public async Task <RefreshToken> FindRefreshToken(string refreshTokenId) { var refreshToken = await _refreshTokenRepository.FirstOrDefaultAsync(rf => rf.RefreshTokenId == refreshTokenId); return(refreshToken); }
public async Task <AuthResponseModel> Auth(AuthRequestModel model) { if (String.Equals(model.grant_type, Constants.GrantType.Password, StringComparison.OrdinalIgnoreCase)) { if (String.IsNullOrEmpty(model.MemberIdentifier)) { throw new ModelValidationException(nameof(model.MemberIdentifier), AccountLocalization.NeedMemberIdentifier); } if (String.IsNullOrEmpty(model.Password)) { throw new ModelValidationException(nameof(model.Password), AccountLocalization.NeedPassword); } var member = await _memberRepository.FirstOrDefaultAsync(f => f.MemberIdentifier == model.MemberIdentifier && f.Password == model.Password); if (member == null) { throw new BusinessException(Constants.Exception.MEMBER_NOT_FOUND, AccountLocalization.MemberNotFound); } var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_tokenAuthenticationModel.SecretKey)); var claims = new Claim[] { new Claim(Constants.Claim.UserId, member.Id.ToString()), new Claim(ClaimTypes.Role, "SuperAdmin"), new Claim(ClaimTypes.Role, "Admin") }; var accessTokenNow = DateTime.UtcNow; var accessTokenExpiration = TimeSpan.FromMinutes(_tokenAuthenticationModel.AccessTokenExpiration); var accessToken = new JwtSecurityToken( issuer: _tokenAuthenticationModel.Issuer, audience: _tokenAuthenticationModel.Issuer, claims: claims, notBefore: accessTokenNow, expires: accessTokenNow.Add(accessTokenExpiration), signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)); var encodedAccessToken = new JwtSecurityTokenHandler().WriteToken(accessToken); var refreshToken = GetRefreshToken(); var refreshTokenEntity = await _refreshTokenRepository.FirstOrDefaultAsync(f => f.MemberId == member.Id && f.Channel == ChannelEnum.Web); if (refreshTokenEntity == null) { refreshTokenEntity = new RefreshToken(); refreshTokenEntity.Channel = ChannelEnum.Web; refreshTokenEntity.MemberId = member.Id; refreshTokenEntity.RefreshTokenInfo = refreshToken; refreshTokenEntity.RefreshTokenExpireDate = DateTime.UtcNow.Add(TimeSpan.FromMinutes(_tokenAuthenticationModel.RefreshTokenExpiration)); await _refreshTokenRepository.AddAndSaveChangesAsync(refreshTokenEntity); } else { refreshTokenEntity.RefreshTokenInfo = refreshToken; refreshTokenEntity.RefreshTokenExpireDate = DateTime.UtcNow.Add(TimeSpan.FromMinutes(_tokenAuthenticationModel.RefreshTokenExpiration)); await _refreshTokenRepository.UpdateAndSaveChangesAsync(refreshTokenEntity); } return(new AuthResponseModel { access_token = encodedAccessToken, refresh_token = refreshToken, expires_in = (int)accessTokenExpiration.TotalSeconds }); } else if (String.Equals(model.grant_type, Constants.GrantType.Refresh_Token, StringComparison.OrdinalIgnoreCase)) { if (String.IsNullOrEmpty(model.refresh_token)) { throw new ModelValidationException(nameof(model.refresh_token), AccountLocalization.NeedRefreshToken); } var refreshTokenEntity = await _refreshTokenRepository.FirstOrDefaultAsync(f => f.RefreshTokenInfo == model.refresh_token && f.Channel == ChannelEnum.Web); if (refreshTokenEntity == null) { throw new BusinessException(Constants.Exception.REFRESH_TOKEN_NOT_FOUND, AccountLocalization.RefreshTokenNotFound); } if (refreshTokenEntity.RefreshTokenExpireDate != null && refreshTokenEntity.RefreshTokenExpireDate < DateTime.UtcNow) { throw new BusinessException(Constants.Exception.REFRESH_TOKEN_EXPIRED, AccountLocalization.RefreshTokenExpired); } var member = await _memberRepository.FirstOrDefaultAsync(f => f.Id == refreshTokenEntity.MemberId); if (member == null) { throw new BusinessException(Constants.Exception.MEMBER_NOT_FOUND, AccountLocalization.MemberNotFound); } var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_tokenAuthenticationModel.SecretKey)); var claims = new Claim[] { new Claim(Constants.Claim.UserId, member.Id.ToString()), new Claim(ClaimTypes.Role, "SuperAdmin"), new Claim(ClaimTypes.Role, "Admin") }; var accessTokenNow = DateTime.UtcNow; var accessTokenExpiration = TimeSpan.FromMinutes(_tokenAuthenticationModel.AccessTokenExpiration); var accessToken = new JwtSecurityToken( issuer: _tokenAuthenticationModel.Issuer, audience: _tokenAuthenticationModel.Issuer, claims: claims, notBefore: accessTokenNow, expires: accessTokenNow.Add(accessTokenExpiration), signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)); var encodedAccessToken = new JwtSecurityTokenHandler().WriteToken(accessToken); return(new AuthResponseModel { access_token = encodedAccessToken, expires_in = (int)accessTokenExpiration.TotalSeconds }); } else { throw new BusinessException(Constants.Exception.INVALID_GRANT_TYPE, AccountLocalization.InvalidGrantType); } }