public async void DeleteRefreshTokenAsync_ShouldRemoveRefreshTokenFromDatabase()
{
var loggerMock = new Mock <ILogger <AccessTokenService> >();
var optionsMock = new Mock <IOptions <AppSettings> >();
var appSettingsMock = new Mock <AppSettings>();
var contextMock = new Mock <IDatabaseContext>();
optionsMock.Setup(x => x.Value)
.Returns(appSettingsMock.Object);
var refreshToken = GetRefreshTokenSample();
var dbSet = new TestDbSet <RefreshToken>();
dbSet.Add(refreshToken);
contextMock.Setup(x => x.RefreshTokens)
.Returns(dbSet);
contextMock.Setup(x => x.SaveChangesAsync(It.IsAny <CancellationToken>()))
.Verifiable();
var service = new AccessTokenService(loggerMock.Object, contextMock.Object, optionsMock.Object);
await service.DeleteRefreshTokenAsync(refreshToken.UserId.ToString(), refreshToken.Token);
Assert.DoesNotContain(refreshToken, dbSet);
contextMock.Verify(x => x.SaveChangesAsync(It.IsAny <CancellationToken>()));
}
public async Task <IActionResult> Refresh([FromBody] RefreshRequestModel refreshRequest)
{
var principal = AccessTokenService.GetPrincipalFromExpiredToken(refreshRequest.Token);
var userId = principal.Identity.Name;
var savedRefreshToken = await AccessTokenService.GetRefreshTokenAsync(userId);
if (savedRefreshToken != refreshRequest.RefreshToken)
{
return(BadRequest("Invalid refresh token"));
}
string newJwtToken = null;
string newRefreshToken = null;
try
{
newJwtToken = AccessTokenService.GenerateAccessToken(userId);
newRefreshToken = AccessTokenService.GenerateRefreshToken();
await AccessTokenService.DeleteRefreshTokenAsync(userId, refreshRequest.RefreshToken);
await AccessTokenService.SaveRefreshTokenAsync(userId, newRefreshToken);
}
catch (Exception e)
{
Logger.LogError(e, e.Message);
return(StatusCode(500));
}
return(Ok(new
{
token = newJwtToken,
refreshToken = newRefreshToken
}));
}