Esempio n. 1
0
        public async Task <bool> CheckAccess(string token, string permissionKey)
        {
            var    decodedToken = AuthenticationHelpers.ReadToken(token);
            string userId       = decodedToken.Claims.First(c => c.Type == "userId").Value;

            User user = await _users.Find <User>(user => user.Id == userId).FirstOrDefaultAsync();

            if (user == null)
            {
                return(false);
            }

            List <Role> userRoles = new List <Role>();

            foreach (string roleId in user.Roles)
            {
                userRoles.Add(await _roles.Find(role => role.Id == roleId).FirstOrDefaultAsync());
            }

            string permissionId = Startup.StaticConfiguration.GetSection("PermissionIds")[permissionKey];

            return(AuthenticationHelpers.IsPermissionGranted(user, userRoles, permissionId));
        }
Esempio n. 2
0
        public async Task <IActionResult> RefreshToken([FromQuery] string refreshToken)
        {
            Token token = await _tokenService.GetByToken(refreshToken);

            if (token == null)
            {
                return(NotFound("refresh token not found"));
            }

            // Check if token is valid in MongoDB
            if (!token.ValidFlag)
            {
                return(Problem("invalidated token"));
            }

            if (token.UsedFlag)
            {
                await _tokenService.InvalidateUserTokens(token.UserId);

                return(Problem("refresh token already used"));
            }

            // Check token validity (Expiration, issuer, audience, etc.)
            if (!AuthenticationHelpers.IsTokenValid(refreshToken))
            {
                return(Problem("token failed validation"));
            }

            var decodedToken = AuthenticationHelpers.ReadToken(refreshToken);

            await _tokenService.InvalidateToken(decodedToken.Claims.First(c => c.Type == "authTokenId").Value);

            await _tokenService.UseToken(token.Id);

            await _tokenService.AddUsage(token.Id, new TokenAction(DateTime.UtcNow, "Used refresh token to generate new pair."));

            // Generate new token pair
            var user = await _userService.Get(token.UserId);

            string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get());

            await _tokenService.Create(new Token(
                                           null,
                                           user.Id,
                                           "auth",
                                           authToken,
                                           DateTime.UtcNow,
                                           new List <TokenAction>(),
                                           false,
                                           true
                                           ));

            var createdAuthToken = await _tokenService.GetByToken(authToken);

            string newRefreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id);

            await _tokenService.Create(new Token(
                                           null,
                                           user.Id,
                                           "refresh",
                                           newRefreshToken,
                                           DateTime.UtcNow,
                                           new List <TokenAction>(),
                                           false,
                                           true
                                           ));

            return(Ok(
                       new Dictionary <string, string>
            {
                { "authToken", authToken },
                { "refreshToken", newRefreshToken }
            }
                       ));
        }