public IActionResult Post(RevocationDTO revoke) { string tmp = string.Empty; try { IRevocationService rs = new RevocationService( _refreshService, _configuration, _tSLogger, _tokenService, _tokenServiceDbContext, _encryptionService); tmp = rs.TokenRevocation(revoke); } catch (InvalidTokenException exToken) { return(Unauthorized(new UnauthorizedError(exToken.Message))); } catch (InvalidUserException exUser) { return(Unauthorized(new UnauthorizedError(exUser.Message))); } catch (Exception ex) { return(Unauthorized(new UnauthorizedError(ex.Message))); } return(Ok(tmp)); }
public string TokenRevocation(RevocationDTO revocationDTO) { try { ValidationResult results1 = userloginvalidation.Validate(revocationDTO.user); ValidationResult results2 = refreshvalidation.Validate(revocationDTO.refresh); string refresh_token = HttpUtility.UrlDecode(revocationDTO.token); Authorize authorize = oauth.Authorize.SingleOrDefault(x => x.Code == refresh_token); User user = oauth.User.Where(x => x.UserId == authorize.UserId).FirstOrDefault(); UserDTO userLoginDTO = mapper.Map <UserDTO>(user); //Check user is authenticated var handler = new UserAuthenticationHandler(); handler.Handle(userLoginDTO); revocationDTO.user = userLoginDTO; //Check refresh token provided is real var refreshhandler = new RefreshTokenAuthenticationHandler(); refreshhandler.Handle(revocationDTO); //Set the refresh token to null authorize.Code = null; oauth.SaveChanges(); return(TokenConstants.RevokedToken); } catch (InvalidTokenException) { throw; } catch (InvalidUserException) { throw; } catch (Exception ex) { Log.Log.Error(ex, TokenConstants.InvalidUser); throw new InvalidUserException(TokenConstants.InvalidUser); } }