public async Task <ActionResult <AuthResponse> > Refresh([FromQuery] AuthStrategy strategy) { int userId = int.Parse(User.Identity.Name); User user = await _userService.RetrieveAsync(userId); string refreshTokenSignature = User.FindFirst("refresh-token-signature")?.Value; RefreshToken userRefreshToken = await _authService.GetRefreshTokenOfUserBySignatureAsync( refreshTokenSignature, userId); if (userRefreshToken == null || userRefreshToken.IsExpired == true) { return(Unauthorized()); } await _authService.DeleteRefreshTokenAsync(userRefreshToken); JwtSecurityToken accessToken = GenerateJwtToken(user.Id, user.IsAdmin, JwtTokenType.AccessToken); JwtSecurityToken refreshToken = GenerateJwtToken(user.Id, user.IsAdmin, JwtTokenType.RefreshToken); string ipAddress = Request.HttpContext.Connection.RemoteIpAddress.ToString(); string userAgent = Request.Headers[HeaderNames.UserAgent]; await _authService.CreateRefreshTokenUnderUserByIdAsync(refreshToken.RawSignature, user.Id, ipAddress, userAgent); if (strategy == AuthStrategy.Token) { return(Ok(new AuthResponse { UserId = user.Id, AccessToken = WriteJwtSecurityTokenToString(accessToken), RefreshToken = WriteJwtSecurityTokenToString(refreshToken) })); } else { Response.Cookies.Append("access-token", WriteJwtSecurityTokenToString(accessToken), GenerateCookieOptions(JwtTokenType.AccessToken, isCookieDelete: false)); Response.Cookies.Append("refresh-token", WriteJwtSecurityTokenToString(refreshToken), GenerateCookieOptions(JwtTokenType.RefreshToken, isCookieDelete: false)); return(Ok(new AuthResponse { UserId = user.Id, })); } }
public async Task <ActionResult <AuthResponse> > Login([FromQuery] AuthStrategy strategy, [FromBody] AuthRequest credentials) { var authenticatedUser = await _authService.AuthenticateAsync( credentials.UsernameOrEmail, credentials.Password); if (authenticatedUser == null) { return(Unauthorized(new { Message = "Unauthorized" })); } JwtSecurityToken accessToken = GenerateJwtToken(authenticatedUser.Id, authenticatedUser.IsAdmin, JwtTokenType.AccessToken); JwtSecurityToken refreshToken = GenerateJwtToken(authenticatedUser.Id, authenticatedUser.IsAdmin, JwtTokenType.RefreshToken); string ipAddress = Request.HttpContext.Connection.RemoteIpAddress.ToString(); string userAgent = Request.Headers[HeaderNames.UserAgent]; await _authService.CreateRefreshTokenUnderUserByIdAsync(refreshToken.RawSignature, authenticatedUser.Id, ipAddress, userAgent); if (strategy == AuthStrategy.Token) { return(Ok(new AuthResponse { UserId = authenticatedUser.Id, AccessToken = WriteJwtSecurityTokenToString(accessToken), RefreshToken = WriteJwtSecurityTokenToString(refreshToken) })); } else { Response.Cookies.Append("access-token", WriteJwtSecurityTokenToString(accessToken), GenerateCookieOptions(JwtTokenType.AccessToken, isCookieDelete: false)); Response.Cookies.Append("refresh-token", WriteJwtSecurityTokenToString(refreshToken), GenerateCookieOptions(JwtTokenType.RefreshToken, isCookieDelete: false)); return(Ok(new AuthResponse { UserId = authenticatedUser.Id, })); } }