public async Task <IActionResult> Token([FromBody] RequestTokenViewModel model) { if (!ModelState.IsValid) { return(BadRequest()); } var tokenValidationParams = new TokenValidationParameters { IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration.GetSection("AppConfiguration:Key").Value)), ValidAudience = configuration.GetSection("AppConfiguration:SiteUrl").Value, ValidateIssuerSigningKey = true, ValidateLifetime = true, ValidIssuer = configuration.GetSection("AppConfiguration:SiteUrl").Value }; JwtSecurityToken refreshToken; var jwtTokenhandler = new JwtSecurityTokenHandler(); User user; switch (model.GrantType) { case "refresh_token": try { SecurityToken validatedToken; refreshToken = jwtTokenhandler.ReadJwtToken(model.RefreshToken); var claims = jwtTokenhandler.ValidateToken(model.RefreshToken, tokenValidationParams, out validatedToken); var userName = refreshToken.Claims.First(claim => claim.Type == JwtRegisteredClaimNames.Sub).Value; user = await userManager.FindByNameAsync(userName); } catch (Exception) { // Could not decode refresh token return(StatusCode(401)); } break; case "access_token": user = await userManager.FindByNameAsync(model.UserName); if (user == null || new PasswordHasher <User>().VerifyHashedPassword(user, user.PasswordHash, model.Password) != PasswordVerificationResult.Success) { return(StatusCode(401)); } break; default: return(BadRequest()); } var accessToken = await GetJwtSecurityToken(user); refreshToken = await GetJwtSecurityRefreshToken(user); return(Ok(new { token = jwtTokenhandler.WriteToken(accessToken), refresh_token = jwtTokenhandler.WriteToken(refreshToken), expiration = accessToken.ValidTo })); }
private async Task <ResponseTokenViewModel> GenerateAccessAndRefreshToken(RequestTokenViewModel requestToken, string ipAddress) { ResponseTokenViewModel responseToken = new ResponseTokenViewModel(); AppUser appUser = await _userManager.FindUserWithRolesByNameAsync(requestToken.UserName); if (appUser != null && !string.IsNullOrWhiteSpace(requestToken.RefreshToken)) { RefreshToken oldRefreshToken = await _refreshTokenService.OldRefreshToken(_siteSettings.RefreshTokenSetting.ClientId, requestToken.RefreshToken, ipAddress); if (oldRefreshToken != null) { AppUser userToken = await _userManager.FindByIdAsync(oldRefreshToken.UserId.ToString()); if (userToken == null) { throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UnAuthorize, HttpStatusCode.Unauthorized); } if (oldRefreshToken.ExpireDate < DateTime.Now) { throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UnAuthorize, HttpStatusCode.Unauthorized); } else { responseToken.RefreshToken = oldRefreshToken.Value; responseToken.AccessToken = await GenerateAccessTokenAsync(appUser); } } else { throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UserNotFound, HttpStatusCode.Unauthorized); } } else { throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UserNotFound, HttpStatusCode.Unauthorized); } return(responseToken); }
public async Task <ResponseTokenViewModel> AuthenticateUser(HttpRequest request, RequestTokenViewModel requestToken) { string ipAddress = _httpContextAccessor.HttpContext.Connection?.RemoteIpAddress.ToString(); ResponseTokenViewModel responseTokenViewModel = new ResponseTokenViewModel(); if (requestToken.GrantType == "Password") { AppUser user = await _userManager.FindUserWithRolesByNameAsync(requestToken.UserName); if (user == null) { responseTokenViewModel.IsSuccess = false; responseTokenViewModel.Message = NotificationMessages.UserNotFound; responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized; //throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.UserNotFound, HttpStatusCode.BadRequest); } else { bool result = await _userManager.CheckPasswordAsync(user, requestToken.Password); if (!result) { responseTokenViewModel.IsSuccess = false; responseTokenViewModel.Message = NotificationMessages.InvalidUserNameOrPassword; responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized; // throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.InvalidUserNameOrPassword, HttpStatusCode.BadRequest); } else { UserViewModelApi userViewModel = await _userManager.FindUserApiByIdAsync(user.Id); userViewModel.Image = $"{request.Scheme}://{request.Host}{request.PathBase.Value}/wwwroot/Users/{userViewModel.Image}"; RefreshToken oldRefreshToken = await _refreshTokenService.GetRefreshTokenByUserIdAsync(user.Id); if (oldRefreshToken != null) { await _refreshTokenService.RemoveRefreshTokenAsync(oldRefreshToken); } RefreshToken refreshToken = _refreshTokenService.CreateRefreshToken(_siteSettings.RefreshTokenSetting, user.Id, requestToken.IsRemember, ipAddress); await _refreshTokenService.AddRefreshTokenAsync(refreshToken); responseTokenViewModel.AccessToken = await GenerateAccessTokenAsync(user); responseTokenViewModel.RefreshToken = refreshToken.Value; responseTokenViewModel.User = userViewModel; responseTokenViewModel.IsSuccess = true; } } } else if (requestToken.GrantType == "RefreshToken") { responseTokenViewModel = await GenerateAccessAndRefreshToken(requestToken, ipAddress); } else { responseTokenViewModel.IsSuccess = false; responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.NotFound; responseTokenViewModel.Message = NotificationMessages.UserNotFound; //throw new AppException(ApiResultStatusCode.BadRequest, NotificationMessages.TargetNotFounded, HttpStatusCode.BadRequest); } return(responseTokenViewModel); }
public async Task <ApiResult <ResponseTokenViewModel> > Auth([FromBody] RequestTokenViewModel requestToken) { return(Ok(await _jwtService.AuthenticateUser(Request, requestToken))); }