public void RecordToken(RecordTokenRequest rtr)
{
var res = _advertContext.Client.Where(c => c.IdClient == rtr.IdClient).FirstOrDefault();
res.TokenString = rtr.refreshTokenValue;
_advertContext.SaveChanges();
}
public IActionResult Login(LoginRequestDto request)
{
LoginAttemptResponse loginAttempt = _dbService.checkLogin(request.Login);
if (loginAttempt == null)
{
return(NotFound("That login does not exist in the database"));
}
if (!AuthHandler.Validate(request.Password, loginAttempt.Salt, loginAttempt.Hash))
{
return(BadRequest("Incorrect Password"));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, loginAttempt.Login),
new Claim(ClaimTypes.Name, loginAttempt.FirstName),
new Claim(ClaimTypes.Role, "user")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("FFFFFFFFFIIIIIIIIIXXXXXX THEEEEEE VAAAAAAAALLLLLLLLLUUUEEEEEEE!!!!!!!!!!!!!!!!!!!!"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "AdvertCompany",
audience: "user",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshToken = Guid.NewGuid();
string refreshTokenString = refreshToken.ToString();
RecordTokenRequest rtr = new RecordTokenRequest
{
IdClient = loginAttempt.IdClient,
refreshTokenValue = loginAttempt.TokenString
};
_dbService.RecordToken(rtr);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken
}));
}
public IActionResult RegisterUser(AddUserRequest iur)
{
var res = _dbService.AddUser(iur);
if (iur == null)
{
return(BadRequest("User-client was not created"));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, iur.Login),
new Claim(ClaimTypes.Name, iur.FirstName),
new Claim(ClaimTypes.Role, "user")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(res.Hash)); //TODO HERE WAS SECRET VALUE - SOME LONG ASS VALUE PUT IN APPSETTINGS JSON INCONF
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "AdvertCompany",
audience: "user",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshToken = Guid.NewGuid();
string refreshTokenString = refreshToken.ToString();
RecordTokenRequest rtr = new RecordTokenRequest
{
IdClient = res.IdClient,
refreshTokenValue = res.TokenString
};
_dbService.RecordToken(rtr);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken
}));
}
public IActionResult RefreshToken(string requestToken)
{
var givenToken = _dbService.ValidateTheToken(requestToken);
if (givenToken == null)
{
return(BadRequest());
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, givenToken.Login),
new Claim(ClaimTypes.Name, givenToken.FirstName),
new Claim(ClaimTypes.Role, "user")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("FIX THE VAL IN HERE")); //var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "AdvertCompany",
audience: "user",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshToken = Guid.NewGuid();
string refreshTokenString = refreshToken.ToString();
var tokenCreated = new RecordTokenRequest
{
IdClient = givenToken.IdClient,
refreshTokenValue = givenToken.TokenString
};
_dbService.RecordToken(tokenCreated);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken
}));
}