public IActionResult RefreshToken() { // Get refresh token var refreshToken = Request.Cookies[refreshTokenCookie]; var authToken = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]).Parameter; // Validate tokens var authModel = ValidateTokens(authToken, refreshToken); if (authModel == null) { return(BadRequest()); } // Generate new tokens var newRefreshToken = GenerateRefreshToken(authModel.User); var newAuthToken = GenerateJWT(authModel.User, config); // Revoke old refresh token authModel.RefreshToken.Revoked = DateTime.UtcNow; authModel.RefreshToken.ReplacedBy = newRefreshToken.Token; // Add new refresh token authUnit.Tokens.AddToken(newRefreshToken); // Update existing tokens authUnit.Tokens.UpdateToken(authModel.RefreshToken); // Save context authUnit.Complete(); // Append to cookies SetCookie(newRefreshToken); return(Ok(new UserLoginResponse(newAuthToken))); }
public IActionResult EditProfile(string username, [FromForm] UserEditProfileRequest editProfileRequest) { if (authUnit.Users.GetUserByUsername(username) == null) { return(NotFound()); } var userId = AuthController.GetUserIdFromPrincipal(Request, config.Secret); var user = authUnit.Users.GetUserById(userId); // Validate user if (user == null) { return(NotFound()); } if (user.Username != username) { return(Unauthorized()); } if (editProfileRequest.Username != user.Username) { if (editProfileRequest.Username == string.Empty || authUnit.Users.GetUserByUsername(editProfileRequest.Username) != null) { return(BadRequest()); } } // Apply mapping and update user mapper.Map(editProfileRequest, user); authUnit.Users.UpdateUser(user); authUnit.Complete(); return(NoContent()); }