public IActionResult RefreshToken(string refToken, [FromServices] ITokenDAL dbService)
{
//spr w BD
if (!dbService.TokenExistsInDB(refToken))
{
return(NotFound());
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, ""),
new Claim(ClaimTypes.Name, ""),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token), // Żyje 5-10 minut
refreshToken = Guid.NewGuid()
}));
}
public IActionResult Login(LoginRequest request, [FromServices] IStudentsDAL dbService, [FromServices] IPasswordDAL dbService2, [FromServices] ITokenDAL dbService3)
{
//Loginem jest index
//Sprawdz w DB, czy user i hasło poprawne
//Console.WriteLine(dbService.LoginCredentialsCorrect(request.Login, request.Password));
//Console.WriteLine(request.Password == "");
// 0. Check if uset in DB
if (!dbService.StudentExists(request.Login))
{
return(BadRequest("Student nie istnieje w bazie"));
}
// 1. Get user salt from db
var saltDB = dbService2.GetSalt(request.Login);
var saltedPassDB = dbService2.GetHashPass(request.Login);
// 2. get hash of the pass from http request
var saltedPass = IPasswordDAL.CreateHash(request.Password, saltDB);
//3. Check if salted pass from DB and now created hash are the same
if (!(saltedPassDB == saltedPass))
{
return(BadRequest("Niepoprawne haslo. "));
}
//if (!(dbService.LoginCredentialsCorrect(request.Login, request.Password)))
// return BadRequest("Incorrect login credentials. ");
Student s = dbService.GetStudent(request.Login);
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Name, s.FirstName + " " + s.LastName),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshToken = Guid.NewGuid();
//Dodaj refToken do DB
dbService3.InsertToken(refreshToken.ToString());
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token), // Żyje 5-10 minut
refreshToken
}));
}
