public ActionResult <ResponseDto> RefreshToken([FromBody] TokenExchangeDto exchange) { if (!ModelState.IsValid) { // _accessor.HttpContext.Response.Headers.Add("Token-Expired", "none"); return(BadRequest(InvalidModelErrors)); } var handler = new JwtSecurityTokenHandler { MapInboundClaims = false }; var param = _jwtConfig.Params; // when supplied false, the data are extracted from expired token. param.ValidateLifetime = false; var principal = handler.ValidateToken(exchange.AccessToken, param, out _); if (principal is null) { _response.MessageBody = "Invalid token"; return(Unauthorized(_response)); } var remote = _accessor.HttpContext.Connection.RemoteIpAddress.MapToIPv4().ToString(); var username = principal.FindFirstValue(JwtRegisteredClaimNames.UniqueName); var user = _context.User .Include(u => u.RefreshTokens) .FirstOrDefault(u => u.Username == username); if (user is null || !user.HasValidRefreshToken(exchange.RefreshToken, remote)) { _response.MessageBody = "Invalid token"; return(Unauthorized(_response)); } var refreshToken = _tokenFactory.GenerateToken(); var tokenObj = GetJwt(PopulateClaims(user)); user.RemoveRefreshToken(exchange.RefreshToken); user.AddRefreshToken(refreshToken, user.Id, remote); _context.User.Update(user); _context.SaveChanges(); _response.ContentBody = new { jwt = tokenObj, refreshToken }; return(Ok(_response)); }
public ActionResult <ResponseDto> Logout([FromBody] TokenExchangeDto exchange) { if (!ModelState.IsValid) { return(BadRequest(InvalidModelErrors)); } var handler = new JwtSecurityTokenHandler { MapInboundClaims = false }; var param = _jwtConfig.Params; // when supplied false, the data are extracted from expired token. param.ValidateLifetime = false; var principal = handler.ValidateToken(exchange.AccessToken, param, out _); if (principal is null) { _response.MessageBody = "Invalid token"; return(Unauthorized(_response)); } var username = principal.FindFirstValue(JwtRegisteredClaimNames.UniqueName); var user = _context.User .Include(u => u.RefreshTokens) .FirstOrDefault(u => u.Username == username); var remote = _accessor.HttpContext.Connection.RemoteIpAddress.MapToIPv4().ToString(); if (user is null || !user.HasValidRefreshToken(exchange.RefreshToken, remote)) { _response.MessageBody = "Invalid token"; return(Unauthorized(_response)); } user.RemoveRefreshToken(exchange.RefreshToken); _context.User.Update(user); _context.SaveChanges(); if (exchange.IsLogoutAll != null && (bool)exchange.IsLogoutAll) { _response.ContentBody = new { success = true } } ; return(Ok(_response)); }