// dla loginu (IndexNumber = s1234) hasło to: asd123
public IActionResult Login(LoginRequestDto request)
{
var response = _service.LoginStudentResponse(request);
if (Validate(request.Haslo, response.Salt, response.Password))
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Name, request.Login),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var tokenData = (new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
});
var refreshToken = new SaveRefreshTokenRequest();
refreshToken.indexNumber = request.Login;
refreshToken.refreshToken = tokenData.refreshToken.ToString();
var saveRefreshTokenResponse = _service.SaveRefreshToken(refreshToken);
return(Ok("Poprawnie zalogowano"));
}
else
{
return(Ok("Błąd logowania"));
}
}
public IActionResult RefreshToken(RefreshTokenRequest refToken)
{
var response = _service.RefreshToken(refToken);
if (null == response.IndexNumber)
{
return(Ok(response.Message));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, response.IndexNumber),
new Claim(ClaimTypes.Name, response.IndexNumber),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var tokenData = (new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
});
var newToken = new SaveRefreshTokenRequest();
newToken.indexNumber = response.IndexNumber;
newToken.refreshToken = tokenData.refreshToken.ToString();
var saveRefreshTokenResponse = _service.SaveRefreshToken(newToken);
return(Ok(response.Message + "\n" + "Nowy Refresh Token: " + newToken.refreshToken.ToString()));
}
public SaveRefreshTokenResponse SaveRefreshToken(SaveRefreshTokenRequest request)
{
using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s16985;Integrated Security=True"))
using (var com = new SqlCommand())
{
var response = new SaveRefreshTokenResponse();
if (con.State == ConnectionState.Closed)
{
con.Open();
}
com.Connection = con;
try
{
com.CommandText = "UPDATE Student Set RefreshToken = @RefreshToken WHERE IndexNumber=@IndexNumber";
com.Parameters.AddWithValue("IndexNumber", request.indexNumber);
com.Parameters.AddWithValue("RefreshToken", request.refreshToken);
var dr = com.ExecuteReader();
if (!dr.Read())
{
dr.Close();
response.Message = "Błąd...";
return(response);
}
response.Message = "Poprawnie zapisano refresh token";
return(response);
}
catch (SqlException e)
{
response.Message = e.Message;
return(response);
}
}
}
public async Task <SaveRefreshTokenResponse> SaveRefreshToken(SaveRefreshTokenRequest request)
{
var path = "api/Authentication/SaveRefreshToken";
return(await RunClient <SaveRefreshTokenRequest, SaveRefreshTokenResponse>(request, path));
}
