public async Task <IActionResult> RefreshToken([FromQuery] string refreshToken) { Token token = await _tokenService.GetByToken(refreshToken); if (token == null) { return(NotFound("refresh token not found")); } // Check if token is valid in MongoDB if (!token.ValidFlag) { return(Problem("invalidated token")); } if (token.UsedFlag) { await _tokenService.InvalidateUserTokens(token.UserId); return(Problem("refresh token already used")); } // Check token validity (Expiration, issuer, audience, etc.) if (!AuthenticationHelpers.IsTokenValid(refreshToken)) { return(Problem("token failed validation")); } var decodedToken = AuthenticationHelpers.ReadToken(refreshToken); await _tokenService.InvalidateToken(decodedToken.Claims.First(c => c.Type == "authTokenId").Value); await _tokenService.UseToken(token.Id); await _tokenService.AddUsage(token.Id, new TokenAction(DateTime.UtcNow, "Used refresh token to generate new pair.")); // Generate new token pair var user = await _userService.Get(token.UserId); string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get()); await _tokenService.Create(new Token( null, user.Id, "auth", authToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); var createdAuthToken = await _tokenService.GetByToken(authToken); string newRefreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id); await _tokenService.Create(new Token( null, user.Id, "refresh", newRefreshToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); return(Ok( new Dictionary <string, string> { { "authToken", authToken }, { "refreshToken", newRefreshToken } } )); }
public async Task <IActionResult> Login([FromQuery] string username, [FromQuery] string password) { User user = await _userService.GetByUsername(username); if (user == null) { return(NotFound("username does not exist")); } if (!AuthenticationHelpers.IsPasswordValid(password, user.Password)) { return(Unauthorized("incorrect password")); } // Check if user has access to login List <Role> userRoles = new List <Role>(); foreach (string roleId in user.Roles) { userRoles.Add(await _roleService.Get(roleId)); } if (!AuthenticationHelpers.IsPermissionGranted(user, userRoles, Startup.StaticConfiguration.GetSection("PermissionIds")["login"])) { return(Unauthorized("not authorized for login")); } string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get()); await _tokenService.Create(new Token( null, user.Id, "auth", authToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); var createdAuthToken = await _tokenService.GetByToken(authToken); string refreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id); await _tokenService.Create(new Token( null, user.Id, "refresh", refreshToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); return(Ok( new Dictionary <string, string> { { "authToken", authToken }, { "refreshToken", refreshToken } } )); }