public async Task <ActionResult> RefreshToken([FromBody] ExchangeRefreshTokenModel model)
{
var request = new ExchangeRefreshTokenRequest(model.AccessToken !, model.RefreshToken !, _jwtOptions.SigningKey !);
await _exchangeRefreshTokenUseCase.Handle(request, _exchangeRefreshTokenPresenter);
return(_exchangeRefreshTokenPresenter.ContentResult);
}
public IActionResult PostRefreshToken([FromForm] ExchangeRefreshTokenModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, "test"),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["TokenProviderOptions:SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(_config["TokenProviderOptions:Issuer"],
_config["TokenProviderOptions:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds);
var refreshToken = _tokenFactory.GenerateToken();
return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = refreshToken }));
}
public async Task <IActionResult> RefreshToken([FromBody] ExchangeRefreshTokenModel model)
{
_logger.LogInformation("Refreshing access token: {0} with refresh token: {1}", model.AccessToken, model.RefreshToken);
if (!ModelState.IsValid)
{
return(Error("Invalid request paramters"));
}
var cp = _jwtTokenValidator.GetPrincipalFromToken(model.AccessToken, _authSettings.SecretKey);
// invalid token/signing key was passed and we can't extract user claims
if (cp != null)
{
var id = cp.Claims.First(c => c.Type == "id").Value;
Maybe <AppUser> account = _appUserRepo.GetById(int.Parse(id));
if (account.HasNoValue)
{
return(Error($"No matching user account found: {id}"));
}
Maybe <RefreshToken> refreshToken = account.Value.RefreshTokens.FirstOrDefault(x => x.Token == model.RefreshToken);
// validate referesh token
if (
//RefereshTokenStore.TryGetValue(id, out string oldRefereshToken) && oldRefereshToken == model.RefreshToken
//&&
refreshToken.Unwrap(d => d.IsActive))
{
List <AppGroup> groups = _groupRepo.GetList(account.Value.UserGroups.Select(d => d.AppGroupId).ToArray()).ToList();
string[] permissions = groups.SelectMany(d => d.GroupPermissions.Select(p => p.Permission.Name)).ToArray();
var jwtToken = await account.Unwrap(d => _jwtFactory.GenerateEncodedToken(d.Id.ToString(), d.Username, permissions));
string newRefreshToken = _tokenFactory.GenerateToken();
RefereshTokenStore[id] = newRefreshToken; // delete the token exchanged and store the new one
refreshToken.Value.Revoked = DateTime.UtcNow;
refreshToken.Value.RevokedByIp = IpAddress();
refreshToken.Value.ReplacedByToken = newRefreshToken;
account.Value.RefreshTokens.Add(new RefreshToken
{
Token = newRefreshToken,
Expires = DateTime.UtcNow.AddHours(4), // 4 hours
Created = DateTime.UtcNow,
CreatedByIp = IpAddress()
});
_appUserRepo.Update(account.Value);
return(Ok(new ExchangeRefreshTokenResponseDTO(jwtToken, newRefreshToken)));
}
}
return(Error("Provided token is invalid or expired."));
}
public async Task ExchangeRefreshToken_GivenInvalidToken_Fails()
{
ExchangeRefreshTokenModel model = new ExchangeRefreshTokenModel {
AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhY3N0ZXN0dXNlciIsImp0aSI6Ijg1ZjE5Yzc4LTVmNDgtNDJkOC1iNjdjLWI5ZGE1MjQ2NTc5MyIsImlhdCI6IjE1NjYyNDM3OTYiLCJyb2wiOiJ1c2VyIiwiaWQiOiIxIiwibmJmIjoxNTY2MjQzNzk1LCJleHAiOjE1NjYyNDczOTUsImlzcyI6IkFsaW1Db29wIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIn0.JL4v6wa4O9CyUWxSLuRzI0S9-IopobRM6zdDdfRTbeM", RefreshToken = "unknown"
};
StringContent content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json");
var response = await _client.PostAsync("/api/authentication/refreshtoken", content);
var stringResponse = await response.Content.ReadAsStringAsync();
Assert.Contains("Invalid token.", stringResponse);
}
public async Task ExchangeRefreshToken_GivenValidToken_Succeeds()
{
ExchangeRefreshTokenModel model = new ExchangeRefreshTokenModel {
AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhY3N0ZXN0dXNlciIsImp0aSI6Ijg1ZjE5Yzc4LTVmNDgtNDJkOC1iNjdjLWI5ZGE1MjQ2NTc5MyIsImlhdCI6IjE1NjYyNDM3OTYiLCJyb2wiOiJ1c2VyIiwiaWQiOiIxIiwibmJmIjoxNTY2MjQzNzk1LCJleHAiOjE1NjYyNDczOTUsImlzcyI6IkFsaW1Db29wIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIn0.JL4v6wa4O9CyUWxSLuRzI0S9-IopobRM6zdDdfRTbeM", RefreshToken = "sf+BoDDXriyqkpwB4Wl3I59AYecTs9j37a981ijAGXs="
};
StringContent content = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json");
var response = await _client.PostAsync("/api/authentication/refreshtoken", content);
response.EnsureSuccessStatusCode();
var stringResponse = await response.Content.ReadAsStringAsync();
dynamic result = JObject.Parse(stringResponse);
Assert.NotNull(result.token);
Assert.True((int)result.expiresIn > 0);
Assert.NotNull(result.refreshToken);
}
