public async Task <ActionResult <ApiTokenUrlResult> > RefreshToken([FromBody] RefreshTokenInput input) { var result = new ApiTokenUrlResult(); var principal = _tokenService.GetPrincipalFromExpiredToken(input.Token); var userId = principal.GetUserId(); //this is mapped to the Name claim by default var storeRefreshToken = await _tokenService.GetRefreshToken(userId); if (storeRefreshToken != input.RefreshToken) { result.Code = 200; result.Message = "刷新 Token 失败"; result.Url = _frontendSettings.CoreEnvironment.IsDevelopment ? _frontendSettings.CoreEnvironment.DevelopmentHost + "/modules/login.html" : Url.Action("Login", "View"); return(result); } var newToken = _tokenService.GenerateAccessToken(principal.Claims); var newRefreshToken = await _tokenService.GenerateRefreshToken(userId); result.Token = newToken; result.RefreshToken = newRefreshToken; result.Code = 200; result.Message = "刷新 Token 成功"; return(result); }
public async Task <ActionResult <ApiTokenUrlResult> > Login([FromBody] AccountPasswordValidationCodeLoginInput input) { var result = new ApiTokenUrlResult(); var validationCode = HttpContext.Session.GetString(ValidationCodeKey); if (validationCode == null) { result.Code = 400; result.Message = "验证码已到期,请重新输入"; return(result); } if (String.Compare(validationCode, input.ValidationCode, StringComparison.OrdinalIgnoreCase) != 0) { result.Code = 400; result.Message = "请输入正确的验证码"; return(result); } HttpContext.Session.Remove(ValidationCodeKey); var user = await _userService.GetNormalUserAsync(input.Account, input.Password); if (user == null) { result.Code = 400; result.Message = "账号或密码错误,或用户状态不允许登录"; return(result); } var token = _tokenService.GenerateAccessToken(user); var refreshToken = await _tokenService.GenerateRefreshToken(user.UserId); result.Token = token; result.RefreshToken = refreshToken; result.Url = _frontendSettings.CoreEnvironment.IsDevelopment ? _frontendSettings.CoreEnvironment.DevelopmentHost + "/modules/index.html" : Url.Action("Index", "View"); result.Code = 200; result.Message = "登录成功"; return(result); }