public async Task <ActionResult <User> > Login(User user)
{
var currentUser = await _userManager.FindByEmailAsync(user.Email);
if (currentUser == null)
{
return(StatusCode(StatusCodes.Status401Unauthorized));
}
var result = await _signInManager.CheckPasswordSignInAsync(currentUser, user.Password, false);
if (result.Succeeded)
{
var refreshToken = RefreshTokenGenerator.GenerateRefreshToken();
currentUser.RefreshToken = refreshToken;
_context.Update(currentUser);
_context.SaveChanges();
Response.Cookies.Append("refresh-token", refreshToken, new CookieOptions
{
HttpOnly = true,
IsEssential = true
});
return(new User
{
DisplayName = currentUser.UserName,
Token = _jwtGenerator.GenerateToken(currentUser),
Username = currentUser.UserName
});
}
return(StatusCode(StatusCodes.Status401Unauthorized));
}
public Authenticator(AccessTokenGenerator accessTokenGenerator, RefreshTokenGenerator refreshTokenGenerator,
IRefreshTokenRepository refreshTokenRepository)
{
_accessTokenGenerator = accessTokenGenerator;
_refreshTokenGenerator = refreshTokenGenerator;
_refreshTokenRepository = refreshTokenRepository;
}
public RegisterResponse Register(RegisterRequest request)
{
var userExists = _context.Client.Any(c => c.Login.Equals(request.Login));
if (userExists)
{
throw new UserAlreadyExistsException("User already Exists!");
}
var salt = SaltGenerator.CreateSalt();
var newClient = new Client()
{
FirstName = request.FirstName,
LastName = request.LastName,
Email = request.Email,
Phone = request.Phone,
Login = request.Login,
Password = HashGenerator.CreateHashForPassword(request.Password, salt),
Salt = salt,
RefreshToken = RefreshTokenGenerator.CreateRefreshToken(),
TokenExpirationDate = DateTime.Now.AddDays(7)
};
var newClientClaims = new[]
{
new Claim(ClaimTypes.NameIdentifier, Convert.ToString(newClient.IdClient)),
new Claim(ClaimTypes.Name, newClient.Login),
new Claim(ClaimTypes.Role, "Client")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "*****@*****.**",
audience: "Clients",
claims: newClientClaims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: credentials
);
_context.Client.Add(newClient);
_context.SaveChanges();
return(new RegisterResponse()
{
FirstName = newClient.FirstName,
LastName = newClient.LastName,
Email = newClient.Email,
Phone = newClient.Phone,
Login = newClient.Login,
AccessToken = new JwtSecurityTokenHandler().WriteToken(token),
RefreshToken = newClient.RefreshToken
});
}
public SignInServiceTest()
{
var context = new MaktoobDbContext(new DbContextOptionsBuilder <MaktoobDbContext>().UseInMemoryDatabase("MaktoobDb").Options);
_errorDescriber = new GErrorDescriber();
var keyNormalizer = new NameNormalizer();
var passwordHasher = new PasswordHasher();
var unitOfWork = new UnitOfWork(context);
var userRepository = new UserRepository(context, unitOfWork);
var userLoginRepository = new UserLoginRepository(context, unitOfWork);
var userValidator = new IValidator <User>[] { new UserValidator(userRepository, keyNormalizer, _errorDescriber) };
_userService = new UserService(userRepository, _errorDescriber, keyNormalizer, passwordHasher, userValidator);
var jsonWebTokenOptions = new JsonWebTokenOptions
{
Issuer = "issuer",
Audience = "audience",
Algorithm = "HS256",
Key = "super secret key",
Expires = TimeSpan.Parse("00:00:01"), // 1 seconds
RefreshToken = new RefreshTokenOptions
{
Expires = TimeSpan.Parse("00:00:10"), // 10 seconds
UpdateRequired = TimeSpan.Parse("00:00:05") // 5 seconds
}
};
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jsonWebTokenOptions.Key));
JwtBearerOptions jwtBearerOptions = new JwtBearerOptions
{
TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = securityKey,
ValidIssuer = jsonWebTokenOptions.Issuer,
ValidAudience = jsonWebTokenOptions.Audience,
ValidateAudience = !string.IsNullOrWhiteSpace(jsonWebTokenOptions.Audience),
ValidateIssuer = !string.IsNullOrWhiteSpace(jsonWebTokenOptions.Issuer),
ValidateIssuerSigningKey = true,
ClockSkew = TimeSpan.Zero,
ValidateLifetime = true
}
};
var jsonWebTokenCoder = new JsonWebTokenCoder(Options.Create(jsonWebTokenOptions));
var userClaimsFactory = new UserClaimsFactory();
var refreshTokenGenerator = new RefreshTokenGenerator();
_signInService = new SignInService(_userService,
jsonWebTokenCoder, userLoginRepository,
_errorDescriber, userClaimsFactory, refreshTokenGenerator, null,
Options.Create(jsonWebTokenOptions));
}
public LoginResponse RefreshJwtToken(string refreshToken)
{
var client = _context.Client.SingleOrDefault(p => p.RefreshToken == refreshToken);
if (client == null)
{
throw new UserDoesntExistExcetion("Couldn't find user with this refresh token");
}
if (client.TokenExpirationDate < DateTime.Now)
{
throw new RefreshTokenExpiredException("Refresh token has expired");
}
var clientClaims = new[]
{
new Claim(ClaimTypes.NameIdentifier, Convert.ToString(client.IdClient)),
new Claim(ClaimTypes.Name, client.Login),
new Claim(ClaimTypes.Role, "Client")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "*****@*****.**",
audience: "Clients",
claims: clientClaims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: credentials
);
client.RefreshToken = RefreshTokenGenerator.CreateRefreshToken();
client.TokenExpirationDate = DateTime.Now.AddDays(7);
_context.SaveChanges();
return(new LoginResponse()
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(token),
RefreshToken = client.RefreshToken
});
}
public LoginResponse Login(LoginRequest request)
{
var client = _context.Client.SingleOrDefault(p => p.Login == request.Login);
if (client == null)
{
throw new UserDoesntExistExcetion($"User with {request.Login} login doesn't exist");
}
if (!client.Password.Equals(HashGenerator.CreateHashForPassword(request.Password, client.Salt)))
{
throw new WrongPasswordException("Wrong Password!");
}
var clientClaims = new[]
{
new Claim(ClaimTypes.NameIdentifier, Convert.ToString(client.IdClient)),
new Claim(ClaimTypes.Name, client.Login),
new Claim(ClaimTypes.Role, "Client")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "*****@*****.**",
audience: "Clients",
claims: clientClaims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: credentials
);
client.RefreshToken = RefreshTokenGenerator.CreateRefreshToken();
client.TokenExpirationDate = DateTime.Now.AddDays(7);
_context.SaveChanges();
return(new LoginResponse()
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(token),
RefreshToken = client.RefreshToken
});
}
public AuthenticationController(IUserRepository userRepository, IPasswordHasher passwordHasher, AccessTokenGenerator accessTokenGenerator, RefreshTokenGenerator refreshTokenGenerator, RefreshTokenValidator refreshTokenValidator, IRefreshTokenRepository refreshTokenRepository, Authenticator authenticator)
{
_userRepository = userRepository;
_passwordHasher = passwordHasher;
_refreshTokenValidator = refreshTokenValidator;
_refreshTokenRepository = refreshTokenRepository;
_authenticator = authenticator;
}
