protected virtual bool EnableRefreshToken()
{
var userSessionSource = AuthenticateService.GetUserSessionSource();
if (userSessionSource != null)
return true;
var authRepo = HostContext.AppHost?.TryResolve<IAuthRepository>();
if (authRepo == null)
return false;
using (authRepo as IDisposable)
{
return authRepo is IUserAuthRepository;
}
}
public object Any(GetAccessToken request)
{
var jwtAuthProvider = (JwtAuthProvider)AuthenticateService.GetRequiredJwtAuthProvider();
if (jwtAuthProvider.RequireSecureConnection && !Request.IsSecureConnection)
{
throw HttpError.Forbidden(ErrorMessages.JwtRequiresSecureConnection.Localize(Request));
}
if (string.IsNullOrEmpty(request.RefreshToken))
{
throw new ArgumentNullException(nameof(request.RefreshToken));
}
JsonObject jwtPayload;
try
{
jwtPayload = jwtAuthProvider.GetVerifiedJwtPayload(Request, request.RefreshToken.Split('.'));
}
catch (ArgumentException)
{
throw;
}
catch (Exception ex)
{
throw new ArgumentException(ex.Message);
}
jwtAuthProvider.AssertJwtPayloadIsValid(jwtPayload);
if (jwtAuthProvider.ValidateRefreshToken != null && !jwtAuthProvider.ValidateRefreshToken(jwtPayload, Request))
{
throw new ArgumentException(ErrorMessages.RefreshTokenInvalid.Localize(Request), nameof(request.RefreshToken));
}
var userId = jwtPayload["sub"];
IAuthSession session;
IEnumerable <string> roles = null, perms = null;
var userSessionSource = AuthenticateService.GetUserSessionSource();
if (userSessionSource != null)
{
session = userSessionSource.GetUserSession(userId);
if (session == null)
{
throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request));
}
roles = session.Roles;
perms = session.Permissions;
}
else if (AuthRepository is IUserAuthRepository userRepo)
{
var userAuth = userRepo.GetUserAuth(userId);
if (userAuth == null)
{
throw HttpError.NotFound(ErrorMessages.UserNotExists.Localize(Request));
}
if (jwtAuthProvider.IsAccountLocked(userRepo, userAuth))
{
throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(Request));
}
session = SessionFeature.CreateNewSession(Request, SessionExtensions.CreateRandomSessionId());
session.PopulateSession(userAuth, userRepo);
if (userRepo is IManageRoles manageRoles && session.UserAuthId != null)
{
roles = manageRoles.GetRoles(session.UserAuthId);
perms = manageRoles.GetPermissions(session.UserAuthId);
}
}
else
{
throw new NotSupportedException("JWT RefreshTokens requires a registered IUserAuthRepository or an AuthProvider implementing IUserSessionSource");
}
var accessToken = jwtAuthProvider.CreateJwtBearerToken(Request, session, roles, perms);
var response = new GetAccessTokenResponse
{
AccessToken = accessToken
};
if (request.UseTokenCookie != true)
{
return(response);
}
return(new HttpResult(new GetAccessTokenResponse())
{
Cookies =
{
new Cookie(Keywords.TokenCookie, accessToken, Cookies.RootPath)
{
HttpOnly = true,
Secure = Request.IsSecureConnection,
Expires = DateTime.UtcNow.Add(jwtAuthProvider.ExpireTokensIn),
}
}
});
}