public async Task <IActionResult> Token([FromBody] TokenRequestDTO model)
{
_logger.LogDebug("Token invoked");
var storedRefreshToken = await _refreshTokenService.GetToken(model.RefreshToken);
if (storedRefreshToken == null || storedRefreshToken.ValidFor < DateTime.Now)
{
_logger.LogDebug("Token failed");
return(Unauthorized("Invalid refresh token, please login again."));
}
var(token, validFor) = _jwtHandler.CreateRefreshToken();
storedRefreshToken.ValidFor = validFor;
storedRefreshToken.Token = token;
var updatedRefreshToken = await _refreshTokenService.Update(storedRefreshToken);
var tokens = CreateTokensResponse(updatedRefreshToken.User.UserName, updatedRefreshToken.User.Email, updatedRefreshToken.User.Role.ToString(), updatedRefreshToken.Token);
_logger.LogDebug("Token successful");
return(Ok(tokens));
}
public TokenResponseDTO token([FromBody] TokenRequestDTO request)
{
var response = new TokenResponseDTO();
var user = _userService.LoginUser(request);
if (!user.IsSuccess)
{
response.IsLogin = false;
response.Message = user.Message;
return(response);
}
var claims = new[]
{
new Claim("id", user.Data.UserId.ToString()),
new Claim("date", new DateTime().ToString())
};
var secretBytes = Encoding.UTF8.GetBytes(AuthenticationConstant.SecretKey);
var key = new SymmetricSecurityKey(secretBytes);
var algorithm = SecurityAlgorithms.HmacSha256;
var signingCredentials = new SigningCredentials(key, algorithm);
var expireDate = DateTime.Now.AddDays(30);
var token = new JwtSecurityToken(
AuthenticationConstant.Issuer,
AuthenticationConstant.Audience,
claims,
notBefore: DateTime.Now,
expires: expireDate,
signingCredentials
);
response.IsLogin = true;
response.ExpireDate = expireDate;
response.Message = "İşlem Başarılı";
response.AccessToken = new JwtSecurityTokenHandler().WriteToken(token);
return(response);
}
protected async Task <T> PreauthenticateAsync <T>(
Func <Task <T> > actualTestAsync,
string username = null,
string password = null)
{
T result = default(T);
var actualUsername = username ?? Constants.User;
var actualPassword = password ?? Constants.Pass;
try
{
var request = new TokenRequestDTO()
{
GrantType = "password",
Password = Constants.Pass,
Username = Constants.User,
};
var authResult = await LoginApi.LoginAsync(request);
DefaultSettings.AccessToken = authResult.AccessToken;
authenticationBearer = $"Bearer {DefaultSettings.AccessToken}";
result = await actualTestAsync();
isSuccess = true;
}
catch (Exception exception)
{
isSuccess = false;
failureException = exception;
}
Assert.True(isSuccess, $"It shouldn't have thrown any exception, but got {failureException}");
return(result);
}
public ActionResult Refresh(TokenRequestDTO model)
{
return(Ok());
}
public async Task <IActionResult> Token([FromForm] TokenRequestDTO request)
{
try
{
if (request.Grant_Type != "password")
{
return(BadRequest(new { error = "unsupported_grant_type" }));
}
var username = request.Username != null?request.Username.ToUpper() : request.Username;
var password = request.Password != null?request.Password.ToUpper() : request.Password;
if (username != "ADMIN" || password != "ADMIN")
{
throw new ApplicationException("Usuário e senha inválido");
}
var key = Convert.FromBase64String("NDk4MUFERUQ2MUQyNDM2QkI1RjRFMEE4Q0Q4QzNBRUI =");
var hoursToExpire = 15;
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
//new Claim(ClaimTypes., 1),
new Claim(ClaimTypes.Name, username),
//new Claim(ClaimTypes.Name, user.USU_DESCRI),
//new Claim(RTEClaimTypes.CompanyId, companyId.ToString()),
//new Claim(RTEClaimTypes.UserCompanyId, uepIdenti.ToString()),
//new Claim(RTEClaimTypes.IsUserMaster, user.USU_MASTER),
//new Claim(RTEClaimTypes.AuthType, authTypeEnum.ToString()),
}),
Issuer = "",
Expires = DateTime.UtcNow.AddHours(hoursToExpire),
Audience = "",
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var now = DateTime.UtcNow;
return(Ok(new Dictionary <string, object>
{
{ "access_token", tokenHandler.WriteToken(token) },
{ "token_type", "bearer" },
{ "expires_in", hoursToExpire * 60 * 60 },
{ "userId", 1 },
{ "name", username },
{ "ConnectionStringCore", _configuration["CORE"] },
{ "Secrets", _configuration["CORESecrets"] },
//{ "companyId", companyId },
//{ "userCompanyId", uepIdenti },
//{ "isMaster", user.USU_MASTER },
//{ ".issued", now.ToString("ddd, dd MMM yyyy HH:mm:ss", new CultureInfo("en-US")) + " GMT" },
{ ".expires", now.AddHours(hoursToExpire).ToString("ddd, dd MMM yyyy HH:mm:ss", new CultureInfo("en-US")) + " GMT" }
}));
}
catch (Exception ex)
{
return(BadRequest(new { error = "invalid_grant", error_description = ex.ToString() }));
}
}
public async Task <ActionResult> Refresh([FromBody] TokenRequestDTO token)
{
var tokenJWT = await VerifyToken(token);
return(Ok(tokenJWT));
}
public async Task <AuthResultDTO> VerifyToken(TokenRequestDTO tokenRequest)
{
var jwtTokenHandler = new JwtSecurityTokenHandler();
try
{
// Validation 1 - Validation JWT token format
var tokenInVerification = jwtTokenHandler.ValidateToken(tokenRequest.Token, _tokenValidationParams, out var validatedToken);
// Validation 2 - Validate encryption alg
if (validatedToken is JwtSecurityToken jwtSecurityToken)
{
var result = jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase);
if (result == false)
{
return(null);
}
}
// Validation 3 - validate expiry date
var utcExpiryDate = long.Parse(tokenInVerification.Claims.FirstOrDefault(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
var expiryDate = UnixTimeStampToDateTime(utcExpiryDate);
if (expiryDate > DateTime.UtcNow)
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
"Token has not yet expired"
}
});
}
// validation 4 - validate existence of the token
var storedToken = await _context.TokenRefreshes.FirstOrDefaultAsync(x => x.Token == tokenRequest.RefreshToken);
if (storedToken == null)
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
"Token does not exist"
}
});
}
// Validation 5 - validate if used
if (storedToken.IsUsed)
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
"Token has been used"
}
});
}
// Validation 6 - validate if revoked
if (storedToken.IsRevoked)
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
"Token has been revoked"
}
});
}
// Validation 7 - validate the id
var jti = tokenInVerification.Claims.FirstOrDefault(x => x.Type == JwtRegisteredClaimNames.Jti).Value;
if (storedToken.JwtId != jti)
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
"Token doesn't match"
}
});
}
// update current token
var data = await _user.UpdateToken(tokenRequest.RefreshToken);
if (data.ResponseCode != "200")
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
data.ResponseMessage
}
});
}
// Generate a new token
var user = await _context.Users.FindAsync(storedToken.UserId);
return(await GenerateToken(user.Id, user.Username, user.Fullname));
}
catch (Exception ex)
{
if (ex.Message.Contains("Lifetime validation failed. The token is expired."))
{
//validate token refresh
var storedToken = await _context.TokenRefreshes
.FirstOrDefaultAsync(x => x.Token == tokenRequest.RefreshToken);
var data = await _user.UpdateToken(tokenRequest.RefreshToken);
if (data.ResponseCode != "200")
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
data.ResponseMessage
}
});
}
var user = await _context.Users.FindAsync(storedToken.UserId);
return(await GenerateToken(user.Id, user.Username, user.Fullname));
}
else
{
return(new AuthResultDTO()
{
Success = false,
Errors = new List <string>()
{
"Something went wrong."
}
});
}
}
}
