Exemplo n.º 1
0
        public async Task <IActionResult> LoginUser(UserLoginForm loginForm)
        {
            var user = await _userManager.FindByNameAsync(loginForm.UserName);

            var result = await _signInManager.CheckPasswordSignInAsync(user, loginForm.Password, false);

            if (result.Succeeded)
            {
                var appUser = await _userManager.Users.FirstOrDefaultAsync(
                    u => u.NormalizedUserName == loginForm.UserName.ToUpper());

                var roles = await _userManager.GetRolesAsync(appUser);

                var userProfile = _mapper.Map <UserProfileDto>(appUser);

                var tokenKey = _securityConfigurations.tokenKey;
                var issuer   = _securityConfigurations.Issuer;
                var appKey   = _securityConfigurations.appKey;

                var token        = TokensGenerator.GenerateJwtToken(appUser, roles, tokenKey, issuer);
                var refreshToken = TokensGenerator.GenerateRefreshToken();

                HttpContext.AddCookies(token, appKey);
                HttpContext.AddCookies(refreshToken, $"{appKey}Refresh");

                var existingToken = await _tokenRepository.FindItemAsync(
                    t => t.UserId == appUser.Id &&
                    t.DeviceName == Request.Headers["device-info"].ToString());

                if (existingToken != null)
                {
                    _logger.LogWarning($"User with Id {appUser.Id} has already logged in from this device, old refresh token will be removed.");

                    await _tokenRepository.RemoveItemAsync(existingToken);

                    _logger.LogInformation($"Old refresh token for user with Id {appUser.Id} removed from database.");
                }

                await _tokenRepository.AddItemAsync(
                    new RefreshToken
                {
                    Id         = GuidCreator.CreateGuid(),
                    TokenValue = refreshToken,
                    DeviceName = Request.Headers["device-info"],
                    UserId     = appUser.Id
                });

                _logger.LogInformation($"User with id {appUser.Id} successfully logged in.");

                return(Ok(new { user = userProfile, token, refreshToken }));
            }

            return(Unauthorized());
        }
Exemplo n.º 2
0
        public async Task <IActionResult> RefreshToken([FromHeader] string RefreshToken)
        {
            var refreshToken = await _tokenRepository.FindItemAsync(
                t => t.TokenValue == RefreshToken);

            if (refreshToken != null)
            {
                await _tokenRepository.RemoveItemAsync(refreshToken);

                refreshToken.TokenValue = TokensGenerator.GenerateRefreshToken();
                await _tokenRepository.AddItemAsync(refreshToken);

                var user = await _userManager.FindByIdAsync(refreshToken.UserId.ToString());

                var roles = await _userManager.GetRolesAsync(user);

                var userProfile = _mapper.Map <UserProfileDto>(user);

                var tokenKey = _securityConfigurations.tokenKey;
                var issuer   = _securityConfigurations.Issuer;
                var appKey   = _securityConfigurations.appKey;

                var token = TokensGenerator.GenerateJwtToken(user, roles, tokenKey, issuer);

                HttpContext.AddCookies(token, appKey);
                HttpContext.AddCookies(refreshToken.TokenValue, $"{appKey}Refresh");

                _logger.LogInformation($"Token for user {refreshToken.UserId} successfully refreshed.");

                return(Ok(new { user = userProfile, token, refreshToken.TokenValue }));
            }

            _logger.LogError($"Token {RefreshToken} doesn't exist in database.!");

            return(StatusCode(401));
        }