public Result <ClaimsPrincipal> ValidateTokenAsync(HttpRequestHeaders headers, IPAddress ipAddress)
{
var flag = false;
var token = "";
foreach (var item in headers.GetValues("Cookie"))
{
var cookies = item.Split(",");
for (var x = 0; x < cookies.Length; x++)
{
var idx = cookies[x].IndexOf("=");
var name = cookies[x].Substring(0, idx);
var value = cookies[x].Substring(idx + 1, cookies[x].Length - (idx + 1));
if (name == _settings.CookieToken)
{
flag = true;
token = value;
break;
}
}
}
if (!flag)
{
return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null));
}
try
{
principal = _tokens.ValidateToken(token);
}
catch (SecurityTokenException ex)
{
if (ex.Message.Contains("Lifetime validation failed"))
{
return(_result.Create <ClaimsPrincipal>(false, _errors.SecurityTokenExpired, null));
}
else
{
return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null));
}
}
catch (Exception)
{
return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null));
}
if (principal == null)
{
return(_result.Create <ClaimsPrincipal>(false, _errors.NotAuthorized, null));
}
return(_result.Create(true, "", principal));
}
private async Task <Result <UserPrivateDataModel> > ValidRefreshToken(string token, string refreshToken)
{
var principal = _tokens.ValidateToken(token, false);
var id = principal.FindFirst(ClaimTypes.NameIdentifier).Value;
List <RefreshTokensModel> queryToken = null;
UserPrivateDataModel model = null;
RedisSecurityModel modelRedis = null;
var block = false;
if (!_settings.RedisCacheSecurity)
{
var result = await _services.GetSecrets(id);
if (!result.Success)
{
return(_result.Create <UserPrivateDataModel>(false, result.Message, null));
}
block = result.Value.Block;
queryToken = result.Value.RefreshTokens;
model = result.Value;
}
else
{
var email = principal.FindFirst(ClaimTypes.Email).Value;
var tokens = await _redisCache.GetSringValue(id);
if (String.IsNullOrEmpty(tokens))
{
return(_result.Create <UserPrivateDataModel>(false, _errors.NotAuthorized, null));
}
modelRedis = JsonConvert.DeserializeObject <RedisSecurityModel>(tokens);
block = modelRedis.Block;
queryToken = modelRedis.Tokens;
model = new UserPrivateDataModel();
model.id = id;
model.Email = email;
model.Scopes = modelRedis.Scopes;
model.Tenants = modelRedis.Tenants;
model.ValidEmail = modelRedis.ValidEmail;
}
var coderefreshToken = _crypto.GetStringSha256Hash(refreshToken + _settings.SecretKey);
var idx = queryToken.FindIndex((e) => e.Token == coderefreshToken);
if (idx < 0)
{
return(_result.Create <UserPrivateDataModel>(false, _errors.NotAuthorized, null));
}
else
{
queryToken.RemoveAt(idx);
if (!_settings.RedisCacheSecurity)
{
model.RefreshTokens = queryToken;
await _services.Update(model);
}
else
{
modelRedis.Tokens = queryToken;
var jsonString = JsonConvert.SerializeObject(modelRedis);
await _redisCache.SetStringValue(model.id, jsonString);
model.RefreshTokens = queryToken;
}
}
if (block)
{
return(_result.Create <UserPrivateDataModel>(false, _errors.NotAuthorized, null));
}
return(_result.Create(true, "", model));
}
