public void CanGetEncryptedTokenTest() { IMateDAO <Mate> MateDAO = new MateDAO(_connection); Mate testMate = new Mate(); testMate.FirstName = "Miguel"; testMate.LastName = "Dev"; testMate.UserName = "******"; testMate.Password = "******"; testMate.Email = "*****@*****.**"; testMate.Description = "Lorem Ipsum is simply dummy text of the printing and typesetting industry."; testMate.Address = "Figueiró"; testMate.Categories = new[] { Categories.CLEANING, Categories.PLUMBING }; testMate.Rank = Ranks.SUPER_MATE; testMate.Range = 20; Mate returned = MateDAO.Create(testMate); string refreshToken = RefreshTokenHelper.generateRefreshToken(); RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection); refreshTokenDAO.saveEncryptedRefreshToken(refreshToken, returned.Email); EncryptedRefreshTokenModel returnedToken = refreshTokenDAO.GetEncryptedRefreshTokenModel(returned.Email); Assert.Equal(returned.Email, returnedToken.Email); Assert.True(PasswordOperations.VerifyHash(refreshToken, returnedToken.Hash, returnedToken.Salt)); _fixture.Dispose(); }
/// <summary> /// Método para retornar o token refresh encriptado de /// um utilizador com o email de argumento /// </summary> /// <param name="email">Email do utilizador</param> /// <returns>Retorna um objeto EncryptedRefreshTokenModel, /// caom a Hash, salt do token e email do user </returns> public EncryptedRefreshTokenModel GetEncryptedRefreshTokenModel(string email){ try{ EncryptedRefreshTokenModel encryptedToken = null; using (SqlCommand cmd = _connection.Fetch().CreateCommand()) { cmd.CommandText = "SELECT Email, TokenHash, TokenSalt " + "FROM dbo.[RefreshTokens] " + "WHERE Email = @Em"; cmd.Parameters.Add("@Em", SqlDbType.NVarChar).Value = email; using (SqlDataReader reader = cmd.ExecuteReader()) { if (reader.HasRows) { encryptedToken = new EncryptedRefreshTokenModel(); reader.Read(); encryptedToken.Email = reader.GetString(0); encryptedToken.Hash = reader.GetString(1); encryptedToken.Salt = reader.GetString(2); } } } return encryptedToken; } catch (Exception e){ throw new Exception(e.Message); } }
/// <summary> /// Método que faz o refresh de um token. /// É utilizado o token antigo para validação e para ir buscar as claims /// </summary> /// <param name="tokens">Objeto ResponseTokens com o token antigo /// e token de resfresh</param> /// <param name="secret">Secret para criar um token de acesso novo</param> /// <returns>Retorna um objeto ResponseTokens com o token novo /// e token de resfresh novo</returns> public ResponseTokens Refresh(ResponseTokens tokens, string secret) { var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(secret); SecurityToken validatedToken; var principal = tokenHandler.ValidateToken(tokens.Token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = false }, out validatedToken); var jwtToken = validatedToken as JwtSecurityToken; if (jwtToken == null || !jwtToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) { throw new SecurityTokenException("Token Inválido!"); } string email = ClaimHelper.GetEmailFromClaimIdentity((ClaimsIdentity)principal.Identity); RefreshTokenDAO refreshTokenDAO = new RefreshTokenDAO(_connection); EncryptedRefreshTokenModel encToken = refreshTokenDAO.GetEncryptedRefreshTokenModel(email); if (encToken == null) { throw new Exception("O token nao existe para o email pretendido!"); } if (PasswordOperations.VerifyHash(tokens.RefreshToken, encToken.Hash, encToken.Salt) == false) { throw new SecurityTokenException("Token Inválido!"); } return(Authenticate(email, secret, principal.Claims.ToArray())); }