public async Task <IHttpActionResult> Login([FromBody] LoginRequestDto model) { if (!ModelState.IsValid) { return(Response(AppMessage.InvalidModel)); } var courier = await _authService.GetCourierByPhoneAsync(model.Username); // if (courier == null) { return(Response(AppMessage.InvalidLoginOrPassword)); } // if (string.IsNullOrEmpty(courier.PasswordHash) || string.IsNullOrEmpty(model.Password.Trim())) { throw new Exception("Courier password is empty"); } // var hasher = new PasswordHasher(); if (hasher.VerifyHashedPassword(courier.PasswordHash, model.Password.Trim()) != PasswordVerificationResult.Success) { return(Response(AppMessage.InvalidLoginOrPassword)); } var newRefreshToken = GenerateTokenByRandomNumber(); var refreshTokenDto = new RefreshTokenDto { IsActive = true, Token = newRefreshToken, Expires = DateTime.Now.AddDays(1), RemoteIp = GetRemoteIp() }; await _refreshTokenService.SetAsync(refreshTokenDto, courier.Id); var jwToken = await _jwTokenService.GetTokenAsync(courier.Id); var newJWToken = await _authService.GenerateJWTokenAsync(courier.Id); var memCacher = new CustomMemoryCacher(); if (jwToken != null) { if (memCacher.GetValue(jwToken) != null) { memCacher.Delete(jwToken); } } memCacher.Add(newJWToken, courier.Id, DateTimeOffset.UtcNow.AddHours(12)); await _jwTokenService.SetAsync(courier.Id, newJWToken); _logger.Information($"Courier {model.Username} logged in."); var response = new LoginResponseDto() { AccessToken = newJWToken, RefreshToken = newRefreshToken }; return(Ok(response)); }
public async Task <IHttpActionResult> RefreshToken([FromBody] string jwToken, string refreshToken) { var courierPrincipal = _authService.GetPrincipalFromToken(jwToken); var tokenActive = await _authService.IsTokenExistsAsync(jwToken); // invalid token/signing key was passed and we can't extract courier claims if (courierPrincipal == null || !tokenActive) { return(NotFound()); } var id = courierPrincipal.Claims.First(c => c.Type == "id").Value; var courierId = Convert.ToInt32(id); var courier = await _refreshTokenService.GetByCourierAuthDataByIdAsync(courierId); if (courier == null || courier.RefreshTokenIsActive != true || courier.RefreshTokenIp != GetRemoteIp() || courier.RefreshToken != refreshToken) { return(NotFound()); } await _refreshTokenService.ClearAsync(courierId); // RefreshToken var newRefreshToken = GenerateTokenByRandomNumber(); var refreshTokenDto = new RefreshTokenDto { IsActive = true, Token = newRefreshToken, Expires = DateTime.Now.AddDays(5), RemoteIp = GetRemoteIp() }; await _refreshTokenService.SetAsync(refreshTokenDto, courierId); // JWToken var newJWToken = await _authService.GenerateJWTokenAsync(courierId); await _jwTokenService.SetAsync(courierId, newJWToken); var memCacher = new CustomMemoryCacher(); if (memCacher.GetValue(jwToken) == null) { memCacher.Add(newJWToken, courier.Id, DateTimeOffset.UtcNow.AddHours(12)); } var response = new LoginResponseDto() { AccessToken = newJWToken, RefreshToken = newRefreshToken }; return(Ok(response)); }