Exemplo n.º 1
0
        public async Task CreateAsync(AuthenticationTokenCreateContext context)
        {
            var clientId = context.Ticket.Properties.Dictionary["x:client_id"];

            var refreshTokenId = Guid.NewGuid().ToString("n");

            var token = new RefreshToken
            {
                TokenId    = refreshTokenId,
                ClientId   = clientId,
                Subject    = context.Ticket.Identity.Name,
                IssuedUtc  = DateTime.UtcNow,
                ExpiresUtc = DateTime.UtcNow.AddDays(1)
            };

            context.Ticket.Properties.IssuedUtc = token.IssuedUtc;

            context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;

            token.ProtectedTicket = context.SerializeTicket();

            context.SetToken(refreshTokenId);

            _refreshTokenRepository.Create(token);
        }
Exemplo n.º 2
0
        private Property Insertable(RefreshToken token, RefreshTokenRepository tokens)
        {
            var inserted = tokens.Create(token);
            var equal    = inserted.Equals(token);

            return(equal.ToProperty());
        }
Exemplo n.º 3
0
        public IActionResult Login([FromBody] TokenRequest credentials)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState.GetReadableString()));
            }

            var accountRecord = AccountRepository.GetAll()
                                .Where(a => a.Name.ToLower() == credentials.Name.ToLower())
                                .Where(a => a.PasswordHash == Utility.ComputeSHA512Hash(credentials.Password))
                                .FirstOrDefault();

            if (accountRecord == default(Account))
            {
                return(StatusCode(401, "Login failed."));
            }

            PurgeExpiredRefreshTokensFor(accountRecord.Id);

            var refreshTokenRecord = GetCurrentRefreshTokenRecordFor(accountRecord.Id);

            JwtSecurityToken refreshJwt;

            if (refreshTokenRecord == default(RefreshToken))
            {
                refreshJwt = TokenFactory.GetRefreshToken();

                refreshTokenRecord = new RefreshToken()
                {
                    Id        = Guid.Parse(refreshJwt.Claims.Where(c => c.Type == "jti").FirstOrDefault().Value),
                    AccountId = accountRecord.Id,
                    Issued    = refreshJwt.ValidFrom,
                    Expires   = refreshJwt.ValidTo,
                };

                RefreshTokenRepository.Create(refreshTokenRecord);
            }
            else
            {
                refreshJwt = TokenFactory.GetRefreshToken(refreshTokenRecord.Id, refreshTokenRecord.Expires, refreshTokenRecord.Issued);
            }

            var accessJwt = TokenFactory.GetAccessToken(accountRecord, refreshTokenRecord.Id);
            var response  = new TokenResponse(accessJwt, refreshJwt);

            return(Ok(response));
        }