public async Task <IActionResult> Token([FromBody] RequestTokenViewModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
var tokenValidationParams = new TokenValidationParameters {
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration.GetSection("AppConfiguration:Key").Value)),
ValidAudience = configuration.GetSection("AppConfiguration:SiteUrl").Value,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ValidIssuer = configuration.GetSection("AppConfiguration:SiteUrl").Value
};
JwtSecurityToken refreshToken;
var jwtTokenhandler = new JwtSecurityTokenHandler();
User user;
switch (model.GrantType)
{
case "refresh_token":
try {
SecurityToken validatedToken;
refreshToken = jwtTokenhandler.ReadJwtToken(model.RefreshToken);
var claims = jwtTokenhandler.ValidateToken(model.RefreshToken, tokenValidationParams, out validatedToken);
var userName = refreshToken.Claims.First(claim => claim.Type == JwtRegisteredClaimNames.Sub).Value;
user = await userManager.FindByNameAsync(userName);
} catch (Exception) {
// Could not decode refresh token
return(StatusCode(401));
}
break;
case "access_token":
user = await userManager.FindByNameAsync(model.UserName);
if (user == null || new PasswordHasher <User>().VerifyHashedPassword(user, user.PasswordHash, model.Password) != PasswordVerificationResult.Success)
{
return(StatusCode(401));
}
break;
default:
return(BadRequest());
}
var accessToken = await GetJwtSecurityToken(user);
refreshToken = await GetJwtSecurityRefreshToken(user);
return(Ok(new {
token = jwtTokenhandler.WriteToken(accessToken),
refresh_token = jwtTokenhandler.WriteToken(refreshToken),
expiration = accessToken.ValidTo
}));
}
private async Task <ResponseTokenViewModel> GenerateAccessAndRefreshToken(RequestTokenViewModel requestToken, string ipAddress)
{
ResponseTokenViewModel responseToken = new ResponseTokenViewModel();
AppUser appUser = await _userManager.FindUserWithRolesByNameAsync(requestToken.UserName);
if (appUser != null && !string.IsNullOrWhiteSpace(requestToken.RefreshToken))
{
RefreshToken oldRefreshToken = await _refreshTokenService.OldRefreshToken(_siteSettings.RefreshTokenSetting.ClientId, requestToken.RefreshToken, ipAddress);
if (oldRefreshToken != null)
{
AppUser userToken = await _userManager.FindByIdAsync(oldRefreshToken.UserId.ToString());
if (userToken == null)
{
throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UnAuthorize, HttpStatusCode.Unauthorized);
}
if (oldRefreshToken.ExpireDate < DateTime.Now)
{
throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UnAuthorize, HttpStatusCode.Unauthorized);
}
else
{
responseToken.RefreshToken = oldRefreshToken.Value;
responseToken.AccessToken = await GenerateAccessTokenAsync(appUser);
}
}
else
{
throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UserNotFound, HttpStatusCode.Unauthorized);
}
}
else
{
throw new AppException(ApiResultStatusCode.LogOut, NotificationMessages.UserNotFound, HttpStatusCode.Unauthorized);
}
return(responseToken);
}
public async Task <ResponseTokenViewModel> AuthenticateUser(HttpRequest request, RequestTokenViewModel requestToken)
{
string ipAddress = _httpContextAccessor.HttpContext.Connection?.RemoteIpAddress.ToString();
ResponseTokenViewModel responseTokenViewModel = new ResponseTokenViewModel();
if (requestToken.GrantType == "Password")
{
AppUser user = await _userManager.FindUserWithRolesByNameAsync(requestToken.UserName);
if (user == null)
{
responseTokenViewModel.IsSuccess = false;
responseTokenViewModel.Message = NotificationMessages.UserNotFound;
responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized;
//throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.UserNotFound, HttpStatusCode.BadRequest);
}
else
{
bool result = await _userManager.CheckPasswordAsync(user, requestToken.Password);
if (!result)
{
responseTokenViewModel.IsSuccess = false;
responseTokenViewModel.Message = NotificationMessages.InvalidUserNameOrPassword;
responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized;
// throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.InvalidUserNameOrPassword, HttpStatusCode.BadRequest);
}
else
{
UserViewModelApi userViewModel = await _userManager.FindUserApiByIdAsync(user.Id);
userViewModel.Image = $"{request.Scheme}://{request.Host}{request.PathBase.Value}/wwwroot/Users/{userViewModel.Image}";
RefreshToken oldRefreshToken = await _refreshTokenService.GetRefreshTokenByUserIdAsync(user.Id);
if (oldRefreshToken != null)
{
await _refreshTokenService.RemoveRefreshTokenAsync(oldRefreshToken);
}
RefreshToken refreshToken = _refreshTokenService.CreateRefreshToken(_siteSettings.RefreshTokenSetting, user.Id, requestToken.IsRemember, ipAddress);
await _refreshTokenService.AddRefreshTokenAsync(refreshToken);
responseTokenViewModel.AccessToken = await GenerateAccessTokenAsync(user);
responseTokenViewModel.RefreshToken = refreshToken.Value;
responseTokenViewModel.User = userViewModel;
responseTokenViewModel.IsSuccess = true;
}
}
}
else if (requestToken.GrantType == "RefreshToken")
{
responseTokenViewModel = await GenerateAccessAndRefreshToken(requestToken, ipAddress);
}
else
{
responseTokenViewModel.IsSuccess = false;
responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.NotFound;
responseTokenViewModel.Message = NotificationMessages.UserNotFound;
//throw new AppException(ApiResultStatusCode.BadRequest, NotificationMessages.TargetNotFounded, HttpStatusCode.BadRequest);
}
return(responseTokenViewModel);
}
public async Task <ApiResult <ResponseTokenViewModel> > Auth([FromBody] RequestTokenViewModel requestToken)
{
return(Ok(await _jwtService.AuthenticateUser(Request, requestToken)));
}
