public async Task <IActionResult> LogoutAsync([FromBody] TokenAdmin tokenAdmin) { try { var accessToken = tokenAdmin.AccessToken; var refreshToken = tokenAdmin.RefreshToken; if (accessToken == null || refreshToken == null) { return(BadRequest("Invalid token")); } var principal = _tokenManager.GetPrincipal(accessToken, false); var uid = principal.Claims.SingleOrDefault(c => c.Type == "uid")?.Value; var dbUser = _userRepository.GetUserById(uid); var savedRefreshToken = dbUser.WebSessions.FirstOrDefault(x => x.RefreshToken == refreshToken); dbUser.WebSessions.Remove(savedRefreshToken); await _userRepository.UpdateUserAsync(dbUser); } catch (Exception e) { _logger.LogError($"Exception thrown while Logging out: {e.Message}"); return(BadRequest(e.Message)); } return(Ok()); }
public async Task <IActionResult> TokenRefresh([FromBody] TokenAdmin tokenAdmin) { try { var accessToken = tokenAdmin.AccessToken; var refreshToken = tokenAdmin.RefreshToken; if (accessToken == null || refreshToken == null) { return(BadRequest("Invalid token")); } var principal = _tokenManager.GetPrincipal(accessToken, false); var username = principal.Claims.SingleOrDefault(c => c.Type == "user")?.Value; var uid = principal.Claims.SingleOrDefault(c => c.Type == "uid")?.Value; var dbUser = _userRepository.GetUserById(uid); var savedRefreshToken = dbUser.WebSessions.FirstOrDefault(x => x.RefreshToken == refreshToken); if (savedRefreshToken != null && (savedRefreshToken.RefreshToken != refreshToken || !savedRefreshToken.IsActive || DateTime.Compare(savedRefreshToken.ExpirationDateTime, DateTime.UtcNow) < 0)) { throw new SecurityTokenException("Invalid refresh token"); } var newAccessToken = _tokenManager.GenerateToken(username, dbUser.Id); var newRefreshToken = _tokenManager.GenerateRefreshToken(); dbUser.WebSessions.Remove(savedRefreshToken); var session = new UserWebSession { ExpirationDateTime = DateTime.UtcNow.AddDays(_configuration.GetValue <int>("RefreshTokenSpan")), RefreshToken = refreshToken, IsActive = true }; dbUser.WebSessions.Add(session); await _userRepository.UpdateUserAsync(dbUser); return(new ObjectResult(new { token = newAccessToken, refreshToken = newRefreshToken })); } catch (Exception e) { _logger.LogError($"Exception thrown while refreshing token: {e.Message}"); return(BadRequest(e.Message)); } }