public async Task <ActionResult <AuthTokenResult> > RefreshToken(
[FromBody] ExchangeRefreshTokenRequest request)
{
var userName = _jwtFactory.DecodeToken(request.AccessToken);
if (userName == null)
{
return(BadRequest("No user with that auth token"));
}
var user = await _userManager
.Users
.Include(u => u.RefreshTokens)
.SingleOrDefaultAsync(
r => r.UserName == userName &&
r.RefreshTokens.Any(p =>
p.Token.Equals(request.RefreshToken) &&
p.CreateDate >= System.DateTime.Now.AddDays(-28)));
if (user == null)
{
return(BadRequest("Cannot find your refresh token"));
}
var roles = await _userManager.GetRolesAsync(user);
var identity = _jwtFactory.GenerateClaimsIdentity(userName, user.Id);
try {
var(token, refresh) = await _getTokenAndRefresh(identity, userName, roles.ToArray <string>(), user);
return(Ok(new AuthTokenResult {
Id = user.Id,
Slug = user.Slug,
Name = user.GetBestGuessName(),
Auth = refresh
}));
} catch (DbUpdateConcurrencyException e) {
_logger.LogError($"Error updating user's token.\n{e.Message}");
return(StatusCode(503));
}
}
public async Task InvokeAsync(HttpContext context, IJwtFactory jwtFactory, UserManager <AppUser> userManager)
{
var authHeader = context.Request.Headers["Authorization"];
if (authHeader.Count == 1)
{
// Extract the Token from the Header
string token = authHeader.ToArray()[0].Split(' ')[1];
if (!string.IsNullOrWhiteSpace(token))
{
// Another Strategy: Need to decide which one to take
//var user = AppUsersHolder.Instance.GetUserByToken(token);
string userEmail = jwtFactory.DecodeToken(token).Subject;
var user = await userManager.FindByEmailAsync(userEmail);
context.Items.Add("AppUser", user);
}
}
await _next.Invoke(context);
}