public Student_old GetStudentByRefreshToken(string refreshToken)
{
using (var con = new SqlConnection(ConStr))
using (var com = new SqlCommand())
{
com.Connection = con;
con.Open();
com.CommandText = "select IndexNumber, FirstName, LastName, Role from Student " +
" where RefreshToken=@RefreshToken";
com.Parameters.AddWithValue("RefreshToken", refreshToken);
SqlDataReader sdr = com.ExecuteReader();
if (sdr.Read())
{
Student_old student = new Student_old();
student.IndexNumber = sdr["IndexNumber"].ToString();
student.FirstName = sdr["FirstName"].ToString();
student.LastName = sdr["LastName"].ToString();
student.Role = sdr["Role"].ToString();
return(student);
}
sdr.Close();
return(null);
}
}
private string getRefreshToken(Student_old student)
{
var refreshT = Guid.NewGuid();
_service.SaveRefreshToken(student.IndexNumber, refreshT.ToString());
return(refreshT.ToString());
}
public IActionResult Refresh(RefreshRequest request)
{
//weryfikacja tokena
Student_old student = _service.GetStudentByRefreshToken(request.refreshToken);
if (student == null)
{
return(Unauthorized("Odswiezenie zakonczylo sie niepowodzeniem"));
}
string activeToken = getActiveToken(student);
string refreshT = getRefreshToken(student);
return(Ok(new
{
token = activeToken,
refreshToken = refreshT
}));
}
public IActionResult Login(LoginRequest request)
{
//weryfikacja logina i hasłą z bazą
Student_old student = _service.GetStudentByLoginPassword(request.Login, request.Haslo);
if (student == null)
{
return(Unauthorized("Logowanie zakonczone niepowodzeniem"));
}
string activeToken = getActiveToken(student);
string refreshT = getRefreshToken(student);
return(Ok(new
{
token = activeToken,
refreshToken = refreshT
}));
}
public Student_old GetStudentByLoginPassword(string login, string pass)
{
using (var con = new SqlConnection(ConStr))
using (var com = new SqlCommand())
{
com.Connection = con;
con.Open();
//get salt
com.CommandText = "select Salt from Student " +
"where IndexNumber=@IndexNumber";
com.Parameters.AddWithValue("IndexNumber", login);
SqlDataReader sdr = com.ExecuteReader();
if (!sdr.Read())
{
return(null);
}
string salt = sdr["Salt"].ToString();
sdr.Close();
string hashPass = GetHash(pass, salt);
//Console.WriteLine(pass);
//Console.WriteLine(salt);
//Console.WriteLine(hashPass);
com.CommandText = "select IndexNumber, FirstName, LastName, Role from Student " +
"where IndexNumber=@IndexNumber and Password=@Password";
com.Parameters.AddWithValue("Password", hashPass);
sdr = com.ExecuteReader();
if (sdr.Read())
{
Student_old student = new Student_old();
student.IndexNumber = sdr["IndexNumber"].ToString();
student.FirstName = sdr["FirstName"].ToString();
student.LastName = sdr["LastName"].ToString();
student.Role = sdr["Role"].ToString();
return(student);
}
sdr.Close();
return(null);
}
}
private string getActiveToken(Student_old student)
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, student.IndexNumber),
new Claim(ClaimTypes.Name, student.LastName),
new Claim(ClaimTypes.Role, student.Role),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
