public string CreateNewToken(User user, EAccessTokenPurpose purpose)
{
if (user != null)
{
try
{
var token = Randomizor.GenerateRandomAlphanumeric(TOKEN_RAND_LENGTH);
string tokenString = StringCipher.Encrypt(token, CIPHER_KEYPHRASE);
var encodedToken = System.Text.Encoding.Unicode.GetBytes(tokenString);
var tokenUrlEncoded = System.Web.HttpServerUtility.UrlTokenEncode(encodedToken);
var purposeName = Enum.GetName(typeof(EAccessTokenPurpose), purpose);
//delete all previously request of the same purpose
var tokens = _uow.Repository <AccessToken>().GetAsQueryable(x => x.UserId == user.UserId && x.Purpose == purposeName);
_uow.Repository <AccessToken>().DeleteAll(tokens);
var newToken = new AccessToken
{
TokenId = Guid.NewGuid(),
UserId = user.UserId,
TokenKey = token,
CreatedTimestamp = DateTime.UtcNow,
Purpose = purposeName,
StatusId = (int)EStatus.Active,
ExpiredTimestamp = DateTime.UtcNow.AddDays(1)
};
_uow.Repository <AccessToken>().Insert(newToken);
SaveChanges();
return(tokenUrlEncoded);
}
catch (Exception ex)
{
Log.Error(ex.Message, ex);
}
}
throw new NullReferenceException("User cannot be null on creating a new token.");
}
//token string passed in has userid combined, please seperate and validate token only.
public AccessToken IsValidToken(string tokenString, EAccessTokenPurpose purpose)
{
try
{
var tokenPurpose = Enum.GetName(typeof(EAccessTokenPurpose), purpose);
var tokenUrlDecoded = System.Web.HttpServerUtility.UrlTokenDecode(tokenString);
var decodedToken = System.Text.Encoding.Unicode.GetString(tokenUrlDecoded);
var decryptedTokenString = StringCipher.Decrypt(decodedToken, CIPHER_KEYPHRASE);
var tokenRecord = _uow.Repository <AccessToken>().GetAsQueryable(x => x.TokenKey == decryptedTokenString).FirstOrDefault();
if (tokenRecord != null)
{
return(tokenRecord);
}
}
catch (Exception ex)
{
}
return(null);
}
