public ClaimsPrincipal? GetPrincipalFromToken(string token)
{
return _jwtTokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SecretKey)),
ValidateLifetime = false // we check expired tokens here
});
}
public ClaimsPrincipal?GetPrincipalFromToken(string token)
{
if (_options.SecretKey == null)
{
throw new InvalidOperationException("The secret key must not be null.");
}
return(_jwtTokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SecretKey)),
ValidateLifetime = false // we check expired tokens here
}));
}
public IActionResult ValidateJwt([FromBody] string token)
{
if (_jwtHandler.ValidateToken(token))
{
var handler = new JwtSecurityTokenHandler();
var jwtToken = handler.ReadToken(token) as JwtSecurityToken;
var claims = new JwtCustomClaims
{
FirstName = jwtToken.Claims.First(claim => claim.Type == "FirstName").Value,
LastName = jwtToken.Claims.First(claim => claim.Type == "LastName").Value,
Email = jwtToken.Claims.First(claim => claim.Type == "Email").Value
};
return(Ok(claims));
}
return(BadRequest("Token is invalid."));
}
public async Task <Result> RefreshTokenAsync(JsonWebToken model)
{
var validatedToken = _jwtHandler.ValidateToken(model.Token);
if (validatedToken == null)
{
return(Result.GeneralFailure("Invalid Token"));
}
if (validatedToken.ValidTo > DateTime.UtcNow)
{
return(Result.GeneralFailure("This Token Has Not Expired Yet"));
}
var userId = validatedToken.Claims.First(claim => claim.Type == TokenClaims.UserId).Value;
var userRefreshToken = await _context.RefreshTokens.Where(x => x.Token == model.RefreshToken)
.Include(c => c.Users)
.Where(v => v.Users.Id == userId)
.FirstOrDefaultAsync();
if (userRefreshToken == null)
{
return(Result.GeneralFailure("No refresh token for this user"));
}
if (userRefreshToken.Token != model.RefreshToken)
{
return(Result.GeneralFailure("Invalid Refresh Token"));
}
if (userRefreshToken.IsExpired)
{
return(Result.GeneralFailure("Expired Token"));
}
if (userRefreshToken.Revoked != null)
{
return(Result.GeneralFailure("This Token has Been Used and Revoked"));
}
if (userRefreshToken.IsActive)
{
var userRole = await _userManager.GetRolesAsync(userRefreshToken.Users);
var newRefreshToken = _jwtHandler.CreateRefreshToken(userId);
var token = _jwtHandler.CreateToken(userRefreshToken.Users, userRole.FirstOrDefault());
var jwt = new JsonWebToken
{
Token = token,
RefreshToken = newRefreshToken.Token,
};
userRefreshToken.Revoked = DateTime.UtcNow;
var updateResult = _context.RefreshTokens.Update(userRefreshToken);
var addNewRefreshToken = await _context.RefreshTokens.AddAsync(newRefreshToken);
var saveChanges = await _context.SaveChangesAsync();
if (updateResult.IsKeySet || addNewRefreshToken.IsKeySet || saveChanges == 1)
{
return(Result.ReturnToken(jwt));
}
}
return(Result.GeneralFailure("SomeThing Wrong"));
}
