public object Refresh(RefreshCredentials model)
{
RefreshTokenData _rtd = null;
var storedToken = _dc.GetString(model.RefreshToken);
if (!string.IsNullOrEmpty(storedToken) && !string.IsNullOrWhiteSpace(storedToken))
{
_rtd = JsonConvert.DeserializeObject <RefreshTokenData> (storedToken);
}
var isValid = false;
if (_rtd != null)
{
isValid = (model.UserId == _rtd.UserID && model.RefreshToken == _rtd.RefreshToken);
}
if (isValid)
{
_dc.Remove(model.RefreshToken);
return(New(model.UserId));
}
return(null);
}
private async Task <AuthResultDto> GenerateAuthResult(ApplicationUser user)
{
var roles = await _userManager.GetRolesAsync(user);
var claimsIdentity = _jwtBuilder.GenerateClaimsIdentity(user, roles);
var securityToken = _jwtBuilder.GenerateSecurityToken(claimsIdentity);
var newRefreshToken = new RefreshTokenData
{
RefreshToken = Guid.NewGuid().ToString(),
Jti = securityToken.Id,
CreationDate = DateTime.UtcNow,
ExpirationDate = DateTime.UtcNow.AddDays(1),
IsUsed = false,
IsInvalidated = false,
ApplicationUserId = user.Id
};
await _context.RefreshTokens.AddAsync(newRefreshToken);
await _context.SaveChangesAsync();
return(new AuthResultDto
{
Token = new JwtSecurityTokenHandler().WriteToken(securityToken),
RefreshToken = newRefreshToken.RefreshToken
});
}
private void ValidateRefreshTokenData(RefreshTokenData data)
{
if (data.RefreshToken == null)
{
throw new ArgumentNullException("The RefreshToken in RefreshTokenData can't be null.");
}
}
private static RefreshTokenData GetRefreshTokenData(OAuth2ClientCredentials credentials, IEveAccountancyManager eveAccountancyManager)
{
RefreshTokenData refreshTokenData = eveAccountancyManager.GetRefreshTokenData();
if (refreshTokenData == null || string.IsNullOrWhiteSpace(refreshTokenData.RefreshToken))
{
string authorizationUrl = eveAccountancyManager.GetGoogleAuthorizationUrl(credentials);
string accessCode = string.Empty;
while (string.IsNullOrWhiteSpace(accessCode))
{
Console.WriteLine("Please visit");
Console.WriteLine();
Console.WriteLine(authorizationUrl);
Console.WriteLine();
Console.Write("and enter your access code: ");
accessCode = Console.ReadLine();
}
string refreshToken = eveAccountancyManager.GetGoogleRefreshToken(credentials, accessCode);
refreshTokenData = new RefreshTokenData()
{
RefreshToken = refreshToken,
};
eveAccountancyManager.SaveRefreshTokenData(refreshTokenData);
}
return refreshTokenData;
}
public object SuccessObject(DateTime createDate, DateTime expirationDate, string token, AccessCredentials credentials, TimeSpan finalExpiration)
{
var resultado = new
{
autenticated = true,
created = createDate.ToString("yyyy-MM-dd HH:mm:ss"),
expiration = expirationDate.ToString("yyyy-MM-dd HH:mm:ss"),
accessToken = token,
refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty),
message = "OK"
};
// Armazena o refresh token em cache através do Redis
var refreshTokenData = new RefreshTokenData();
refreshTokenData.RefreshToken = resultado.refreshToken;
refreshTokenData.UserID = credentials.UserID;
DistributedCacheEntryOptions opcoesCache =
new DistributedCacheEntryOptions();
opcoesCache.SetAbsoluteExpiration(finalExpiration);
_cache.SetString(resultado.refreshToken,
JsonConvert.SerializeObject(refreshTokenData),
opcoesCache);
return(resultado);
}
public async Task <ApiResponseResult <RefreshTokenResponse> > RefreshTokenAsync(CancellationToken token)
{
RefreshTokenData data = new RefreshTokenData
{
ResponseType = "token",
RefreshToken = TokenStorage.RefreshToken,
GrantType = "refresh_token",
RedirectUri = "http://api.protonvpn.ch"
};
ValidateRefreshTokenData(data);
try
{
HttpRequestMessage request = GetAuthorizedRequest(HttpMethod.Post, "auth/refresh");
this.ValidateRequestHeaders(request);
request.Content = GetJsonContent(data);
using HttpResponseMessage response = await _client.SendAsync(request, token);
string body = await response.Content.ReadAsStringAsync();
return(ApiResponseResult <RefreshTokenResponse>(body, response.StatusCode));
}
catch (Exception e) when(e.IsApiCommunicationException())
{
throw new HttpRequestException(e.Message);
}
}
public object Post(
[FromBody] AccessCredentials credenciais,
[FromServices] UsersDAO usersDAO,
[FromServices] SigningConfigurations signingConfigurations,
[FromServices] TokenConfigurations tokenConfigurations,
[FromServices] IDistributedCache cache)
{
bool credenciaisValidas = false;
if (credenciais != null && !String.IsNullOrWhiteSpace(credenciais.UserID))
{
if (credenciais.GrantType == "password")
{
var usuarioBase = usersDAO.Find(credenciais.UserID);
credenciaisValidas = (usuarioBase != null &&
credenciais.UserID == usuarioBase.UserID &&
credenciais.AccessKey == usuarioBase.AccessKey);
}
else if (credenciais.GrantType == "refresh_token")
{
if (!String.IsNullOrWhiteSpace(credenciais.RefreshToken))
{
RefreshTokenData refreshTokenBase = null;
string strTokenArmazenado =
cache.GetString(credenciais.RefreshToken);
if (!String.IsNullOrWhiteSpace(strTokenArmazenado))
{
refreshTokenBase = JsonConvert
.DeserializeObject <RefreshTokenData>(strTokenArmazenado);
}
credenciaisValidas = (refreshTokenBase != null &&
credenciais.UserID == refreshTokenBase.UserID &&
credenciais.RefreshToken == refreshTokenBase.RefreshToken);
// Elimina o token de refresh já que um novo será gerado
if (credenciaisValidas)
{
cache.Remove(credenciais.RefreshToken);
}
}
}
}
if (credenciaisValidas)
{
return(GenerateToken(
credenciais.UserID, signingConfigurations,
tokenConfigurations, cache));
}
else
{
return(new
{
authenticated = false,
message = "Falha ao autenticar"
});
}
}
private object GenerateToken(string userID,
SigningConfigurations signingConfigurations,
TokenConfigurations tokenConfigurations,
IDistributedCache cache)
{
ClaimsIdentity identity = new ClaimsIdentity(
new GenericIdentity(userID, "Login"),
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, userID)
}
);
DateTime dataCriacao = DateTime.Now;
DateTime dataExpiracao = dataCriacao +
TimeSpan.FromSeconds(tokenConfigurations.Seconds);
// Calcula o tempo máximo de validade do refresh token
// (o mesmo será invalidado automaticamente pelo Redis)
TimeSpan finalExpiration =
TimeSpan.FromSeconds(tokenConfigurations.FinalExpiration);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = tokenConfigurations.Issuer,
Audience = tokenConfigurations.Audience,
SigningCredentials = signingConfigurations.SigningCredentials,
Subject = identity,
NotBefore = dataCriacao,
Expires = dataExpiracao
});
var token = handler.WriteToken(securityToken);
var resultado = new
{
authenticated = true,
created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"),
expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"),
accessToken = token,
refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty),
message = "OK"
};
// Armazena o refresh token em cache através do Redis
var refreshTokenData = new RefreshTokenData
{
RefreshToken = resultado.refreshToken,
UserID = userID
};
DistributedCacheEntryOptions opcoesCache = new DistributedCacheEntryOptions();
opcoesCache.SetAbsoluteExpiration(finalExpiration);
cache.SetString(resultado.refreshToken,
JsonConvert.SerializeObject(refreshTokenData),
opcoesCache);
return(resultado);
}
private ObjectToken GenerateToken(IUserAuthenticate user)
{
ClaimsIdentity identity = new ClaimsIdentity(
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim("AccessLogged", user.Access),
new Claim("UserProfileLogged", user.UserProfile.GetHashCode().ToString()),
new Claim("EnterpriseIdLogged", user.EnterpriseId.ToString())
}
);
DateTime dataCriacao = DateTime.Now;
DateTime dataExpiracao = dataCriacao +
TimeSpan.FromSeconds(_tokenConfigurations.Seconds);
// Calcula o tempo máximo de validade do refresh token
// (o mesmo será invalidado automaticamente pelo Redis)
TimeSpan finalExpiration =
TimeSpan.FromSeconds(_tokenConfigurations.FinalExpiration);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenConfigurations.Issuer,
Audience = _tokenConfigurations.Audience,
SigningCredentials = _signingConfigurations.SigningCredentials,
Subject = identity,
NotBefore = dataCriacao,
Expires = dataExpiracao
});
var token = handler.WriteToken(securityToken);
var resultado = new ObjectToken()
{
authenticated = true,
created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"),
expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"),
accessToken = token,
refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty),
message = "OK"
};
// Armazena o refresh token em cache através do Redis
var refreshTokenData = new RefreshTokenData();
refreshTokenData.RefreshToken = resultado.refreshToken;
refreshTokenData.Access = user.Access;
DistributedCacheEntryOptions opcoesCache =
new DistributedCacheEntryOptions();
opcoesCache.SetAbsoluteExpiration(finalExpiration);
opcoesCache.AbsoluteExpiration = DateTime.Now.Add(finalExpiration);
opcoesCache.SlidingExpiration = finalExpiration;
_cache.SetString(resultado.refreshToken,
JsonConvert.SerializeObject(refreshTokenData),
opcoesCache);
return(resultado);
}
public void RefreshTokenDataAccessor_SaveRefreshTokenData()
{
RefreshTokenDataAccessor refreshTokenDataAccessor = new RefreshTokenDataAccessor();
RefreshTokenData refreshTokenData = new RefreshTokenData();
refreshTokenDataAccessor.SaveRefreshTokenData(refreshTokenData, _filename);
Assert.IsTrue(File.Exists(_filename));
}
public void SaveRefreshTokenData(RefreshTokenData refreshTokenData, string filename)
{
using (TextWriter textWriter = new StreamWriter(filename, false))
{
XmlSerializer xmlSerializer = new XmlSerializer(typeof(RefreshTokenData));
xmlSerializer.Serialize(textWriter, refreshTokenData);
}
}
public async Task <bool> ValidateCredentialsAsync(AccessCredentials credentials)
{
var validCredentials = false;
if (credentials == null || IsNullOrWhiteSpace(credentials.UserId))
{
return(false);
}
switch (credentials.GrantType)
{
case "password":
{
var userIdentity = await _userManager.FindByNameAsync(credentials.UserId);
if (userIdentity != null)
{
var loginResult = _signInManager.CheckPasswordSignInAsync(userIdentity, credentials.Password, false).Result;
if (loginResult.Succeeded)
{
validCredentials = _userManager.IsInRoleAsync(userIdentity, Roles.RoleApiEdwardJenner).Result;
}
}
break;
}
case "refresh_token":
{
if (!IsNullOrWhiteSpace(credentials.RefreshToken))
{
RefreshTokenData refreshTokenBase = null;
var refreshTokenCache = await _cache.GetStringCache(credentials.RefreshToken);
if (!IsNullOrWhiteSpace(refreshTokenCache))
{
refreshTokenBase = JsonConvert
.DeserializeObject <RefreshTokenData>(refreshTokenCache);
}
validCredentials = (refreshTokenBase != null && credentials.UserId == refreshTokenBase.UserId && credentials.RefreshToken == refreshTokenBase.RefreshToken);
if (validCredentials)
{
await _cache.RemoveCache(credentials.RefreshToken);
}
}
break;
}
}
return(validCredentials);
}
public IActionResult Post([FromBody] AccessCredentials credenciais, [FromServices] SigningConfigurations signingConfigurations, [FromServices] TokenConfigurations tokenConfigurations, [FromServices] IDistributedCache cache)
{
bool credenciaisValidas = false;
if (credenciais != null && !String.IsNullOrWhiteSpace(credenciais.Usuario))
{
if (credenciais.GrantType == GrantType.Password)
{
// credenciaisValidas = (usuarioBase != null &&
// credenciais.UserID == usuarioBase.UserID &&
// credenciais.AccessKey == usuarioBase.AccessKey);
credenciaisValidas = true;
}
else if (credenciais.GrantType == GrantType.RefreshToken)
{
if (!String.IsNullOrWhiteSpace(credenciais.RefreshToken))
{
RefreshTokenData refreshTokenBase = null;
string strTokenArmazenado =
cache.GetString(credenciais.RefreshToken);
if (!String.IsNullOrWhiteSpace(strTokenArmazenado))
{
refreshTokenBase = JsonConvert
.DeserializeObject <RefreshTokenData>(strTokenArmazenado);
}
// credenciaisValidas = (refreshTokenBase != null &&
// credenciais.UserID == refreshTokenBase.UserID &&
// credenciais.RefreshToken == refreshTokenBase.RefreshToken);
credenciaisValidas = true;
// Elimina o token de refresh já que um novo será gerado
if (credenciaisValidas)
{
cache.Remove(credenciais.RefreshToken);
}
}
}
}
if (credenciaisValidas)
{
return(GenerateToken(
credenciais.Usuario, signingConfigurations,
tokenConfigurations, cache));
}
else
{
return(StatusCode(StatusCodes.Status401Unauthorized, new {
authenticated = false,
message = "Falha ao autenticar"
}));
}
}
private async Task <ApplicationUser> HandleRefreshToken(LoginModelRequest loginModel, ResultResponseObject <TokenResponse> resultResponseModel)
{
bool credenciaisValidas = false;
if (String.IsNullOrEmpty(loginModel.RefreshToken))
{
RefreshTokenData refreshTokenBase = null;
string strTokenArmazenado = _cache.GetString(loginModel.RefreshToken);
if (!String.IsNullOrWhiteSpace(strTokenArmazenado))
{
refreshTokenBase = JsonConvert
.DeserializeObject <RefreshTokenData>(strTokenArmazenado);
}
credenciaisValidas = (refreshTokenBase != null &&
loginModel.RefreshToken == refreshTokenBase.RefreshToken);
// Elimina o token de refresh já que um novo será gerado
if (credenciaisValidas)
{
_cache.Remove(loginModel.RefreshToken);
}
}
JwtSecurityToken token = null;
if (!string.IsNullOrWhiteSpace(loginModel.RefreshToken))
{
token = new JwtSecurityTokenHandler().ReadJwtToken(loginModel.RefreshToken);
}
if (token == null)
{
resultResponseModel.AddError("Refresh Token", "Não foi possível ler o refresh token");
}
else if (token.ValidTo < DateTime.Now)
{
resultResponseModel.AddError("Refresh Token", "Refresh token inválido");
}
else
{
string userId = token.Claims.First(claim => claim.Type == JwtRegisteredClaimNames.UniqueName).Value;
ApplicationUser user = await _userManager.FindByIdAsync(userId);
return(user);
}
return(null);
}
public void RefreshTokenDataAccessor_GetRefreshTokenData()
{
RefreshTokenDataAccessor refreshTokenDataAccessor = new RefreshTokenDataAccessor();
string refreshToken = "RefreshTokenDataAccessor_GetRefreshTokenData";
RefreshTokenData refreshTokenData = new RefreshTokenData()
{
RefreshToken = refreshToken,
};
refreshTokenDataAccessor.SaveRefreshTokenData(refreshTokenData, _filename);
RefreshTokenData actual = refreshTokenDataAccessor.GetRefreshTokenData(_filename);
Assert.IsNotNull(actual);
Assert.AreEqual(refreshToken, actual.RefreshToken);
}
public ObjectToken Authenticate(IUserAuthenticateDto userDto, IUserServiceAuthenticate userService)
{
bool credenciaisValidas = false;
if (userDto != null)
{
if (userDto.TypeLogin == TypeLogin.Login)
{
var usuarioBase = userService.GetForLogin(userDto);
credenciaisValidas = (usuarioBase != null);
}
else if (userDto.TypeLogin == TypeLogin.RefreshToken && !String.IsNullOrWhiteSpace(userDto.RefreshToken))
{
RefreshTokenData refreshTokenBase = null;
string strTokenArmazenado =
_cache.GetString(userDto.RefreshToken);
if (!String.IsNullOrWhiteSpace(strTokenArmazenado))
{
refreshTokenBase = JsonConvert
.DeserializeObject <RefreshTokenData>(strTokenArmazenado);
}
credenciaisValidas = (refreshTokenBase != null &&
userDto.Access == refreshTokenBase.Access &&
userDto.RefreshToken == refreshTokenBase.RefreshToken);
// Elimina o token de refresh já que um novo será gerado
if (credenciaisValidas)
{
_cache.Remove(userDto.RefreshToken);
}
}
}
if (credenciaisValidas)
{
return(GenerateToken(userService.GetByAcess(userDto.Access)));
}
else
{
return(new ObjectToken()
{
authenticated = false,
message = "Falha ao autenticar"
});
}
}
public Token GenerateToken(AccessCredentials credentials)
{
var identity = new ClaimsIdentity(
new GenericIdentity(credentials.UserId, "Login"),
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, credentials.UserId)
}
);
var creationTime = DateTime.Now;
var expirationTime = creationTime + TimeSpan.FromSeconds(_tokenConfigurations.Seconds);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenConfigurations.Issuer,
Audience = _tokenConfigurations.Audience,
SigningCredentials = _signingConfigurations.SigningCredentials,
Subject = identity,
NotBefore = creationTime,
Expires = expirationTime
});
var token = handler.WriteToken(securityToken);
var generateToken = new Token()
{
Authenticated = true,
Created = creationTime.ToString("yyyy-MM-dd HH:mm:ss"),
Expiration = expirationTime.ToString("yyyy-MM-dd HH:mm:ss"),
AccessToken = token,
RefreshToken = Guid.NewGuid().ToString().Replace("-", Empty),
Message = "OK"
};
var refreshTokenData = new RefreshTokenData
{
RefreshToken = generateToken.RefreshToken,
UserId = credentials.UserId
};
var finalExpiration = TimeSpan.FromSeconds(_tokenConfigurations.FinalExpiration);
_cache.SetStringCache(generateToken.RefreshToken, JsonConvert.SerializeObject(refreshTokenData), finalExpiration);
return(generateToken);
}
public object New(string userId)
{
var claims = new List <Claim> {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, userId)
};
var creationDate = DateTime.Now;
var expirationDate = creationDate + TimeSpan.FromMinutes(_tc.Minutes);
var finalExpiration = TimeSpan.FromHours(_tc.FinalExpiration);
var securityToken = new JwtSecurityToken(
_tc.Issuer,
_tc.Audience,
claims,
creationDate,
expirationDate,
_sc.SigningCredentials
);
var token = new JwtSecurityTokenHandler().WriteToken(securityToken);
var result = new {
userId = userId,
created = creationDate.ToString("yyyy-MM-dd HH:mm:ss"),
expiration = expirationDate.ToString("yyyy-MM-dd HH:mm:ss"),
accessToken = token,
refreshToken = NewRefreshToken()
};
var refreshTokenData = new RefreshTokenData();
refreshTokenData.RefreshToken = result.refreshToken;
refreshTokenData.UserID = userId;
var cacheOptions = new DistributedCacheEntryOptions();
cacheOptions.SetAbsoluteExpiration(finalExpiration);
_dc.SetString(result.refreshToken,
JsonConvert.SerializeObject(refreshTokenData),
cacheOptions
);
return(result);
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshTokenData refreshTokenData)
{
if (refreshTokenData == null || string.IsNullOrEmpty(refreshTokenData.RefreshToken))
{
return(BadRequest(ResponseMessage.ProblemWithRefreshToken("Refresh token is empty")));
}
var refreshToken = Base64Converter.Base64Decode(refreshTokenData.RefreshToken);
var dataForRefresh = refreshToken.Split("-");
if (!dataForRefresh.Any())
{
return(BadRequest(ResponseMessage.ProblemWithRefreshToken("Token is in bad format")));
}
var user = await _userService.GetUserByEmail(dataForRefresh[1]);
var club = (await _applicationUserClubRepository.FindByCriteria(i => i.ApplicationUserId == user.Id)).FirstOrDefault();
return(Ok(await GenerateTokens(user, club)));
}
public async Task <ApiResponseResult <RefreshTokenResponse> > RefreshTokenAsync(CancellationToken token)
{
var data = new RefreshTokenData
{
RefreshToken = TokenStorage.RefreshToken,
GrantType = "refresh_token"
};
try
{
var request = GetAuthorizedRequest(HttpMethod.Post, "auth/refresh");
request.Content = GetJsonContent(data);
using var response = await _client.SendAsync(request, token);
var body = await response.Content.ReadAsStringAsync();
return(ApiResponseResult <RefreshTokenResponse>(body, response.StatusCode));
}
catch (Exception e) when(e.IsApiCommunicationException())
{
throw new HttpRequestException(e.Message);
}
}
private RefreshTokenData GenerateRefreshToken(string userId)
{
string token;
var randomNumber = new byte[32];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(randomNumber);
token = Convert.ToBase64String(randomNumber);
}
var refreshToken = new RefreshTokenData
{
UsuarioId = userId,
ExpirationDate = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesRefreshTokenValid),
RefreshToken = token.Replace("+", string.Empty)
.Replace("=", string.Empty)
.Replace("/", string.Empty)
};
_refreshTokenRepository.Add(refreshToken);
return(refreshToken);
}
public void SaveRefreshTokenData(RefreshTokenData refreshTokenData)
{
Logger.Write(string.Format("EveAccountancyManager: Saving RefreshTokenData with refresh token {0} to {1}", refreshTokenData.RefreshToken, Common.kRefreshTokenDataFilename));
IUnityContainer unityContainer = UnityContainerFactory.GetUnityContainer();
IRefreshTokenDataAccessor refreshTokenDataAccessor = unityContainer.Resolve<IRefreshTokenDataAccessor>();
refreshTokenDataAccessor.SaveRefreshTokenData(refreshTokenData, Common.kRefreshTokenDataFilename);
}
//[Authorize("Bearer")]
public ActionResult RefreshToken([FromBody] RefreshTokenData refresh)
{
var re = Request;
var headers = re.Headers;
string original = null;
if (headers.ContainsKey("Authorization"))
{
original = headers["Authorization"].ToString().Replace("Bearer ", "");
}
if (string.IsNullOrEmpty(original))
{
return(Unauthorized()); // new { authenticated = false });
}
if (refresh.grant_type != "refresh_token")
{
return(Unauthorized());//new { authenticated = false };
}
var handler = new JwtSecurityTokenHandler();
var validationParametersRefresh = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = _tokenOptions.Issuer,
ValidateAudience = true,
ValidAudience = _tokenOptions.Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = _tokenOptions.Key,
ValidateLifetime = true
};
var validationParametersOriginal = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = _tokenOptions.Issuer,
ValidateAudience = true,
ValidAudience = _tokenOptions.Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = _tokenOptions.Key,
ValidateLifetime = false
};
ClaimsPrincipal principalOriginal = null;
try
{
principalOriginal = handler.ValidateToken(original, validationParametersOriginal, out var tokiOriginal);
handler.ValidateToken(original, validationParametersRefresh, out _);
}
catch
{
return(Unauthorized()); // new {authenticated = false};
}
var ime = principalOriginal.Claims.First(c => c.Type == "Ime");
var prezime = principalOriginal.Claims.First(c => c.Type == "Prezime");
var username = principalOriginal.Claims.First(c => c.Type == ClaimTypes.Name);
var email = principalOriginal.Claims.First(c => c.Type == ClaimTypes.Email);
var userid = principalOriginal.Claims.First(c => c.Type == ClaimTypes.NameIdentifier);
var subj = new ClaimsIdentity();
var user = _userManager.KorisnikPostoji(username.Value);
if (user == null)
{
return(Unauthorized()); //new { authenticated = false };
}
//var roles = user.Claims.Where(c => c.ClaimType == ClaimTypes.Role).ToList();
var roles = user.Uloge;
subj.AddClaim(new Claim("Ime", ime.Value));
subj.AddClaim(new Claim("Prezime", prezime.Value));
subj.AddClaim(new Claim(ClaimTypes.Email, email.Value));
subj.AddClaim(new Claim(ClaimTypes.Name, username.Value));
subj.AddClaim(new Claim(JwtRegisteredClaimNames.UniqueName, username.Value));
subj.AddClaim(new Claim(ClaimTypes.NameIdentifier, userid.Value));
subj.AddClaim(new Claim("Jezik", user.Lang));
subj.AddClaims(roles.Select(r => new Claim(ClaimTypes.Role, r)));
//var expires = DateTime.UtcNow.AddHours(_satiT);
var expires = DateTime.UtcNow.AddMinutes(_minT);
var accessToken = GetToken(username.Value, expires, subj);
//expires = DateTime.UtcNow.AddHours(_satiRT);
expires = DateTime.UtcNow.AddMinutes(_minRT);
var refreshToken = GetRefreshToken(username.Value, expires);
var query = _session.CreateSQLQuery("exec LogKorisnika :username, :akcija");
query.SetParameter("username", username.Value, NHibernateUtil.String);
query.SetParameter("akcija", "Refresh", NHibernateUtil.String);
query.ExecuteUpdate();
return(Ok(new { authenticated = true, userId = userid.Value, access_token = accessToken, refresh_token = refreshToken }));
}
private object GenerateToken(string userID,
SigningConfigurations signingConfigurations,
TokenConfigurations tokenConfigurations, IEnumerable <Role> roles, UsersDAO usersDAO)
{
ClaimsIdentity identity = new ClaimsIdentity(
new GenericIdentity(userID, "Login"),
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, userID)
}
);
if (roles != null)
{
foreach (var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role.Name));
}
}
DateTime dataCriacao = DateTime.Now;
DateTime dataExpiracao = dataCriacao +
TimeSpan.FromSeconds(tokenConfigurations.Seconds);
// Calcula o tempo máximo de validade do refresh token
// (o mesmo será invalidado automaticamente pelo Redis)
TimeSpan finalExpiration =
TimeSpan.FromSeconds(tokenConfigurations.FinalExpiration);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = tokenConfigurations.Issuer,
Audience = tokenConfigurations.Audience,
SigningCredentials = signingConfigurations.SigningCredentials,
Subject = identity,
NotBefore = dataCriacao,
Expires = dataExpiracao
});
var token = handler.WriteToken(securityToken);
var resultado = new
{
authenticated = true,
created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"),
expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"),
accessToken = token,
refreshToken = Guid.NewGuid().ToString().Replace("-", String.Empty),
message = "OK"
};
// Armazena o refresh token em cache através do Redis
var refreshTokenData = new RefreshTokenData();
refreshTokenData.RefreshToken = resultado.refreshToken;
refreshTokenData.UserID = userID;
//salvar no banco o novo refresh token
usersDAO.UpdateRefreshToken(userID, resultado.refreshToken);
return(resultado);
}
public void SaveRefreshTokenData(RefreshTokenData refreshTokenData, string filename)
{
}
public RefreshTokenModel(string refreshToken, RefreshTokenData data)
{
RefreshToken = refreshToken;
Data = data;
}
