public async Task <ActionResult <AtResult <TokenDto> > > RefreshToken([FromBody] RefreshDto model)
{
var principal = GetPrincipalFromExpiredToken(model.AccessToken);
if (principal == null)
{
Response.Headers.Add("Token-Invalid", "Access");
return(BadRequest("Token-Invalid-Access"));
}
var userId = GetClaimsUserId(principal.Claims);
var device = GetClaimsDevice(principal.Claims);
var valueRefreshToken = GetCacheRefreshTokenAsync(_cache, userId, device);
if (valueRefreshToken != model.RefreshToken)
{
Response.Headers.Add("Token-Invalid", "Refresh");
return(BadRequest("Token-Invalid-Refresh"));
}
var token = await GenerateTokenAsync(userId, device, principal.Claims).ConfigureAwait(false);
return(new AtResult <TokenDto>(token));
}
public static async Task <bool> RefreshToken()
{
if (string.IsNullOrEmpty(Properties.Settings.Default.RefreshToken))
{
return(false);
}
if (Properties.Settings.Default.RefreshExpiresAt <= DateTime.UtcNow)
{
return(false);
}
var data = new RefreshDto()
{
Token = Properties.Settings.Default.RefreshToken
};
var response = await HttpHelper.Post <LoginResponseDto, RefreshDto>("user/refresh", data);
if (response.StatusCode != HttpStatusCode.OK)
{
RemoveTokenValues();
return(false);
}
var result = ModelMapper.Mapper.Map <Tokens>(response.Result);
DataContainer.Tokens = result;
SaveTokens(DataContainer.Tokens);
return(true);
}
public RefreshDtoValidatorFixture()
{
Validator = new RefreshDtoValidator();
Model = new RefreshDto
{
RefreshToken = "473ed8ba-2292-49e1-a930-5129a002e753"
};
}
public async Task <ActionResult <UserDto> > Refresh(RefreshDto refreshDto)
{
var result = await _accountService.RefreshAsync(refreshDto);
if (result.HasError)
{
return(Unauthorized(result.Exception));
}
return(Ok(result.Result));
}
public async Task <ServiceResult <UserDto> > RefreshAsync(RefreshDto refreshDto)
{
var validatedToken = GetClaimsPrincipalFromToken(refreshDto.Token);
if (validatedToken == null)
{
return(ReturnError("InvalidToken"));
}
var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)
.AddSeconds(expiryDateUnix);
if (expiryDateTimeUtc > DateTime.UtcNow)
{
return(ReturnError("ThisTokenHasNotExpiredYet"));
}
var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;
var storedRefreshToken = await _webShopDatabase.RefreshTokenRepository.GetRefreshTokenByIdAsync(refreshDto.RefreshToken);
if (storedRefreshToken == null)
{
return(ReturnError("ThisRefreshTokenDoesNotExist"));
}
if (DateTime.UtcNow > storedRefreshToken.ExpiredDate)
{
return(ReturnError("ThisRefreshTokenHasExpired"));
}
if (storedRefreshToken.Invalidated)
{
return(ReturnError("InvalidRefreshToken"));
}
if (storedRefreshToken.JwtId != jti)
{
return(ReturnError("InvalidRefreshToken"));
}
_webShopDatabase.RefreshTokenRepository.RemoveRefreshToken(storedRefreshToken);
await _webShopDatabase.CompleteAsync();
var user = await _userManager.FindByIdAsync(validatedToken.Claims.Single(x => x.Type == ClaimTypes.NameIdentifier).Value);
return(ReturnOk(await CreateToken(user)));
}
public static async Task <bool> Logout()
{
if (DataContainer.Tokens == null)
{
return(false);
}
var refreshToken = new RefreshDto
{
Token = DataContainer.Tokens.RefreshToken.Token
};
await HttpHelper.Post <LoginResponseDto, RefreshDto>("user/logout", refreshToken);
RemoveTokenValues();
DataContainer.Tokens = null;
return(true);
}
public async Task <IActionResult> Refresh(RefreshDto refreshDto)
{
var principal = _tokenHelper.GetPrincipalFromExpiredToken(refreshDto.AccessToken);
var username = principal.Identity.Name;
var user = await _userManager.FindByEmailAsync(username);
if (user.RefreshToken != refreshDto.RefreshToken)
{
return(BadRequest("Bad refreshToken"));
}
var newJwtToken = await _tokenHelper.CreateAccessToken(user);
return(Ok(new
{
Token = newJwtToken
}));
}
public async Task <ActionResult> RefreshAsync([FromBody] RefreshDto refreshDto)
{
_logger.LogMethodCallingWithObject(refreshDto);
var principal = _userManager.GetPrincipalFromExpiredToken(refreshDto.Token);
var userId = principal.Identity.Name;
var savedRefreshToken = await _userManager.GetRefreshTokenAsync(userId);
if (savedRefreshToken != refreshDto.RefreshToken || string.IsNullOrEmpty(savedRefreshToken))
{
throw new SecurityTokenException("Invalid refresh token");
}
var newJwtToken = _userManager.GenerateToken(principal.Claims);
var newRefreshToken = _userManager.GenerateRefreshToken();
await _userManager.SaveRefreshTokenAsync(userId, newRefreshToken);
return(new ObjectResult(new
{
accessToken = newJwtToken,
refreshToken = newRefreshToken
}));
}
public async Task <IActionResult> Refresh([FromBody] RefreshDto refreshDto)
{
var user = await _userService.GetUserByRefreshToken(refreshDto.Token);
if (user == null)
{
return(NotFound());
}
var refreshToken = await _jwtService.RefreshToken(user, refreshDto.Token);
if (refreshToken == null)
{
return(NotFound());
}
var jwt = _jwtService.GenerateSecurityToken(user);
return(Ok(new LoginResponseDto
{
Jwt = jwt,
RefreshToken = refreshToken
}));
}
public async Task <AtResult <TokenDto> > RefreshToken()
{
var claimsIdentity = User.Claims.ToList();
var token = claimsIdentity?.FirstOrDefault(x => x.Type.Equals("AtUserToken", StringComparison.OrdinalIgnoreCase))?.Value;
var atUserTokenReset = claimsIdentity?.FirstOrDefault(x => x.Type.Equals("AtUserTokenReset", StringComparison.OrdinalIgnoreCase))?.Value;
var userName = claimsIdentity?.FirstOrDefault(x => x.Type.Equals(ClaimTypes.Name, StringComparison.OrdinalIgnoreCase))?.Value;
var userID = claimsIdentity?.FirstOrDefault(x => x.Type.Equals("userId", StringComparison.OrdinalIgnoreCase))?.Value;
try
{
var input = new RefreshDto
{
AccessToken = token,
RefreshToken = atUserTokenReset
};
var client = new RestClient(_strConfig);
var request = new RestRequest("api/Tokens/RefreshToken");
// Them hang loat query string bang object
request.AddJsonBody(input);
var response = await client.ExecutePostAsync <AtResult <TokenDto> >(request).ConfigureAwait(true);
// Nhan duoc du lieu tu API
if (response.IsSuccessful)
{
if (response.Data.IsOk == false && response.Data.Error == AtNotify.LoginFail || response.Data.PayLoad == null)
{
return(new AtResult <TokenDto>(AtNotify.ResetTokenFail));
}
// Api logic thuc hien dung
var output = response.Data.PayLoad;
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, userName),
new Claim("userId", userID),
new Claim("AtUserToken", output.accessToken),
new Claim("AtUserTokenReset", output.refreshToken),
};
var claimsIdentitys = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
//AllowRefresh = <bool>,
// Refreshing the authentication session should be allowed.
//ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10),
// The time at which the authentication ticket expires. A
// value set here overrides the ExpireTimeSpan option of
// CookieAuthenticationOptions set with AddCookie.
//IsPersistent = true,
// Whether the authentication session is persisted across
// multiple requests. When used with cookies, controls
// whether the cookie's lifetime is absolute (matching the
// lifetime of the authentication ticket) or session-based.
//IssuedUtc = <DateTimeOffset>,
// The time at which the authentication ticket was issued.
//RedirectUri = <string>
// The full path or absolute URI to be used as an http
// redirect response value.
};
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentitys),
authProperties);
return(new AtResult <TokenDto>(output));
}
else
{
return(new AtResult <TokenDto>(AtNotify.Conectimeout));
}
}
catch (Exception ex)
{
throw ex;
}
}
public async Task <IActionResult> RefreshAsync([FromBody] RefreshDto refreshDto)
{
return(await userService.RefreshAsync(refreshDto.AccessToken, refreshDto.RefreshToken));
}
public IActionResult Refresh([FromBody] RefreshDto refreshDto)
{
try
{
var isTokenValid = _authorService.ValidateRefreshToken(refreshDto.RefreshToken, out DecodedRefreshTokenClaims decodedRefreshTokenClaims, out Author author);
if (decodedRefreshTokenClaims.ExpiryDate < DateTime.Now)
{
var errorMessage = "Refresh token has expired.";
return(Unauthorized(new ErrorResponseDto
{
InternalErrorMessage = errorMessage,
DisplayErrorMessage = errorMessage
}));
}
else if (!isTokenValid)
{
var errorMessage = "Invalid refresh token.";
return(Unauthorized(new ErrorResponseDto
{
InternalErrorMessage = errorMessage,
DisplayErrorMessage = errorMessage
}));
}
else if (author == null)
{
var errorMessage = "Unable to identify user associated to the refresh token provided.";
return(Unauthorized(new ErrorResponseDto
{
InternalErrorMessage = errorMessage,
DisplayErrorMessage = errorMessage
}));
}
else if (!author.IsDeleted.HasValue || author.IsDeleted.Value)
{
var errorMessage = "This username has been permanently deactivated.";
return(Unauthorized(new ErrorResponseDto
{
InternalErrorMessage = errorMessage,
DisplayErrorMessage = errorMessage
}));
}
else if (!author.IsLocked.HasValue || author.IsLocked.Value)
{
var errorMessage = "This user has been locked. Please contact system administrator.";
return(Unauthorized(new ErrorResponseDto
{
InternalErrorMessage = errorMessage,
DisplayErrorMessage = errorMessage
}));
}
var tokenExpiration = DateTime.Now.AddDays(7);
var refreshTokenExpiration = DateTime.Now.AddDays(183);
var tokenHandler = new JwtSecurityTokenHandler();
var keyBytes = Encoding.ASCII.GetBytes(_authConfig.Secret);
var securityKey = new SymmetricSecurityKey(keyBytes);
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = _authConfig.Issuer,
Audience = _authConfig.Audience,
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, author.AuthorId.ToString()),
new Claim(ClaimTypes.Expiration, tokenExpiration.ToString())
}),
Expires = tokenExpiration,
SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature),
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var responseDto = _mapper.Map <RefreshResponseDto>(author);
responseDto.Token = tokenHandler.WriteToken(token);
responseDto.TokenExpirationDate = tokenExpiration;
responseDto.RefreshTokenExpirationDate = refreshTokenExpiration;
responseDto.RefreshToken = _authorService.EncodeRefreshToken(author.Username, refreshTokenExpiration);
return(Ok(responseDto));
}
catch (Exception ex)
{
Console.WriteLine($"Encountered exception while attempting to satisfy refreshToken claim. Message: {ex.Message}");
Console.WriteLine(ex.StackTrace);
return(BadRequest(new ErrorResponseDto(ex)));
}
}
public async Task<IActionResult> Refresh(RefreshDto refreshDto)
{
var result = await _repository.RefreshToken(refreshDto, IpAddress());
return Ok(result);
}
public AccountControllerFixture()
{
ApiVersion = new ApiVersion(1, 0);
MockAccountRepository = new Mock <IAccountRepository>();
HttpContext = new DefaultHttpContext();
Users = new List <GetUserDto>
{
new GetUserDto
{
Id = Guid.NewGuid(),
FirstName = "Anna",
LastName = "Domino",
Email = "*****@*****.**",
PhoneNumber = "",
Roles = new List <string> {
"SuperAdmin", "Admin", "Report", "Normal"
}
},
new GetUserDto
{
Id = Guid.NewGuid(),
FirstName = "Neil",
LastName = "Down",
Email = "*****@*****.**",
PhoneNumber = "",
Roles = new List <string> {
"Admin"
}
},
new GetUserDto
{
Id = Guid.NewGuid(),
FirstName = "Mark",
LastName = "Ateer",
Email = "*****@*****.**",
PhoneNumber = "",
Roles = new List <string> {
"Report", "Normal"
}
},
new GetUserDto
{
Id = Guid.NewGuid(),
FirstName = "Dave",
LastName = "Allippa",
Email = "*****@*****.**",
PhoneNumber = "",
Roles = new List <string> {
"Normal"
}
}
};
ValidLoginDto = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
ValidRegisterAdminDto = new RegisterAdminDto
{
FirstName = "John",
LastName = "Quil",
ConfirmPassword = "******",
Password = "******",
Email = "*****@*****.**"
};
ValidRegisterNormalDto = new RegisterNormalDto
{
FirstName = "Rose",
LastName = "Bush",
ConfirmPassword = "******",
Password = "******",
Email = "*****@*****.**",
Roles = new List <string> {
"Report", "Normal"
}
};
ValidLoginDto = new LoginDto
{
Email = "*****@*****.**",
Password = "******"
};
ValidRefreshDto = new RefreshDto
{
RefreshToken = "this is refresh token"
};
ValidRevokeDto = new RevokeDto
{
RefreshToken = "this is refresh JWT token"
};
SuccessAdminRegisterResultDto = new RegisterResultDto
{
Status = "Success",
Message = "User created successfully, grant Admin access."
};
FailedRegisterResultDto = new RegisterResultDto
{
Status = "Failed",
Message = "Failed to create new user."
};
SuccessNormalRegisterResultDto = new RegisterResultDto
{
Status = "Success",
Message = $"User created successfully, grant {string.Join(", ", ValidRegisterNormalDto.Roles)} access."
};
ValidTokenResultDtoResult = new TokenResultDto
{
AccessToken = "this will be a JWT access token",
RefreshToken = "this will be a JWT refresh token",
};
CurrentUserDtoResult = new CurrentUserDto
{
FirstName = "Simon",
LastName = "Sais",
Email = "*****@*****.**",
Roles = new List <string> {
"SuperAdmin", "Admin"
},
FullName = "Simon Sais",
UserId = Guid.Parse("77d8500b-dd97-4b6d-ce43-08d8aa3916b9")
};
}
public async Task <IActionResult> Logout([FromBody] RefreshDto refreshDto)
{
await _jwtService.RemoveToken(refreshDto.Token);
return(Ok());
}
