public void ExtractJWTTokenFromHttpRequest_MissingToken()
{
//Arrange
HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext());
//Act
var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest);
//Assert
Assert.IsTrue(string.IsNullOrEmpty(extractedToken));
}
public async Task Logout()
{
var token = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(HttpContext.Request);
if (string.IsNullOrEmpty(token))
{
return;
}
await _authData.AddToken(token, false);
}
public void ExtractJWTTokenFromHttpRequest_MissingBearer()
{
//Arrange
HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext());
httpRequest.Headers.Add("Authorization", testToken);
//Act
var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest);
//Assert
Assert.IsTrue(string.IsNullOrEmpty(extractedToken));
}
public void ExtractTokenFromHttpRequest_ValidTokenHeaderTest()
{
//Arrange
HttpRequest httpRequest = new DefaultHttpRequest(new DefaultHttpContext());
httpRequest.Headers.Add("Authorization", string.Format("Bearer {0}", testToken));
//Act
var extractedToken = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(httpRequest);
//Assert
Assert.AreEqual(testToken, extractedToken);
}
public async Task Invoke(HttpContext context)
{
var token = JWTAuthTokenServices.ExtractJWTTokenFromHttpRequest(context.Request);
var isTokenValid = false;
//No token found. Continue pipeline and let other validation decide (controller, token gen, etc...)
if (string.IsNullOrEmpty(token))
{
isTokenValid = true;
}
TokenStore tokenStoreEntity;
//TODO: create method to check cache and if not in cache go to db
//not found in cache, check db
tokenStoreEntity = await _authData.GetToken(token);
//Console.WriteLine("token: {0} \nis valid: {1}", tokenStoreEntity?.Token, tokenStoreEntity?.IsValid);
//if token is not in db or is valid and not expired- consider token not invalidated
if (tokenStoreEntity == null || (tokenStoreEntity.IsValid && !JWTAuthTokenServices.IsTokenExpired(tokenStoreEntity.Token)))
{
isTokenValid = true;
}
if (!isTokenValid)
{
//token was found and is invalid
context.Response.StatusCode = 401;
await context.Response.WriteAsync("invalid token");
return;
}
await _next(context);
}
