public async Task Validate(string sourceClass, string sourceMethod)
{
// Check if JWT token exists in session, if not redirect to login page
if (string.IsNullOrEmpty(_httpContextAccessor.HttpContext.Session.GetString("_JwtToken")))
{
throw new TokenException("You are not logged in", sourceClass, sourceMethod, "401");
}
// JWT exist in session, check if expired
if (Convert.ToDateTime(_httpContextAccessor.HttpContext.Session.GetString("_JwtExpiresOn")) < DateTime.UtcNow)
{
// Unnecesary because check is done at back-end but this client-side check saves an API call
// Check if refresh token is expired
// If expired the user needs to authenticate with credentials
if (Convert.ToDateTime(_httpContextAccessor.HttpContext.Session.GetString("_RtExpiresOn")) < DateTime.UtcNow)
{
throw new TokenException("Your session has expired", sourceClass, sourceMethod, "401");
}
// If not expired a request to /api/Users/refresh-token is required to get a new set of tokens
PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.RefreshToken();
// Update the session data with the new set of tokens
_stateManagementService.SetState(postAuthenticateResponseModel);
}
}
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
public async Task <IActionResult> Index(PostUserModel postUserModel, string rememberMe)
{
if (postUserModel.Password != postUserModel.ConfirmPassword)
{
ModelState.AddModelError("ConfirmPassword", _localizer["Passwords are not the same"]);
}
if (ModelState.IsValid)
{
try
{
if (postUserModel.Roles == null)
{
postUserModel.Roles = new List <String>
{
"Guest"
};
}
else if (postUserModel.Roles.Count == 0)
{
postUserModel.Roles.Add("Guest");
}
// Send an API request to create the new user
GetUserModel getUserModel = await _moviemindAPIService.PostModel <PostUserModel, GetUserModel>(postUserModel, "users");
// When the user was successfully created send an API request to authenticate the new user
PostAuthenticateRequestModel postAuthenticateRequestModel = new PostAuthenticateRequestModel
{
UserName = postUserModel.UserName,
Password = postUserModel.Password,
};
PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel);
_stateManagementService.SetState(postAuthenticateResponseModel);
// Redirect to the home page
return(RedirectToRoute(new { action = "Index", controller = "Home" }));
}
catch (MovieMindException e)
{
TempData["ApiError"] = e.Message;
}
}
return(View(postUserModel));
}
public async Task InvokeAsync(HttpContext context, MoviemindAPIService movieMindAPIService, IStateManagementService stateManagementService)
{
// Token validation is not required for authentication and registration
if (!context.Request.Path.Value.Contains("Registration") && !context.Request.Path.Value.Contains("Authentication"))
{
// Check if JWT token exists in session, if not redirect to login page
if (string.IsNullOrEmpty(context.Session.GetString("_JwtToken")))
{
context.Response.Redirect("/Authentication");
return;
}
else
{
var expiresOn = Convert.ToDateTime(context.Session.GetString("_JwtExpiresOn"));
// JWT exist in session, check if expired
if (expiresOn < DateTime.UtcNow)
{
// Unnecesary because check is done at back-end but this client-side check saves an API call
// Check if refresh token is expired
// If expired the user needs to authenticate with credentials
var rtexpireson = Convert.ToDateTime(context.Session.GetString("_RtExpiresOn"));
if (rtexpireson < DateTime.UtcNow)
{
context.Session.SetString("SessionExpired", "Your session is expired");
context.Response.Redirect("/Authentication");
return;
//throw new TokenException("Uw sessie is verlopen", "TokenValidationMiddleware", "InvokeAsync", "401");
}
else
{
// If not expired a request to /api/Users/refresh-token is required to get a new set of tokens
PostAuthenticateResponseModel postAuthenticateResponseModel = await movieMindAPIService.RefreshToken();
// Update the session data with the new set of tokens
stateManagementService.SetState(postAuthenticateResponseModel);
}
}
}
}
// Call the next delegate/middleware in the pipeline
await _next(context);
}
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
public async Task <IActionResult> Index(PostAuthenticateRequestModel postAuthenticateRequestModel)
{
if (ModelState.IsValid)
{
try
{
// Send an API request to authenticate the new user
PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel);
_stateManagementService.SetState(postAuthenticateResponseModel);
// Redirect to the home page
return(RedirectToRoute(new { action = "Index", controller = "Home" }));
}
catch (MovieMindException e)
{
TempData["ApiError"] = e.Message;
}
}
return(View(postAuthenticateRequestModel));
}