private async Task <IActionResult> GetTokenByRefreshToken(TokenRequestViewModel model) { if (string.IsNullOrWhiteSpace(model.RefreshToken) || string.IsNullOrWhiteSpace(model.ClientId)) { return(Unauthorized()); } var refreshToken = await _context.Tokens.SingleOrDefaultAsync(t => t.ClientId == model.ClientId && t.Value == model.RefreshToken); if (refreshToken == null) { return(Unauthorized()); } var user = await _userManager.FindByIdAsync(refreshToken.UserId); if (user == null) { return(Unauthorized()); } _context.Remove(refreshToken); return(await CreateTokenResponse(user, model.ClientId)); }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model) { try { var rt = DbContext.Tokens .FirstOrDefault(t => t.ClientId == model.client_id && t.Value == model.refresh_token); if (rt == null) { return(Unauthorized()); } var user = await UserManager.FindByIdAsync(rt.UserId); if (user == null) { return(Unauthorized()); } var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId); DbContext.Tokens.Remove(rt); DbContext.Tokens.Add(rtNew); DbContext.SaveChanges(); var response = CreateAccessToken(rtNew.UserId, rtNew.Value); return(Json(response)); } catch (Exception ex) { Console.WriteLine(ex.Message); return(Unauthorized()); } }
public void Auth_WhenBodyViewModelWithRefreshTokenGrantTypeAndInvalidRefreshToken_ShouldReturnUnauthorizedResult() { //Arrange var userName = _fixture.Create <string>(); var password = _fixture.Create <string>(); var clientId = Guid.NewGuid().ToString(); TokenRequestViewModel viewModel = new TokenRequestViewModel { Username = userName, ClientId = clientId, Password = password, GrantType = "refresh_token" }; _queryDispatcherMock.Setup(x => x.DispatchAsync <CheckUserPasswordQuery, CheckUserPasswordQueryResult>(It.IsAny <CheckUserPasswordQuery>())) .Returns(Task.FromResult(new CheckUserPasswordQueryResult { IsCorrect = false })); //Act var result = _controller.Auth(viewModel).Result; //Assert Assert.IsInstanceOf <UnauthorizedResult>(result); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { // check if there's an user with the given username var user = await UserManager.FindByNameAsync(model.username); // fallback to support e-mail address instead of username if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { // user does not exists or password mismatch return(new UnauthorizedResult()); } // create & return the access token var t = CreateAccessToken(user.Id, model.username); return(Json(t)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
public void Auth_WhenBodyViewModelWithPasswordGrantTypeAndEmail_ShouldReturnTokenResponse() { //Arrange var userName = $"{_fixture.Create<string>()}@test.com"; var password = _fixture.Create <string>(); var token = _fixture.Create <Token>(); var tokenData = new TokenData { ExporationTimeInMinutes = 60, EncodedToken = token.Value }; TokenRequestViewModel viewModel = new TokenRequestViewModel { Username = userName, ClientId = token.ClientId, Password = password, GrantType = "password" }; var userResult = new GetUserQueryResult { User = new ApplicationUser { Id = token.UserId, UserName = userName } }; _serviceMock.Setup(x => x.GenerateRefreshToken(token.ClientId, token.UserId)).Returns(token); _serviceMock.Setup(x => x.CreateAccessToken(token.UserId)).Returns(tokenData); _queryDispatcherMock.Setup(x => x.DispatchAsync <GetUserByNameQuery, GetUserQueryResult>(It.IsAny <GetUserByNameQuery>())) .Returns(Task.FromResult(new GetUserQueryResult())); _queryDispatcherMock.Setup(x => x.DispatchAsync <GetUserByEmailQuery, GetUserQueryResult>(It.IsAny <GetUserByEmailQuery>())) .Returns(Task.FromResult(userResult)); _queryDispatcherMock.Setup(x => x.DispatchAsync <CheckUserPasswordQuery, CheckUserPasswordQueryResult>(It.IsAny <CheckUserPasswordQuery>())) .Returns(Task.FromResult(new CheckUserPasswordQueryResult { IsCorrect = true })); _commandDispatcherMock.Setup(x => x.DispatchAsync <AddTokenCommand>(It.IsAny <AddTokenCommand>())) .Returns(Task.CompletedTask); //Act var result = _controller.Auth(viewModel).Result as JsonResult; //Assert Assert.IsNotNull(result); var json = new JsonResult(new TokenResponseViewModel { Expiration = tokenData.ExporationTimeInMinutes, RefreshToken = tokenData.EncodedToken, Token = token.Value }); Assert.AreEqual(result.Value.ToString(), json.Value.ToString()); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { var user = await this.UserManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await this.UserManager.FindByEmailAsync(model.username); } if (user == null || !await this.UserManager.CheckPasswordAsync(user, model.password)) { return(Unauthorized()); } var refreshToken = this.CreateRefreshToken(model.client_id, user.Id); this.Db.Tokens.Add(refreshToken); this.Db.SaveChanges(); var token = this.CreateAccessToken(user.Id, refreshToken.Value); return(Json(token)); } catch (Exception ex) { return(Unauthorized()); } }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model) { try { // check if the received refreshToken exists for the given clientId var rt = this.Db.Tokens .FirstOrDefault(t => t.ClientId == model.client_id && t.Value == model.refresh_token); if (rt == null) { return(Unauthorized()); } var rtNew = this.CreateRefreshToken(rt.ClientId, rt.UserId); this.Db.Tokens.Remove(rt); this.Db.Tokens.Add(rtNew); this.Db.SaveChanges(); var response = this.CreateAccessToken(rtNew.UserId, rtNew.Value); return(Json(response)); } catch { return(Unauthorized()); } }
private IActionResult RefreshToken(TokenRequestViewModel tokenRequest) { if (string.IsNullOrEmpty(tokenRequest.ClientId)) { return(BadRequest("invalid_client")); } if (string.IsNullOrEmpty(tokenRequest.RefreshToken)) { return(BadRequest("invalid_request")); } string accessToken = ""; //var accessToken = LoginHelper.LoginRefreshToken(tokenRequest.RefreshToken, tokenRequest.ClientId); if (accessToken == null) { //Logger.LogError($"Login *DENIED* via AccessTokenController.RefreshToken ({tokenRequest.refresh_token}) and client id ({tokenRequest.client_id}) from IP {PagesHelper.GetIpAddress()} - {PagesHelper.GetRawUrl()}", "API"); return(BadRequest("invalid_request")); } // Logger.LogRevisionTrack($"Login via AccessTokenController.RefreshToken ({tokenRequest.refresh_token}) and client id ({tokenRequest.client_id}) from IP {PagesHelper.GetIpAddress()}", "API"); return(GetTokenResponse(accessToken, tokenRequest.RefreshToken)); }
public async Task <ActionResult <TokenResponseViewModel> > Auth([FromBody] TokenRequestViewModel model) { if (model?.GrantType == null) { return(BadRequest()); } TokenResponseViewModel response; switch (model.GrantType) { case "password": response = await _service.GetToken(model); break; case "refresh_token": response = await _service.RefreshToken(model); break; default: return(BadRequest()); } return(response ?? (ActionResult <TokenResponseViewModel>)Unauthorized()); }
private async Task <IActionResult> GetToken(TokenRequestViewModel viewModel) { var user = await _userAndRoleRepository.GetUserByNameAsync(viewModel.Username); if (user == null && viewModel.Username.Contains("@")) { user = await _userAndRoleRepository.GetUserByEmailAsync(viewModel.Username); } if (user == null || !await _userAndRoleRepository.CheckPasswordAsync(user, viewModel.Password)) { return(new UnauthorizedResult()); } var token = _tokenService.GenerateRefreshToken(viewModel.ClientId, user.Id); await _tokenRepository.AddRefreshToken(token); var accessTokenData = _tokenService.CreateAccessToken(user.Id); var response = new TokenResponseViewModel { Token = accessTokenData.EncodedToken, Expiration = accessTokenData.ExporationTimeInMinutes, RefreshToken = token.Value }; return(Json(response)); }
public void Auth_WhenBodyViewModelWithPasswordGrantTypeWrongPassword_ShouldReturnUnauthorizedResult() { var username = "******"; var userId = Guid.NewGuid().ToString(); var clientId = Guid.NewGuid().ToString(); TokenRequestViewModel viewModel = new TokenRequestViewModel { Username = username, ClientId = clientId, Password = "******", GrantType = "password" }; ApplicationUser user = new ApplicationUser { Id = userId, UserName = username }; var mockUserAndRolesRepo = new Mock <IUserAndRoleRepository>(); mockUserAndRolesRepo.Setup(x => x.GetUserByNameAsync(username)).Returns(Task.FromResult(user)); mockUserAndRolesRepo.Setup(x => x.CheckPasswordAsync(user, It.IsAny <string>())).Returns(Task.FromResult(false)); var mockTokenRepo = new Mock <ITokenRepository>(); mockTokenRepo.Setup(x => x.AddRefreshToken(It.IsAny <Token>())).Verifiable(); var controller = new TokenController(mockUserAndRolesRepo.Object, mockTokenRepo.Object, null); Assert.IsInstanceOf <UnauthorizedResult>(controller.Auth(viewModel).Result); }
public async Task <IActionResult> Auth([FromBody] TokenRequestViewModel viewModel) { if (viewModel == null) { return(new BadRequestResult()); } try { switch (viewModel.GrantType) { case "password": return(await GetToken(viewModel)); case "refresh_token": return(await RefreshToken(viewModel)); default: return(new UnauthorizedResult()); } } catch (Exception e) { return(new StatusCodeResult(500)); } }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel) { var refreshToken = await _tokenRepository.CheckRefreshTokenForClient(viewModel.ClientId, viewModel.RefreshToken); if (refreshToken == null) { return(new UnauthorizedResult()); } var user = await _userAndRoleRepository.GetUserById(refreshToken.UserId); if (user == null) { return(new UnauthorizedResult()); } var newRefreshToken = _tokenService.GenerateRefreshToken(refreshToken.ClientId, refreshToken.UserId); await _tokenRepository.RemoveRefreshToken(refreshToken); await _tokenRepository.AddRefreshToken(newRefreshToken); var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId); var response = new TokenResponseViewModel { Expiration = tokenData.ExporationTimeInMinutes, RefreshToken = newRefreshToken.Value, Token = tokenData.EncodedToken }; return(Json(response)); }
public async Task <TokenResponseViewModel> RefreshToken(TokenRequestViewModel request) { var refreshToken = await _context.Set <Token>().FirstOrDefaultAsync(t => t.ClientId == request.ClientId); if (refreshToken == null) { return(null); } var user = await _userManager.FindByIdAsync(refreshToken.UserId); if (user == null) { return(null); } var newToken = CreateRefreshToken(refreshToken.ClientId, refreshToken.UserId); _context.Set <Token>().Remove(refreshToken); await _context.Set <Token>().AddAsync(newToken); await _context.SaveChangesAsync(); var response = CreateAccessToken(newToken.UserId, newToken.Value); return(response); }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model) { try { //sprawdzenie czy token istnieje dla obcenego clienta var rt = DbContext.Tokens.FirstOrDefault(t => t.ClientId == model.Client_id && t.Value == model.Refresh_token); //Token nie istnieje lub zły client if (rt == null) { return(new UnauthorizedResult()); } var user = await UserManager.FindByIdAsync(rt.UserId); if (user == null) { // uzytkownika nie znaleziona lub nieporawny return(new UnauthorizedResult()); } var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId); DbContext.Tokens.Remove(rt); DbContext.Tokens.Add(rtNew); DbContext.SaveChanges(); var respone = CreateAccessToken(rtNew.ClientId, rtNew.Value); return(Json(respone)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { var user = await UserManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { return(new UnauthorizedResult()); } var rt = CreateRefreshToken(model.client_id, user.Id); dataProcessor.AddNewRefreshToken(this.DbContext, rt); var newToken = CreateAccessToken(user.Id, rt.Value); return(new JsonResult(newToken, JsonSettings)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model) { try { var rt = dataProcessor.GetToken(this.DbContext, model); if (rt == null) { return(new UnauthorizedResult()); } var user = await UserManager.FindByIdAsync(rt.UserId); if (user == null) { return(new UnauthorizedResult()); } var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId); dataProcessor.UpdateToken(this.DbContext, rt, rtNew); var response = CreateAccessToken(rtNew.UserId, rtNew.Value); return(new JsonResult(response, JsonSettings)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { var user = await UserManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { // user does not exists or password mismatch return(new UnauthorizedResult()); } //username & password matches: create and return Jwt token var rt = CreateRefreshToken(model.client_id, user.Id); DbContext.Tokens.Add(rt); DbContext.SaveChanges(); var t = CreateAccessToken(user.Id, rt.Value); return(Json(t)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetAccessToken(TokenRequestViewModel model) { try { var user = await UserManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { return(new UnauthorizedResult()); } var roles = await UserManager.GetRolesAsync(user); //var roleClaims=new List<string>(); var refreshToken = CreateRefreshToken(model.client_id, user.Id); dbContext.ApplicationTokens.Add(refreshToken); dbContext.SaveChanges(); var response = CreateAccessToken(user.Id, roles, refreshToken.Value); return(Json(response)); } catch (Exception e) { return(new UnauthorizedResult()); } }
public async Task <IActionResult> SignOut([FromBody] TokenRequestViewModel viewModel) { await HttpContext.SignOutAsync(); _tokenService.RemoveByRefreshToken(viewModel.refresh_token); return(Ok()); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { var user = await UserManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { return(Unauthorized()); } var rt = CreateRefreshToken(model.client_id, user.Id); DbContext.Tokens.Add(rt); DbContext.SaveChanges(); var t = CreateAccessToken(user.Id, rt.Value); return(Json(t)); } catch (Exception ex) { Console.WriteLine(ex.Message); return(Unauthorized()); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { // check if there's an user with the given username var user = await UserManager.FindByNameAsync(model.username); // fallback to support e-mail address instead of username if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { // user does not exists or password mismatch return(new UnauthorizedResult()); } // username & password matches: create the refresh token var rt = CreateRefreshToken(model.client_id, user.Id); // add the new refresh token to the DB DbContext.Tokens.Add(rt); DbContext.SaveChanges(); // create & return the access token var t = CreateAccessToken(user.Id, rt.Value); return(Json(t)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <ApiResponse <TokenViewModel> > GetTokenResponse(TokenRequestViewModel model) { var apiResp = new ApiResponse <TokenViewModel> { Type = ResponseType.Fail }; var applicationUser = new ApplicationUser { Email = model.EmailOrUsername, UserName = model.EmailOrUsername }; var securityResp = await _security.GetToken(applicationUser, model.Password); if (securityResp.Type != ResponseType.Success) { apiResp.ErrorCode = securityResp.ErrorCode; return(apiResp); } var viewModel = new TokenViewModel { Username = applicationUser.UserName, AccessToken = securityResp.Data, Email = applicationUser.Email, NameSurname = applicationUser.NameSurname, Id = applicationUser.Id.ToString() }; apiResp.Data = viewModel; apiResp.Type = ResponseType.Success; return(apiResp); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { // check if there's an user with the given username var user = await _signInManager.UserManager.FindByNameAsync(model.username); // fallback to support e-mail address instead of username if (user == null && model.username.Contains("@")) { user = await _signInManager.UserManager.FindByEmailAsync(model.username); } if (user == null || !await _signInManager.UserManager.CheckPasswordAsync(user, model.password)) { return(new UnauthorizedResult()); } // username & password matches: create and return the DateTime now = DateTime.UtcNow; // add the registered claims for JWT (RFC7519). // For more info, see https://tools.ietf.org/html/rfc7519#section-4.1 var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()) }; var tokenExpirationMins = _configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes"); var issuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_configuration["Auth:Jwt:Key"])); var token = new JwtSecurityToken( issuer: _configuration["Auth:Jwt:Issuer"], audience: _configuration["Auth:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256) ); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); // build & return the response var response = new TokenResponseViewModel() { token = encodedToken, expiration = tokenExpirationMins }; return(Json(response)); } catch (Exception e) { return(new UnauthorizedResult()); } }
public TokenControllerTests() { Thread.CurrentPrincipal = new TestPrincipalWrapper(new Claim(ClaimTypes.Email, _properEmail)); _externalLoginInfoInstance = new ExternalLoginInfo((ClaimsPrincipal)Thread.CurrentPrincipal, "Facebook", "providers_key", "some_display_name"); _returnedResponseTokenModel = new TokenResponseViewModel() { DisplayName = "foo1", Email = "foo2", RefreshToken = "foo3", Role = "foo4", Token = "foo5", User = "******" }; _properRevokeTokenModel = new RevokeTokenRequestViewModel() { UserName = _properName, Token = _properToken, RefreshToken = _properToken }; _properRefreshTokenModel = new RefreshTokenRequestViewModel() { Email = _properEmail, RefreshToken = _properToken }; _properTokenRequestModel = new TokenRequestViewModel() { Email = _properEmail, Password = _properPassword, }; _properUser = new AppUser() { Email = _properEmail }; DefaultHttpContext httpContext = new DefaultHttpContext(); TempDataDictionary tempData = new TempDataDictionary(httpContext, Mock.Of <ITempDataProvider>()) { { "requestIp", "127.0.0.1" } }; _tokenServiceMock = new Mock <ITokenService>(); _userServiceMock = new Mock <IUserService>(); _userServiceMock.Setup(mock => mock.GetIpAddress(It.IsAny <DefaultHttpContext>())).Returns("127.0.0.1"); _userServiceMock.Setup(mock => mock.FindUserByEmail(_properEmail)).ReturnsAsync(_properUser); _userServiceMock.Setup(mock => mock.FindUserByEmail(_wrongEmail)).ReturnsAsync((AppUser)null); _userServiceMock.Setup(mock => mock.VerifyUsersPassword(It.IsAny <AppUser>(), It.IsAny <string>())).ReturnsAsync(true); _userServiceMock.Setup(mock => mock.GetUserRoleAsync(It.IsAny <AppUser>())).ReturnsAsync("User"); _userServiceMock.Setup(mock => mock.GetExternalLogin()).ReturnsAsync(_externalLoginInfoInstance); _userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true); _tokenServiceMock.Setup(mock => mock.GenerateTokenResponse(It.IsAny <AppUser>(), It.IsAny <string>(), It.IsAny <string>())).Returns(_returnedResponseTokenModel); _tokenServiceMock.Setup(mock => mock.VerifyRefreshToken(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>())).Returns(true); _tokenServiceMock.Setup(mock => mock.RevokeTokens(_properRevokeTokenModel)).Returns(true); _controller = new TokenController(_tokenServiceMock.Object, _userServiceMock.Object) { TempData = tempData }; }
private async Task <TokenResponseViewModel> CreateAccessToken(TokenRequestViewModel model, string refreshToken) { DateTime now = DateTime.UtcNow; var jwtAppSettingOptions = Configuration.GetSection(nameof(JwtIssuerOptions)); // add the registered claims for JWT (RFC7519). // For more info, see https://tools.ietf.org/html/rfc7519#section-4.1 //var claims = new[] { // new Claim(JwtRegisteredClaimNames.Sub, userId), // new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), // new Claim(JwtRegisteredClaimNames.Iat, // new DateTimeOffset(now).ToUnixTimeSeconds().ToString()) // // TODO: add additional claims here //}; //var tokenExpirationMins = // Configuration.GetValue<int>("Auth:Jwt:TokenExpirationInMinutes"); //var issuerSigningKey = new SymmetricSecurityKey( // Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"])); //var token = new JwtSecurityToken( // issuer: Configuration["Auth:Jwt:Issuer"], // audience: Configuration["Auth:Jwt:Audience"], // claims: claims, // notBefore: now, // expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), // signingCredentials: new SigningCredentials( // issuerSigningKey, SecurityAlgorithms.HmacSha256) //); //var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); ClaimsIdentity claimsIdentity = null; if (model.username == null) { var appUser = await FindByIdAysnc(model.client_id); model.username = appUser.UserName; claimsIdentity = await GetClaimsIdentity(model.username); } else { claimsIdentity = await GetClaimsIdentity(model.username, model.password); } var jwt = await Tokens.GenerateJwt(claimsIdentity, _jwtFactory, model.username, _jwtOptions, new JsonSerializerSettings { Formatting = Formatting.Indented }); return(new TokenResponseViewModel() { Token = jwt, Expiration = (int)(new JwtIssuerOptions().ValidFor.TotalMinutes), RefreshToken = refreshToken }); }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel model) { try { // check if the received refreshToken exists for the given clientId //var rt = DbContext.Tokens // .FirstOrDefault(t => // t.ClientId == model.client_id // && t.Value == model.refresh_token); var rt = await _tokenRepository.GetToken(model); if (rt == null) { // refresh token not found or invalid (or invalid clientId) return(new UnauthorizedResult()); } // check if there's an user with the refresh token's userId var user = await _userManager.FindByIdAsync(rt.UserId); if (user == null) { // UserId not found or invalid return(new UnauthorizedResult()); } // generate a new refresh token var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId); // invalidate the old refresh token (by deleting it) //DbContext.Tokens.Remove(rt); await _tokenRepository.RemoveToken(rt); // add the new refresh token //DbContext.Tokens.Add(rtNew); // persist changes in the DB //DbContext.SaveChanges(); await _tokenRepository.AddToken(rtNew); //rt // create a new access token... var response = await CreateAccessToken(model, rtNew.Value); // ... and send it to the client return(new JsonResult(response)); //return await Task.FromResult(Ok()); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel) { try { var refreshTokenResult = await _queryDispatcher.DispatchAsync <GetTokenQuery, GetTokenQueryResult>(new GetTokenQuery { ClientId = viewModel.ClientId, RefreshToken = viewModel.RefreshToken }); if (refreshTokenResult.Token == null) { return(new UnauthorizedResult()); } var userResult = await _queryDispatcher.DispatchAsync <GetUserByIdQuery, GetUserQueryResult>(new GetUserByIdQuery { UserId = refreshTokenResult.Token.UserId }); if (userResult.User == null) { return(new UnauthorizedResult()); } var newRefreshToken = _tokenService.GenerateRefreshToken(refreshTokenResult.Token.ClientId, refreshTokenResult.Token.UserId); await _commandDispatcher.DispatchAsync <RemoveTokenCommand>(new RemoveTokenCommand { Id = refreshTokenResult.Token.Id }); await _commandDispatcher.DispatchAsync <AddTokenCommand>(new AddTokenCommand { Token = refreshTokenResult.Token }); var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId); var response = new TokenResponseViewModel { Expiration = tokenData.ExporationTimeInMinutes, RefreshToken = newRefreshToken.Value, Token = tokenData.EncodedToken }; return(Json(response)); } catch (Exception) { return(new UnauthorizedResult()); } }
/// <summary> /// Get access token from client, process the refresh token, get basic information /// </summary> /// <param name="model"></param> /// <returns></returns> public async Task <Response <TokenResponse> > GetAccessTokenAsync(TokenRequestViewModel model) { try { var response = await this.providerManager.GetAccessTokenFromProviderAsync( name : model.IdentityProvider, code : model.AuthorizationCode, clientId : model.ClientId, model.RedirectUrl); if (response.HasResult) { //decode the token to jwt_token object var tokenDetails = GetTokenDetails(response.ResponseData.IdToken); //process the token for persitence // update refresh token or insert var processResponse = ProcessToken(response.ResponseData, tokenDetails); var claims = tokenDetails.Claims; var email = claims.FirstOrDefault(c => c.Type == "email").Value ?? ""; var picture = claims.FirstOrDefault(c => c.Type == "picture").Value ?? ""; var name = claims.FirstOrDefault(c => c.Type == "name").Value ?? ""; var given_name = claims.FirstOrDefault(c => c.Type == "given_name").Value ?? ""; var family_name = claims.FirstOrDefault(c => c.Type == "family_name").Value ?? ""; return(Response <TokenResponse> .Success(new TokenResponse { AccessToken = response.ResponseData.AccessToken, IdToken = response.ResponseData.IdToken, RefreshToken = string.IsNullOrWhiteSpace(response.ResponseData.RefreshToken) ? processResponse : response.ResponseData.RefreshToken, UserInformation = new TokenUserInformation { Picture = picture, Email = email, LastName = given_name, FirstName = family_name, StatusCode = 000, MiscField1 = "47f8d1e56b7bda62a4a1524aeccd9964", MiscField2 = "Practice Admin", ErrorCode = "000", Suggestion = "Login successful" } }));;; } return(Response <TokenResponse> .Failed(response.Message)); } catch (Exception ex) { LogError(ex, $"Error from {nameof(GetAccessTokenAsync)}"); return(Response <TokenResponse> .Failed("Error: Token Service is down")); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var identity = await GetClaimsIdentity(model.username, model.password); if (identity == null) { return(BadRequest(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState))); } // check if there's an user with the given username var user = await _userManager.FindByNameAsync(model.username); // fallback to support e-mail address instead of username if (user == null && model.username.Contains("@")) { user = await _userManager.FindByEmailAsync(model.username); } if (user == null || !await _userManager.CheckPasswordAsync(user, model.password)) { // user does not exists or password mismatch return(new UnauthorizedResult()); } // username & password matches: create the refresh token var rt = CreateRefreshToken(model.client_id, user.Id); // add the new refresh token to the DB //DbContext.Tokens.Add(rt); //DbContext.SaveChanges(); await _tokenRepository.AddToken(rt); // create & return the access token var t = await CreateAccessToken(model, rt.Value); //return Json(t); //return await Task.FromResult(Ok()); return(new JsonResult(t)); } catch (Exception ex) { return(new UnauthorizedResult()); } }