public async Task <string> CreateRefreshTokenAsync(AthenaUser user)
{
var refreshToken = new RefreshToken
{
Expiration = DateTimeOffset.UtcNow.Add(options.RefreshExpiration),
Token = Guid.NewGuid().ToString(),
UserId = user.Id
};
data.RefreshTokens.Add(refreshToken);
await data.SaveChangesAsync();
var securityTokenHandler = new JwtSecurityTokenHandler();
var descriptor = new SecurityTokenDescriptor
{
Audience = options.Audience,
Expires = refreshToken.Expiration.DateTime,
IssuedAt = DateTime.UtcNow,
NotBefore = DateTime.UtcNow,
SigningCredentials = options.SigningCredentials,
Subject = await CreateRefreshClaimsIdentityAsync(user, refreshToken.Token)
};
var securityToken = securityTokenHandler.CreateJwtSecurityToken(descriptor);
return(securityTokenHandler.WriteToken(securityToken));
}
protected async Task <ClaimsIdentity> CreateRefreshClaimsIdentityAsync(AthenaUser user, string token)
{
var identity = await CreateClaimsIdentityAsync(user);
identity.AddClaim(new Claim(ClaimConstants.RefreshClaimType, token));
return(identity);
}
public async Task <AccessToken> CreateAccessTokenAsync(AthenaUser user)
{
return(new AccessToken
{
Expires = DateTime.UtcNow.Add(options.Expiration),
RefreshToken = await CreateRefreshTokenAsync(user),
Token = await CreateJwtTokenAsync(user)
});
}
public async Task <string> CreateJwtTokenAsync(AthenaUser user)
{
var securityTokenHandler = new JwtSecurityTokenHandler();
var descriptor = new SecurityTokenDescriptor
{
Audience = options.Audience,
Expires = DateTime.UtcNow.Add(options.Expiration),
IssuedAt = DateTime.UtcNow,
Issuer = options.Issuer,
SigningCredentials = options.SigningCredentials,
Subject = await CreateClaimsIdentityAsync(user)
};
var securityToken = securityTokenHandler.CreateJwtSecurityToken(descriptor);
return(securityTokenHandler.WriteToken(securityToken));
}
protected async Task <ClaimsIdentity> CreateClaimsIdentityAsync(AthenaUser user)
{
var roles = await userManager.GetRolesAsync(user);
return(new ClaimsIdentity(EnumerateClaims()));
IEnumerable <Claim> EnumerateClaims()
{
yield return(new Claim(ClaimTypes.NameIdentifier, user.Id));
yield return(new Claim(ClaimTypes.Name, user.UserName));
foreach (var role in roles)
{
yield return(new Claim(ClaimTypes.Role, role));
}
}
}
public async Task <IActionResult> SetupAsync(SetupModel model)
{
// Rule: If there are any users, disallow setup.
if (data.Users.Any())
{
return(Forbid());
}
var user = new AthenaUser
{
Email = model.AdminEmail,
EmailConfirmed = true,
UserName = model.AdminUsername
};
var result = await userManager.CreateAsync(user, model.AdminPassword);
if (!result.Succeeded)
{
return(Conflict(result.Errors));
}
result = await userManager.AddToRoleAsync(user, "Administrators");
if (!result.Succeeded)
{
return(Conflict(result.Errors));
}
result = await userManager.SetLockoutEnabledAsync(user, false);
if (!result.Succeeded)
{
return(Conflict(result.Errors));
}
return(new EmptyResult());
}
