public TokenControllerTests()
        {
            Thread.CurrentPrincipal = new TestPrincipalWrapper(new Claim(ClaimTypes.Email, _properEmail));

            _externalLoginInfoInstance  = new ExternalLoginInfo((ClaimsPrincipal)Thread.CurrentPrincipal, "Facebook", "providers_key", "some_display_name");
            _returnedResponseTokenModel = new TokenResponseViewModel()
            {
                DisplayName  = "foo1",
                Email        = "foo2",
                RefreshToken = "foo3",
                Role         = "foo4",
                Token        = "foo5",
                User         = "******"
            };
            _properRevokeTokenModel = new RevokeTokenRequestViewModel()
            {
                UserName     = _properName,
                Token        = _properToken,
                RefreshToken = _properToken
            };
            _properRefreshTokenModel = new RefreshTokenRequestViewModel()
            {
                Email        = _properEmail,
                RefreshToken = _properToken
            };
            _properTokenRequestModel = new TokenRequestViewModel()
            {
                Email    = _properEmail,
                Password = _properPassword,
            };
            _properUser = new AppUser()
            {
                Email = _properEmail
            };
            DefaultHttpContext httpContext = new DefaultHttpContext();
            TempDataDictionary tempData    = new TempDataDictionary(httpContext, Mock.Of <ITempDataProvider>())
            {
                { "requestIp", "127.0.0.1" }
            };

            _tokenServiceMock = new Mock <ITokenService>();
            _userServiceMock  = new Mock <IUserService>();

            _userServiceMock.Setup(mock => mock.GetIpAddress(It.IsAny <DefaultHttpContext>())).Returns("127.0.0.1");
            _userServiceMock.Setup(mock => mock.FindUserByEmail(_properEmail)).ReturnsAsync(_properUser);
            _userServiceMock.Setup(mock => mock.FindUserByEmail(_wrongEmail)).ReturnsAsync((AppUser)null);
            _userServiceMock.Setup(mock => mock.VerifyUsersPassword(It.IsAny <AppUser>(), It.IsAny <string>())).ReturnsAsync(true);
            _userServiceMock.Setup(mock => mock.GetUserRoleAsync(It.IsAny <AppUser>())).ReturnsAsync("User");
            _userServiceMock.Setup(mock => mock.GetExternalLogin()).ReturnsAsync(_externalLoginInfoInstance);
            _userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true);
            _tokenServiceMock.Setup(mock => mock.GenerateTokenResponse(It.IsAny <AppUser>(), It.IsAny <string>(), It.IsAny <string>())).Returns(_returnedResponseTokenModel);
            _tokenServiceMock.Setup(mock => mock.VerifyRefreshToken(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>())).Returns(true);
            _tokenServiceMock.Setup(mock => mock.RevokeTokens(_properRevokeTokenModel)).Returns(true);

            _controller = new TokenController(_tokenServiceMock.Object, _userServiceMock.Object)
            {
                TempData = tempData
            };
        }
Esempio n. 2
0
        public IActionResult RevokeToken([FromBody] RevokeTokenRequestViewModel model)
        {
            if (!_tokenService.RevokeTokens(model))
            {
                return(new ObjectResult("There was a problem logging the user out correctly.")
                {
                    StatusCode = 500
                });
            }

            return(Ok());
        }
        public bool RevokeTokens(RevokeTokenRequestViewModel model)
        {
            try
            {
                _tokenRepo.DeleteRefreshToken(model.UserName);
                CleanUpBlacklistedTokens();
                _tokenRepo.AddBlacklistedToken(model.Token);

                return(true);
            }
            catch
            {
                return(false);
            }
        }
        public IActionResult RevokeToken(RevokeTokenRequestViewModel model)
        {
            // accept token from request body or cookie
            var token = model.Token ?? Request.Cookies["refreshToken"];

            if (string.IsNullOrEmpty(token))
            {
                return(BadRequest(new { message = "Token is required" }));
            }

            // users can revoke their own tokens and admins can revoke any tokens
            if (!Account.OwnsToken(token) && Account.Role != Role.Admin)
            {
                return(Unauthorized(new { message = "Unauthorized" }));
            }

            _accountService.RevokeToken(token, ipAddress());
            return(Ok(new { message = "Token revoked" }));
        }