public async Task <ActionResult <AtResult <TokenDto> > > RefreshToken([FromBody] RefreshDto model) { var principal = GetPrincipalFromExpiredToken(model.AccessToken); if (principal == null) { Response.Headers.Add("Token-Invalid", "Access"); return(BadRequest("Token-Invalid-Access")); } var userId = GetClaimsUserId(principal.Claims); var device = GetClaimsDevice(principal.Claims); var valueRefreshToken = GetCacheRefreshTokenAsync(_cache, userId, device); if (valueRefreshToken != model.RefreshToken) { Response.Headers.Add("Token-Invalid", "Refresh"); return(BadRequest("Token-Invalid-Refresh")); } var token = await GenerateTokenAsync(userId, device, principal.Claims).ConfigureAwait(false); return(new AtResult <TokenDto>(token)); }
public static async Task <bool> RefreshToken() { if (string.IsNullOrEmpty(Properties.Settings.Default.RefreshToken)) { return(false); } if (Properties.Settings.Default.RefreshExpiresAt <= DateTime.UtcNow) { return(false); } var data = new RefreshDto() { Token = Properties.Settings.Default.RefreshToken }; var response = await HttpHelper.Post <LoginResponseDto, RefreshDto>("user/refresh", data); if (response.StatusCode != HttpStatusCode.OK) { RemoveTokenValues(); return(false); } var result = ModelMapper.Mapper.Map <Tokens>(response.Result); DataContainer.Tokens = result; SaveTokens(DataContainer.Tokens); return(true); }
public RefreshDtoValidatorFixture() { Validator = new RefreshDtoValidator(); Model = new RefreshDto { RefreshToken = "473ed8ba-2292-49e1-a930-5129a002e753" }; }
public async Task <ActionResult <UserDto> > Refresh(RefreshDto refreshDto) { var result = await _accountService.RefreshAsync(refreshDto); if (result.HasError) { return(Unauthorized(result.Exception)); } return(Ok(result.Result)); }
public async Task <ServiceResult <UserDto> > RefreshAsync(RefreshDto refreshDto) { var validatedToken = GetClaimsPrincipalFromToken(refreshDto.Token); if (validatedToken == null) { return(ReturnError("InvalidToken")); } var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value); var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc) .AddSeconds(expiryDateUnix); if (expiryDateTimeUtc > DateTime.UtcNow) { return(ReturnError("ThisTokenHasNotExpiredYet")); } var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value; var storedRefreshToken = await _webShopDatabase.RefreshTokenRepository.GetRefreshTokenByIdAsync(refreshDto.RefreshToken); if (storedRefreshToken == null) { return(ReturnError("ThisRefreshTokenDoesNotExist")); } if (DateTime.UtcNow > storedRefreshToken.ExpiredDate) { return(ReturnError("ThisRefreshTokenHasExpired")); } if (storedRefreshToken.Invalidated) { return(ReturnError("InvalidRefreshToken")); } if (storedRefreshToken.JwtId != jti) { return(ReturnError("InvalidRefreshToken")); } _webShopDatabase.RefreshTokenRepository.RemoveRefreshToken(storedRefreshToken); await _webShopDatabase.CompleteAsync(); var user = await _userManager.FindByIdAsync(validatedToken.Claims.Single(x => x.Type == ClaimTypes.NameIdentifier).Value); return(ReturnOk(await CreateToken(user))); }
public static async Task <bool> Logout() { if (DataContainer.Tokens == null) { return(false); } var refreshToken = new RefreshDto { Token = DataContainer.Tokens.RefreshToken.Token }; await HttpHelper.Post <LoginResponseDto, RefreshDto>("user/logout", refreshToken); RemoveTokenValues(); DataContainer.Tokens = null; return(true); }
public async Task <IActionResult> Refresh(RefreshDto refreshDto) { var principal = _tokenHelper.GetPrincipalFromExpiredToken(refreshDto.AccessToken); var username = principal.Identity.Name; var user = await _userManager.FindByEmailAsync(username); if (user.RefreshToken != refreshDto.RefreshToken) { return(BadRequest("Bad refreshToken")); } var newJwtToken = await _tokenHelper.CreateAccessToken(user); return(Ok(new { Token = newJwtToken })); }
public async Task <ActionResult> RefreshAsync([FromBody] RefreshDto refreshDto) { _logger.LogMethodCallingWithObject(refreshDto); var principal = _userManager.GetPrincipalFromExpiredToken(refreshDto.Token); var userId = principal.Identity.Name; var savedRefreshToken = await _userManager.GetRefreshTokenAsync(userId); if (savedRefreshToken != refreshDto.RefreshToken || string.IsNullOrEmpty(savedRefreshToken)) { throw new SecurityTokenException("Invalid refresh token"); } var newJwtToken = _userManager.GenerateToken(principal.Claims); var newRefreshToken = _userManager.GenerateRefreshToken(); await _userManager.SaveRefreshTokenAsync(userId, newRefreshToken); return(new ObjectResult(new { accessToken = newJwtToken, refreshToken = newRefreshToken })); }
public async Task <IActionResult> Refresh([FromBody] RefreshDto refreshDto) { var user = await _userService.GetUserByRefreshToken(refreshDto.Token); if (user == null) { return(NotFound()); } var refreshToken = await _jwtService.RefreshToken(user, refreshDto.Token); if (refreshToken == null) { return(NotFound()); } var jwt = _jwtService.GenerateSecurityToken(user); return(Ok(new LoginResponseDto { Jwt = jwt, RefreshToken = refreshToken })); }
public async Task <AtResult <TokenDto> > RefreshToken() { var claimsIdentity = User.Claims.ToList(); var token = claimsIdentity?.FirstOrDefault(x => x.Type.Equals("AtUserToken", StringComparison.OrdinalIgnoreCase))?.Value; var atUserTokenReset = claimsIdentity?.FirstOrDefault(x => x.Type.Equals("AtUserTokenReset", StringComparison.OrdinalIgnoreCase))?.Value; var userName = claimsIdentity?.FirstOrDefault(x => x.Type.Equals(ClaimTypes.Name, StringComparison.OrdinalIgnoreCase))?.Value; var userID = claimsIdentity?.FirstOrDefault(x => x.Type.Equals("userId", StringComparison.OrdinalIgnoreCase))?.Value; try { var input = new RefreshDto { AccessToken = token, RefreshToken = atUserTokenReset }; var client = new RestClient(_strConfig); var request = new RestRequest("api/Tokens/RefreshToken"); // Them hang loat query string bang object request.AddJsonBody(input); var response = await client.ExecutePostAsync <AtResult <TokenDto> >(request).ConfigureAwait(true); // Nhan duoc du lieu tu API if (response.IsSuccessful) { if (response.Data.IsOk == false && response.Data.Error == AtNotify.LoginFail || response.Data.PayLoad == null) { return(new AtResult <TokenDto>(AtNotify.ResetTokenFail)); } // Api logic thuc hien dung var output = response.Data.PayLoad; var claims = new List <Claim> { new Claim(ClaimTypes.Name, userName), new Claim("userId", userID), new Claim("AtUserToken", output.accessToken), new Claim("AtUserTokenReset", output.refreshToken), }; var claimsIdentitys = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); var authProperties = new AuthenticationProperties { //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. //ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. //IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. When used with cookies, controls // whether the cookie's lifetime is absolute (matching the // lifetime of the authentication ticket) or session-based. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentitys), authProperties); return(new AtResult <TokenDto>(output)); } else { return(new AtResult <TokenDto>(AtNotify.Conectimeout)); } } catch (Exception ex) { throw ex; } }
public async Task <IActionResult> RefreshAsync([FromBody] RefreshDto refreshDto) { return(await userService.RefreshAsync(refreshDto.AccessToken, refreshDto.RefreshToken)); }
public IActionResult Refresh([FromBody] RefreshDto refreshDto) { try { var isTokenValid = _authorService.ValidateRefreshToken(refreshDto.RefreshToken, out DecodedRefreshTokenClaims decodedRefreshTokenClaims, out Author author); if (decodedRefreshTokenClaims.ExpiryDate < DateTime.Now) { var errorMessage = "Refresh token has expired."; return(Unauthorized(new ErrorResponseDto { InternalErrorMessage = errorMessage, DisplayErrorMessage = errorMessage })); } else if (!isTokenValid) { var errorMessage = "Invalid refresh token."; return(Unauthorized(new ErrorResponseDto { InternalErrorMessage = errorMessage, DisplayErrorMessage = errorMessage })); } else if (author == null) { var errorMessage = "Unable to identify user associated to the refresh token provided."; return(Unauthorized(new ErrorResponseDto { InternalErrorMessage = errorMessage, DisplayErrorMessage = errorMessage })); } else if (!author.IsDeleted.HasValue || author.IsDeleted.Value) { var errorMessage = "This username has been permanently deactivated."; return(Unauthorized(new ErrorResponseDto { InternalErrorMessage = errorMessage, DisplayErrorMessage = errorMessage })); } else if (!author.IsLocked.HasValue || author.IsLocked.Value) { var errorMessage = "This user has been locked. Please contact system administrator."; return(Unauthorized(new ErrorResponseDto { InternalErrorMessage = errorMessage, DisplayErrorMessage = errorMessage })); } var tokenExpiration = DateTime.Now.AddDays(7); var refreshTokenExpiration = DateTime.Now.AddDays(183); var tokenHandler = new JwtSecurityTokenHandler(); var keyBytes = Encoding.ASCII.GetBytes(_authConfig.Secret); var securityKey = new SymmetricSecurityKey(keyBytes); var tokenDescriptor = new SecurityTokenDescriptor { Issuer = _authConfig.Issuer, Audience = _authConfig.Audience, Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, author.AuthorId.ToString()), new Claim(ClaimTypes.Expiration, tokenExpiration.ToString()) }), Expires = tokenExpiration, SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature), }; var token = tokenHandler.CreateToken(tokenDescriptor); var responseDto = _mapper.Map <RefreshResponseDto>(author); responseDto.Token = tokenHandler.WriteToken(token); responseDto.TokenExpirationDate = tokenExpiration; responseDto.RefreshTokenExpirationDate = refreshTokenExpiration; responseDto.RefreshToken = _authorService.EncodeRefreshToken(author.Username, refreshTokenExpiration); return(Ok(responseDto)); } catch (Exception ex) { Console.WriteLine($"Encountered exception while attempting to satisfy refreshToken claim. Message: {ex.Message}"); Console.WriteLine(ex.StackTrace); return(BadRequest(new ErrorResponseDto(ex))); } }
public async Task<IActionResult> Refresh(RefreshDto refreshDto) { var result = await _repository.RefreshToken(refreshDto, IpAddress()); return Ok(result); }
public AccountControllerFixture() { ApiVersion = new ApiVersion(1, 0); MockAccountRepository = new Mock <IAccountRepository>(); HttpContext = new DefaultHttpContext(); Users = new List <GetUserDto> { new GetUserDto { Id = Guid.NewGuid(), FirstName = "Anna", LastName = "Domino", Email = "*****@*****.**", PhoneNumber = "", Roles = new List <string> { "SuperAdmin", "Admin", "Report", "Normal" } }, new GetUserDto { Id = Guid.NewGuid(), FirstName = "Neil", LastName = "Down", Email = "*****@*****.**", PhoneNumber = "", Roles = new List <string> { "Admin" } }, new GetUserDto { Id = Guid.NewGuid(), FirstName = "Mark", LastName = "Ateer", Email = "*****@*****.**", PhoneNumber = "", Roles = new List <string> { "Report", "Normal" } }, new GetUserDto { Id = Guid.NewGuid(), FirstName = "Dave", LastName = "Allippa", Email = "*****@*****.**", PhoneNumber = "", Roles = new List <string> { "Normal" } } }; ValidLoginDto = new LoginDto { Email = "*****@*****.**", Password = "******" }; ValidRegisterAdminDto = new RegisterAdminDto { FirstName = "John", LastName = "Quil", ConfirmPassword = "******", Password = "******", Email = "*****@*****.**" }; ValidRegisterNormalDto = new RegisterNormalDto { FirstName = "Rose", LastName = "Bush", ConfirmPassword = "******", Password = "******", Email = "*****@*****.**", Roles = new List <string> { "Report", "Normal" } }; ValidLoginDto = new LoginDto { Email = "*****@*****.**", Password = "******" }; ValidRefreshDto = new RefreshDto { RefreshToken = "this is refresh token" }; ValidRevokeDto = new RevokeDto { RefreshToken = "this is refresh JWT token" }; SuccessAdminRegisterResultDto = new RegisterResultDto { Status = "Success", Message = "User created successfully, grant Admin access." }; FailedRegisterResultDto = new RegisterResultDto { Status = "Failed", Message = "Failed to create new user." }; SuccessNormalRegisterResultDto = new RegisterResultDto { Status = "Success", Message = $"User created successfully, grant {string.Join(", ", ValidRegisterNormalDto.Roles)} access." }; ValidTokenResultDtoResult = new TokenResultDto { AccessToken = "this will be a JWT access token", RefreshToken = "this will be a JWT refresh token", }; CurrentUserDtoResult = new CurrentUserDto { FirstName = "Simon", LastName = "Sais", Email = "*****@*****.**", Roles = new List <string> { "SuperAdmin", "Admin" }, FullName = "Simon Sais", UserId = Guid.Parse("77d8500b-dd97-4b6d-ce43-08d8aa3916b9") }; }
public async Task <IActionResult> Logout([FromBody] RefreshDto refreshDto) { await _jwtService.RemoveToken(refreshDto.Token); return(Ok()); }