public async Task <IActionResult> RefreshAsync([FromBody][Bind("Token, RefreshToken")] RefreshTokenViewModel tokens) { var principal = GetPrincipalFromExpiredToken(tokens.Token); if (principal == null) { return(Unauthorized("Invalid access token")); } var response = await _jwtTokenGenerator.Refresh(principal, tokens.RefreshToken); if (response.token == null) { return(Unauthorized("Invalid access token")); } if (response.refreshToken == null) { return(Unauthorized("Invalid refresh token")); } if (response.token == null && response.refreshToken == null) { return(NoContent()); } return(Ok( new { Token = response.token, RefreshToken = response.refreshToken })); }
private async Task <AccessTokenViewModel> GenerateAccessTokenAsync(ApplicationUser user) { string refreshToken = Guid.NewGuid().ToString(); var dtIssued = DateTime.UtcNow; var dtExpired = dtIssued.AddMinutes(SWCmsConstants.AuthConfiguration.AuthCookieExpiration); var dtRefreshTokenExpired = dtIssued.AddDays(SWCmsConstants.AuthConfiguration.AuthCookieExpiration); RefreshTokenViewModel vmRefreshToken = new RefreshTokenViewModel( new RefreshTokens() { Id = refreshToken, Email = user.Email, IssuedUtc = dtIssued, ClientId = SWCmsConstants.AuthConfiguration.Audience, Username = user.UserName, //Subject = SWCmsConstants.AuthConfiguration.Audience, ExpiresUtc = dtRefreshTokenExpired }); var saveRefreshTokenResult = await vmRefreshToken.SaveModelAsync(); AccessTokenViewModel token = new AccessTokenViewModel() { Access_token = await GenerateTokenAsync(user, dtExpired, refreshToken), Refresh_token = saveRefreshTokenResult.Data.Id, Token_type = SWCmsConstants.AuthConfiguration.TokenType, Expires_in = SWCmsConstants.AuthConfiguration.AuthCookieExpiration, //UserData = user, Issued = dtIssued, Expires = dtExpired, }; return(token); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var refreshTokenId = Guid.NewGuid().ToString("n"); var userManager = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <UserManager <IdentityUserViewModel, ObjectId> >(); var token = new RefreshTokenViewModel() { TokenId = AppMethods.GetHash(refreshTokenId), Subject = context.Ticket.Identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(3600)) }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; token.ProtectedTicket = context.SerializeTicket(); var refreshTokenService = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <IRefreshTokenService>(); var result = await refreshTokenService.AddRefreshToken(token); if (result) { context.SetToken(refreshTokenId); } }
public async Task SaveRefreshToken(RefreshTokenViewModel model) { var existe = await _context.Usuarios.AnyAsync(e => e.Id == model.IdUsuario); if (!existe) { throw new BusinessException("Usuário não encontrado"); } var token = await _context.RefreshTokens.FirstOrDefaultAsync(e => e.IdUsuario == model.IdUsuario); var entity = _mapper.Map <RefreshToken>(model); try { if (token != null) { _context.RefreshTokens.Remove(token); } _context.RefreshTokens.Add(entity); await _context.SaveChangesAsync(); } catch (Exception ex) { throw new PersistenceException(ex); } }
public async Task <IActionResult> RefreshAsync([FromBody] RefreshTokenViewModel model) { if (this.ModelState.IsValid == false) { return(this.BadRequest(this.ModelState)); } var userName = this.tokenService.GetUserNameFromJwtToken(model.Token); User user = await this.tokenService.ValidateRefreshToken(userName, model.RefreshToken); if (user == null) { return(this.BadRequest()); } string newRefreshToken = this.tokenService.GenerateRefreshToken(); string newJwtToken = this.tokenService.GenerateJwtToken(userName); await this.tokenService.SetRefreshToken( user, refreshToken : new RefreshToken() { Token = newRefreshToken, UserId = user.Id }); return(new ObjectResult(new { user = user.ToViewModel(), token = newJwtToken, refreshToken = newRefreshToken })); }
public IActionResult CheckRefreshTokenIsActive([FromBody] RefreshTokenViewModel model) { try { var principal = GetPrincipalFromExpiredToken(model.Token); var savedRefreshToken = _userService.GetRefreshTokenByUserName(principal.Identity.Name); if (savedRefreshToken != model.RefreshToken) { throw new SecurityTokenException("Invalid refresh token"); } if (this.TokenExpired(model.Token)) { return(Ok(new ResultResponseViewModel <object>() { IsSuccess = true, Response = this.RefreshToken(model.Token, model.RefreshToken) })); } return(Ok(new ResultResponseViewModel <string>() { IsSuccess = true, Message = string.Empty })); } catch (Exception e) { return(Ok(new ResultResponseViewModel <string>() { IsSuccess = false, Message = "Usuário e/ou Senha inválidos", Response = e.Message })); } }
public async Task <ActualResult <TokenModel> > SignInByRefreshToken(RefreshTokenViewModel model) { model.ClientType = model.ClientType.ToUpper(); var protectedTicket = await _accountService.GetProtectedTicket(GetHash(model.RefreshToken)); if (protectedTicket == null) { return(new ActualResult <TokenModel>("Invalid refresh token")); } if (protectedTicket.ClientType != model.ClientType) { return(new ActualResult <TokenModel>("Invalid client id")); } var identity = await GetIdentity(protectedTicket.ClientType, protectedTicket.Email); if (identity == null) { return(new ActualResult <TokenModel>("User not found")); } var refreshToken = await CreateRefreshToken(protectedTicket.ClientType, protectedTicket.Email); if (refreshToken == null) { return(new ActualResult <TokenModel>("Error while create refresh token")); } return(new ActualResult <TokenModel> { Result = GetToken(identity, refreshToken) }); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel refreshTokenViewModel) { return(await Validation_ModelState_wLog(ModelState, async() => { var user = await userManager.FindByEmailAsync(refreshTokenViewModel.Email); var tokenState = userBehaviour.VerifyCustomToken(refreshTokenViewModel.RefreshToken, user.Id, TokenType.Refresh); if (tokenState == CustomTokenState.SelfDestruct) { return Conflict("Destroyed refresh token. Reauthentication is required."); } else if (tokenState == CustomTokenState.Invalid) { return Conflict("Invalid refresh token."); } else if (tokenState == CustomTokenState.Valid) { var result = GetAuthTokens(user); return Ok(result); } else { return Conflict("Unauthentificated. You have not been authentificated yet."); } })); }
public async Task <ServiceResult> RefreshToken([FromBody] RefreshTokenViewModel refreshToken) { var serviceResult = new ServiceResult(); var refreshTokenFromDatabase = await _userService.GetUserRefreshTokensAsync(refreshToken); if (refreshTokenFromDatabase == null) { serviceResult.HttpStatusCode = HttpStatusCode.BadRequest; serviceResult.HttpStatusText = HttpStatusCode.BadRequest.ToString(); serviceResult.Message = "Unauthorized"; serviceResult.MessageType = Todo.Core.Enums.EMessageType.Error; serviceResult.MessageTypeText = serviceResult.MessageType.ToString(); return(serviceResult); } if (refreshTokenFromDatabase.ExpiresUtc < DateTime.UtcNow) { serviceResult.HttpStatusCode = HttpStatusCode.Unauthorized; serviceResult.HttpStatusText = HttpStatusCode.Unauthorized.ToString(); serviceResult.Message = "Unauthorized"; serviceResult.MessageType = Todo.Core.Enums.EMessageType.Error; serviceResult.MessageTypeText = serviceResult.MessageType.ToString(); return(serviceResult); } var jwt = await _jwtFactory.GenerateEncodedToken(refreshTokenFromDatabase.User, refreshTokenFromDatabase); serviceResult = new ServiceResult { Result = jwt, MessageType = Todo.Core.Enums.EMessageType.Success }; return(serviceResult); }
public async Task RefreshTokenExchangeAsync__Passed_access_and_refresh_tokens_are_valid__Should_return_200OK_response_with_new_tokens() { var newJwtToken = new JwtSecurityToken(issuer: "example.com", expires: DateTime.UtcNow.AddDays(1)); string newAccessToken = new JwtSecurityTokenHandler().WriteToken(newJwtToken); var savedRefreshToken = new RefreshToken { Id = "1", Token = _refreshToken, ExpiryIn = (int)new DateTimeOffset(DateTime.UtcNow.AddDays(2)).ToUnixTimeSeconds() }; var newRefreshToken = new RefreshToken { Id = "2", Token = "newRefreshToken", ExpiryIn = (int)new DateTimeOffset(DateTime.UtcNow.AddDays(2)).ToUnixTimeSeconds() }; SetUpMocksForSucceed(newJwtToken, newAccessToken, savedRefreshToken, newRefreshToken); _mapperMock.Setup(x => x.Map <RefreshTokenDto>(It.IsNotNull <RefreshToken>())).Returns(new RefreshTokenDto(newRefreshToken.Token, newRefreshToken.ExpiryIn)); var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object); var refreshRequestBody = new RefreshTokenViewModel { AccessToken = _validAccessToken, RefreshToken = _refreshToken }; var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody); (result as ObjectResult).StatusCode.Should().Be(200); ((result as ObjectResult).Value as ResponseWrapper).Error.Should().BeEquivalentTo(new ApiError()); (((result as ObjectResult).Value as ResponseWrapper).Data as RefreshTokensResponseDto).AccessToken.Should().NotBeNull(); (((result as ObjectResult).Value as ResponseWrapper).Data as RefreshTokensResponseDto).RefreshToken.Should().NotBeNull(); }
public ViewResult RefreshToken(RefreshTokenViewModel model) { if (this.ModelState.IsValid) { try { // Create the client with which we will be connecting to the server. var webServerClient = new WebServerClient(this.AuthorizationServerDescription, clientIdentifier: model.ClientId, clientSecret: model.ClientSecret); // Create an AuthorizationState instance with only the refresh token set. This is all that is needed for // OAuth to be able to determine what token is to be refreshed var authorizationState = new AuthorizationState { RefreshToken = model.RefreshToken }; // Refresh an access token (http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-6) // This method will use the client identifier and client secret used when constructing the WebServerAgentClient instance webServerClient.RefreshAuthorization(authorizationState); this.ViewBag.AccessToken = authorizationState; } catch (Exception ex) { this.ViewBag.Exception = ex; } } return(this.View(model)); }
public IActionResult Refresh([FromBody] RefreshTokenViewModel model) { return(Ok(new ResultResponseViewModel <object>() { IsSuccess = true, Response = this.RefreshToken(model.Token, model.RefreshToken) })); }
public IActionResult RefreshTokens(RefreshTokenViewModel viewModel) { var model = GetViewModel(); model.RefreshTokenEndpoint = viewModel.RefreshTokenEndpoint?.Trim(); model.RefreshToken = viewModel.RefreshToken?.Trim(); model.ClientId = viewModel.ClientId?.Trim(); model.ClientSecret = viewModel.ClientSecret?.Trim(); model.Scope = viewModel.Scope?.Trim(); if (!ModelState.IsValid) { return(View("Index", model)); } model.AccessToken = null; var client = new RestClient(model.RefreshTokenEndpoint); // Prepare POST request to the token endpoint. var tokenRequest = new RestRequest(model.RefreshTokenEndpoint, Method.POST); // Send as form. tokenRequest.AddHeader("content-type", "application/x-www-form-urlencoded"); client.Authenticator = new HttpBasicAuthenticator(model.ClientId, model.ClientSecret); // Since this is a POST request, RestSharp will add these to the payload (request body). tokenRequest.AddParameter("grant_type", "refresh_token"); // grant type is now refresh token! tokenRequest.AddParameter("refresh_token", model.RefreshToken); tokenRequest.AddParameter("scope", model.Scope); IRestResponse response = client.Execute(tokenRequest); model.RawResponse = response.Content; if (response.IsSuccessful) { // Deserialize JSON response. var tokenResponse = JsonConvert.DeserializeObject <TokenResponseModel>(response.Content); model.AccessToken = tokenResponse.AccessToken; model.RefreshToken = tokenResponse.RefreshToken; model.Focus = "refresh-token"; SetViewModel(model); return(RedirectToAction("Index")); } else { // There was an error. model.RefreshToken = "(Invalid) " + model.RefreshToken; SetViewModel(model); model.ErrorMessage = response.Content; return(View("Index", model)); } }
public async Task <UserRefreshToken> GetUserRefreshTokensAsync(RefreshTokenViewModel refreshTokenVm) { var refreshToken = await _connectionFactory.GetConnection.FindAsync <UserRefreshToken>(x => x .Include <User>(join => join .InnerJoin()) .Where($"{nameof(UserRefreshToken.Token):C} = @tokenGuid") .WithParameters(new { tokenGuid = refreshTokenVm.Token })); return(!refreshToken.Any() ? null : refreshToken.FirstOrDefault()); }
public void RefreshToken__Is_null_or_empty__Should_be_invalid([Values(null, "")] string token) { var invalidVieModel = new RefreshTokenViewModel { RefreshToken = token }; var validator = new RefreshTokenViewModelValidator(); validator.ShouldHaveValidationErrorFor(x => x.RefreshToken, invalidVieModel); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel viewModel) { var account = await _jwtBearer.SignInByRefreshToken(viewModel); if (account.IsValid) { return(WriteToken(account.Result)); } return(BadRequest(account.ErrorsList)); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var response = await _accountAppService.RefreshToken(model); return(Response(response)); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel data) { var result = await _auth.RefreshTokenAsync(data.Token, data.UserId, data.TokenNumber); if (result == null) { throw new WebApiApplicationException(StatusCodes.Status401Unauthorized, ErrorMessages.InvalidUser, MethodBase.GetCurrentMethod().GetParameters()); } return(Ok(result, InfoMessages.UserSignin)); }
public ViewResult RefreshToken() { // We will set-up correct default values to make it easier for the user to start testing var model = new RefreshTokenViewModel { ClientId = "demo-client-1", ClientSecret = "demo-client-secret-1", }; return(this.View(model)); }
public async Task RefreshToken([FromBody] RefreshTokenViewModel viewModel) { var account = await _jwtBearer.SignInByRefreshToken(viewModel); if (account.IsValid) { await HttpContext.WriteToken(account.Result); return; } await HttpContext.BadRequest(account.ErrorsList); }
public async Task RefreshTokenExchangeAsync__Invalid_access_token_was_passed__Should_return_400BadRequest_response() { _jwtTokenHandlerMock.Setup(x => x.GetPrincipalFromJwtToken(_invalidAccessToken, true)).Throws <SecurityTokenException>(); var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object); var refreshRequestBody = new RefreshTokenViewModel { AccessToken = _invalidAccessToken, RefreshToken = _refreshToken }; var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody); (result as ObjectResult).StatusCode.Should().Be(400); ((result as ObjectResult).Value as ResponseWrapper).Error.Should().NotBeEquivalentTo(new ApiError()); }
public async Task RefreshTokenExchangeAsync__Passed_refresh_token_not_found__Should_return_400BadRequest_response() { _jwtTokenHandlerMock.Setup(x => x.GetPrincipalFromJwtToken(_validAccessToken, true)).Returns(_expiredTokenPrincipal); _refreshTokenManagerMock.Setup(x => x.GetSavedRefreshTokenAsync(It.IsNotNull <string>())).ThrowsAsync(new InvalidOperationException()); var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object); var refreshRequestBody = new RefreshTokenViewModel { AccessToken = _validAccessToken, RefreshToken = _refreshToken }; var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody); (result as ObjectResult).StatusCode.Should().Be(400); ((result as ObjectResult).Value as ResponseWrapper).Error.Should().NotBeEquivalentTo(new ApiError()); }
public async Task <ActionResult <ServiceResult> > RefreshToken([FromBody] RefreshTokenViewModel model) { ServiceResult result; if (ModelState.IsValid) { result = await authServ.RefreshToken(model, HttpContext.Connection.RemoteIpAddress.ToString()); } else { result = new ServiceResult(ModelState); } return(result); }
public async Task <IActionResult> Logout([FromBody] RefreshTokenViewModel model) { string refreshToken = model.RefreshToken; (Token token, User user) = await jwtTokenService.FindUserAndTokenByRefreshTokenAsync(refreshToken); if (token == null) { return(Unauthorized()); } await jwtTokenService.RevokeUserBearerTokensAsync(user.Id, refreshToken); return(Ok(new { message = "You loged out successfully." })); }
public async Task Refresh_ShouldSuccess() { HttpClient client = this.factory.CreateClient(); MessengerContext context = this.factory.Server.Host.Services.GetService(typeof(MessengerContext)) as MessengerContext; #region Login var data = new { UserName = "******", Password = "******" }; StringContent content = new StringContent(JsonConvert.SerializeObject(data).ToString(), Encoding.UTF8, "application/json"); HttpResponseMessage loginResponse = await client.PostAsync("/api/auth/login", content); loginResponse.EnsureSuccessStatusCode(); #endregion string stringLoginResponse = await loginResponse.Content.ReadAsStringAsync(); JObject loginJsonResult = JObject.Parse(stringLoginResponse); var refreshTokenViewModel = new RefreshTokenViewModel() { RefreshToken = loginJsonResult.Value <string>("refreshToken"), Token = loginJsonResult.Value <string>("token") }; StringContent refreshContent = new StringContent(JsonConvert.SerializeObject(refreshTokenViewModel), Encoding.UTF8, "application/json"); HttpResponseMessage refreshResponse = await client.PostAsync("/api/auth/refresh", refreshContent); refreshResponse.EnsureSuccessStatusCode(); string stringRefreshResponse = await refreshResponse.Content.ReadAsStringAsync(); JObject refreshJsonResult = JObject.Parse(stringRefreshResponse); string refreshToken = refreshJsonResult.Value <string>("refreshToken"); User user = await context.Users.SingleAsync(x => x.UserName == "testuser"); Assert.True(context.RefreshTokens.Any(x => x.Token == refreshToken && x.UserId == user.Id)); }
public IActionResult RefreshToken(RefreshTokenViewModel model) { IActionResult response = Unauthorized(); var principal = _refreshToken.GetPrincipalFromExpiredToken(model.Token); if (principal != null && _refreshToken.ValidateRefreshToken(principal.Identity.Name, model.RefreshToken)) { var result = new RefreshTokenViewModel { Token = _login.BuildToken(principal), RefreshToken = _refreshToken.GenerateRefreshToken(principal.Identity.Name) }; _login.SetupCookie(HttpContext, result.Token); response = Ok(result); } return(response); }
public IActionResult RefreshToken([FromBody] RefreshTokenViewModel model, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { var principal = _tokenService.GetPrincipalFromExpiredToken(model.Token); var username = principal.Identity.Name; var newJwtToken = _tokenService.GenerateAccessToken(principal.Claims, signingEncodingKey, encryptingEncodingKey); var newRefreshToken = _tokenService.GenerateRefreshToken(); return(Ok( new { token = newJwtToken, refreshToken = newRefreshToken })); }
public async Task <IActionResult> RefeshToken(RefreshTokenViewModel model) { if (!ModelState.IsValid) { _logger.LogError(ModelState.ToString()); var errors = ModelState.ToDictionary(x => x.Key, x => x.Value.Errors.Select(e => e.ErrorMessage).ToList()) .Select(x => new ValidationResponse() { Key = x.Key, Validations = x.Value }); return(BadRequest(errors)); } var principal = GetPrincipalFromExpiredToken(model.Token); if (principal == null) { var errors = new List <ValidationResponse>() { new ValidationResponse { Key = "Token", Validations = new List <string>() { "TOKEN_NOT_INVALID" } } }; return(BadRequest(errors)); } var user = await _userManager.GetUserAsync(principal); var verifyRefreshTokenResult = _userManager.PasswordHasher.VerifyHashedPassword(user, user.RefreshTokenHash, model.RefreshToken); if (verifyRefreshTokenResult == PasswordVerificationResult.Success) { var claims = await BuildClaims(user); var newToken = _tokenService.GenerateAccessToken(claims); return(Ok(new { token = newToken })); } return(Forbid()); }
public async Task RefreshTokenExchangeAsync__Access_token_does_not_expiry__Should_return_400BadRequest_response() { var notExpiredTokenPrincipal = GetNotExpiredTokenPrincipal(); var notExpiredJwtToken = new JwtSecurityToken(expires: DateTime.UtcNow.AddDays(1)); string notExpiredAccessToken = new JwtSecurityTokenHandler().WriteToken(notExpiredJwtToken); _jwtTokenHandlerMock.Setup(x => x.GetPrincipalFromJwtToken(It.IsNotNull <string>(), true)).Returns(notExpiredTokenPrincipal); var controller = new AuthController(_jwtTokenHandlerMock.Object, _refreshTokenManagerMock.Object, _logger, _mapperMock.Object); var refreshRequestBody = new RefreshTokenViewModel { AccessToken = notExpiredAccessToken, RefreshToken = _refreshToken }; var result = await controller.RefreshTokenExchangeAsync(refreshRequestBody); (result as ObjectResult).StatusCode.Should().Be(400); ((result as ObjectResult).Value as ResponseWrapper).Error.Should().NotBeEquivalentTo(new ApiError()); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenViewModel model) { if (!ModelState.IsValid) { return(BadRequest()); } var user = await _db.Users.SingleOrDefaultAsync(x => x.RefreshToken == model.RefreshToken); if (user == null) { return(BadRequest()); } var token = await GenerateToken(user); return(Ok(token)); }