public async Task <IActionResult> Refresh(string token, string refreshToken)
{
var principal = _tokenService.GetPrincipalFromExpiredToken(token);
var username = principal.Identity.Name; //this is mapped to the Name claim by default
var user = _usersDb.Users.SingleOrDefault(u => u.Username == username);
if (user == null || user.RefreshToken != refreshToken)
{
return(BadRequest());
}
var newJwtToken = _tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
user.AccessToken = newJwtToken;
await _usersDb.SaveChangesAsync();
return(new ObjectResult(new
{
token = newJwtToken,
refreshToken = newRefreshToken
}));
}
public async Task <IActionResult> Revoke()
{
var username = User.Identity.Name;
var user = _usersDb.Users.SingleOrDefault(u => u.Username == username);
if (user == null)
{
return(BadRequest());
}
user.RefreshToken = null;
await _usersDb.SaveChangesAsync();
return(NoContent());
}
public async void AddUser(UserModel user)
{
//save user object to db
using (var usersDb = new UsersDb())
{
usersDb.Users.Add(user);
await usersDb.SaveChangesAsync();
}
}
public async Task <IActionResult> Signup([FromBody] LoginRequest loginRequest)
{
var user = _usersDb.Users.SingleOrDefault(u => u.Username == loginRequest.Username);
if (user != null)
{
return(StatusCode(409));
}
_usersDb.Users.Add(new User
{
Username = loginRequest.Username,
Password = _passwordHasher.GenerateIdentityV3Hash(loginRequest.Password)
});
await _usersDb.SaveChangesAsync();
return(Ok(user));
}
public async Task <IActionResult> Signup(string username, string password)
{
var user = _usersDb.Users.SingleOrDefault(u => u.Username == username);
if (user != null)
{
return(StatusCode(StatusCodes.Status409Conflict));
}
_usersDb.Users.Add(new User
{
Username = username,
Password = _passwordHasher.GenerateIdentityV3Hash(password)
});
await _usersDb.SaveChangesAsync();
return(Ok(user));
}
public async void UpdateUser(UserModel user)
{
//Find old user data, and update it with the incoming data model, then save changes to db
using (var usersDb = new UsersDb())
{
var oldDbUserData = await usersDb.Users.FirstOrDefaultAsync(c => c.username == user.username);
oldDbUserData.correctAnswers += user.correctAnswers;
oldDbUserData.incorrectAnswers += user.incorrectAnswers;
await usersDb.SaveChangesAsync();
}
}
public async Task <ActionResult <UserTokens> > Refresh([FromBody] UserTokens tokens)
{
var principal = _tokenService.GetPrincipalFromExpiredToken(tokens.token);
if (principal == null)
{
return(Unauthorized());
}
var username = principal.Identity.Name;
string newJwtToken;
string newRefreshToken;
var user = _usersDb.Users.SingleOrDefault(u => u.Username == username);
if (user != null && user.RefreshToken == tokens.refreshToken)
{
newJwtToken = _tokenService.GenerateAccessToken(principal.Claims);
newRefreshToken = _tokenService.GenerateRefreshToken(principal.Claims);
user.RefreshToken = newRefreshToken;
await _usersDb.SaveChangesAsync();
}
else
{
var app = _appsDb.Users.SingleOrDefault(u => u.client_id == username);
if (app != null && app.refreshToken == tokens.refreshToken)
{
newJwtToken = _tokenService.GenerateAccessToken(principal.Claims);
newRefreshToken = _tokenService.GenerateRefreshToken(principal.Claims);
app.refreshToken = newRefreshToken;
await _appsDb.SaveChangesAsync();
}
else
{
return(Unauthorized());
}
}
return(new UserTokens
{
token = newJwtToken,
refreshToken = newRefreshToken
});
}