public async Task <ActionResult <JwtAuthDto> > RegisterMemberAsync(RegisterDto registerDto) { Member member = new Member { Id = Guid.NewGuid(), FullName = registerDto.FullName, Email = registerDto.Email, PasswordHashed = HashPassword(null, registerDto.Password), RefreshToken = GenerateToken(), MemberType = registerDto.MemberType }; JwtAuthDto jwtAuthToken = GenerateJsonWebToken(new JwtUserClaimsDto(member.Id.ToString())); jwtAuthToken.RefreshToken = member.RefreshToken; try { await _storage.CreateItemAsync(member); } catch (Microsoft.Azure.Documents.DocumentClientException ex) { if (ex.StatusCode == System.Net.HttpStatusCode.Conflict) { return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.InvalidDuplicateEmail))); } else { return(new BadRequestResult()); } } return(new OkObjectResult(jwtAuthToken)); }
public async Task <ActionResult <JwtAuthDto> > RefreshSessionAsync(JwtAuthDto jwtAuthDto) { ClaimsPrincipal principal = null; try { principal = GetPrincipalFromExpiredToken(jwtAuthDto.Token); } catch { return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.InvalidSessionToken))); } string newRefreshToken = GenerateToken(); IEnumerable <Claim> claims = principal.Claims; object claimsData = null; Member dtoUser = null; foreach (Claim claim in claims) { if (claim.Type == ClaimTypes.UserData) { claimsData = JsonConvert.DeserializeObject <Member>(claim.Value); dtoUser = (Member)claimsData; } } if (claimsData == null) { return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.NoClaimsData))); } Guid id = dtoUser.Id; Member user = await _storage.GetItemAsync(id.ToString()); JwtAuthDto newJwtAuthToken = null; if (user != null) { if (jwtAuthDto.RefreshToken == user.RefreshToken) { user.RefreshToken = newRefreshToken; newJwtAuthToken = GenerateJsonWebToken(new JwtUserClaimsDto(dtoUser.Id.ToString())); newJwtAuthToken.RefreshToken = newRefreshToken; await _storage.UpdateItemAsync(user.Id.ToString(), user); } else { return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.InvalidSessionToken))); } } else { return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.InvalidSessionToken))); } return(new OkObjectResult(newJwtAuthToken)); }
public async Task <ActionResult <JwtAuthDto> > LoginMemberAsync(LoginDto loginDto) { PasswordVerificationResult verificationResult; Member member; try { member = (await _storage.GetItemsAsync(m => m.Email == loginDto.Email)).First(); } catch { return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.InvalidCredentials))); } verificationResult = ValidatePassword(member, member.PasswordHashed, loginDto.Password); JwtAuthDto jwtAuthToken = GenerateJsonWebToken(new JwtUserClaimsDto(member.Id.ToString())); jwtAuthToken.RefreshToken = GenerateToken(); member.RefreshToken = jwtAuthToken.RefreshToken; switch (verificationResult) { case PasswordVerificationResult.Success: await _storage.UpdateItemAsync(member.Id.ToString(), member); return(new OkObjectResult(jwtAuthToken)); case PasswordVerificationResult.Failed: return(new BadRequestObjectResult(new ErrorResponseDto(ValidationResponseHelper.InvalidCredentials))); case PasswordVerificationResult.SuccessRehashNeeded: member.PasswordHashed = HashPassword(member, loginDto.Password); await _storage.UpdateItemAsync(member.Id.ToString(), member); return(new OkObjectResult(jwtAuthToken)); default: return(new BadRequestResult()); } }
public static JwtAuthDto GenerateJsonWebToken(object jwtTokenData) { var claims = new[] { new Claim(ClaimTypes.UserData, JsonConvert.SerializeObject(jwtTokenData, new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() }), null) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Settings.JwtSecretKey)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: Settings.JwtIssuer, audience: Settings.JwtAudience, claims: claims, expires: DateTime.Now.AddMinutes(1), signingCredentials: creds); string jwtToken = new JwtSecurityTokenHandler().WriteToken(token); JwtAuthDto jwtAuthToken = new JwtAuthDto(jwtToken); return(jwtAuthToken); }
public async Task <ActionResult <JwtAuthDto> > RefreshSessionAsync([FromBody] JwtAuthDto jwtAuthDto) { return(await _authHelper.RefreshSessionAsync(jwtAuthDto)); }