRefreshToken(rt.ClientId, rt.UserId);
this.Db.Tokens.Remove(rt);
this.Db.Tokens.Add(rtNew);
this.Db.SaveChanges();
var response = this.CreateAccessToken(rtNew.UserId, rtNew.Value);
return(Json(response));
}
catch
{
return(Unauthorized());
}
}
private IActionResult RefreshToken(TokenRequestViewModel tokenRequest)
{
if (string.IsNullOrEmpty(tokenRequest.ClientId))
{
return(BadRequest("invalid_client"));
}
if (string.IsNullOrEmpty(tokenRequest.RefreshToken))
{
return(BadRequest("invalid_request"));
}
string accessToken = "";
//var accessToken = LoginHelper.LoginRefreshToken(tokenRequest.RefreshToken, tokenRequest.ClientId);
if (accessToken == null)
{
//Logger.LogError($"Login *DENIED* via AccessTokenController.RefreshToken ({tokenRequest.refresh_token}) and client id ({tokenRequest.client_id}) from IP {PagesHelper.GetIpAddress()} - {PagesHelper.GetRawUrl()}", "API");
return(BadRequest("invalid_request"));
}
// Logger.LogRevisionTrack($"Login via AccessTokenController.RefreshToken ({tokenRequest.refresh_token}) and client id ({tokenRequest.client_id}) from IP {PagesHelper.GetIpAddress()}", "API");
return(GetTokenResponse(accessToken, tokenRequest.RefreshToken));
}
public async Task <ActionResult <TokenResponseViewModel> > Auth([FromBody] TokenRequestViewModel model)
{
if (model?.GrantType == null)
{
return(BadRequest());
}
TokenResponseViewModel response;
switch (model.GrantType)
{
case "password":
response = await _service.GetToken(model);
break;
case "refresh_token":
response = await _service.RefreshToken(model);
break;
default:
return(BadRequest());
}
return(response ?? (ActionResult <TokenResponseViewModel>)Unauthorized());
}
private async Task <IActionResult> GetToken(TokenRequestViewModel viewModel)
{
var user = await _userAndRoleRepository.GetUserByNameAsync(viewModel.Username);
if (user == null && viewModel.Username.Contains("@"))
{
user = await _userAndRoleRepository.GetUserByEmailAsync(viewModel.Username);
}
if (user == null || !await _userAndRoleRepository.CheckPasswordAsync(user, viewModel.Password))
{
return(new UnauthorizedResult());
}
var token = _tokenService.GenerateRefreshToken(viewModel.ClientId, user.Id);
await _tokenRepository.AddRefreshToken(token);
var accessTokenData = _tokenService.CreateAccessToken(user.Id);
var response = new TokenResponseViewModel
{
Token = accessTokenData.EncodedToken,
Expiration = accessTokenData.ExporationTimeInMinutes,
RefreshToken = token.Value
};
return(Json(response));
}
public void Auth_WhenBodyViewModelWithPasswordGrantTypeWrongPassword_ShouldReturnUnauthorizedResult()
{
var username = "******";
var userId = Guid.NewGuid().ToString();
var clientId = Guid.NewGuid().ToString();
TokenRequestViewModel viewModel = new TokenRequestViewModel
{
Username = username,
ClientId = clientId,
Password = "******",
GrantType = "password"
};
ApplicationUser user = new ApplicationUser
{
Id = userId,
UserName = username
};
var mockUserAndRolesRepo = new Mock <IUserAndRoleRepository>();
mockUserAndRolesRepo.Setup(x => x.GetUserByNameAsync(username)).Returns(Task.FromResult(user));
mockUserAndRolesRepo.Setup(x => x.CheckPasswordAsync(user, It.IsAny <string>())).Returns(Task.FromResult(false));
var mockTokenRepo = new Mock <ITokenRepository>();
mockTokenRepo.Setup(x => x.AddRefreshToken(It.IsAny <Token>())).Verifiable();
var controller = new TokenController(mockUserAndRolesRepo.Object, mockTokenRepo.Object, null);
Assert.IsInstanceOf <UnauthorizedResult>(controller.Auth(viewModel).Result);
}
public async Task <IActionResult> Auth([FromBody] TokenRequestViewModel viewModel)
{
if (viewModel == null)
{
return(new BadRequestResult());
}
try
{
switch (viewModel.GrantType)
{
case "password":
return(await GetToken(viewModel));
case "refresh_token":
return(await RefreshToken(viewModel));
default:
return(new UnauthorizedResult());
}
}
catch (Exception e)
{
return(new StatusCodeResult(500));
}
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel)
{
var refreshToken =
await _tokenRepository.CheckRefreshTokenForClient(viewModel.ClientId, viewModel.RefreshToken);
if (refreshToken == null)
{
return(new UnauthorizedResult());
}
var user = await _userAndRoleRepository.GetUserById(refreshToken.UserId);
if (user == null)
{
return(new UnauthorizedResult());
}
var newRefreshToken = _tokenService.GenerateRefreshToken(refreshToken.ClientId, refreshToken.UserId);
await _tokenRepository.RemoveRefreshToken(refreshToken);
await _tokenRepository.AddRefreshToken(newRefreshToken);
var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId);
var response = new TokenResponseViewModel
{
Expiration = tokenData.ExporationTimeInMinutes,
RefreshToken = newRefreshToken.Value,
Token = tokenData.EncodedToken
};
return(Json(response));
}
public async Task <TokenResponseViewModel> RefreshToken(TokenRequestViewModel request)
{
var refreshToken = await _context.Set <Token>().FirstOrDefaultAsync(t => t.ClientId == request.ClientId);
if (refreshToken == null)
{
return(null);
}
var user = await _userManager.FindByIdAsync(refreshToken.UserId);
if (user == null)
{
return(null);
}
var newToken = CreateRefreshToken(refreshToken.ClientId, refreshToken.UserId);
_context.Set <Token>().Remove(refreshToken);
await _context.Set <Token>().AddAsync(newToken);
await _context.SaveChangesAsync();
var response = CreateAccessToken(newToken.UserId, newToken.Value);
return(response);
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model)
{
try
{
//sprawdzenie czy token istnieje dla obcenego clienta
var rt = DbContext.Tokens.FirstOrDefault(t => t.ClientId == model.Client_id && t.Value == model.Refresh_token);
//Token nie istnieje lub zły client
if (rt == null)
{
return(new UnauthorizedResult());
}
var user = await UserManager.FindByIdAsync(rt.UserId);
if (user == null)
{
// uzytkownika nie znaleziona lub nieporawny
return(new UnauthorizedResult());
}
var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId);
DbContext.Tokens.Remove(rt);
DbContext.Tokens.Add(rtNew);
DbContext.SaveChanges();
var respone = CreateAccessToken(rtNew.ClientId, rtNew.Value);
return(Json(respone));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
var user = await UserManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null ||
!await UserManager.CheckPasswordAsync(user, model.password))
{
return(new UnauthorizedResult());
}
var rt = CreateRefreshToken(model.client_id, user.Id);
dataProcessor.AddNewRefreshToken(this.DbContext, rt);
var newToken = CreateAccessToken(user.Id, rt.Value);
return(new JsonResult(newToken, JsonSettings));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model)
{
try
{
var rt = dataProcessor.GetToken(this.DbContext, model);
if (rt == null)
{
return(new UnauthorizedResult());
}
var user = await UserManager.FindByIdAsync(rt.UserId);
if (user == null)
{
return(new UnauthorizedResult());
}
var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId);
dataProcessor.UpdateToken(this.DbContext, rt, rtNew);
var response = CreateAccessToken(rtNew.UserId, rtNew.Value);
return(new JsonResult(response, JsonSettings));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
var user = await UserManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await UserManager.CheckPasswordAsync(user, model.password))
{
// user does not exists or password mismatch
return(new UnauthorizedResult());
}
//username & password matches: create and return Jwt token
var rt = CreateRefreshToken(model.client_id, user.Id);
DbContext.Tokens.Add(rt);
DbContext.SaveChanges();
var t = CreateAccessToken(user.Id, rt.Value);
return(Json(t));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetAccessToken(TokenRequestViewModel model)
{
try
{
var user = await UserManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await UserManager.CheckPasswordAsync(user, model.password))
{
return(new UnauthorizedResult());
}
var roles = await UserManager.GetRolesAsync(user);
//var roleClaims=new List<string>();
var refreshToken = CreateRefreshToken(model.client_id, user.Id);
dbContext.ApplicationTokens.Add(refreshToken);
dbContext.SaveChanges();
var response = CreateAccessToken(user.Id, roles, refreshToken.Value);
return(Json(response));
}
catch (Exception e)
{
return(new UnauthorizedResult());
}
}
public async Task <IActionResult> SignOut([FromBody] TokenRequestViewModel viewModel)
{
await HttpContext.SignOutAsync();
_tokenService.RemoveByRefreshToken(viewModel.refresh_token);
return(Ok());
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try {
var user = await UserManager.FindByNameAsync(model.username);
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await UserManager.CheckPasswordAsync(user, model.password))
{
return(Unauthorized());
}
var rt = CreateRefreshToken(model.client_id, user.Id);
DbContext.Tokens.Add(rt);
DbContext.SaveChanges();
var t = CreateAccessToken(user.Id, rt.Value);
return(Json(t));
}
catch (Exception ex) {
Console.WriteLine(ex.Message);
return(Unauthorized());
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
// check if there's an user with the given username
var user = await UserManager.FindByNameAsync(model.username);
// fallback to support e-mail address instead of username
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await UserManager.CheckPasswordAsync(user, model.password))
{
// user does not exists or password mismatch
return(new UnauthorizedResult());
}
// username & password matches: create the refresh token
var rt = CreateRefreshToken(model.client_id, user.Id);
// add the new refresh token to the DB
DbContext.Tokens.Add(rt);
DbContext.SaveChanges();
// create & return the access token
var t = CreateAccessToken(user.Id, rt.Value);
return(Json(t));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <ApiResponse <TokenViewModel> > GetTokenResponse(TokenRequestViewModel model)
{
var apiResp = new ApiResponse <TokenViewModel>
{
Type = ResponseType.Fail
};
var applicationUser = new ApplicationUser
{
Email = model.EmailOrUsername,
UserName = model.EmailOrUsername
};
var securityResp = await _security.GetToken(applicationUser, model.Password);
if (securityResp.Type != ResponseType.Success)
{
apiResp.ErrorCode = securityResp.ErrorCode;
return(apiResp);
}
var viewModel = new TokenViewModel
{
Username = applicationUser.UserName,
AccessToken = securityResp.Data,
Email = applicationUser.Email,
NameSurname = applicationUser.NameSurname,
Id = applicationUser.Id.ToString()
};
apiResp.Data = viewModel;
apiResp.Type = ResponseType.Success;
return(apiResp);
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
// check if there's an user with the given username
var user = await _signInManager.UserManager.FindByNameAsync(model.username);
// fallback to support e-mail address instead of username
if (user == null && model.username.Contains("@"))
{
user = await _signInManager.UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await _signInManager.UserManager.CheckPasswordAsync(user, model.password))
{
return(new UnauthorizedResult());
}
// username & password matches: create and return the
DateTime now = DateTime.UtcNow;
// add the registered claims for JWT (RFC7519).
// For more info, see https://tools.ietf.org/html/rfc7519#section-4.1
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, user.Id),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
};
var tokenExpirationMins = _configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes");
var issuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_configuration["Auth:Jwt:Key"]));
var token = new JwtSecurityToken(
issuer: _configuration["Auth:Jwt:Issuer"],
audience: _configuration["Auth:Jwt:Audience"],
claims: claims,
notBefore: now,
expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256)
);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
// build & return the response
var response = new TokenResponseViewModel()
{
token = encodedToken,
expiration = tokenExpirationMins
};
return(Json(response));
}
catch (Exception e)
{
return(new UnauthorizedResult());
}
}
public TokenControllerTests()
{
Thread.CurrentPrincipal = new TestPrincipalWrapper(new Claim(ClaimTypes.Email, _properEmail));
_externalLoginInfoInstance = new ExternalLoginInfo((ClaimsPrincipal)Thread.CurrentPrincipal, "Facebook", "providers_key", "some_display_name");
_returnedResponseTokenModel = new TokenResponseViewModel()
{
DisplayName = "foo1",
Email = "foo2",
RefreshToken = "foo3",
Role = "foo4",
Token = "foo5",
User = "******"
};
_properRevokeTokenModel = new RevokeTokenRequestViewModel()
{
UserName = _properName,
Token = _properToken,
RefreshToken = _properToken
};
_properRefreshTokenModel = new RefreshTokenRequestViewModel()
{
Email = _properEmail,
RefreshToken = _properToken
};
_properTokenRequestModel = new TokenRequestViewModel()
{
Email = _properEmail,
Password = _properPassword,
};
_properUser = new AppUser()
{
Email = _properEmail
};
DefaultHttpContext httpContext = new DefaultHttpContext();
TempDataDictionary tempData = new TempDataDictionary(httpContext, Mock.Of <ITempDataProvider>())
{
{ "requestIp", "127.0.0.1" }
};
_tokenServiceMock = new Mock <ITokenService>();
_userServiceMock = new Mock <IUserService>();
_userServiceMock.Setup(mock => mock.GetIpAddress(It.IsAny <DefaultHttpContext>())).Returns("127.0.0.1");
_userServiceMock.Setup(mock => mock.FindUserByEmail(_properEmail)).ReturnsAsync(_properUser);
_userServiceMock.Setup(mock => mock.FindUserByEmail(_wrongEmail)).ReturnsAsync((AppUser)null);
_userServiceMock.Setup(mock => mock.VerifyUsersPassword(It.IsAny <AppUser>(), It.IsAny <string>())).ReturnsAsync(true);
_userServiceMock.Setup(mock => mock.GetUserRoleAsync(It.IsAny <AppUser>())).ReturnsAsync("User");
_userServiceMock.Setup(mock => mock.GetExternalLogin()).ReturnsAsync(_externalLoginInfoInstance);
_userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true);
_tokenServiceMock.Setup(mock => mock.GenerateTokenResponse(It.IsAny <AppUser>(), It.IsAny <string>(), It.IsAny <string>())).Returns(_returnedResponseTokenModel);
_tokenServiceMock.Setup(mock => mock.VerifyRefreshToken(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>())).Returns(true);
_tokenServiceMock.Setup(mock => mock.RevokeTokens(_properRevokeTokenModel)).Returns(true);
_controller = new TokenController(_tokenServiceMock.Object, _userServiceMock.Object)
{
TempData = tempData
};
}
private async Task <TokenResponseViewModel> CreateAccessToken(TokenRequestViewModel model, string refreshToken)
{
DateTime now = DateTime.UtcNow;
var jwtAppSettingOptions = Configuration.GetSection(nameof(JwtIssuerOptions));
// add the registered claims for JWT (RFC7519).
// For more info, see https://tools.ietf.org/html/rfc7519#section-4.1
//var claims = new[] {
// new Claim(JwtRegisteredClaimNames.Sub, userId),
// new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
// new Claim(JwtRegisteredClaimNames.Iat,
// new DateTimeOffset(now).ToUnixTimeSeconds().ToString())
// // TODO: add additional claims here
//};
//var tokenExpirationMins =
// Configuration.GetValue<int>("Auth:Jwt:TokenExpirationInMinutes");
//var issuerSigningKey = new SymmetricSecurityKey(
// Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"]));
//var token = new JwtSecurityToken(
// issuer: Configuration["Auth:Jwt:Issuer"],
// audience: Configuration["Auth:Jwt:Audience"],
// claims: claims,
// notBefore: now,
// expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)),
// signingCredentials: new SigningCredentials(
// issuerSigningKey, SecurityAlgorithms.HmacSha256)
//);
//var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
ClaimsIdentity claimsIdentity = null;
if (model.username == null)
{
var appUser = await FindByIdAysnc(model.client_id);
model.username = appUser.UserName;
claimsIdentity = await GetClaimsIdentity(model.username);
}
else
{
claimsIdentity = await GetClaimsIdentity(model.username, model.password);
}
var jwt = await Tokens.GenerateJwt(claimsIdentity, _jwtFactory, model.username, _jwtOptions,
new JsonSerializerSettings { Formatting = Formatting.Indented });
return(new TokenResponseViewModel()
{
Token = jwt,
Expiration = (int)(new JwtIssuerOptions().ValidFor.TotalMinutes),
RefreshToken = refreshToken
});
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model)
{
try
{
// check if the received refreshToken exists for the given clientId
//var rt = DbContext.Tokens
// .FirstOrDefault(t =>
// t.ClientId == model.client_id
// && t.Value == model.refresh_token);
var rt = await _tokenRepository.GetToken(model);
if (rt == null)
{
// refresh token not found or invalid (or invalid clientId)
return(new UnauthorizedResult());
}
// check if there's an user with the refresh token's userId
var user = await _userManager.FindByIdAsync(rt.UserId);
if (user == null)
{
// UserId not found or invalid
return(new UnauthorizedResult());
}
// generate a new refresh token
var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId);
// invalidate the old refresh token (by deleting it)
//DbContext.Tokens.Remove(rt);
await _tokenRepository.RemoveToken(rt);
// add the new refresh token
//DbContext.Tokens.Add(rtNew);
// persist changes in the DB
//DbContext.SaveChanges();
await _tokenRepository.AddToken(rtNew); //rt
// create a new access token...
var response = await CreateAccessToken(model, rtNew.Value);
// ... and send it to the client
return(new JsonResult(response));
//return await Task.FromResult(Ok());
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel)
{
try
{
var refreshTokenResult = await _queryDispatcher.DispatchAsync <GetTokenQuery, GetTokenQueryResult>(new GetTokenQuery
{
ClientId = viewModel.ClientId,
RefreshToken = viewModel.RefreshToken
});
if (refreshTokenResult.Token == null)
{
return(new UnauthorizedResult());
}
var userResult = await _queryDispatcher.DispatchAsync <GetUserByIdQuery, GetUserQueryResult>(new GetUserByIdQuery
{
UserId = refreshTokenResult.Token.UserId
});
if (userResult.User == null)
{
return(new UnauthorizedResult());
}
var newRefreshToken = _tokenService.GenerateRefreshToken(refreshTokenResult.Token.ClientId,
refreshTokenResult.Token.UserId);
await _commandDispatcher.DispatchAsync <RemoveTokenCommand>(new RemoveTokenCommand
{
Id = refreshTokenResult.Token.Id
});
await _commandDispatcher.DispatchAsync <AddTokenCommand>(new AddTokenCommand
{
Token = refreshTokenResult.Token
});
var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId);
var response = new TokenResponseViewModel
{
Expiration = tokenData.ExporationTimeInMinutes,
RefreshToken = newRefreshToken.Value,
Token = tokenData.EncodedToken
};
return(Json(response));
}
catch (Exception)
{
return(new UnauthorizedResult());
}
}
/// <summary>
/// Get access token from client, process the refresh token, get basic information
/// </summary>
/// <param name="model"></param>
/// <returns></returns>
public async Task <Response <TokenResponse> > GetAccessTokenAsync(TokenRequestViewModel model)
{
try
{
var response = await this.providerManager.GetAccessTokenFromProviderAsync(
name : model.IdentityProvider,
code : model.AuthorizationCode,
clientId : model.ClientId,
model.RedirectUrl);
if (response.HasResult)
{
//decode the token to jwt_token object
var tokenDetails = GetTokenDetails(response.ResponseData.IdToken);
//process the token for persitence
// update refresh token or insert
var processResponse = ProcessToken(response.ResponseData, tokenDetails);
var claims = tokenDetails.Claims;
var email = claims.FirstOrDefault(c => c.Type == "email").Value ?? "";
var picture = claims.FirstOrDefault(c => c.Type == "picture").Value ?? "";
var name = claims.FirstOrDefault(c => c.Type == "name").Value ?? "";
var given_name = claims.FirstOrDefault(c => c.Type == "given_name").Value ?? "";
var family_name = claims.FirstOrDefault(c => c.Type == "family_name").Value ?? "";
return(Response <TokenResponse> .Success(new TokenResponse
{
AccessToken = response.ResponseData.AccessToken,
IdToken = response.ResponseData.IdToken,
RefreshToken = string.IsNullOrWhiteSpace(response.ResponseData.RefreshToken) ? processResponse : response.ResponseData.RefreshToken,
UserInformation = new TokenUserInformation
{
Picture = picture,
Email = email,
LastName = given_name,
FirstName = family_name,
StatusCode = 000,
MiscField1 = "47f8d1e56b7bda62a4a1524aeccd9964",
MiscField2 = "Practice Admin",
ErrorCode = "000",
Suggestion = "Login successful"
}
}));;;
}
return(Response <TokenResponse> .Failed(response.Message));
}
catch (Exception ex)
{
LogError(ex, $"Error from {nameof(GetAccessTokenAsync)}");
return(Response <TokenResponse> .Failed("Error: Token Service is down"));
}
}
private async Task <IActionResult> GetToken(TokenRequestViewModel model)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var identity = await GetClaimsIdentity(model.username, model.password);
if (identity == null)
{
return(BadRequest(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState)));
}
// check if there's an user with the given username
var user = await _userManager.FindByNameAsync(model.username);
// fallback to support e-mail address instead of username
if (user == null && model.username.Contains("@"))
{
user = await _userManager.FindByEmailAsync(model.username);
}
if (user == null ||
!await _userManager.CheckPasswordAsync(user, model.password))
{
// user does not exists or password mismatch
return(new UnauthorizedResult());
}
// username & password matches: create the refresh token
var rt = CreateRefreshToken(model.client_id, user.Id);
// add the new refresh token to the DB
//DbContext.Tokens.Add(rt);
//DbContext.SaveChanges();
await _tokenRepository.AddToken(rt);
// create & return the access token
var t = await CreateAccessToken(model, rt.Value);
//return Json(t);
//return await Task.FromResult(Ok());
return(new JsonResult(t));
}
catch (Exception ex)
{
return(new UnauthorizedResult());
}
}
