public ActionResult Login([FromBody] LoginViewModel model,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
var user = _repository.GetByEmail(model.Email);
if (user == null || !_passwordHasher.VerifyIdentityV3Hash(model.Password, user.PasswordHash))
{
return(Unauthorized());
}
var usersClaims = new []
{
new Claim(ClaimTypes.Name, user.Email),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
};
var jwtToken = _tokenService.GenerateAccessToken(usersClaims, signingEncodingKey, encryptingEncodingKey);
var refreshToken = _tokenService.GenerateRefreshToken();
return(Ok(
new
{
token = jwtToken,
refreshToken = refreshToken
}));
}
public ActionResult <string> Post(AuthenticationRequest authRequest,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, authRequest.Name)
};
var tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken(
issuer: "SampleOfWebAPI",
audience: "WebAPI",
subject: new ClaimsIdentity(claims),
notBefore: DateTime.Now,
expires: DateTime.Now.AddHours(1),
issuedAt: DateTime.Now,
signingCredentials: new SigningCredentials(
signingEncodingKey.GetKey(),
signingEncodingKey.SigningAlgorithm),
encryptingCredentials: new EncryptingCredentials(
encryptingEncodingKey.GetKey(),
encryptingEncodingKey.SigningAlgorithm,
encryptingEncodingKey.EncryptingAlgorithm));
string jwtToken = tokenHandler.WriteToken(token);
return(jwtToken);
}
public TokenGenerator(IConfiguration configuration,
IJwtSigningEncodingKey signingEncodingKey,
IJwtEncryptingEncodingKey encryptingEncodingKey)
{
_signingEncodingKey = signingEncodingKey;
_encryptingEncodingKey = encryptingEncodingKey;
_configuration = configuration;
}
public JwtService(IOptions <TokenLifeTimeOptions> tokenLifeTimeOptions,
IOptions <AuthOptions> authOptions,
IJwtSigningEncodingKey signInEncodingKey,
IJwtEncryptingEncodingKey jwtEncryptionEncodingKey,
IAesCipher crypt)
{
this.tokenLifeTimeOptions = tokenLifeTimeOptions;
this.authOptions = authOptions;
this.signInEncodingKey = signInEncodingKey;
this.jwtEncryptionEncodingKey = jwtEncryptionEncodingKey;
this.crypt = crypt;
}
public AccountHelperTests()
{
_accountHelper = new AccountHelper();
// Setting up a jwe keys
const string signingSecurityKey = "745hvv43uhvfnvu2v";
var signingKey = new SigningSymmetricKey(signingSecurityKey);
const string encodingSecurityKey = "dfkng20jfsdjfvsdmvw";
var encryptionEncodingKey = new EncryptingSymmetricKey(encodingSecurityKey);
_signingEncodingKey = signingKey;
_encryptingEncodingKey = encryptionEncodingKey;
}
public AuthService(
IMongoManager mongoManager,
ILogger <AuthService> logger,
IHasher hasher,
IJwtSigningEncodingKey signingEncodingKey,
IJwtEncryptingEncodingKey encryptingEncodingKey
)
{
_mongoManager = mongoManager;
_logger = logger;
_hasher = hasher;
_signingEncodingKey = signingEncodingKey;
_encryptingEncodingKey = encryptingEncodingKey;
}
public IActionResult RefreshToken([FromBody] RefreshTokenViewModel model,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
var principal = _tokenService.GetPrincipalFromExpiredToken(model.Token);
var username = principal.Identity.Name;
var newJwtToken = _tokenService.GenerateAccessToken(principal.Claims, signingEncodingKey, encryptingEncodingKey);
var newRefreshToken = _tokenService.GenerateRefreshToken();
return(Ok(
new
{
token = newJwtToken,
refreshToken = newRefreshToken
}));
}
public string GenerateAccessToken(IEnumerable <Claim> claims,
IJwtSigningEncodingKey signingEncodingKey,
IJwtEncryptingEncodingKey encryptingEncodingKey)
{
var tokenHandler = new JwtSecurityTokenHandler();
var expiryInMinutes = Convert.ToInt32(_configuration["Jwt:ExpiryInMinutes"]);
var jwtToken = tokenHandler.CreateJwtSecurityToken(
issuer: _configuration["Jwt:Site"],
audience: _configuration["Jwt:Site"],
subject: new ClaimsIdentity(claims),
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(expiryInMinutes),
issuedAt: DateTime.UtcNow,
signingCredentials: new SigningCredentials(
signingEncodingKey.GetKey(),
signingEncodingKey.SigningAlgorithm),
encryptingCredentials: new EncryptingCredentials(
encryptingEncodingKey.GetKey(),
encryptingEncodingKey.SigningAlgorithm,
encryptingEncodingKey.EncryptingAlgorithm));
return(tokenHandler.WriteToken(jwtToken));
}
public ActionResult <string> Post(
AuthenticationRequest authRequest,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
// 1. Проверяем данные пользователя из запроса.
// ...
// 2. Создаем утверждения для токена.
var claims = new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, authRequest.Name)
};
// 3. Генерируем JWT.
var tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken(
issuer: "DemoApp",
audience: "DemoAppClient",
subject: new ClaimsIdentity(claims),
notBefore: DateTime.Now,
expires: DateTime.Now.AddMinutes(5),
issuedAt: DateTime.Now,
signingCredentials: new SigningCredentials(
signingEncodingKey.GetKey(),
signingEncodingKey.SigningAlgorithm),
encryptingCredentials: new EncryptingCredentials(
encryptingEncodingKey.GetKey(),
encryptingEncodingKey.SigningAlgorithm,
encryptingEncodingKey.EncryptingAlgorithm));
var jwtToken = tokenHandler.WriteToken(token);
return(jwtToken);
}
public async Task <IActionResult> Login([FromHeader(Name = "User-Agent")] string userAgent,
[FromHeader(Name = "Authorization")] string authorization,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
if (string.IsNullOrEmpty(userAgent) ||
string.IsNullOrWhiteSpace(userAgent))
{
return(Json("Incorrect user-agent info"));
}
if (string.IsNullOrEmpty(authorization) ||
string.IsNullOrWhiteSpace(authorization))
{
return(Json("Incorrect user data"));
}
// Decoding from Base64 Authorization Basic <username:password>
var clearAuth = authorization.Replace("Basic ", string.Empty);
var base64EncodedBytes = Convert.FromBase64String(clearAuth);
var base64EncodedString = Encoding.UTF8.GetString(base64EncodedBytes);
var credentials = base64EncodedString.Split(":");
if (credentials is null ||
credentials?.Length != 2)
{
return(Json("Incorrect data format for authorization"));
}
// User verification
var existUser = await _userRepository.Query()
.Where(s => s.Login == credentials[0])
.SingleOrDefaultAsync();
if (existUser is null)
{
return(Json("Authorization error"));
}
if (!credentials[1].Equals(existUser?.Password))
{
return(Json("Incorrect password"));
}
// Generate Jwe token
var jwtToken = _accountHelper.GenerateJwtToken(existUser, signingEncodingKey, encryptingEncodingKey);
var refreshToken = _accountHelper.GenerateRefreshToken();
if (refreshToken is null)
{
return(Json("Refresh token isn't formed"));
}
var dtUtcNow = DateTime.UtcNow;
var userLogin = new UserLoginModel
{
RefreshToken = refreshToken,
CreateDateUTC = dtUtcNow,
ExpireDateUTC = dtUtcNow.AddDays(2),
UserAgent = userAgent
};
var existUserLogin = await _userLoginRepository.Query()
.Where(s => s.UserId == existUser.Id &&
s.UserAgent == userLogin.UserAgent)
.SingleOrDefaultAsync();
// Delete existing login
if (existUserLogin != null)
{
await _userLoginRepository.DeleteAsync(existUserLogin);
}
existUser.UsersLogins.Add(userLogin);
await _userRepository.UpdateAsync(existUser);
var response = new { jwtToken, refreshToken };
return(Json(response));
}
public async Task <IActionResult> RefreshToken([FromHeader(Name = "User-Agent")] string userAgent,
[FromHeader(Name = "Authorization")] string token,
[FromHeader(Name = "Authorization-Refresh")] string refreshToken,
[FromServices] IJwtSigningEncodingKey signingEncodingKey,
[FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey)
{
if (userAgent is null)
{
return(Json("Incorrect user-agent info"));
}
if (refreshToken is null)
{
return(Json("Incorrect refresh token"));
}
// Token validation, decoding
var principal = _accountHelper.GetPrincipal(token, false);
if (principal is null)
{
return(Json("Incorrect token"));
}
var login = principal?.Identity?.Name;
var oldUserLogin = await _userLoginRepository.Query()
.Where(s => s.User.Login.Equals(login) &&
s.UserAgent.Equals(userAgent) &&
s.RefreshToken.Equals(refreshToken))
.SingleOrDefaultAsync();
if (oldUserLogin is null)
{
return(Json("Incorrect authorization data", HttpStatusCode.Unauthorized));
}
// Expire time of refresh tokens are 2 days
var dtUtcNow = DateTime.UtcNow;
if (oldUserLogin?.ExpireDateUTC <= dtUtcNow)
{
await _userLoginRepository.DeleteAsync(oldUserLogin);
return(Json("Refresh token has been expired", HttpStatusCode.Unauthorized));
}
var user = await _userRepository.Query()
.Where(s => s.Login.Equals(login))
.SingleOrDefaultAsync();
if (user is null)
{
return(Json("There is no user with this data"));
}
// Forming tokens
var newJwtToken = _accountHelper.GenerateJwtToken(user, signingEncodingKey, encryptingEncodingKey);
var newRefreshToken = _accountHelper.GenerateRefreshToken();
oldUserLogin.RefreshToken = newRefreshToken;
oldUserLogin.CreateDateUTC = dtUtcNow;
oldUserLogin.ExpireDateUTC = dtUtcNow.AddDays(2);
await _userLoginRepository.UpdateAsync(oldUserLogin);
var response = new { newJwtToken, newRefreshToken };
return(Json(response));
}
public string GenerateJwtToken(UserModel user, IJwtSigningEncodingKey signingEncodingKey, IJwtEncryptingEncodingKey encryptingEncodingKey)
{
var claims = new Claim[]
{
new Claim(ClaimTypes.Name, user?.Login),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateJwtSecurityToken(
issuer: JwtSettings.ValidIssuer,
audience: JwtSettings.ValidAudience,
subject: new ClaimsIdentity(claims),
notBefore: DateTime.Now,
expires: DateTime.Now.AddMinutes(5),
issuedAt: DateTime.Now,
signingCredentials: new SigningCredentials(
signingEncodingKey.GetKey(),
signingEncodingKey.SigningAlgorithm),
encryptingCredentials: new EncryptingCredentials(
encryptingEncodingKey.GetKey(),
encryptingEncodingKey.SigningAlgorithm,
encryptingEncodingKey.EncryptingAlgorithm)
);
var jwteString = tokenHandler.WriteToken(token);
return(jwteString);
}
