public async Task RevokeToken(string accessToken)
{
using var unitOfWork = UnitOfWorkFactory();
var token = UserTokenHelper.GetUserToken(accessToken, TokenType.AccessToken);
if (token == null)
{
return;
}
//
// Mark as revoked and update to the DB
token.IsRevoked = true;
//
// Update to DB
await unitOfWork.Repository <UserToken>().RevokeToken(token.Id);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
context.HttpContext.Request.Query.TryGetValue("sc", out var sc);
var imageToken = sc.FirstOrDefault();
if (string.IsNullOrEmpty(imageToken))
{
context.Result = new UnauthorizedResult();
return;
}
var userToken = UserTokenHelper.GetUserToken(imageToken, TokenType.ImageToken);
if (userToken == null || userToken.IsRevoked)
{
context.Result = new UnauthorizedResult();
return;
}
var parameters = GetTokenValidationParameters(context);
//
// Validate token
try
{
var handler = new JwtSecurityTokenHandler();
var claimsPrincipal = handler.ValidateToken(userToken.Token, parameters, out var sercurityToken);
var claimsIdentity = new ClaimsIdentity(claimsPrincipal.Claims);
context.HttpContext.User.AddIdentity(claimsIdentity);
}
catch (SecurityTokenValidationException)
{
//
// The token failed validation
context.Result = new UnauthorizedResult();
}
catch (ArgumentException)
{
//
// The token was not well-formed or was invalid for some other reason.
context.Result = new UnauthorizedResult();
}
}