Exemplo n.º 1
0
        public ActionResult Token(string username, string password)
        {
            //sleep timer to demonstrate the loading bar
            Thread.Sleep(2000);
            //get user from data store
            var user = userService.GetByName(username);

            //validate password
            if (user == null)
            {
                return(BadRequest("Invalid credentials"));
            }
            if (user.Active != true)
            {
                return(BadRequest("Account not active"));
            }
            if (hashingService.VerifyHashedPassword(user.PasswordHash, password) == PasswordVerificationResult.Failed)
            {
                return(BadRequest("Invalid credentials"));
            }
            //create claims
            var claims = new List <Claim> {
                new Claim("uid", user.Id.ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer)
            };
            //create tokens
            var accessToken  = jwtTokenService.GenerateAccessToken(user.UserName, null, claims);
            var refreshToken = jwtTokenService.GenerateRefreshToken();

            //store refresh token
            jwtTokenService.StoreRefreshToken(user.Id, refreshToken);
            return(Ok(new JwtToken {
                AccessToken = accessToken, RefreshToken = refreshToken, TokenType = "bearer"
            }));
        }
Exemplo n.º 2
0
        private async Task <AuthorizationResponse> CreateNewJwtAndStoreWithRefreshToken(string refreshToken, string email, List <Claim> existingClaims)
        {
            string ip              = GetIpAddress();
            string jwtToken        = _jwtTokenService.CreateJwtToken(existingClaims, email);
            string newRefreshToken = await _jwtTokenService.StoreRefreshToken(jwtToken, refreshToken, ip, email);

            var response = new AuthorizationResponse()
            {
                JwtToken     = jwtToken,
                RefreshToken = newRefreshToken
            };

            return(response);
        }
        public async Task Authenticate_should_return_jwt_and_refresh_token_logging_ip()
        {
            // given
            string ipAddress    = "9.8.7.6";
            string refreshToken = "refresh token";
            string jwtToken     = "jwt token";
            string email        = "*****@*****.**";
            string password     = "******";

            var roadkillUser = new RoadkillIdentityUser()
            {
                Id                 = "1",
                UserName           = email,
                NormalizedUserName = email.ToUpperInvariant(),
                Email              = email,
                NormalizedEmail    = email.ToUpperInvariant(),
                RoleClaims         = new List <string>()
            };

            var model = new AuthorizationRequest()
            {
                Email    = email,
                Password = password
            };

            _userManagerMock.FindByEmailAsync(email)
            .Returns(Task.FromResult(roadkillUser));

            _signinManagerMock.PasswordSignInAsync(roadkillUser, password, true, false)
            .Returns(Task.FromResult(SignInResult.Success));

            var claims = new List <Claim>()
            {
                new Claim("any", "thing")
            } as IList <Claim>;

            _userManagerMock.GetClaimsAsync(roadkillUser)
            .Returns(Task.FromResult(claims));

            _jwtTokenService
            .CreateJwtToken(claims, roadkillUser.Email)
            .Returns(jwtToken);

            var httpContext = new DefaultHttpContext();

            httpContext.Connection.RemoteIpAddress = IPAddress.Parse(ipAddress);
            _authorizationController.ControllerContext.HttpContext = httpContext;

            // TODO
            _jwtTokenService
            .StoreRefreshToken("TODO jwttoken", "TODO refresh token", email, ipAddress)
            .Returns(refreshToken);

            // when
            ActionResult <AuthorizationResponse> actionResult = await _authorizationController.Authenticate(model);

            // then
            actionResult.Result.ShouldBeOfType <OkObjectResult>();
            var okResult = actionResult.Result as OkObjectResult;
            var response = okResult.Value as AuthorizationResponse;

            response.ShouldNotBeNull();
            response.JwtToken.ShouldBe(jwtToken);
            response.RefreshToken.ShouldBe(refreshToken);
        }