public async Task <IHttpActionResult> Login([FromBody] LoginRequestDto model)
{
if (!ModelState.IsValid)
{
return(Response(AppMessage.InvalidModel));
}
var courier = await _authService.GetCourierByPhoneAsync(model.Username);
//
if (courier == null)
{
return(Response(AppMessage.InvalidLoginOrPassword));
}
//
if (string.IsNullOrEmpty(courier.PasswordHash) || string.IsNullOrEmpty(model.Password.Trim()))
{
throw new Exception("Courier password is empty");
}
//
var hasher = new PasswordHasher();
if (hasher.VerifyHashedPassword(courier.PasswordHash, model.Password.Trim()) != PasswordVerificationResult.Success)
{
return(Response(AppMessage.InvalidLoginOrPassword));
}
var newRefreshToken = GenerateTokenByRandomNumber();
var refreshTokenDto = new RefreshTokenDto
{
IsActive = true,
Token = newRefreshToken,
Expires = DateTime.Now.AddDays(1),
RemoteIp = GetRemoteIp()
};
await _refreshTokenService.SetAsync(refreshTokenDto, courier.Id);
var jwToken = await _jwTokenService.GetTokenAsync(courier.Id);
var newJWToken = await _authService.GenerateJWTokenAsync(courier.Id);
var memCacher = new CustomMemoryCacher();
if (jwToken != null)
{
if (memCacher.GetValue(jwToken) != null)
{
memCacher.Delete(jwToken);
}
}
memCacher.Add(newJWToken, courier.Id, DateTimeOffset.UtcNow.AddHours(12));
await _jwTokenService.SetAsync(courier.Id, newJWToken);
_logger.Information($"Courier {model.Username} logged in.");
var response = new LoginResponseDto()
{
AccessToken = newJWToken,
RefreshToken = newRefreshToken
};
return(Ok(response));
}
public async Task <IHttpActionResult> RefreshToken([FromBody] string jwToken, string refreshToken)
{
var courierPrincipal = _authService.GetPrincipalFromToken(jwToken);
var tokenActive = await _authService.IsTokenExistsAsync(jwToken);
// invalid token/signing key was passed and we can't extract courier claims
if (courierPrincipal == null || !tokenActive)
{
return(NotFound());
}
var id = courierPrincipal.Claims.First(c => c.Type == "id").Value;
var courierId = Convert.ToInt32(id);
var courier = await _refreshTokenService.GetByCourierAuthDataByIdAsync(courierId);
if (courier == null ||
courier.RefreshTokenIsActive != true ||
courier.RefreshTokenIp != GetRemoteIp() ||
courier.RefreshToken != refreshToken)
{
return(NotFound());
}
await _refreshTokenService.ClearAsync(courierId);
// RefreshToken
var newRefreshToken = GenerateTokenByRandomNumber();
var refreshTokenDto = new RefreshTokenDto
{
IsActive = true,
Token = newRefreshToken,
Expires = DateTime.Now.AddDays(5),
RemoteIp = GetRemoteIp()
};
await _refreshTokenService.SetAsync(refreshTokenDto, courierId);
// JWToken
var newJWToken = await _authService.GenerateJWTokenAsync(courierId);
await _jwTokenService.SetAsync(courierId, newJWToken);
var memCacher = new CustomMemoryCacher();
if (memCacher.GetValue(jwToken) == null)
{
memCacher.Add(newJWToken, courier.Id, DateTimeOffset.UtcNow.AddHours(12));
}
var response = new LoginResponseDto()
{
AccessToken = newJWToken,
RefreshToken = newRefreshToken
};
return(Ok(response));
}
