public async Task <IActionResult> RefreshToken([FromQuery] string refreshToken)
{
Token token = await _tokenService.GetByToken(refreshToken);
if (token == null)
{
return(NotFound("refresh token not found"));
}
// Check if token is valid in MongoDB
if (!token.ValidFlag)
{
return(Problem("invalidated token"));
}
if (token.UsedFlag)
{
await _tokenService.InvalidateUserTokens(token.UserId);
return(Problem("refresh token already used"));
}
// Check token validity (Expiration, issuer, audience, etc.)
if (!AuthenticationHelpers.IsTokenValid(refreshToken))
{
return(Problem("token failed validation"));
}
var decodedToken = AuthenticationHelpers.ReadToken(refreshToken);
await _tokenService.InvalidateToken(decodedToken.Claims.First(c => c.Type == "authTokenId").Value);
await _tokenService.UseToken(token.Id);
await _tokenService.AddUsage(token.Id, new TokenAction(DateTime.UtcNow, "Used refresh token to generate new pair."));
// Generate new token pair
var user = await _userService.Get(token.UserId);
string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get());
await _tokenService.Create(new Token(
null,
user.Id,
"auth",
authToken,
DateTime.UtcNow,
new List <TokenAction>(),
false,
true
));
var createdAuthToken = await _tokenService.GetByToken(authToken);
string newRefreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id);
await _tokenService.Create(new Token(
null,
user.Id,
"refresh",
newRefreshToken,
DateTime.UtcNow,
new List <TokenAction>(),
false,
true
));
return(Ok(
new Dictionary <string, string>
{
{ "authToken", authToken },
{ "refreshToken", newRefreshToken }
}
));
}
public async Task <IActionResult> Login([FromQuery] string username, [FromQuery] string password)
{
User user = await _userService.GetByUsername(username);
if (user == null)
{
return(NotFound("username does not exist"));
}
if (!AuthenticationHelpers.IsPasswordValid(password, user.Password))
{
return(Unauthorized("incorrect password"));
}
// Check if user has access to login
List <Role> userRoles = new List <Role>();
foreach (string roleId in user.Roles)
{
userRoles.Add(await _roleService.Get(roleId));
}
if (!AuthenticationHelpers.IsPermissionGranted(user, userRoles, Startup.StaticConfiguration.GetSection("PermissionIds")["login"]))
{
return(Unauthorized("not authorized for login"));
}
string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get());
await _tokenService.Create(new Token(
null,
user.Id,
"auth",
authToken,
DateTime.UtcNow,
new List <TokenAction>(),
false,
true
));
var createdAuthToken = await _tokenService.GetByToken(authToken);
string refreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id);
await _tokenService.Create(new Token(
null,
user.Id,
"refresh",
refreshToken,
DateTime.UtcNow,
new List <TokenAction>(),
false,
true
));
return(Ok(
new Dictionary <string, string>
{
{ "authToken", authToken },
{ "refreshToken", refreshToken }
}
));
}
