private async Task <IActionResult> GenerateNewToken(TokenRequest model)
{
var user = await userManager.FindByNameAsync(model.Username);
if (user != null && await userManager.CheckPasswordAsync(user, model.Password))
{
if (!await userManager.IsEmailConfirmedAsync(user))
{
return(BadRequest(new { response = ApiMessages.AccountNotConfirmed() }));
}
var newRefreshToken = CreateRefreshToken(appSettings.ClientId, user.Id);
var oldRefreshTokens = db.Tokens.Where(rt => rt.UserId == user.Id);
if (oldRefreshTokens != null)
{
foreach (var token in oldRefreshTokens)
{
db.Tokens.Remove(token);
}
}
db.Tokens.Add(newRefreshToken);
await db.SaveChangesAsync();
var accessToken = await CreateAccessToken(user, newRefreshToken.Value);
return(Ok(new { response = accessToken }));
}
return(Unauthorized(new { response = ApiMessages.AuthenticationFailed() }));
}
private async Task <IActionResult> RefreshToken(TokenRequest model)
{
try {
var rt = db.Tokens.FirstOrDefault(t => t.ClientId == appSettings.ClientId && t.Value == model.RefreshToken.ToString());
if (rt == null)
{
return(new UnauthorizedResult());
}
if (rt.ExpiryTime < DateTime.UtcNow)
{
return(Unauthorized(new { response = ApiMessages.AuthenticationFailed() }));
}
var user = await userManager.FindByIdAsync(rt.UserId);
if (user == null)
{
return(Unauthorized(new { response = ApiMessages.AuthenticationFailed() }));
}
var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId);
db.Tokens.Remove(rt);
db.Tokens.Add(rtNew);
db.SaveChanges();
var token = await CreateAccessToken(user, rtNew.Value);
return(Ok(new { response = token }));
} catch {
return(Unauthorized(new { response = ApiMessages.AuthenticationFailed() }));
}
}
public async Task <IActionResult> Auth([FromBody] TokenRequest model)
{
switch (model.GrantType)
{
case "password":
return(await GenerateNewToken(model));
case "refresh_token":
return(await RefreshToken(model));
default:
return(Unauthorized(new { response = ApiMessages.AuthenticationFailed() }));
}
}
private async Task <IActionResult> GenerateNewToken(TokenRequest model)
{
var user = await userManager.FindByNameAsync(model.Username);
if (user != null && user.IsActive && await userManager.CheckPasswordAsync(user, model.Password))
{
if (this.IsFirstLogin(user))
{
await this.UpdateFirstLogin(user);
}
else
{
if (IsOneTimePasswordChanged(user) == false)
{
return(StatusCode(401, new { response = ApiMessages.AuthenticationFailed() }));
}
}
if (!await userManager.IsEmailConfirmedAsync(user))
{
return(StatusCode(495, new { response = ApiMessages.AccountNotConfirmed() }));
}
var newRefreshToken = CreateRefreshToken(settings.ClientId, user.Id);
var oldRefreshTokens = db.Tokens.Where(rt => rt.UserId == user.Id);
if (oldRefreshTokens != null)
{
foreach (var token in oldRefreshTokens)
{
db.Tokens.Remove(token);
}
}
db.Tokens.Add(newRefreshToken);
await db.SaveChangesAsync();
var accessToken = await CreateAccessToken(user, newRefreshToken.Value);
return(StatusCode(200, new { response = accessToken }));
}
return(StatusCode(401, new { response = ApiMessages.AuthenticationFailed() }));
}
