/// <summary> /// Purges the Db for invalidated tokens. That is, TokenStore objects that /// have a false IsValid flag /// </summary> /// <param name="serviceProvider">NET core service locator</param> /// <param name="tokenService">Token related services</param> public static void RemoveInvalidatedTokens(IServiceProvider serviceProvider, JWTAuthTokenServices tokenService) { var dbContext = serviceProvider.GetService(typeof(ApplicationDbContext)) as ApplicationDbContext; dbContext.TokenStore.RemoveRange(dbContext.TokenStore .Where(t => !t.IsValid)); dbContext.SaveChanges(); }
public void ExtractJWTTokenFromHttpRequest_MissingToken() { //Arrange HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); //Act var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest); //Assert Assert.IsTrue(string.IsNullOrEmpty(extractedToken)); }
public void GetTokenExpirationDateTime_Test() { //Arrange ulong expectedExpTime = 1491701955; //Act var expTime = JWTAuthTokenServices.GetTokenExpirationDateTime(testToken); //Assert Assert.IsTrue(expTime == expectedExpTime); }
public async Task Logout() { var token = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(HttpContext.Request); if (string.IsNullOrEmpty(token)) { return; } await _authData.AddToken(token, false); }
public void ExtractJWTTokenFromHttpRequest_MissingBearer() { //Arrange HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); httpRequest.Headers.Add("Authorization", testToken); //Act var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest); //Assert Assert.IsTrue(string.IsNullOrEmpty(extractedToken)); }
public void ExtractTokenFromHttpRequest_ValidTokenHeaderTest() { //Arrange HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext()); httpRequest.Headers.Add("Authorization", string.Format("Bearer {0}", testToken)); //Act var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest); //Assert Assert.AreEqual(testToken, extractedToken); }
public async Task AddToken(string token, bool isValidToken) { var tokenStoreEntity = new TokenStore(); tokenStoreEntity.Token = token; tokenStoreEntity.IsValid = isValidToken; var tokenExpirationTime = JWTAuthTokenServices.GetTokenExpirationDateTime(token); if (tokenExpirationTime != 0) { tokenStoreEntity.ExpirationTime = tokenExpirationTime; } await AddToken(tokenStoreEntity); }
public async Task <IActionResult> Login([FromBody] NewUserViewModel userViewModel) { if (userViewModel == null) { return(BadRequest("Enter valid user credentials")); } var token = await JWTAuthTokenServices.GetJWTToken(userViewModel.Username, userViewModel.Password); if (string.IsNullOrEmpty(token)) { return(BadRequest("Invalid username or password")); } var responseObject = new { accessToken = token }; var redirectUrl = "api/heroes"; var successResponse = Utilities.CreateJsonSuccessReponse(responseObject, redirectUrl); return(successResponse); }
public async Task Invoke(HttpContext context) { var token = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(context.Request); var isTokenValid = false; //No token found. Continue pipeline and let other validation decide (controller, token gen, etc...) if (string.IsNullOrEmpty(token)) { isTokenValid = true; } TokenStore tokenStoreEntity; //TODO: create method to check cache and if not in cache go to db //not found in cache, check db tokenStoreEntity = await _authData.GetToken(token); //Console.WriteLine("token: {0} \nis valid: {1}", tokenStoreEntity?.Token, tokenStoreEntity?.IsValid); //if token is not in db or is valid and not expired- consider token not invalidated if (tokenStoreEntity == null || (tokenStoreEntity.IsValid && !JWTAuthTokenServices.IsTokenExpired(tokenStoreEntity.Token))) { isTokenValid = true; } if (!isTokenValid) { //token was found and is invalid context.Response.StatusCode = 401; await context.Response.WriteAsync("invalid token"); return; } await _next(context); }