public HttpContext ProcessRequest(HttpContext context)
{
bool okAccessToken = context.Request.Headers.TryGetValue(Strings.AccessTokenKey, out StringValues accessTokenValues) &&
accessTokenValues.Any();
bool okRefreshToken = context.Request.Headers.TryGetValue(Strings.RefreshTokenKey, out StringValues refreshTokenValues) &&
refreshTokenValues.Any();
if (okAccessToken && okRefreshToken)
{
string accessToken = accessTokenValues[0];
string refreshToken = refreshTokenValues[0];
AuthStatus status = authService.RefreshAuth(accessToken, refreshToken);
if (status.Valid)
{
SetValidStatus(context, status.AccessToken, status.RefreshToken);
}
else
{
SetInvalidadStatus(context);
}
}
else
{
SetBadRequestStatus(context);
}
return(context);
}
public void RefreshAuth_ValidAccessToken_SameTokensProvided()
{
// Arrange
IdentityModelEventSource.ShowPII = true;
Mock <IOptions <AuthConfiguration> > mock = GetAuthConfiguration(TimeSpan.FromMilliseconds(10000), TimeSpan.FromMilliseconds(100000));
IAuthService service = new AuthService(mock.Object);
(string accessToken, string refreshToken) = service.GenerateAuth();
// Act
AuthStatus status = service.RefreshAuth(accessToken, refreshToken);
// Assert
Assert.IsTrue(status.Valid);
Assert.AreEqual(accessToken, status.AccessToken);
Assert.AreEqual(refreshToken, status.RefreshToken);
}
public void RefreshAuth_InValidTokens_InvalidStatusProvided()
{
// Arrange
IdentityModelEventSource.ShowPII = true;
TimeSpan accessTokenExpiration = TimeSpan.FromMilliseconds(1000);
Mock <IOptions <AuthConfiguration> > mock = GetAuthConfiguration(accessTokenExpiration, TimeSpan.FromMilliseconds(1000));
IAuthService service = new AuthService(mock.Object);
(string accessToken, string refreshToken) = service.GenerateAuth();
Thread.Sleep(accessTokenExpiration);
// Act
AuthStatus status = service.RefreshAuth(accessToken, refreshToken);
// Assert
Assert.IsFalse(status.Valid);
Assert.IsNull(status.AccessToken);
Assert.IsNull(status.RefreshToken);
}
public AuthStatus RefreshAuth(string accessToken, string refreshToken)
{
bool accessTokenValid = IsTokenValid(accessToken);
bool refreshTokenValid = IsTokenValid(refreshToken);
AuthStatus status = new AuthStatus()
{
Valid = refreshTokenValid
};
if (!accessTokenValid && refreshTokenValid)
{
status.AccessToken = GenerateToken(configuration.AccessTokenExpirationSpan);
status.RefreshToken = GenerateToken(configuration.RefreshTokenExpirationSpan);
}
if (accessTokenValid)
{
status.AccessToken = accessToken;
status.RefreshToken = refreshToken;
}
return(status);
}