public Result <ClaimsPrincipal> ValidateTokenAsync(HttpRequestHeaders headers, IPAddress ipAddress) { var flag = false; var token = ""; foreach (var item in headers.GetValues("Cookie")) { var cookies = item.Split(","); for (var x = 0; x < cookies.Length; x++) { var idx = cookies[x].IndexOf("="); var name = cookies[x].Substring(0, idx); var value = cookies[x].Substring(idx + 1, cookies[x].Length - (idx + 1)); if (name == _settings.CookieToken) { flag = true; token = value; break; } } } if (!flag) { return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null)); } try { principal = _tokens.ValidateToken(token); } catch (SecurityTokenException ex) { if (ex.Message.Contains("Lifetime validation failed")) { return(_result.Create <ClaimsPrincipal>(false, _errors.SecurityTokenExpired, null)); } else { return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null)); } } catch (Exception) { return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null)); } if (principal == null) { return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null)); } return(_result.Create(true, "", principal)); }
private async Task <Result <UserPrivateDataModel> > ValidRefreshToken(string token, string refreshToken) { var principal = _tokens.ValidateToken(token, false); var id = principal.FindFirst(ClaimTypes.NameIdentifier).Value; List <RefreshTokensModel> queryToken = null; UserPrivateDataModel model = null; RedisSecurityModel modelRedis = null; var block = false; if (!_settings.RedisCacheSecurity) { var result = await _services.GetSecrets(id); if (!result.Success) { return(_result.Create <UserPrivateDataModel>(false, result.Message, null)); } block = result.Value.Block; queryToken = result.Value.RefreshTokens; model = result.Value; } else { var email = principal.FindFirst(ClaimTypes.Email).Value; var tokens = await _redisCache.GetSringValue(id); if (String.IsNullOrEmpty(tokens)) { return(_result.Create <UserPrivateDataModel>(false, _errors.NotAuthorized, null)); } modelRedis = JsonConvert.DeserializeObject <RedisSecurityModel>(tokens); block = modelRedis.Block; queryToken = modelRedis.Tokens; model = new UserPrivateDataModel(); model.id = id; model.Email = email; model.Scopes = modelRedis.Scopes; model.Tenants = modelRedis.Tenants; model.ValidEmail = modelRedis.ValidEmail; } var coderefreshToken = _crypto.GetStringSha256Hash(refreshToken + _settings.SecretKey); var idx = queryToken.FindIndex((e) => e.Token == coderefreshToken); if (idx < 0) { return(_result.Create <UserPrivateDataModel>(false, _errors.NotAuthorized, null)); } else { queryToken.RemoveAt(idx); if (!_settings.RedisCacheSecurity) { model.RefreshTokens = queryToken; await _services.Update(model); } else { modelRedis.Tokens = queryToken; var jsonString = JsonConvert.SerializeObject(modelRedis); await _redisCache.SetStringValue(model.id, jsonString); model.RefreshTokens = queryToken; } } if (block) { return(_result.Create <UserPrivateDataModel>(false, _errors.NotAuthorized, null)); } return(_result.Create(true, "", model)); }