public async Task <IActionResult> Token([FromBody] TokenRequestDTO model) { _logger.LogDebug("Token invoked"); var storedRefreshToken = await _refreshTokenService.GetToken(model.RefreshToken); if (storedRefreshToken == null || storedRefreshToken.ValidFor < DateTime.Now) { _logger.LogDebug("Token failed"); return(Unauthorized("Invalid refresh token, please login again.")); } var(token, validFor) = _jwtHandler.CreateRefreshToken(); storedRefreshToken.ValidFor = validFor; storedRefreshToken.Token = token; var updatedRefreshToken = await _refreshTokenService.Update(storedRefreshToken); var tokens = CreateTokensResponse(updatedRefreshToken.User.UserName, updatedRefreshToken.User.Email, updatedRefreshToken.User.Role.ToString(), updatedRefreshToken.Token); _logger.LogDebug("Token successful"); return(Ok(tokens)); }
public TokenResponseDTO token([FromBody] TokenRequestDTO request) { var response = new TokenResponseDTO(); var user = _userService.LoginUser(request); if (!user.IsSuccess) { response.IsLogin = false; response.Message = user.Message; return(response); } var claims = new[] { new Claim("id", user.Data.UserId.ToString()), new Claim("date", new DateTime().ToString()) }; var secretBytes = Encoding.UTF8.GetBytes(AuthenticationConstant.SecretKey); var key = new SymmetricSecurityKey(secretBytes); var algorithm = SecurityAlgorithms.HmacSha256; var signingCredentials = new SigningCredentials(key, algorithm); var expireDate = DateTime.Now.AddDays(30); var token = new JwtSecurityToken( AuthenticationConstant.Issuer, AuthenticationConstant.Audience, claims, notBefore: DateTime.Now, expires: expireDate, signingCredentials ); response.IsLogin = true; response.ExpireDate = expireDate; response.Message = "İşlem Başarılı"; response.AccessToken = new JwtSecurityTokenHandler().WriteToken(token); return(response); }
protected async Task <T> PreauthenticateAsync <T>( Func <Task <T> > actualTestAsync, string username = null, string password = null) { T result = default(T); var actualUsername = username ?? Constants.User; var actualPassword = password ?? Constants.Pass; try { var request = new TokenRequestDTO() { GrantType = "password", Password = Constants.Pass, Username = Constants.User, }; var authResult = await LoginApi.LoginAsync(request); DefaultSettings.AccessToken = authResult.AccessToken; authenticationBearer = $"Bearer {DefaultSettings.AccessToken}"; result = await actualTestAsync(); isSuccess = true; } catch (Exception exception) { isSuccess = false; failureException = exception; } Assert.True(isSuccess, $"It shouldn't have thrown any exception, but got {failureException}"); return(result); }
public ActionResult Refresh(TokenRequestDTO model) { return(Ok()); }
public async Task <IActionResult> Token([FromForm] TokenRequestDTO request) { try { if (request.Grant_Type != "password") { return(BadRequest(new { error = "unsupported_grant_type" })); } var username = request.Username != null?request.Username.ToUpper() : request.Username; var password = request.Password != null?request.Password.ToUpper() : request.Password; if (username != "ADMIN" || password != "ADMIN") { throw new ApplicationException("Usuário e senha inválido"); } var key = Convert.FromBase64String("NDk4MUFERUQ2MUQyNDM2QkI1RjRFMEE4Q0Q4QzNBRUI ="); var hoursToExpire = 15; var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { //new Claim(ClaimTypes., 1), new Claim(ClaimTypes.Name, username), //new Claim(ClaimTypes.Name, user.USU_DESCRI), //new Claim(RTEClaimTypes.CompanyId, companyId.ToString()), //new Claim(RTEClaimTypes.UserCompanyId, uepIdenti.ToString()), //new Claim(RTEClaimTypes.IsUserMaster, user.USU_MASTER), //new Claim(RTEClaimTypes.AuthType, authTypeEnum.ToString()), }), Issuer = "", Expires = DateTime.UtcNow.AddHours(hoursToExpire), Audience = "", SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var now = DateTime.UtcNow; return(Ok(new Dictionary <string, object> { { "access_token", tokenHandler.WriteToken(token) }, { "token_type", "bearer" }, { "expires_in", hoursToExpire * 60 * 60 }, { "userId", 1 }, { "name", username }, { "ConnectionStringCore", _configuration["CORE"] }, { "Secrets", _configuration["CORESecrets"] }, //{ "companyId", companyId }, //{ "userCompanyId", uepIdenti }, //{ "isMaster", user.USU_MASTER }, //{ ".issued", now.ToString("ddd, dd MMM yyyy HH:mm:ss", new CultureInfo("en-US")) + " GMT" }, { ".expires", now.AddHours(hoursToExpire).ToString("ddd, dd MMM yyyy HH:mm:ss", new CultureInfo("en-US")) + " GMT" } })); } catch (Exception ex) { return(BadRequest(new { error = "invalid_grant", error_description = ex.ToString() })); } }
public async Task <ActionResult> Refresh([FromBody] TokenRequestDTO token) { var tokenJWT = await VerifyToken(token); return(Ok(tokenJWT)); }
public async Task <AuthResultDTO> VerifyToken(TokenRequestDTO tokenRequest) { var jwtTokenHandler = new JwtSecurityTokenHandler(); try { // Validation 1 - Validation JWT token format var tokenInVerification = jwtTokenHandler.ValidateToken(tokenRequest.Token, _tokenValidationParams, out var validatedToken); // Validation 2 - Validate encryption alg if (validatedToken is JwtSecurityToken jwtSecurityToken) { var result = jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase); if (result == false) { return(null); } } // Validation 3 - validate expiry date var utcExpiryDate = long.Parse(tokenInVerification.Claims.FirstOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value); var expiryDate = UnixTimeStampToDateTime(utcExpiryDate); if (expiryDate > DateTime.UtcNow) { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { "Token has not yet expired" } }); } // validation 4 - validate existence of the token var storedToken = await _context.TokenRefreshes.FirstOrDefaultAsync(x => x.Token == tokenRequest.RefreshToken); if (storedToken == null) { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { "Token does not exist" } }); } // Validation 5 - validate if used if (storedToken.IsUsed) { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { "Token has been used" } }); } // Validation 6 - validate if revoked if (storedToken.IsRevoked) { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { "Token has been revoked" } }); } // Validation 7 - validate the id var jti = tokenInVerification.Claims.FirstOrDefault(x => x.Type == JwtRegisteredClaimNames.Jti).Value; if (storedToken.JwtId != jti) { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { "Token doesn't match" } }); } // update current token var data = await _user.UpdateToken(tokenRequest.RefreshToken); if (data.ResponseCode != "200") { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { data.ResponseMessage } }); } // Generate a new token var user = await _context.Users.FindAsync(storedToken.UserId); return(await GenerateToken(user.Id, user.Username, user.Fullname)); } catch (Exception ex) { if (ex.Message.Contains("Lifetime validation failed. The token is expired.")) { //validate token refresh var storedToken = await _context.TokenRefreshes .FirstOrDefaultAsync(x => x.Token == tokenRequest.RefreshToken); var data = await _user.UpdateToken(tokenRequest.RefreshToken); if (data.ResponseCode != "200") { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { data.ResponseMessage } }); } var user = await _context.Users.FindAsync(storedToken.UserId); return(await GenerateToken(user.Id, user.Username, user.Fullname)); } else { return(new AuthResultDTO() { Success = false, Errors = new List <string>() { "Something went wrong." } }); } } }