public async Task <RefreshAccessTokenResponse> RefreshAccessToken(RefreshAccessTokenRequest request)
{
var doc = await GetDiscoveryDocument();
var response = await _httpClient.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = doc.TokenEndpoint,
ClientId = _options.ClientId,
ClientSecret = _options.ClientSecret,
Scope = _options.Scope,
RefreshToken = request.RefreshToken,
});
if (response.IsError)
{
throw new AuthorizeFailedException(response.Error, response.Exception);
}
return(new RefreshAccessTokenResponse
{
AccessToken = response.AccessToken,
Type = response.TokenType,
ExpiresIn = response.ExpiresIn,
RefreshToken = response.RefreshToken
});
}
public void ToRestRequestReturnsRestRequestWithCorrectParameters()
{
// Arrange
var tokensUri = new Uri("/tokens", UriKind.Relative);
var refreshAccessTokenRequest = new RefreshAccessTokenRequest(RefreshToken, ClientId, ClientSecret);
// Act
var restRequest = refreshAccessTokenRequest.ToRestRequest(tokensUri);
// Assert
var expectedParameters = new List <Parameter>
{
new Parameter {
Name = "grant_type", Value = "refresh_token", Type = ParameterType.GetOrPost
},
new Parameter {
Name = "client_id", Value = ClientId, Type = ParameterType.GetOrPost
},
new Parameter {
Name = "client_secret", Value = ClientSecret, Type = ParameterType.GetOrPost
},
new Parameter {
Name = "refresh_token", Value = RefreshToken, Type = ParameterType.GetOrPost
}
};
Assert.Equal(expectedParameters, restRequest.Parameters, new ParameterEqualityComparer());
}
public async Task <IActionResult> RefreshAccessToken([FromBody] RefreshAccessTokenRequest request, CancellationToken cancellationToken)
{
var response = await new OAuthClient().RequestToken(
new AuthorizationCodeRefreshRequest(_SpotifyConfiguration.ClientId, _SpotifyConfiguration.ClientSecret, request.RefreshToken));
return(Ok(response));
}
private async Task RefreshAccessToken()
{
var request = new RefreshAccessTokenRequest
{
RefreshToken = _token.RefreshToken,
};
var response = await _client.RefreshAccessToken(request);
_token = _mapper.Map(response);
}
public void ToRestRequestWithNullTokensUriThrowsArgumentNullException()
{
// Arrange
Uri tokensUri = null;
var refreshAccessTokenRequest = new RefreshAccessTokenRequest(RefreshToken, ClientId, ClientSecret);
// Act
// Assert
Assert.Throws <ArgumentNullException>(() => refreshAccessTokenRequest.ToRestRequest(tokensUri));
}
public async Task <AccessTokenResponse> RefreshToken([FromBody] RefreshAccessTokenRequest credentials)
{
var currentUser = await _userManager.FindByIdAsync(credentials.UserId);
if (currentUser?.RefreshToken != credentials.RefreshToken)
{
throw new DomainException(ErrorCode.InvalidRefreshToken, "Invalid refresh token");
}
return(CreateToken(currentUser));
}
public void ToRestRequestReturnsRestRequestWithMethodIsPost()
{
// Arrange
var tokensUri = new Uri("/tokens", UriKind.Relative);
var refreshAccessTokenRequest = new RefreshAccessTokenRequest(RefreshToken, ClientId, ClientSecret);
// Act
var restRequest = refreshAccessTokenRequest.ToRestRequest(tokensUri);
// Assert
Assert.Equal(Method.POST, restRequest.Method);
}
public void ToRestRequestReturnsRestRequestWithSpecifiedTokensUri()
{
// Arrange
var tokensUri = new Uri("/tokens", UriKind.Relative);
var refreshAccessTokenRequest = new RefreshAccessTokenRequest(RefreshToken, ClientId, ClientSecret);
// Act
var restRequest = refreshAccessTokenRequest.ToRestRequest(tokensUri);
// Assert
Assert.Equal(tokensUri.ToString(), restRequest.Resource);
}
public async Task <string> GenerateAccessTokenWithRefressToken(RefreshAccessTokenRequest refreshRequest)
{
AppUser user = await GetUserByAccessToken(refreshRequest.AccessToken);
if (user != null && ValidateRefreshToken(user, refreshRequest.RefreshToken))
{
var u = user.RefreshToken.ExpiryDate.Subtract(DateTime.UtcNow);
if (u.TotalDays < 2)
{
user.RefreshToken.ExpiryDate = DateTime.UtcNow.AddDays(7);
}
return(GenerateAccessToken(user));
}
return(null);
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshAccessTokenRequest request)
{
var newAccessToken = await _tokenService.RefreshAccessToken(request.AccessToken, request.RefreshToken).ConfigureAwait(false);
if (newAccessToken is null)
{
return(Forbid());
}
return(Ok(new AccessTokenResponse
{
AccessToken = newAccessToken.Token,
AccessTokenExpiresAt = newAccessToken.ExpiresAt.ToString("s"),
RefreshToken = newAccessToken.RefreshToken
}));
}
public async Task <IActionResult> GetRefreshTokenByAccessToken([FromBody] RefreshAccessTokenRequest accessToken)
{
var refreshToken = await _userService.GetRefreshTokenByAccessToken(accessToken.AccessToken);
if (refreshToken != null)
{
return(Ok(new ResponseBase <RefreshToken>()
{
data = refreshToken
}));
}
return(Ok(new ResponseBase <string>()
{
msg = "Invalid access token"
}));
}
public async Task <IActionResult> RefreshToken([FromBody] RefreshAccessTokenRequest refreshRequest)
{
string newAccessToken = await _userService.GenerateAccessTokenWithRefressToken(refreshRequest);
if (!String.IsNullOrEmpty(newAccessToken))
{
return(Ok(new ResponseBase <string>()
{
data = newAccessToken
}));
}
return(Ok(new ResponseBase <string>()
{
msg = "User not found or Refresh Token is invalid"
}));
}
private ZebrunnerApiClient()
{
_restClient = new RestClient(Configuration.GetServerHost());
_restClient.UseNewtonsoftJson();
var requestBody = new RefreshAccessTokenRequest {
RefreshToken = Configuration.GetAccessToken()
};
var request = new RestRequest(Iam("/v1/auth/refresh"), DataFormat.Json);
request.AddJsonBody(requestBody);
var response = _restClient.Post <RefreshAccessTokenResponse>(request);
_restClient.Authenticator = new JwtAuthenticator(response.Data.AuthToken);
_authenticationToken = response.Data.AuthToken;
}
private TelekomJsonWebRequest <AccessTokenResponse> CreateRefreshAccessTokenWebRequest()
{
if (!HasRefreshToken())
{
throw new InvalidOperationException("Cannot refresh without a refresh token");
}
string uri = BaseUrl + "/tokens";
var request = new RefreshAccessTokenRequest()
{
ClientId = ClientId,
ClientSecret = ClientSecret,
GrantType = "refresh_token",
RefreshToken = RefreshToken
};
var webRequest = new TelekomJsonWebRequest <AccessTokenResponse>(uri, HttpMethod.POST);
request.BuildRequestParameters(webRequest);
return(webRequest);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseExceptionHandler("/Home/Error");
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseSession();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.Use(async(context, next) =>
{
// Kiem tra accessToken va gia han
var refreshToken = CookieEncoder.DecodeToken(context.Request.Cookies["refresh_token_cookie"]);
var accessToken = CookieEncoder.DecodeToken(context.Request.Cookies["access_token_cookie"]);
// Lay refreshToken by accessToken
if (string.IsNullOrEmpty(refreshToken))
{
if (string.IsNullOrEmpty(accessToken))
{
context.Response.Cookies.Delete("Asp_Authentication");
//await next();
}
else
{
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(ConstStrings.BASE_URL_API);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
RefreshAccessTokenRequest RenewAccessTokenRequest = new RefreshAccessTokenRequest();
RenewAccessTokenRequest.AccessToken = accessToken;
var json = JsonConvert.SerializeObject(RenewAccessTokenRequest);
var httpContent = new StringContent(json, Encoding.UTF8, "application/json");
var responseMessage = await client.PostAsync("/api/Users/GetRefreshToken", httpContent);
if (responseMessage.IsSuccessStatusCode)
{
var body = await responseMessage.Content.ReadAsStringAsync();
ResponseBase <RefreshToken> refreshTokenOfUser = JsonConvert.DeserializeObject <ResponseBase <RefreshToken> >(body);
if (refreshTokenOfUser.data == null || string.IsNullOrEmpty(refreshTokenOfUser.data.Token))
{
//context.Response.Cookies.Delete("access_token_cookie");
context.Response.Cookies.Delete("Asp_Authentication");
}
else
{
refreshToken = refreshTokenOfUser.data.Token;
context.Response.Cookies.Append("refresh_token_cookie", CookieEncoder.EncodeToken(refreshTokenOfUser.data.Token), new CookieOptions()
{
Expires = DateTime.UtcNow.AddDays(8), HttpOnly = true, Secure = true
});
}
}
}
}
// -------------------------------
var IsPersistent = context.Session.GetInt32("IsPersistent");
if (IsPersistent == 1)
{
// Gia han
SecurityToken validatedToken;
TokenValidationParameters parameters = new TokenValidationParameters();
parameters.ClockSkew = TimeSpan.FromSeconds(5);
parameters.ValidateLifetime = true;
parameters.RequireExpirationTime = true;
parameters.ValidAudience = Configuration["Tokens:Issuer"];
parameters.ValidIssuer = Configuration["Tokens:Issuer"];
parameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:SecretKey"]));
try
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
tokenHandler.ValidateToken(accessToken, parameters, out validatedToken);
var tokenExpiresAt = validatedToken.ValidTo;
if (tokenExpiresAt.Subtract(DateTime.UtcNow).TotalDays < 1)
{
// gia han bang refreshToken
RefreshAccessTokenRequest refreshAccessTokenRequest = new RefreshAccessTokenRequest();
refreshAccessTokenRequest.AccessToken = accessToken;
refreshAccessTokenRequest.RefreshToken = refreshToken;
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(ConstStrings.BASE_URL_API);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var refreshTokenJSON = JsonConvert.SerializeObject(refreshAccessTokenRequest);
var content = new StringContent(refreshTokenJSON, Encoding.UTF8, "application/json");
var response = await client.PostAsync("/api/users/RefreshToken/", content);
if (response.IsSuccessStatusCode)
{
var responseBody = await response.Content.ReadAsStringAsync();
ResponseBase <string> newAccessToken = JsonConvert.DeserializeObject <ResponseBase <string> >(responseBody);
if (newAccessToken.msg != null)
{
context.Response.Cookies.Delete("Asp_Authentication");
}
accessToken = newAccessToken.data;
context.Response.Cookies.Append("access_token_cookie", CookieEncoder.EncodeToken(newAccessToken.data), new CookieOptions()
{
Expires = DateTime.UtcNow.AddDays(4), HttpOnly = true, Secure = true
});
}
}
}
catch (Exception)
{
context.Response.Cookies.Delete("Asp_Authentication");
}
}
// lay avatar url
if (context.User != null)
{
var uid = context.User.FindFirst("UserID");
if (uid != null)
{
try
{
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(ConstStrings.BASE_URL_API);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var avatar = await client.GetAsync("/api/users/" + uid.Value);
if (avatar.IsSuccessStatusCode)
{
var body = await avatar.Content.ReadAsStringAsync();
ResponseBase <AppUser> user = JsonConvert.DeserializeObject <ResponseBase <AppUser> >(body);
if (user == null || !user.data.isActive)
{
context.Response.Cookies.Delete("Asp_Authentication");
}
else
{
Global.Avatar_Url = user.data.Avatar;
}
}
}
catch (Exception)
{
context.Response.Cookies.Delete("Asp_Authentication");
}
}
}
else
{
context.Response.Cookies.Delete("Asp_Authentication");
}
//=============
await next();
});
app.UseEndpoints(endpoints =>
{
endpoints.MapAreaControllerRoute(
name: "AdminArea",
areaName: "Admin",
pattern: "Admin/{controller=Home}/{action=Index}/{id?}");
endpoints.MapAreaControllerRoute(
name: "UserArea",
areaName: "User",
pattern: "User/{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
public async Task <string> RefreshAccessTokenAsync(RefreshAccessTokenRequest request)
{
var user = _userService.GetUserByUserName(request.RefreshToken.UserName);
return(await CreateAccessToken(user));
}
