public UserTokenData Authenticate(string username, string password)
{
var user = _context.Users.SingleOrDefault(x => x.NombreUsuario.Trim().Equals(username.Trim()) && x.Pass.Trim().Equals(password.Trim()));
if (user == null)
{
return(null);
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString()),
new Claim(ClaimTypes.NameIdentifier, user.NombreUsuario)
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var userToken = new UserTokenData()
{
UserName = username, Token = tokenHandler.WriteToken(token)
};
return(userToken);
}
public async Task <bool> RevokeToken(string token)
{
JwtSecurityToken decodedToken = this.tokenService.decodeToken(token);
int userId = int.Parse(decodedToken.Id);
var user = await this.unitOfWork.Users.GetByIdAsync(userId);
if (user == null)
{
throw new AppException("Invalid token.");
}
int tokenId = int.Parse(decodedToken.Id);
UserTokenData stoken = await unitOfWork.Users.GetUserRefreshTokenByTokenId(tokenId);
if (stoken == null)
{
throw new AppException("Invalid Token");
}
if (!stoken.IsActive)
{
return(false);
}
stoken.BlackListed = true;
await unitOfWork.Users.BlackListed(tokenId);
return(true);
}
public object GenerateReFreshToken(string token)
{
var configReader = new ConfigurationReader();
var tokenManager = new TokenManager(configReader);
var decrypt = AesHelper.Decrypt(token);
UserTokenData userTokenData = JsonConvert.DeserializeObject <UserTokenData>(decrypt);
return(tokenManager.GenerateUserRefreshToken(userTokenData));
}
public async Task <int> AddRefreshTokenAsync(UserTokenData entity)
{
entity.CreatedAt = DateTime.UtcNow;
var sql = @"Insert into user_refresh_tokens ([user_id],[access_token],[refresh_token],[expires_at],black_listed,created_by_ip,[created_at] )
VALUES (@user_id,@AccessToken, @RefreshToken,@ExpiresAt,@BlackListed,@CreatedByIP, @CreatedAt)";
using (var connection = this.GetOpenConnection())
{
var result = await connection.ExecuteAsync(sql, entity);
return(result);
}
}
//This check the time data in the to see if the token has expire already
public bool IsTokenExpired(UserTokenData userTokenData)
{
if (userTokenData == null)
{
return(true);
}
var now = DateTime.Now;
if ((DateTime.Compare(userTokenData.AbsoluteExpiration, now) < 0) ||
(DateTime.Compare(userTokenData.SlidingExpiration, now) < 0))
{
return(false);
}
return(true);
}
/// <summary>
/// Common method for login and register services.
/// </summary>
/// <param name="id"></param>
/// <param name="email"></param>
/// <returns></returns>
private ServiceResult <LoginResponseModel> Login(int id, string email)
{
var tokenData = new UserTokenData
{
Id = id,
Email = email
};
string token = AuthHelper.CreateToken(UserConfig.Value.UserTokenSecret, 60 * 24, tokenData);
return(ServiceResult <LoginResponseModel> .Instance.SuccessResult(new LoginResponseModel
{
Id = id,
Token = token
}));
}
public async Task <ResponseAuthDto> Authenticate(LoginDto model, string ipAddress = "")
{
var user = await this.unitOfWork.Users.GetUserByEmailAsync(model.username);
if (user == null)
{
throw new AppException("User not found - Invalid Email");
}
if (user.password_hash == Helper.HashPassword(model.password, user.password_salt))
{
throw new AppException("Invalid password");
}
var userInfo = _mapper.Map <UserInfo>(user);
TokenDto newAccessToken = tokenService.generateAccessToken(userInfo);
TokenDto newRefreshToken = tokenService.generateRefreshToken(userInfo);
var token = new UserTokenData()
{
AccessToken = newAccessToken.EncodedToken,
RefreshToken = newRefreshToken.EncodedToken,
BlackListed = false,
AccessTokenExpiresAt = newRefreshToken.TokenModel.ValidTo,
CreatedAt = newRefreshToken.TokenModel.IssuedAt,
CreatedByIP = ipAddress,
};
token.user_id = user.user_id;
await this.unitOfWork.Users.AddRefreshTokenAsync(token);
var tokenInfo = new TokenInfoDto
{
AccessToken = newAccessToken.EncodedToken,
RefreshToken = newRefreshToken.EncodedToken,
ExpiresAt = newRefreshToken.TokenModel.ValidTo,
TokenType = JwtBearerDefaults.AuthenticationScheme
};
return(new ResponseAuthDto
{
Token = tokenInfo,
User = userInfo
});
}
//This generate a refresh token for the user by updating the sliding expiration field of the token
public string GenerateUserRefreshToken(UserTokenData userTokenData)
{
int periodSliding = _configurationReader.GetSlidingExpiration();
var freshUserTokenData = new UserTokenData();
var now = DateTime.Now;
freshUserTokenData.SlidingExpiration = now.AddMinutes(periodSliding);
freshUserTokenData.AbsoluteExpiration = userTokenData.AbsoluteExpiration;
freshUserTokenData.PresentTime = DateTime.Now;
freshUserTokenData.CipherUserName = userTokenData.CipherUserName;
var newToken = AesHelper
.Encrypt(
JsonConvert
.SerializeObject(freshUserTokenData));
return(newToken);
}
public string GenerateNewTokenWithExpiryData(string userNameShaEncryptedString)
{
var periodSliding = _configurationReader.GetSlidingExpiration();
var periodAbsolute = _configurationReader.GetAbsoluteExpiration();
var userTokenData = new UserTokenData();
var now = DateTime.Now;
userTokenData.SlidingExpiration = now.AddMinutes(periodSliding);
userTokenData.PresentTime = DateTime.Now;
userTokenData.AbsoluteExpiration = now.AddHours(periodAbsolute);
userTokenData.CipherUserName = userNameShaEncryptedString;
var newToken = AesHelper
.Encrypt(
JsonConvert
.SerializeObject(
userTokenData));
return(newToken);
}
public static int AddUserToMap(string token, UserTokenData user)
{
try
{
if (!UserTokenMap.ContainsKey(token))
{
UserTokenMap.Add(token, user);
return 0;
}
else
{
UserTokenMap.Remove(token);
UserTokenMap.Add(token, user);
return 1;
}
}
catch (Exception e)
{
Console.WriteLine(e.StackTrace);
return -1;
}
}
public CoreIdentity(UserTokenData userData, IEnumerable <Claim> claims) : base(claims, DefaultNameClaimType)
{
UserData = userData;
}
public CoreIdentity(UserTokenData userData)
{
UserData = userData;
}
public async Task <ResponseAuthDto> RenewAccessToken(RequestAuthDto request, string ipAddress = "")
{
JwtSecurityToken decodedToken = this.tokenService.decodeToken(request.RefreshToken);
var user = await this.unitOfWork.Users.GetByIdAsync(int.Parse(decodedToken.Subject));
if (user == null)
{
throw new AppException("Invalid token.");
}
var tokenRecord = await this.unitOfWork.Users.GetUserRefreshToken(request.RefreshToken);
if (tokenRecord == null)
{
throw new AppException("Invalid refresh token.");
}
//Access token should be verified.
//because on the token storage it's been save as a paired token (access and refresh token are saved together)
if (tokenRecord.AccessToken != request.AccessToken)
{
throw new AppException("Invalid access token.");
}
if (tokenRecord.BlackListed)
{
throw new AppException("Token is blacklisted.");
}
if (tokenRecord.ExpiresAt.Subtract(DateTime.UtcNow).TotalSeconds <= 0)
{
throw new AppException("Refresh token is expired.");
}
//AutoMapper.Mapper.Map<Destination>(source);
var userInfo = _mapper.Map <UserInfo>(user);
TokenDto newAccessToken = tokenService.generateAccessToken(userInfo);
TokenDto newRefreshToken = tokenService.generateRefreshToken(userInfo);
await this.unitOfWork.Users.BlackListed(tokenRecord.TokenId);
var token = new UserTokenData()
{
AccessToken = newAccessToken.EncodedToken,
RefreshToken = newRefreshToken.EncodedToken,
BlackListed = false,
ExpiresAt = newRefreshToken.TokenModel.ValidTo,
CreatedAt = newRefreshToken.TokenModel.IssuedAt,
CreatedByIP = ipAddress
};
await this.unitOfWork.Users.AddRefreshTokenAsync(token);
var tokenInfo = new TokenInfoDto
{
AccessToken = newAccessToken.EncodedToken,
RefreshToken = newRefreshToken.EncodedToken,
ExpiresAt = newRefreshToken.TokenModel.ValidTo,
TokenType = JwtBearerDefaults.AuthenticationScheme
};
return(new ResponseAuthDto
{
Token = tokenInfo,
User = userInfo
});
}
