public async Task <ExchangeRefreshTokenResponse> ExchangeRefreshTokenAsync(string accessToken, string refreshToken, CancellationToken cancellationToken)
{
var currentPrincipal = _jwtTokenValidator.GetPrincipalFromToken(accessToken, _settings.AuthSettings.SecretKey);
// invalid token/signing key was passed and we can't extract user claims
if (currentPrincipal != null)
{
var appUserId = currentPrincipal.Claims.First(c => c.Type == CustomClaimIdentifiers.AppUserId).Value;
var appUser = await _appUsersRepository.GetAppUserAsync(new Guid(appUserId), cancellationToken);
if (appUser.HasValidRefreshToken(refreshToken))
{
var jwtToken = await _jwtTokenFactory.GenerateEncodedTokenAsync(appUser.UserId.ToString(), appUser.UserName, appUser.AppUserId.ToString());
var newRefreshToken = _tokenFactory.GenerateToken();
appUser.RemoveRefreshToken(refreshToken); // delete the token we've exchanged
appUser.AddRefreshToken(newRefreshToken, appUser.UserId, ""); // add the new one
await appUser.SaveAsync(cancellationToken);
return(new ExchangeRefreshTokenResponse(jwtToken, newRefreshToken, true));
}
}
return(new ExchangeRefreshTokenResponse(false, "Invalid token."));
}
public async Task <RefreshTokenResponseDto> RefreshToken(RefreshTokenInputDto inputDto)
{
var signingKey = AppSettingConfigurationHelper.GetSection("AuthSettings:SecretKey").Value;
var claimPrincipal = _jwtTokenValidator.GetPrincipalFromToken(inputDto.AccessToken, signingKey);
if (claimPrincipal != null)
{
var id = claimPrincipal.Claims.First(c => c.Type == "id");
var user = await _userManager.FindByIdAsync(Convert.ToInt64(id.Value));
if (_refreshTokenService.HasValidRefreshToken(inputDto.RefreshToken))
{
var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName, user.TenantId);
_refreshTokenService.Remove(inputDto.RefreshToken); // delete the token we've exchanged
var refreshToken = _refreshTokenService.CreateRefreshToken(user, ""); // add the new one
return(new RefreshTokenResponseDto(jwtToken, refreshToken.Token, true));
}
else
{
return(new RefreshTokenResponseDto(null, "", false, "Invalid Refresh Token"));
}
}
return(new RefreshTokenResponseDto(null, "", false, "Invalid Access Token"));
}
public async Task Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort)
{
if (!message.IsValid())
{
NotifyValidationErrors(message);
return;
}
var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey);
// invalid token/signing key was passed and we can't extract user claims
if (cp != null)
{
var id = cp.Claims.First(c => c.Type == "id");
var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value));
if (user.HasValidRefreshToken(message.RefreshToken))
{
var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName);
var refreshToken = _tokenFactory.GenerateToken();
user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged
user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one
_userRepository.Update(user);
if (Commit())
{
outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken));
return;
}
}
}
await Bus.RaiseEvent(new DomainNotification(message.MessageType, "Failed to refresh token"));
}
public async Task <Result <TokenResult> > Handle(RefreshTokenCommand request, CancellationToken cancellationToken)
{
if (request.AccessToken.IsEmpty())
{
throw new AuthException($"invalid {nameof(request.AccessToken)}");
}
if (request.RefreshToken.IsEmpty())
{
throw new AuthException($"invalid {nameof(request.RefreshToken)}");
}
var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, _authSettings.SecretKey);
if (claimsPrincipal is null)
{
return(Result.Failure <TokenResult>("Invalid access token"));
}
var id = claimsPrincipal.Claims.First(c => c.Type == ClaimTypes.Sid);
var role = claimsPrincipal.Claims.First(x => x.Type == ClaimTypes.Role);
var user = await _userManager.FindByIdAsync(id.Value);
var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName, role.Value, user.Email);
var refreshToken = _tokenFactory.GenerateToken();
await _userManager.RemoveAuthenticationTokenAsync(user, TokenProviderNames.LoginProvider,
TokenProviderNames.TokenName);
await _userManager.SetAuthenticationTokenAsync(user, TokenProviderNames.LoginProvider,
TokenProviderNames.TokenName, refreshToken);
return(Result.Success(new TokenResult(refreshToken, jwtToken.Token, jwtToken.ExpiresIn)));
}
public async Task <ExchangeRefreshTokenResponse> ExchangeRefreshTokenAsync(ExchangeRefreshTokenRequest message)
{
var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey);
// invalid token/signing key was passed and we can't extract user claims
if (cp == null)
{
return(new ExchangeRefreshTokenResponse(false, "Invalid token."));
}
var id = cp.Claims.First(c => c.Type == "id");
var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value));
if (!user.HasValidRefreshToken(message.RefreshToken))
{
return(new ExchangeRefreshTokenResponse(false, "Invalid token."));
}
var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.Username);
var refreshToken = _tokenFactory.GenerateToken();
user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged
user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one
await _userRepository.Update(user);
return(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true));
}
public async Task <ActionResult <ExchangeRefreshTokenResponseDto> > GenerateRefreshToken(
[FromQuery] ExchangeRefreshTokenRequestDto request)
{
var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, _authSettings.SecretKey);
if (claimsPrincipal == null)
{
return(BadRequest());
}
var userId = claimsPrincipal.Claims.First(c => c.Type == "id");
var user = await _mediator.Send(new GetUserByIdQuery(Guid.Parse(userId.Value)));
if (!user.HasValidRefreshToken(request.RefreshToken))
{
return(BadRequest());
}
var jwtToken = await _jwtFactory.GenerateEncodedToken(user);
var refreshToken = _tokenFactory.GenerateToken();
await _mediator.Publish(new ExchangeRefreshTokenCommand(
user.Id,
refreshToken,
request.RefreshToken));
return(Ok(new ExchangeRefreshTokenResponseDto(jwtToken, refreshToken, true)));
}
public async Task <IActionResult> RefreshToken([FromBody] CheckTokenResource checkTokenResource)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var cp = _jwtTokenValidator.GetPrincipalFromToken(checkTokenResource.Token, _authSettings.SigningKey, false);
if (cp != null)
{
var id = cp.Claims.Single(c => c.Type == "id");
var user = await _userManager.Users.Include(u => u.Role).SingleOrDefaultAsync(u => u.Id == id.Value);
var existingRefreshToken = await _refreshTokenRepository.GetByUserId(user.Id);
if (existingRefreshToken != null)
{
var refreshToken = _refreshTokenRepository.CreateToken(user.Id, "");
_refreshTokenRepository.Delete(existingRefreshToken);
await _unitOfWork.CompleteAsync();
// TO DO: Create a response class with appropriate constructor
var response = new
{
token = await _jwtFactory.GenerateEncodedToken(user.Id, user.Email, user.Role.Name),
refreshToken = refreshToken.Result,
expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
};
return(Ok(response));
}
}
return(BadRequest(ModelState));
}
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort)
{
var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey);
// invalid token/signing key was passed and we can't extract user claims
if (cp != null)
{
var id = cp.Claims.First(c => c.Type == "id");
var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value));
if (user.HasValidRefreshToken(message.RefreshToken))
{
var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName, new List <string> {
"ROLE_ADMINISTRADOR"
});
var refreshToken = _tokenFactory.GenerateToken();
user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged
user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one
await _userRepository.Update(user);
outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true));
return(true);
}
}
outputPort.Handle(new ExchangeRefreshTokenResponse(false, "Invalid token."));
return(false);
}
public async Task <ApplicationUser> GetUserFromAuthHeader(HttpRequest request)
{
var token = request.Headers.SingleOrDefault(h => h.Key == "Authorization").Value.ToString().Replace("bearer ", "");
var cp = _jwtTokenValidator.GetPrincipalFromToken(token, _authSettings.SigningKey, true);
var userId = cp.FindFirstValue("id");
var user = await _userManager.FindByIdAsync(userId);
return(user);
}
public string GetCurrentUserName()
{
var accessToken = _httpContextAccessor.HttpContext.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");;
var claimsPrincipal = _tokenValidator.GetPrincipalFromToken(accessToken, _authSettings.SecretKey);
var userName = claimsPrincipal.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier)
.Select(c => c.Value).SingleOrDefault();
return(userName);
}
public async Task <IActionResult> RefreshToken([FromBody] ExchangeRefreshTokenModel model)
{
_logger.LogInformation("Refreshing access token: {0} with refresh token: {1}", model.AccessToken, model.RefreshToken);
if (!ModelState.IsValid)
{
return(Error("Invalid request paramters"));
}
var cp = _jwtTokenValidator.GetPrincipalFromToken(model.AccessToken, _authSettings.SecretKey);
// invalid token/signing key was passed and we can't extract user claims
if (cp != null)
{
var id = cp.Claims.First(c => c.Type == "id").Value;
Maybe <AppUser> account = _appUserRepo.GetById(int.Parse(id));
if (account.HasNoValue)
{
return(Error($"No matching user account found: {id}"));
}
Maybe <RefreshToken> refreshToken = account.Value.RefreshTokens.FirstOrDefault(x => x.Token == model.RefreshToken);
// validate referesh token
if (
//RefereshTokenStore.TryGetValue(id, out string oldRefereshToken) && oldRefereshToken == model.RefreshToken
//&&
refreshToken.Unwrap(d => d.IsActive))
{
List <AppGroup> groups = _groupRepo.GetList(account.Value.UserGroups.Select(d => d.AppGroupId).ToArray()).ToList();
string[] permissions = groups.SelectMany(d => d.GroupPermissions.Select(p => p.Permission.Name)).ToArray();
var jwtToken = await account.Unwrap(d => _jwtFactory.GenerateEncodedToken(d.Id.ToString(), d.Username, permissions));
string newRefreshToken = _tokenFactory.GenerateToken();
RefereshTokenStore[id] = newRefreshToken; // delete the token exchanged and store the new one
refreshToken.Value.Revoked = DateTime.UtcNow;
refreshToken.Value.RevokedByIp = IpAddress();
refreshToken.Value.ReplacedByToken = newRefreshToken;
account.Value.RefreshTokens.Add(new RefreshToken
{
Token = newRefreshToken,
Expires = DateTime.UtcNow.AddHours(4), // 4 hours
Created = DateTime.UtcNow,
CreatedByIp = IpAddress()
});
_appUserRepo.Update(account.Value);
return(Ok(new ExchangeRefreshTokenResponseDTO(jwtToken, newRefreshToken)));
}
}
return(Error("Provided token is invalid or expired."));
}
public string ValidateToken(string token)
{
if (_jwtOption.SecretKey == null)
{
throw new ArgumentNullException(nameof(_jwtOption.SecretKey));
}
var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(token, _jwtOption.SecretKey);
var userId = claimsPrincipal?.FindFirst(ClaimTypes.NameIdentifier);
return(string.IsNullOrWhiteSpace(userId?.Value) ? null : userId.Value);
}
public bool RefreshCacheToken(string token)
{
var claimsPrincipal =
_jwtTokenValidator.GetPrincipalFromToken(token, _configOptions.SecretKey);
var key = claimsPrincipal.Claims.First(c => c.Type == "id")?.Value;
IDatabase db = _cache.GetDatabase();
if (db.KeyExists(key))
{
db.KeyExpire(key, new TimeSpan(0, _configOptions.CacheTimeout, 0));
return(true);
}
else
{
db.StringSet(key, token, TimeSpan.FromMinutes(_configOptions.CacheTimeout));
return(true);
}
//return false; --commented temp
}
public async Task <IActionResult> GetByHeader()
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var token = Request.Headers.SingleOrDefault(h => h.Key == "Authorization").Value.ToString().Replace("bearer ", "");
var cp = _jwtTokenValidator.GetPrincipalFromToken(token, _authSettings.SigningKey, true);
var id = cp.FindFirstValue("id");
var identityUser = await _userManager.Users
.Include(u => u.Role)
.Include(u => u.Language)
.Include(u => u.Company)
.SingleOrDefaultAsync(u => u.Id == id);
var userResource = _mapper.Map <UserResource>(identityUser);
return(Ok(userResource));
}
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort)
{
var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey);
// invalid token/signing key was passed and we can't extract user claims
if (cp != null)
{
Claim claim = cp.Claims.First(c => c.Type == "id");
var user = await _userRepository.GetSingleBySpec(new UserSpecification(claim.Value));
if (user != null && user.HasValidRefreshToken(message.RefreshToken))
{
var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName);
var refreshToken = _tokenFactory.GenerateToken();
user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged
user.AddRefreshToken(refreshToken, ""); // add the new one
await _userRepository.Update(user);
outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true));
return(true);
}
else if (user == null)
{
outputPort.Handle(new ExchangeRefreshTokenResponse(new List <Error>()
{
new Error(HttpStatusCode.BadRequest.ToString(), "Invalid user!")
}));
}
}
outputPort.Handle(new ExchangeRefreshTokenResponse(new List <Error>()
{
new Error(HttpStatusCode.BadRequest.ToString(), "Invalid token!")
}));
return(false);
}
public async Task <AuthUserViewModel> Handle(ExchangeRefreshTokenCommand request, CancellationToken cancellationToken)
{
try
{
var signingKey = _configurationSection["SecretKey"];
var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, signingKey);
if (claimsPrincipal == null)
{
throw new Exception("Invalid access Token provided");
}
var id = claimsPrincipal.Claims.First(c => c.Type == "id");
var user = await _appDbContext.AppUser
.Where(u => u.Id == id.Value)
.Select(UserDTO.Projection)
.FirstOrDefaultAsync(cancellationToken);
var userTokenDetails = await _appDbContext.RefreshToken
.Where(t => t.Token == request.RefreshToken && t.UserId == user.Id)
.FirstOrDefaultAsync(cancellationToken);
if (user == null || userTokenDetails == null)
{
throw new Exception("Kindly sign in to continue");
}
var userRoles = await _userManager.GetRolesAsync(new IdentityUser { Id = id.Value });
var accessToken = await _jwtFactory.GenerateEncodedToken(id.Value, user.UserEmail, userRoles);
var refreshToken = _tokenFactory.GenerateToken();
userTokenDetails.LastEditedBy = id.Value;
userTokenDetails.Token = refreshToken;
userTokenDetails.LastEditedDate = _dateTime.Now;
userTokenDetails.Expires = _dateTime.Now.AddSeconds((double)accessToken.ExpiresIn);
userTokenDetails.RemoteIpAddress = request.RemoteIPAddress;
_appDbContext.RefreshToken.Update(userTokenDetails);
await _appDbContext.SaveChangesAsync(cancellationToken);
return(new AuthUserViewModel
{
UserDetails = user,
UserToken = new AccessTokenViewModel
{
AccessToken = accessToken,
RefreshToken = refreshToken,
},
RequestStatus = 1,
StatusMessage = "Success"
});
}
catch (Exception e)
{
return(new AuthUserViewModel
{
RequestStatus = 0,
StatusMessage = e.Message
});
}
}
public ClaimsPrincipal ResolveClaimsFromToken(string accessToken) => _jwtTokenValidator.GetPrincipalFromToken(accessToken, SecretKey);
public async Task <Result <UserViewModel> > ExchangeRefreshToken(string accessToken, string refrashToken, CancellationToken cancellationToken = default)
{
var cp = _jwtTokenValidator.GetPrincipalFromToken(accessToken, _jwtSettings.Secret);
if (cp != null)
{
var userId = cp.Claims.First(c => c.Type == "id");
Guid id = Guid.Parse(userId.Value);
var isRemovedRefrashToken = await _service.DeleteRefreshTokenAsync(refrashToken, id, cancellationToken);
if (isRemovedRefrashToken.IsSuccess)
{
var user = await _userManager.FindByIdAsync(userId.Value);
if (user == null)
{
return((Result <UserViewModel>) Result <UserViewModel> .NotOk <UserViewModel>(null, "User with this id does not exist"));
}
var profile = await _service.GetUserProfileByIdentityIdAsync(user.Id, cancellationToken);
var token = await GenerateAuthanticationResult(user, profile?.Data?.NickName);
if (profile.IsError || string.IsNullOrEmpty(token.Data))
{
return((Result <UserViewModel>) Result <UserViewModel> .Fail <UserViewModel>($"{profile.Message}\n" +
$"or token is null"));
}
if (!profile.IsSuccess)
{
UserViewModel notOkResult = new UserViewModel()
{
Profile = null,
Token = token.Data
};
return((Result <UserViewModel>) Result <UserViewModel> .Ok <UserViewModel>(notOkResult));
}
UserViewModel result = new UserViewModel()
{
Profile = profile.Data,
Token = token.Data,
RefreshToken = GenerateRefrashToken(),
ExpiresIn = 3300
};
var isRefrashToketAdded = await _service.AddRefrashTokenAsync(result.RefreshToken, Guid.Parse(result.Profile.Id));
if (isRefrashToketAdded.IsError)
{
return((Result <UserViewModel>) Result <UserViewModel> .Fail <UserViewModel>(isRefrashToketAdded.Message));
}
return((Result <UserViewModel>) Result <UserViewModel> .Ok(result));
}
return((Result <UserViewModel>) Result <UserViewModel> .Fail <UserViewModel>(isRemovedRefrashToken.Message));
}
return((Result <UserViewModel>) Result <UserViewModel> .NotOk <UserViewModel>(null, "Fail principal"));
}
