Exemplo n.º 1
0
        public ActionResult Logout()
        {
            // TODO: ???
            // optionally "revoke" JWT token on the server side --> add the current token to a block-list
            // https://github.com/auth0/node-jsonwebtoken/issues/375

            var userName = User.Identity?.Name;

            _jwtAuthManager.RemoveRefreshTokenByUserName(userName);
            _logger.LogInformation($"User [{userName}] logged out the system.");
            return(Ok());
        }
Exemplo n.º 2
0
        public ActionResult Logout()
        {
            var userName = User.Identity.Name;

            _jwtAuthManager.RemoveRefreshTokenByUserName(userName);
            return(Ok());
        }
Exemplo n.º 3
0
        public async Task <IActionResult> AuthenticateUser([FromBody] AuthenticateUserDto authUser)
        {
            ServiceResponse <GetUserDto> response = await _userService.AuthenticateUser(authUser);

            if (response.Data == null)
            {
                return(Unauthorized(response));
            }
            else
            {
                ServiceResponse <JwtTokens> respjwtTokens = new ServiceResponse <JwtTokens>();

                _jwtAuthManager.RemoveRefreshTokenByUserName(authUser.Email);
                var claims = new[]
                {
                    new Claim("Email", authUser.Email),
                    new Claim("Role", "role"),
                    new Claim("Activated", response.Data.Status == UserStatus.Disabled ? "False": "True")
                };
                var jwtResult = _jwtAuthManager.GenerateTokens(authUser.Email, claims, DateTime.Now);
                _logger.LogInformation($"User [{authUser.Email}] logged in the system.");
                JwtTokens jwtTokens = new JwtTokens();
                jwtTokens.AccessToken  = jwtResult.AccessToken.ToString();
                jwtTokens.RefreshToken = jwtResult.RefreshToken.TokenString;
                respjwtTokens.Data     = jwtTokens;
                respjwtTokens.Message  = "Validated";
                return(Ok(jwtResult));
            }
        }
Exemplo n.º 4
0
        public ActionResult Logout()
        {
            var userName = User.Identity?.Name;

            _jwtAuthManager.RemoveRefreshTokenByUserName(userName);
            _logger.LogInformation($"User [{userName}] logged out the system.");
            return(Ok());
        }
        public ActionResult Logout()
        {
            var userName = User.Identity?.Name;

            _jwtAuthManager.RemoveRefreshTokenByUserName(userName);
            _loggerService.Info("User:"******"logged out from the system.");
            return(Ok());
        }
Exemplo n.º 6
0
        public IActionResult Logout()
        {
            var userName = User.Identity.Name;

            _jwtAuthManager.RemoveRefreshTokenByUserName(userName); // can be more specific to ip, user agent, device name, etc.
            _logger.LogInformation($"User [{userName}] logged out the system.");
            return(Ok());
        }
        public ActionResult Logout() //The logout method invalidates the refresh token on the server-side,
        {                            //In order to invalidate the JWT access token on the server-side block-list strategy can be used or just keep the exp of the token short
            var userName = User.Identity.Name;

            _jwtAuthManager.RemoveRefreshTokenByUserName(userName);//remove the refresh token from the dictionary
            _logger.LogInformation($"User [{userName}] logged out the system.");
            return(Ok());
        }
Exemplo n.º 8
0
        private string CreateToken(User user)
        {
            _jwtAuthManager.RemoveRefreshTokenByUserName(user.Name);
            var claims = new[]
            {
                new Claim("Email", user.Name),
                new Claim("Role", "role"),
                new Claim("Activated", user.Status == UserStatus.Enabled ? "Yes": "No"),
                new Claim("Id", user.Id.ToString()),
                new Claim("Name", user.Name)
            };
            var jwtResult = _jwtAuthManager.GenerateTokens(user.Name, claims, DateTime.Now);

            return(jwtResult.AccessToken);
        }
Exemplo n.º 9
0
        public ActionResult Delete(Guid key)
        {
            User doomed = _ctx.Users.FirstOrDefault(p => p.id == key);

            if (null == doomed)
            {
                return(NotFound());
            }

            User currentUser = _userService.findUserByUserName(User.Identity.Name);

            if (doomed.username == currentUser.username || currentUser.isAdmin)
            {
                _jwtAuthManager.RemoveRefreshTokenByUserName(doomed.username);
                _ctx.Users.Remove(doomed);
                _ctx.SaveChanges();
            }
            else
            {
                return(BadRequest("Users may only delete their own account, or must be an administrator"));
            }

            return(NoContent());
        }
 public IActionResult Logout()
 {
     _jwtAuthManager.RemoveRefreshTokenByUserName(User.Identity.Name);
     ClearTokenCookie();
     return(Ok());
 }