public async Task <AuthResponseDTO> Login(AuthRequestDTO authDto) { var user = _userRepository.Authenticate(authDto.Username, authDto.Password); if (user == null) { return(null); //Message = "Incorrect credentials." }; } string refreshToken = null; if (authDto.RememberMe) { var refreshTokenId = Guid.NewGuid().ToString(); var token = new RefreshToken { TokenId = refreshTokenId, Token = _jwtHandler.CreateRefreshToken(authDto.ClientId, user.Username, refreshTokenId) }; refreshToken = (await _tokenRepository.CreateAsync(token)).Token; } return(new AuthResponseDTO { AccessToken = _jwtHandler.CreateJwt(authDto.ClientId, authDto.Username, user.Role.ToString()), RefreshToken = refreshToken }); }
public AuthResponseDTO RefreshAccessToken(AuthRequestDTO authDto) { if (authDto.RefreshToken == null) { return(null); } var refreshToken = new JwtSecurityTokenHandler().ReadJwtToken(authDto.RefreshToken); var username = refreshToken.Claims.FirstOrDefault(claim => claim.Type == "user_name")?.Value; var user = _userRepository.GetUserByName(username); var refreshTokenExists = _tokenRepository.TokenExists(refreshToken.Claims.FirstOrDefault(claim => claim.Type == "jti")?.Value); if (user != null && refreshTokenExists) { return(new AuthResponseDTO { AccessToken = _jwtHandler.CreateJwt(authDto.ClientId, username, user.Role.ToString()) }); } else { // this could mean: // 1: the user doesn't exist anymore. // 2. The refresh token doesn't exist anymore, consider creating a revoked flag. return(null); } }
public void UserProvidesRefreshToken_ReturnNewAccessToken() { var controller = new AuthController(_authService); var firstLoginToCreateRefreshToken = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", RememberMe = true, GrantType = "password" }; var login = controller.Auth(firstLoginToCreateRefreshToken).Result as ObjectResult; var user = new AuthRequestDTO { ClientId = "Test", GrantType = "refresh_token", RefreshToken = (login?.Value as AuthResponseDTO)?.RefreshToken }; var result = controller.Auth(user).Result as ObjectResult; var content = result?.Value as AuthResponseDTO; Assert.Equal(200, result?.StatusCode); Assert.True(content?.AccessToken.Length > 10); Assert.True(content.RefreshToken == null); }
public async Task <AuthResponseDTO> SignIn(AuthRequestDTO model) { if (string.IsNullOrWhiteSpace(model.Login)) { throw new Exception(Constants.Error.INVALID_LOGIN); } var user = (await GetAsync(_mapper.Map <Auth>(model), x => x.Login == model.Login)).FirstOrDefault(); if (user == null) { throw new Exception(Constants.Error.INVALID_USER); } if (user.Password != model.Password) { throw new Exception(Constants.Error.INVALID_PASSWORD); } var authResponse = _mapper.Map <AuthResponseDTO>(user); authResponse.Token = TokenService.GenerateToken(user, _config["Secret"]); return(authResponse); }
public async Task <AuthResponseDTO> RequestTokenAsync([FromBody] OsuTokenRequestDTO tokenRequestDto) { // To auth a code - https://osu.ppy.sh/oauth/authorize?client_id=4309&redirect_uri=http://localhost:61899/osu/callback&response_type=code&scope=identify public&state=chicken string clientSecret = Environment.GetEnvironmentVariable("OsuRequest_Osu_ClientSecret"); if (clientSecret == null) { throw new HttpResponseException(); } AuthRequestDTO authRequestDto = new AuthRequestDTO() { ClientId = 4309, ClientSecret = clientSecret, Code = tokenRequestDto.Code, GrantType = "authorization_code", RedirectUri = "http://localhost:61899/osu/callback" }; HttpResponseMessage response = await httpClient.PostAsync("/oauth/token", JsonContent.Create(authRequestDto, null, snakeCaseSerializerOptions)); if (response.IsSuccessStatusCode) { AuthResponseDTO authResponse = await response.Content.ReadFromJsonAsync <AuthResponseDTO>(snakeCaseSerializerOptions); return(authResponse); } throw new HttpResponseException() { Status = (int)response.StatusCode, Value = await response.Content.ReadAsStringAsync() }; }
public void RequestWithoutGrantType_ReturnsBadRequest() { var user = new AuthRequestDTO(); var controller = new AuthController(_authService); var result = controller.Auth(user).Result as ObjectResult; Assert.Equal(400, result?.StatusCode); }
public async Task <AuthResultDTO> GetToken( [FromBody] AuthRequestDTO authRequestDTO) { var query = _mapper.Map <GetTokenQuery>(authRequestDTO); var token = new AuthResultDTO(); token.AccessToken = await _mediator.Send(query); return(token); }
public async Task <ActionResult <RegisterResponseDTO> > SignUp([FromBody] AuthRequestDTO model) { try { return(Ok(await userService.SignUp(model))); } catch (Exception ex) { return(BadRequest(_logger.ToLogError(ex, model))); } }
public IActionResult Autenticar(AuthRequestDTO authRequestDTO) { var response = _usuarioService.Autenticar(authRequestDTO); if (response == null) { return(Unauthorized(new { message = "Usuário ou senha incorretos." })); } return(Ok(response)); }
public void IfUserDoesntExists_ReturnBadRequest() { var user = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", GrantType = "password" }; var controller = new AuthController(_authService); var result = controller.Auth(user).Result as ObjectResult; Assert.Equal(400, result?.StatusCode); Assert.Equal("Incorrect credentials.", result?.Value); }
public async Task <RegisterResponseDTO> SignUp(AuthRequestDTO model) { var user = (await GetAsync(_mapper.Map <Auth>(model), x => x.Login == model.Login)).FirstOrDefault(); if (user is not null) { throw new Exception(Constants.Error.INVALID_USER_EXISTS); } user = await InsertAsync(_mapper.Map <Auth>(model)); return(_mapper.Map <RegisterResponseDTO>(user)); }
public void IfUserExists_RememberMeFalse_RefreshTokenNull() { var user = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", GrantType = "password", RememberMe = false }; var controller = new AuthController(_authService); var result = controller.Auth(user).Result as ObjectResult; var content = result?.Value as AuthResponseDTO; Assert.Equal(200, result?.StatusCode); Assert.True(content?.AccessToken.Length > 10); Assert.True(content.RefreshToken == null); }
public AuthResponseDTO Autenticar(AuthRequestDTO authRequestDTO) { var usuario = _usuarios.SingleOrDefault(x => x.Login == authRequestDTO.Usuario && x.Senha == authRequestDTO.Senha); if (usuario == null) { return(null); } var token = GerarTokenJwt(usuario); return(new AuthResponseDTO(usuario, token)); }
public IActionResult Authenticate([FromBody] AuthRequestDTO authRequestDto) { BaseResponse response = new BaseResponse(); var userResponse = _userService.Auth(authRequestDto); if (userResponse == null) { response.Message = "Incorrect data"; return(BadRequest(response)); } response.Success = true; response.Data = userResponse; return(Ok(response)); }
public void IfUserExists_CompleteLogin_ReturnToken() { var user = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", GrantType = "password" }; var result = _authService.Login(user); // Assert Assert.NotNull(result); }
public void IfUserExists_RememberMeFalse_RefreshTokenNull() { var user = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", GrantType = "password", RememberMe = false }; var result = _authService.Login(user).Result; Assert.NotNull(result); Assert.NotNull(result.AccessToken); Assert.Null(result.RefreshToken); }
public void IfUserExists_CompleteLoginAndReturnToken() { var user = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", GrantType = "password" }; var controller = new AuthController(_authService); var result = controller.Auth(user).Result as ObjectResult; var content = result?.Value as AuthResponseDTO; Assert.Equal(200, result?.StatusCode); Assert.True(content?.AccessToken.Length > 10); }
public void IfUserExists_WithRememberMe_CompleteLoginAndReturnAccessAndRefreshToken() { var user = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", GrantType = "password", RememberMe = true }; var result = _authService.Login(user).Result; Assert.NotNull(result); Assert.NotNull(result.AccessToken); Assert.NotNull(result.RefreshToken); }
private async Task <AuthResponseDTO> AuthenticateLogin(string serialNumber, string password) { try { AuthResponseDTO result = new AuthResponseDTO(); using (var client = new HttpClient()) { client.BaseAddress = new Uri(LdapAuthenticationServiceUrl); client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); //Specify what LDAP attributes need to be returned when a user's authentication is passed AuthRequestDTO authRequest = new AuthRequestDTO { UserId = serialNumber, Password = password, LoginRequested = true, AuthenticatedMode = AuthenticatedModes.CityOfLA }; authRequest.LdapAttributes = new Dictionary <string, string>(); authRequest.LdapAttributes.Add(LdapAttributeName.FULLNAME, ""); authRequest.LdapAttributes.Add(LdapAttributeName.SURNAME, ""); var json = new System.Web.Script.Serialization.JavaScriptSerializer().Serialize(authRequest); HttpResponseMessage response = await client.PostAsJsonAsync("api/auth", authRequest); if (response.IsSuccessStatusCode) { AuthResponseDTO authResponse = await response.Content.ReadAsAsync <AuthResponseDTO>(); result = authResponse; } else { throw new Exception("Authentication: " + response.StatusCode + " " + response.ReasonPhrase); } } return(result); } catch (Exception ex) { throw ex; } }
public UserResponse Auth(AuthRequestDTO authRequestDTO) { UserResponse userResponse = new UserResponse(); using (var db = new BDTiendaContext()) { string password = Encrypt.GetSHA256(authRequestDTO.Password); var user = db.Usuario.Where(d => d.Email == authRequestDTO.Email && d.Contrasena == password).FirstOrDefault(); if (user == null) { return(null); } userResponse.Email = user.Email; userResponse.Token = GetToken(user); } return(userResponse); }
public void UserProvidesRefreshToken_ReturnNewAccessToken() { var firstLoginToCreateRefreshToken = new AuthRequestDTO { Username = "******", Password = "******", ClientId = "Test", RememberMe = true, GrantType = "password" }; var login = _authService.Login(firstLoginToCreateRefreshToken).Result; var user = new AuthRequestDTO { ClientId = "Test", GrantType = "refresh_token", RefreshToken = login.RefreshToken }; var result = _authService.RefreshAccessToken(user); Assert.NotNull(result); Assert.NotNull(result.AccessToken); Assert.Null(result.RefreshToken); Assert.False(login.AccessToken == result.AccessToken); }