private RefreshTokenEntity RotateRefreshToken(RefreshTokenEntity oldToken, string ipAddress)
{
var newRefreshToken = GenerateRefreshToken(ipAddress);
_revokeRefreshToken(oldToken, ipAddress, "Replaced by new token", newRefreshToken.Token);
return(newRefreshToken);
}
/// <summary>
/// 生成JWT Token
/// </summary>
/// <param name="userId">用户Id</param>
/// <param name="userName">用户名称</param>
/// <param name="claims"></param>
/// <param name="jwtTokenConfig"></param>
/// <param name="dateTime"></param>
/// <returns></returns>
public async Task <JwtAuthInfo> GenerateTokens(long userId, string userName, Claim[] claims, DateTime dateTime)
{
var secret = Encoding.ASCII.GetBytes(jwtTokenConfig.SecretKey);
var shouldAddAudienceClaim = string.IsNullOrWhiteSpace(claims?.FirstOrDefault(x => x.Type == JwtRegisteredClaimNames.Aud)?.Value);
var jwtToken = new JwtSecurityToken(
jwtTokenConfig.Issuer,
shouldAddAudienceClaim ? jwtTokenConfig.Audience : string.Empty,
claims,
expires: dateTime.AddMinutes(jwtTokenConfig.AccessTokenExpiration),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(secret), SecurityAlgorithms.HmacSha256Signature));
var accessToken = new JwtSecurityTokenHandler().WriteToken(jwtToken);
var entity = new RefreshTokenEntity
{
UserId = userId,
UserName = userName,
Token = GenerateRefreshToken(),
ExpireAt = dateTime.AddMinutes(jwtTokenConfig.RefreshTokenExpiration)
};
//redisCacheService.SetEntryInHash(redisCacheHashId, refreshToken.TokenString, refreshToken);
await tokenRepository.AddOrUpdate(entity);
return(new JwtAuthInfo
{
AccessToken = accessToken,
RefreshToken = MapperTo(entity)
});
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var token = new RefreshTokenEntity()
{
RefreshTokenId = AuthHelper.GetHash(refreshTokenId),
ClientId = clientid,
Subject = context.Ticket.Identity.Name,
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
token.ProtectedTicket = context.SerializeTicket();
await _authDalHelper.AddRefreshToken(token);
context.SetToken(refreshTokenId);
}
private void RevokeDescendantRefreshTokens(RefreshTokenEntity refreshToken,
List <RefreshTokenEntity> allRefreshTokens, string ipAddress,
string reason)
{
// recursively traverse the refresh token chain and ensure all descendants are revoked
if (string.IsNullOrEmpty(refreshToken.ReplacedByToken))
{
return;
}
var childToken = allRefreshTokens.SingleOrDefault(x => x.Token == refreshToken.ReplacedByToken);
if (childToken == null)
{
return;
}
if (childToken.IsActive)
{
_revokeRefreshToken(childToken, ipAddress, reason);
}
else
{
RevokeDescendantRefreshTokens(childToken, allRefreshTokens, ipAddress, reason);
}
}
public async Task CreateRefreshToken_ShouldReturnTheCreatedRefreshToken_AndIncreaseTheRefreshTokensCount()
{
var refreshToken = new RefreshTokenEntity
{
Id = 444,
Token = "token 123",
User = new UserEntity
{
UserName = "******",
Email = "*****@*****.**"
}
};
var expectedNumberOfRefreshTokens = DbContext.RefreshTokens.Count() + 1;
// Act
var createdRefreshToken = await _refreshTokenRepository.Create(refreshToken);
// Assert
Assert.NotNull(createdRefreshToken);
Assert.Equal(refreshToken.Token, createdRefreshToken.Token);
Assert.Equal(refreshToken.User.UserName, createdRefreshToken.User.UserName);
Assert.Equal(refreshToken.User.Email, createdRefreshToken.User.Email);
Assert.True(refreshToken.Id != 0);
Assert.Equal(expectedNumberOfRefreshTokens, DbContext.RefreshTokens.Count());
}
private static RefreshTokenModel ConvertEntityToModel(RefreshTokenEntity t)
{
return(new RefreshTokenModel
{
Token = t.Token,
UserId = t.UserId
});
}
private static void _revokeRefreshToken(RefreshTokenEntity token, string ipAddress, string reason = null,
string replacedByToken = null)
{
token.Revoked = DateTime.Now;
token.RevokedByIp = ipAddress;
token.ReasonRevoked = reason;
token.ReplacedByToken = replacedByToken;
}
public async Task <RefreshTokenEntity> AddAsync(RefreshTokenEntity token)
{
await _OSContext.RefreshToken.AddAsync(token);
await _OSContext.SaveChangesAsync();
_Logger.LogInformation("(Repository) Token Added: {1}", token.UserId);
return(token);
}
/// <summary>
/// Mapper To RefreshToken
/// </summary>
/// <param name="entity">RefreshToken实体</param>
/// <returns></returns>
private RefreshToken MapperTo(RefreshTokenEntity entity)
{
return(new RefreshToken()
{
UserId = entity.UserId,
UserName = entity.UserName,
TokenString = entity.Token,
ExpireAt = entity.ExpireAt
});
}
public async Task <RefreshTokenModel> CreateAsync(RefreshTokenModel token)
{
var tokenEntity = new RefreshTokenEntity
{
Token = token.Token,
UserId = token.UserId
};
var createdToken = await _RefreshTokenRepository.AddAsync(tokenEntity);
return(ConvertEntityToModel(createdToken));
}
public async Task IfTheRefreshTokenToUpdate_DoesntExist_ReturnNull()
{
var refreshToken = new RefreshTokenEntity
{
Id = 4442,
Token = "token112345",
User = DbContext.Users.Find(1)
};
// Act
var result = await _refreshTokenRepository.Update(refreshToken);
// Assert
Assert.Null(result);
}
public async Task <RefreshTokenEntity> UpdateAsync(RefreshTokenEntity token)
{
var local = _OSContext.RefreshToken.Local.FirstOrDefault(entity => entity.Id == token.Id);
if (local is not null)
{
_OSContext.Entry(local).State = EntityState.Detached;
}
_OSContext.Entry(token).State = EntityState.Modified;
await _OSContext.SaveChangesAsync();
_Logger.LogInformation("(Repository) Token Updated: {1}", token.UserId);
return(token);
}
public async Task <JsonWebTokenResult> Handle(GenerateTokenCommand request, CancellationToken cancellationToken)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_jsonWebToken.Secret);
var tokenExpiration = DateTime.UtcNow.AddSeconds(_jsonWebToken.TokenLifetime);
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, request.User.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, request.User.Email),
new Claim("Id", request.User.Id)
};
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = tokenExpiration,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var refreshToken = new RefreshTokenEntity
{
Token = Guid.NewGuid().ToString(),
JwtId = token.Id,
UserId = request.User.Id,
CreationDate = DateTime.UtcNow,
ExpiryDate = DateTime.UtcNow.AddMonths(6)
};
await _context.RefreshTokens.AddAsync(refreshToken, cancellationToken);
await _context.SaveChangesAsync(cancellationToken);
return(new JsonWebTokenResult()
{
Token = tokenHandler.WriteToken(token),
TokenExpirationTime = ((DateTimeOffset)tokenExpiration).ToUnixTimeSeconds().ToString(),
RefreshToken = refreshToken.Token
});
}
public TokenResultEntity Post(RefreshTokenEntity data)
{
var result = new TokenResultEntity();
// 获取应用信息
var Token = AuthorizeHelper.GetTokenByRefreshToken(data.RefreshToken);
if (Token == null)
{
result.Code = (int)InterfaceResultEnum.AppError;
result.ErrMsg = EnumHelper.GetDescription(InterfaceResultEnum.AppError);
Logger.LogInfo(string.Format("刷新Token失败,RefreshToken:{0}", data.RefreshToken), "RefreshTokenController", "Post");
return(result);
}
var requestAccount = Token.RequestAccount;
var requestUserId = (int)Token.RequestUserId;
int expiry = 3600;
var token = AuthorizeHelper.AddToken(requestUserId, requestAccount, expiry);
AuthorizeHelper.RemoveToken(data.RefreshToken);
if (token != null)
{
result.Code = (int)InterfaceResultEnum.Success;
result.Access_Token = token.AccessToken;
result.Refresh_Token = token.RefreshToken;
result.Expiry = token.Expiry;
Logger.LogInfo(string.Format("刷新Token成功,RefreshToken:{0},AccessToken:{1}", data.RefreshToken, token.AccessToken), "RefreshTokenController", "Post");
}
else
{
result.Code = (int)InterfaceResultEnum.AppError;
result.ErrMsg = EnumHelper.GetDescription(InterfaceResultEnum.AppError);
Logger.LogInfo(string.Format("刷新Token失败,RefreshToken:{0}", data.RefreshToken), "RefreshTokenController", "Post");
}
return(result);
}
private string GenerateRefreshToken(Guid id)
{
var refreshToken = Guid.NewGuid().ToString();
var refreshTokenEntity = new RefreshTokenEntity
{
RefreshToken = refreshToken,
UserId = id,
TotalUsage = 1,
ExpireOn = null
};
var deviceInfo = SystemHelper.CurrentHttpContext?.Request.GetDeviceInformation();
//deviceInfo?.MapTo(refreshTokenEntity);
_refreshTokenRepo.Add(refreshTokenEntity);
UnitOfWork.SaveChanges();
return(refreshToken);
}
public Task <RefreshTokenEntity> Update(RefreshTokenEntity refreshToken)
{
return(_refreshTokenRepository.Update(refreshToken));
}
public async Task AddRefreshToken(RefreshTokenEntity tokenEntity)
{
await _dbContext.RefreshTokens.FindOneAndReplaceAsync(r => r.Subject == tokenEntity.Subject && r.ClientId == tokenEntity.ClientId, tokenEntity);
}
