public async Task <IActionResult> Refresh([FromBody] RefreshRequestDto model)
{
var claimsPrincipal = _authService.IsJwtTokenValid(model.AccessToken);
if (claimsPrincipal == null)
{
// Case of invalid (malformed) access token.
return(BadRequest());
}
// Claim that uniquely identifies a JWT token.
var jti = claimsPrincipal.Claims.Single(c => c.Type == JwtRegisteredClaimNames.Jti).Value;
var storedRefreshToken = await _appDbContext.RefreshTokens.FirstOrDefaultAsync(rt => rt.Token.ToString() == model.RefreshToken);
if (
(storedRefreshToken == null) || // Case of invalid refresh token.
(DateTime.UtcNow > storedRefreshToken.ExpiryDate) || // Case of expired refresh token.
(storedRefreshToken.jti != jti) || // Case of refresh token and access token each belonging to a different user.
(storedRefreshToken.IsInvalidated) || // Case of invalidated refresh token.
(storedRefreshToken.IsUsed) // Case of already used refresh token.
)
{
return(BadRequest());
}
// Mark the refresh token as used at this stage.
storedRefreshToken.IsUsed = true;
await _appDbContext.SaveChangesAsync();
// NameIdentifier is the user id claim.
var user = await _userManager.FindByIdAsync(claimsPrincipal.Claims.Single(c => c.Type == ClaimTypes.NameIdentifier).Value);
return(Ok(await _authService.GenerateLoginResponse(user)));
}
public async Task <ActionResult <RefreshResponseDto> > Refresh([FromBody] RefreshRequestDto requestData)
{
try
{
var user = await _dataContext.Users.FirstAsync(u => u.Email == requestData.Email);
if (BCrypt.Net.BCrypt.Verify(requestData.Password, user.Password))
{
return new RefreshResponseDto {
Token = _authService.GenerateRefreshToken(user)
}
}
;
return(new BadRequestResult());
}
catch (InvalidOperationException)
{
return(new NotFoundResult());
}
catch (ArgumentNullException)
{
return(new NotFoundResult());
}
}