public AuthController(RefreshTokenRepository refreshTokenRepository, UserRepository userRepository, AccessTokenService accessTokenServices) { _refreshTokenRepository = refreshTokenRepository; _userRepository = userRepository; _accessTokenServices = accessTokenServices; }
private Property Deleteable(RefreshToken token, RefreshTokenRepository tokens) { tokens.Delete(token); var equal = tokens.Get(token.AccountId) == null; return(equal.ToProperty()); }
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenDTO model) { Logger.LogError("RefreshToken method called"); if (!ModelState.IsValid) { return(BadRequest(new ModelStateErrorResponseDTO(HttpStatusCode.BadRequest, ModelState))); } var user = await UserManager.FindByIdAsync(model.UserId); if (user == null || user.ShouldDelete) { return(NotFound(new ErrorResponseDTO(HttpStatusCode.NotFound, new string[] { "The user was not found" }))); } var token = RefreshTokenRepository .Get(x => x.RefreshTokenId == model.RefreshToken && x.ExpiryTime > DateTime.UtcNow) .FirstOrDefault(); if (token != null) { RefreshTokenRepository.Delete(model.RefreshToken); return(Ok(GetJWTToken(user))); } return(BadRequest(new ErrorResponseDTO(HttpStatusCode.BadRequest, new string[] { "The token is invalid" }))); }
private Property Insertable(RefreshToken token, RefreshTokenRepository tokens) { var inserted = tokens.Create(token); var equal = inserted.Equals(token); return(equal.ToProperty()); }
private Property Lifecycle(RefreshToken token, RefreshTokenRepository repository) { return(Insertable(token, repository) .And(Updateable(token, repository)) .And(Gettable(token, repository)) .And(Deleteable(token, repository))); }
public async Task <JsonWebToken> Handle(RefreshAccessToken request, CancellationToken cancellationToken) { var token = request.Token; var refreshToken = await RefreshTokenRepository.GetAsync(token); if (refreshToken == null) { throw new IdentityException(Codes.RefreshTokenNotFound, "Refresh accessToken was not found."); } if (refreshToken.Revoked) { throw new IdentityException(Codes.RefreshTokenAlreadyRevoked, $"Refresh accessToken: '{refreshToken.Id}' was revoked."); } var user = await GetUserOrThrowAsync(refreshToken.UserId); var claims = await ClaimsProvider.GetAsync(user.Id); var jwt = JwtService.CreateToken(user.Id.ToString("N"), user.Role, claims); jwt.RefreshToken = refreshToken.Token; var @event = new AccessTokenRefreshedIntegrationEvent(user.Id); BusPublisher.Publish(@event); return(jwt); }
public AuthController(IOptions <JwtBearerTokenSettings> jwtTokenOptions, UserManager <User> userManager, RoleManager <IdentityRole> roleManager, RefreshTokenRepository refreshTokenRepository) { this.jwtBearerTokenSettings = jwtTokenOptions.Value; this.userManager = userManager; this.roleManager = roleManager; this.refreshTokenRepository = refreshTokenRepository; }
public ApplicationRepository() { _ctx = new AuthContext(); _userManager = new UserManager<IdentityUser>(new UserStore<IdentityUser>(_ctx)); RefreshTokens = new RefreshTokenRepository(_ctx); Audiences = new AudienceRepository(_ctx); Files = new FileRepository(_ctx); }
private RefreshToken GetCurrentRefreshTokenRecordFor(Guid accountId) { return(RefreshTokenRepository.GetAll(new RefreshTokenFilters { AccountId = accountId }) .Where(r => r.Expires >= DateTime.UtcNow) .FirstOrDefault()); }
private DataResponseDTO <LoginResponseDTO> GetJWTToken(ApplicationUser user) { var currentTime = DateTime.UtcNow; var userRoles = UserManager.GetRolesAsync(user).Result; Logger.LogError($"-------- There are {userRoles.Count} roles in GetJWTToken for user {user.Email}"); IdentityOptions identityOptions = new IdentityOptions(); var claims = new List <Claim> { new Claim(identityOptions.ClaimsIdentity.UserIdClaimType, user.Id.ToString()), new Claim(identityOptions.ClaimsIdentity.UserNameClaimType, user.UserName) }; foreach (var role in userRoles) { claims.Add(new Claim(identityOptions.ClaimsIdentity.RoleClaimType, role)); Logger.LogError($"---------- ADDING ROLE {role} to the roles for user {user.Email}"); } var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims.ToArray()), Expires = currentTime.AddHours(2), SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT_Secret"].ToString())), SecurityAlgorithms.HmacSha256Signature) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var token = tokenHandler.WriteToken(securityToken); var refreshToken = new RefreshToken { UserId = user.Id, ExpiryTime = currentTime.AddDays(30), GeneratedTime = currentTime }; do { refreshToken.RefreshTokenId = Helper.GetRandomToken(96); }while (RefreshTokenRepository.GetByID(refreshToken.RefreshTokenId) != null); RefreshTokenRepository.Insert(refreshToken); return(new DataResponseDTO <LoginResponseDTO>(new LoginResponseDTO { Id = user.Id, Token = token, RefreshToken = refreshToken.RefreshTokenId, ExpiryTime = tokenDescriptor.Expires.ToString(), Roles = userRoles, Fullname = string.Join(" ", new List <string> { user.FirstName, user?.MiddleName, user.LastName }), BVN = user.BVN })); }
private Property Updateable(RefreshToken token, RefreshTokenRepository tokens) { token.Id = Guid.NewGuid(); token.Issued = DateTime.Now; token.Expires = DateTime.Now; var updated = tokens.Update(token); var equal = updated.Equals(token); return(equal.ToProperty()); }
public ApplicationRepository() { _ctx = new ApplicationDbContext(); _userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>(_ctx)); RefreshTokens = new RefreshTokenRepository(_ctx); Clients = new ClientRepository(_ctx); Exercise = new ExerciseRepository(_ctx); Schedules = new ScheduleRepository(_ctx); Practices = new PracticeRepository(_ctx); }
public async Task <Unit> Handle(CreateAccessToken request, CancellationToken cancellationToken) { var userId = request.UserId; var user = await GetUserOrThrowAsync(userId); await RefreshTokenRepository.AddAndSaveAsync(new RefreshToken(user, _passwordHasher)); return(Unit.Value); }
public RepositoryFixture() { Database = new IntegrationDbFixture(); RefreshTokens = new RefreshTokenRepository(Database.Ctx); Reservations = new ReservationRepository(Database.Ctx); ReservationStatuses = new ReservationStatusRepository(Database.Ctx); Resources = new ResourceRepository(Database.Ctx); Roles = new RolesRepository(Database.Ctx); Users = new UserRepository(Database.Ctx, Roles); }
private void PurgeExpiredRefreshTokensFor(Guid accountId) { var expiredRecords = RefreshTokenRepository.GetAll(new RefreshTokenFilters { AccountId = accountId }) .Where(r => r.Expires < DateTime.UtcNow); foreach (var record in expiredRecords) { RefreshTokenRepository.Delete(record.Id); } }
public UnitOfWork() { _context = new EventerDbContext(); ActivityLogRepository = new ApiActivityLogRepository(_context); CategoryRepository = new CategoryRepository(_context); CityRepository = new CityRepository(_context); ClientRepository = new ClientRepository(_context); ErrorLogRepository = new ErrorLogRepository(_context); EventRepository = new EventRepository(_context); RefreshTokenRepository = new RefreshTokenRepository(_context); StateRepository = new StateRepository(_context); }
public IActionResult Logout() { var refreshTokenIdString = User?.Claims?.Where(c => c.Type == "jti")?.SingleOrDefault()?.Value; if (Guid.TryParse(refreshTokenIdString, out var refreshTokenId)) { RefreshTokenRepository.Delete(refreshTokenId); return(NoContent()); } return(StatusCode(500, new Exception($"The 'jti' claim is missing or contains an invalid id ({refreshTokenIdString})."))); }
public UnitOfWork(TpContext context, ITimeService timeService) { _context = context; AppUsers = new AppUserRepository(_context); AppProfiles = new AppProfileRepository(_context); RefreshTokens = new RefreshTokenRepository(_context); DayPunches = new DayPunchRepository(_context, AppUsers); WeekPunches = new WeekPunchRepository(_context, timeService, AppUsers); MonthPunches = new MonthPunchRepository(_context, timeService, AppUsers); YearPunches = new YearPunchRepository(_context, timeService, AppUsers); Punches = new PunchRepository(_context, timeService, AppUsers); MonthStates = new MonthStateRepository(_context); PunchStates = new PunchStateRepository(_context); }
public async Task <AuthResult> RefreshTokenAsync(string token, string refreshToken) { var claimsPrincipal = GetClaimsPrincipalFromToken(token); if (claimsPrincipal == null) { return(new AuthResult { Success = false, ErrorMessages = new[] { "This token is invalid." } }); } long expiryDateInSeconds = long.Parse(claimsPrincipal.FindFirstValue(JwtRegisteredClaimNames.Exp)); var expiryDate = DateTime.UnixEpoch.AddSeconds(expiryDateInSeconds); if (expiryDate > DateTime.UtcNow) { return(new AuthResult { Success = false, ErrorMessages = new[] { "This token is still valid." } }); } var storedRefreshToken = await RefreshTokenRepository.GetByTokenAsync(refreshToken); string jwtId = claimsPrincipal.FindFirstValue(JwtRegisteredClaimNames.Jti); if (storedRefreshToken == null || DateTime.UtcNow > storedRefreshToken.ExpiryDate || storedRefreshToken.Invalidated || storedRefreshToken.Used || storedRefreshToken.JwtId != jwtId) { return(new AuthResult { Success = false, ErrorMessages = new[] { "This refresh token is invalid." } }); } await RefreshTokenRepository.SetUsedAsync(storedRefreshToken.Id); var user = await UserManager.FindByNameAsync(claimsPrincipal.FindFirstValue("username")); return(await GenerateAuthResultForUserAsync(user)); }
public RefreshTokenRepository_Base(DatabaseFixture fixture) { var database = fixture.Client.GetDatabase("IntegrationTest"); _collection = database.GetCollection <RefreshToken>("TestAuthTokens"); _collection.DeleteMany(new BsonDocument()); _collection.InsertMany(new RefreshToken[] { _existing1, _existing2, _existing3 }); Assert.NotNull(_existing1.Id); _expectedTokens = new HashSet <RefreshToken>(); _expectedTokens.Add(_existing1); _expectedTokens.Add(_existing2); _expectedTokens.Add(_existing3); _repo = new RefreshTokenRepository(_collection); }
private void InitRepositories() { // Ubication Countries = new CountryRepository(this); States = new StateRepository(this); Cities = new CityRepository(this); // Authorization Users = new UserRepository(this); UsersRoles = new UserRoleRepository(this); UsersLogins = new UserLoginRepository(this); Roles = new RoleRepository(this); RoleControls = new RoleControlRepository(this); UserClaims = new UserClaimRepository(this); RefreshTokens = new RefreshTokenRepository(this); }
public TokenController(IOptions <JwtOptions> jwtOptions, RefreshTokenRepository refreshTokenRepository, AdminAuthenticationProvider adminAuthenticationProvider, IHostingEnvironment hostingEnvironment, SigningCredentialsProvider signingCredentialsProvider) { _refreshTokenRepository = refreshTokenRepository; _adminAuthenticationProvider = adminAuthenticationProvider; _accessTokenLifetime = TimeSpan.FromSeconds(jwtOptions.Value.AccessTokenLifetimeSeconds); _refreshTokenLifetime = TimeSpan.FromSeconds(jwtOptions.Value.RefreshTokenLifetimeSeconds); _jwtIssuer = jwtOptions.Value.Issuer; _jwtAudience = jwtOptions.Value.Audience; _signingCredentialsProvider = signingCredentialsProvider; _log.Warn(jwtOptions.Value.AccessTokenLifetimeSeconds); if (hostingEnvironment.IsDevelopment()) { _cookieOptions.Secure = false; } }
public UnitOfWork( IDataMapper mapper, ClinicDb context) { _mapper = mapper; _context = context; UserRepository = new UserRepository(mapper, context); BookingRepository = new BookingRepository(mapper, context); RefreshTokenRepository = new RefreshTokenRepository(mapper, context); ClinicClinicianRepository = new ClinicClinicianRepository(context); DocumentRepository = new DocumentRepository(context); ClinicRepository = new ClinicRepository(mapper, context); ClinicianRepository = new ClinicianRepository(mapper, context); PatientRepository = new PatientRepository(context); }
public IActionResult Login([FromBody] TokenRequest credentials) { if (!ModelState.IsValid) { return(BadRequest(ModelState.GetReadableString())); } var accountRecord = AccountRepository.GetAll() .Where(a => a.Name.ToLower() == credentials.Name.ToLower()) .Where(a => a.PasswordHash == Utility.ComputeSHA512Hash(credentials.Password)) .FirstOrDefault(); if (accountRecord == default(Account)) { return(StatusCode(401, "Login failed.")); } PurgeExpiredRefreshTokensFor(accountRecord.Id); var refreshTokenRecord = GetCurrentRefreshTokenRecordFor(accountRecord.Id); JwtSecurityToken refreshJwt; if (refreshTokenRecord == default(RefreshToken)) { refreshJwt = TokenFactory.GetRefreshToken(); refreshTokenRecord = new RefreshToken() { Id = Guid.Parse(refreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault().Value), AccountId = accountRecord.Id, Issued = refreshJwt.ValidFrom, Expires = refreshJwt.ValidTo, }; RefreshTokenRepository.Create(refreshTokenRecord); } else { refreshJwt = TokenFactory.GetRefreshToken(refreshTokenRecord.Id, refreshTokenRecord.Expires, refreshTokenRecord.Issued); } var accessJwt = TokenFactory.GetAccessToken(accountRecord, refreshTokenRecord.Id); var response = new TokenResponse(accessJwt, refreshJwt); return(Ok(response)); }
public async Task <Unit> Handle(RevokeRefreshToken request, CancellationToken cancellationToken) { var token = request.Token; var userId = request.UserId; var refreshToken = await RefreshTokenRepository.GetAsync(token); if (refreshToken == null || refreshToken.UserId != userId) { throw new IdentityException(Codes.RefreshTokenNotFound, "Refresh accessToken was not found."); } refreshToken.Revoke(); await RefreshTokenRepository.UpdateAndSaveAsync(refreshToken); return(Unit.Value); }
public IActionResult Refresh([FromBody] string refreshToken) { if (string.IsNullOrWhiteSpace(refreshToken)) { return(BadRequest("The specified token is blank.")); } if (!TokenValidator.TryParseAndValidateToken(refreshToken, out JwtSecurityToken parsedRefreshJwt)) { return(Unauthorized()); } var refreshTokenIdString = parsedRefreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault()?.Value; if (string.IsNullOrEmpty(refreshTokenIdString)) { return(Unauthorized()); } if (!Guid.TryParse(refreshTokenIdString, out Guid refreshTokenId)) { return(Unauthorized()); } var refreshTokenRecord = RefreshTokenRepository.Get(refreshTokenId); if (refreshTokenRecord == default(RefreshToken) || refreshTokenRecord.Expires <= DateTime.UtcNow) { return(Unauthorized()); } var account = AccountRepository.Get(refreshTokenRecord.AccountId); if (account == default(Account)) { return(Unauthorized()); } var accessJwt = TokenFactory.GetAccessToken(account, refreshTokenRecord.Id); var refreshJwt = TokenFactory.GetRefreshToken(refreshTokenId, refreshTokenRecord.Expires, refreshTokenRecord.Issued); var response = new TokenResponse(accessJwt, refreshJwt); return(Ok(response)); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var allowedOrigin = context.OwinContext.Get <string>("ou:clientAllowedOrigin"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); string hashedTokenId = Utility.GetHash(context.Token); using (RefreshTokenRepository _refreshTokenRepository = new RefreshTokenRepository()) { var refreshToken = await _refreshTokenRepository.FindRefreshToken(hashedTokenId); if (refreshToken != null) { context.DeserializeTicket(refreshToken.ProtectedTicket); await _refreshTokenRepository.RemoveRefreshToken(hashedTokenId); } } }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientid = context.Ticket.Properties.Dictionary["as:client_id"]; if (string.IsNullOrEmpty(clientid)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); using (UnitOfWork _uow = new UnitOfWork()) { var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime"); var token = new RefreshToken() { Id = refreshTokenId.GetHash(), ClientId = clientid, Subject = context.Ticket.Identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; token.ProtectedTicket = context.SerializeTicket(); using (RefreshTokenRepository _repo = new RefreshTokenRepository(_uow)) { _repo.AddRefreshToken(token); await _uow.SaveAsync(); } context.SetToken(refreshTokenId); } }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); string hashedTokenId = context.Token.GetHash(); using(UnitOfWork uow = new UnitOfWork()) { using (RefreshTokenRepository _repo = new RefreshTokenRepository(uow)) { var refreshToken = await _repo.FindRefreshToken(hashedTokenId); if (refreshToken != null) { //Get protectedTicket from refreshToken class context.DeserializeTicket(refreshToken.ProtectedTicket); var result = await _repo.RemoveRefreshToken(hashedTokenId); } } } }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientid = context.Ticket.Properties.Dictionary["as:client_id"]; if (string.IsNullOrEmpty(clientid)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); using (UnitOfWork _uow = new UnitOfWork()) { var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime"); var token = new RefreshToken() { Id = refreshTokenId.GetHash(), ClientId = clientid, Subject = context.Ticket.Identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; token.ProtectedTicket = context.SerializeTicket(); using (RefreshTokenRepository _repo = new RefreshTokenRepository(_uow)) { _repo.AddRefreshToken(token); await _uow.SaveAsync(); } context.SetToken(refreshTokenId); } }
public IActionResult Logout([FromBody] LogoutRequestDTO model) { Logger.LogError("Logout method called"); if (!ModelState.IsValid) { return(BadRequest(new ModelStateErrorResponseDTO( HttpStatusCode.BadRequest, ModelState))); } var currentUserId = User.FindFirst(ClaimTypes.NameIdentifier).Value; var token = RefreshTokenRepository .Get(x => x.RefreshTokenId == model.RefreshToken && x.User.Id == new Guid(currentUserId)) .FirstOrDefault(); if (token != null) { RefreshTokenRepository.Delete(model.RefreshToken); } return(Ok(new DataResponseDTO <string>("Logout successful"))); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); string hashedTokenId = context.Token.GetHash(); using (UnitOfWork uow = new UnitOfWork()) { using (RefreshTokenRepository _repo = new RefreshTokenRepository(uow)) { var refreshToken = await _repo.FindRefreshToken(hashedTokenId); if (refreshToken != null) { //Get protectedTicket from refreshToken class context.DeserializeTicket(refreshToken.ProtectedTicket); var result = await _repo.RemoveRefreshToken(hashedTokenId); } } } }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientid = context.Ticket.Properties.Dictionary["ou:client_id"]; if (string.IsNullOrEmpty(clientid)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); using (RefreshTokenRepository _refreshTokenRepository = new RefreshTokenRepository()) { var refreshTokenLifeTime = context.OwinContext.Get <string>("ou:clientRefreshTokenLifeTime"); var token = new RefreshToken() { RefreshTokenId = Utility.GetHash(refreshTokenId), ClientId = clientid, Subject = context.Ticket.Identity.Name, IssuedOn = DateTime.UtcNow, ExpiresOn = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = token.IssuedOn; context.Ticket.Properties.ExpiresUtc = token.ExpiresOn; token.ProtectedTicket = context.SerializeTicket(); var result = await _refreshTokenRepository.AddRefreshToken(token); if (result) { context.SetToken(refreshTokenId); } } }