public async Task <IActionResult> GetJwt(
[FromBody] SecureAuthenticationModel model,
[FromServices] IUserRepository userRepository,
[FromServices] ICryptoService cryptoService,
[FromServices] IUrlHelper urlHelper)
{
if (ModelState.IsValid)
{
var key = cryptoService.RetrieveMergedKey(model.Id);
var decryptedContent = await cryptoService.DecryptTripleDESAsync(Convert.FromBase64String(model.Content), key);
var userModel = JsonConvert.DeserializeObject <UserAuthenticationModel>(decryptedContent);
var user = await userRepository.GetUserAsync(userModel.Username);
if (user != null && user.Password == userModel.Password)
{
var refresh = BuildRefreshJwt(userModel);
refreshTokens[refresh] = userModel.Username;
return(Json(new SecureJwtModel
{
OriginId = 0,
TokenModel = new TokenModel
{
Token = BuildJwt(userModel),
RefreshToken = refresh,
RefreshUrl = urlHelper.Action("RefreshJwt"),
Expires = DateTime.Now.AddMinutes(1)
}
}));
}
else
{
return(Unauthorized());
}
}
else
{
return(BadRequest(ModelState.ValidationState));
}
}
public async Task RequestJwtAsync(UserAuthenticationModel userData, bool forceRefresh)
{
var fileExists = await _keyStorageContainer.PublicKeyExists(_deviceId);
if (forceRefresh || !fileExists || fileExists && string.IsNullOrEmpty(await _storageContainer.ReadFileAsStringAsync(_jwtFilePath)))
{
var key = _cryptoService.RetrieveMergedKey("server");
var cryptedData = await _cryptoService.EncryptTripleDESAsync(JsonConvert.SerializeObject(userData), key);
var jwtRequest = new SecureAuthenticationModel()
{
Id = _deviceId,
Content = Convert.ToBase64String(cryptedData)
};
var content = new StringContent(JsonConvert.SerializeObject(jwtRequest), Encoding.UTF8, "application/json");
var response = await _httpClient.PostAsync("api/jwt/requestjwt", content);
if (response.IsSuccessStatusCode)
{
var responseString = await response.Content.ReadAsStringAsync();
var responseModel = JsonConvert.DeserializeObject <SecureJwtModel>(responseString);
await _storageContainer.WriteFileAsync(_jwtFilePath, JsonConvert.SerializeObject(responseModel.TokenModel));
}
else if (response.StatusCode == HttpStatusCode.Unauthorized)
{
throw new UnauthorizedAccessException();
}
else
{
await _storageContainer.WriteFileAsync(_jwtFilePath, "");
throw new Exception(response.ReasonPhrase);
}
}
}
public async Task UpdateJwtAsync()
{
var key = _cryptoService.RetrieveMergedKey("server");
var token = JsonConvert.DeserializeObject <TokenModel>(await _storageContainer.ReadFileAsStringAsync(_jwtFilePath));
var cryptedData = await _cryptoService.EncryptTripleDESAsync(token.RefreshToken, key);
var jwtRequest = new SecureAuthenticationModel()
{
Id = _deviceId,
Content = Convert.ToBase64String(cryptedData)
};
var content = new StringContent(JsonConvert.SerializeObject(jwtRequest), Encoding.UTF8, "application/json");
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.RefreshToken);
var response = await _httpClient.PostAsync(token.RefreshUrl, content);
if (response.IsSuccessStatusCode)
{
var responseString = await response.Content.ReadAsStringAsync();
var responseModel = JsonConvert.DeserializeObject <SecureJwtModel>(responseString);
await _storageContainer.WriteFileAsync(_jwtFilePath, JsonConvert.SerializeObject(responseModel.TokenModel));
}
else if (response.StatusCode == HttpStatusCode.Unauthorized)
{
await _storageContainer.WriteFileAsync(_jwtFilePath, "");
throw new UnauthorizedAccessException();
}
else
{
await _storageContainer.WriteFileAsync(_jwtFilePath, "");
throw new Exception(response.ReasonPhrase);
}
}
public async Task <IActionResult> RefreshJwt(
[FromBody] SecureAuthenticationModel model,
[FromServices] ICryptoService cryptoService,
[FromServices] IUrlHelper urlHelper)
{
if (ModelState.IsValid)
{
var key = cryptoService.RetrieveMergedKey(model.Id);
var refreshToken = await cryptoService.DecryptTripleDESAsync(Convert.FromBase64String(model.Content), key);
if (refreshTokens.TryGetValue(refreshToken, out string username))
{
return(Json(new SecureJwtModel
{
OriginId = 0,
TokenModel = new TokenModel
{
Token = BuildJwt(new UserAuthenticationModel {
Username = username
}),
RefreshToken = refreshToken,
RefreshUrl = urlHelper.Action("RefreshJwt"),
Expires = DateTime.Now.AddMinutes(1)
}
}));
}
else
{
return(Unauthorized());
}
}
else
{
return(BadRequest(ModelState.ValidationState));
}
}
