//[Authorize(Policy = "RefreshTokenPolicy")] Should probably make this work
public async Task<IActionResult> PostRefreshAccessToken()
{
var userName = User.FindFirst(ClaimTypes.NameIdentifier).Value;
_logger.LogInformation("Fetching new access token for " + userName);
var identity = await GetClaimsIdentity(userName);
var claims = await GetClaims(userName);
var claimsForAccessToken = claims.ToList();
claimsForAccessToken.Add(identity.FindFirst("role"));
// Create the JWT security token and encode it.
var jwtAccessToken = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims: claimsForAccessToken.ToArray(),
notBefore: _jwtOptions.NotBefore,
expires: DateTime.UtcNow.Add(_jwtOptions.ValidFor),
signingCredentials: _jwtOptions.SigningCredentials);
var encodedJwtAccess = new JwtSecurityTokenHandler().WriteToken(jwtAccessToken);
// Serialize and return the response
var response = new
{
access_token = encodedJwtAccess,
expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
};
var json = JsonConvert.SerializeObject(response, _serializerSettings);
return new OkObjectResult(json);
}
public IActionResult IsLoginUserOwner([FromBody]Client client)
{
try
{
#region Error Checking
GenericResponseVM genericResponse = null;
if (client == null && string.IsNullOrWhiteSpace(client.Url))
{
genericResponse = new GenericResponseVM()
{
Code = HttpStatusCode.BadRequest.ToString(),
Value = errorSettings.MessageNoInputs,
IsError = true
};
return matterCenterServiceFunctions.ServiceResponse(genericResponse, (int)HttpStatusCode.OK);
}
#endregion
bool isLoginUserOwner = userRepositoy.IsLoginUserOwner(client);
var loginUserPartOfOwnerGroup = new
{
IsLoginUserOwner = isLoginUserOwner
};
return matterCenterServiceFunctions.ServiceResponse(loginUserPartOfOwnerGroup, (int)HttpStatusCode.OK);
}
catch (Exception ex)
{
customLogger.LogError(ex, MethodBase.GetCurrentMethod().DeclaringType.Name, MethodBase.GetCurrentMethod().Name, logTables.SPOLogTable);
throw;
}
}
public IActionResult DownloadAttachmentsAsStream([FromBody]MailAttachmentDetails mailAttachmentDetails)
{
try
{
#region Error Checking
GenericResponseVM genericResponse = null;
if (mailAttachmentDetails == null && mailAttachmentDetails.FullUrl == null)
{
genericResponse = new GenericResponseVM()
{
Value = errorSettings.MessageNoInputs,
Code = HttpStatusCode.BadRequest.ToString(),
IsError = true
};
return matterCenterServiceFunctions.ServiceResponse(genericResponse, (int)HttpStatusCode.OK);
}
#endregion
Stream downloadAttachments = documentProvision.DownloadAttachments(mailAttachmentDetails);
var fileContentResponse = new HttpResponseMessage(HttpStatusCode.OK);
fileContentResponse.Headers.Clear();
fileContentResponse.Content = new StreamContent(downloadAttachments);
fileContentResponse.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue(DocumentProvision.ReturnExtension(string.Empty));
//fileContentResponse.Headers.Add("Content-Type", ReturnExtension(string.Empty));
fileContentResponse.Content.Headers.Add("Content-Length", downloadAttachments.Length.ToString());
fileContentResponse.Content.Headers.Add("Content-Description", "File Transfer");
//application/octet-stream
fileContentResponse.Content.Headers.Add("Content-Disposition", "attachment; filename=" + documentSettings.TempEmailName + new Guid().ToString() + ServiceConstants.EMAIL_FILE_EXTENSION);
fileContentResponse.Content.Headers.Add("Content-Transfer-Encoding", "binary");
fileContentResponse.Content.Headers.Expires = DateTimeOffset.Now.AddDays(-1); ;
fileContentResponse.Headers.Add("Cache-Control", "must-revalidate, post-check=0, pre-check=0");
fileContentResponse.Headers.Add("Pragma", "public");
var fileAttachmentContent = fileContentResponse.Content.ReadAsStringAsync();
var response = new
{
fileAttachment = fileAttachmentContent,
fileName = documentSettings.TempEmailName + Guid.NewGuid().ToString() + ServiceConstants.EMAIL_FILE_EXTENSION
};
return new ObjectResult(response);
}
catch (Exception ex)
{
customLogger.LogError(ex, MethodBase.GetCurrentMethod().DeclaringType.Name, MethodBase.GetCurrentMethod().Name, logTables.SPOLogTable);
throw;
}
}
public async Task<IActionResult> Post(string userName, string password, bool rememberMe)
{
//todo: Ensure that these input values are not logged.
var identity = await GetClaimsIdentity(userName, password, rememberMe);
if (identity == null)
{
_logger.LogInformation($"Invalid username ({userName}))");
return BadRequest("Invalid credentials");
}
var claims = await GetClaims(userName);
var claimsForAccessToken = claims.ToList();
claimsForAccessToken.Add(identity.FindFirst("role"));
var claimsForRefreshToken = claims.ToList();
claimsForRefreshToken.Add(new Claim("RefreshToken", "RefreshToken"));
// Create the JWT security token and encode it.
var jwtAccessToken = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims: claimsForAccessToken.ToArray(),
notBefore: _jwtOptions.NotBefore,
expires: DateTime.UtcNow.Add(_jwtOptions.ValidFor),
signingCredentials: _jwtOptions.SigningCredentials);
var jwtRefreshToken = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims: claimsForRefreshToken.ToArray(),
notBefore: _jwtOptions.NotBefore,
expires: DateTime.UtcNow.AddMonths(3),
signingCredentials: _jwtOptions.SigningCredentials);
var encodedJwtAccess = new JwtSecurityTokenHandler().WriteToken(jwtAccessToken);
var encodedJwtRefresh = new JwtSecurityTokenHandler().WriteToken(jwtRefreshToken);
//todo: Save refresh-token i database. So that it can be revoked.
// Serialize and return the response
var response = new
{
access_token = encodedJwtAccess,
refresh_token = encodedJwtRefresh,
expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
};
var json = JsonConvert.SerializeObject(response, _serializerSettings);
return new OkObjectResult(json);
}
public async Task<JsonResult> GetApiKey()
{
var user = await GetCurrentUserAsync();
if (user != null)
{
var config = new
{
protocol = _config.GetValue<string>("NLE_PROTOCOL"),
domain = _config.GetValue<string>("NLE_URL"),
port = _config.GetValue<string>("NLE_PORT"),
key = _config.GetValue<string>("NLE_KEY")
};
return Json(config);
}
Response.StatusCode = 401;
return Json(new
{
protocol = "",
domain = "",
port = "",
key = ""
});
}
