public async Task <ExchangeRefreshTokenResponse> ExchangeRefreshTokenAsync(string accessToken, string refreshToken, CancellationToken cancellationToken) { var currentPrincipal = _jwtTokenValidator.GetPrincipalFromToken(accessToken, _settings.AuthSettings.SecretKey); // invalid token/signing key was passed and we can't extract user claims if (currentPrincipal != null) { var appUserId = currentPrincipal.Claims.First(c => c.Type == CustomClaimIdentifiers.AppUserId).Value; var appUser = await _appUsersRepository.GetAppUserAsync(new Guid(appUserId), cancellationToken); if (appUser.HasValidRefreshToken(refreshToken)) { var jwtToken = await _jwtTokenFactory.GenerateEncodedTokenAsync(appUser.UserId.ToString(), appUser.UserName, appUser.AppUserId.ToString()); var newRefreshToken = _tokenFactory.GenerateToken(); appUser.RemoveRefreshToken(refreshToken); // delete the token we've exchanged appUser.AddRefreshToken(newRefreshToken, appUser.UserId, ""); // add the new one await appUser.SaveAsync(cancellationToken); return(new ExchangeRefreshTokenResponse(jwtToken, newRefreshToken, true)); } } return(new ExchangeRefreshTokenResponse(false, "Invalid token.")); }
public async Task <RefreshTokenResponseDto> RefreshToken(RefreshTokenInputDto inputDto) { var signingKey = AppSettingConfigurationHelper.GetSection("AuthSettings:SecretKey").Value; var claimPrincipal = _jwtTokenValidator.GetPrincipalFromToken(inputDto.AccessToken, signingKey); if (claimPrincipal != null) { var id = claimPrincipal.Claims.First(c => c.Type == "id"); var user = await _userManager.FindByIdAsync(Convert.ToInt64(id.Value)); if (_refreshTokenService.HasValidRefreshToken(inputDto.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName, user.TenantId); _refreshTokenService.Remove(inputDto.RefreshToken); // delete the token we've exchanged var refreshToken = _refreshTokenService.CreateRefreshToken(user, ""); // add the new one return(new RefreshTokenResponseDto(jwtToken, refreshToken.Token, true)); } else { return(new RefreshTokenResponseDto(null, "", false, "Invalid Refresh Token")); } } return(new RefreshTokenResponseDto(null, "", false, "Invalid Access Token")); }
public async Task Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { if (!message.IsValid()) { NotifyValidationErrors(message); return; } var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one _userRepository.Update(user); if (Commit()) { outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken)); return; } } } await Bus.RaiseEvent(new DomainNotification(message.MessageType, "Failed to refresh token")); }
public async Task <Result <TokenResult> > Handle(RefreshTokenCommand request, CancellationToken cancellationToken) { if (request.AccessToken.IsEmpty()) { throw new AuthException($"invalid {nameof(request.AccessToken)}"); } if (request.RefreshToken.IsEmpty()) { throw new AuthException($"invalid {nameof(request.RefreshToken)}"); } var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, _authSettings.SecretKey); if (claimsPrincipal is null) { return(Result.Failure <TokenResult>("Invalid access token")); } var id = claimsPrincipal.Claims.First(c => c.Type == ClaimTypes.Sid); var role = claimsPrincipal.Claims.First(x => x.Type == ClaimTypes.Role); var user = await _userManager.FindByIdAsync(id.Value); var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName, role.Value, user.Email); var refreshToken = _tokenFactory.GenerateToken(); await _userManager.RemoveAuthenticationTokenAsync(user, TokenProviderNames.LoginProvider, TokenProviderNames.TokenName); await _userManager.SetAuthenticationTokenAsync(user, TokenProviderNames.LoginProvider, TokenProviderNames.TokenName, refreshToken); return(Result.Success(new TokenResult(refreshToken, jwtToken.Token, jwtToken.ExpiresIn))); }
public async Task <ExchangeRefreshTokenResponse> ExchangeRefreshTokenAsync(ExchangeRefreshTokenRequest message) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp == null) { return(new ExchangeRefreshTokenResponse(false, "Invalid token.")); } var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (!user.HasValidRefreshToken(message.RefreshToken)) { return(new ExchangeRefreshTokenResponse(false, "Invalid token.")); } var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.Username); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one await _userRepository.Update(user); return(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); }
public async Task <ActionResult <ExchangeRefreshTokenResponseDto> > GenerateRefreshToken( [FromQuery] ExchangeRefreshTokenRequestDto request) { var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, _authSettings.SecretKey); if (claimsPrincipal == null) { return(BadRequest()); } var userId = claimsPrincipal.Claims.First(c => c.Type == "id"); var user = await _mediator.Send(new GetUserByIdQuery(Guid.Parse(userId.Value))); if (!user.HasValidRefreshToken(request.RefreshToken)) { return(BadRequest()); } var jwtToken = await _jwtFactory.GenerateEncodedToken(user); var refreshToken = _tokenFactory.GenerateToken(); await _mediator.Publish(new ExchangeRefreshTokenCommand( user.Id, refreshToken, request.RefreshToken)); return(Ok(new ExchangeRefreshTokenResponseDto(jwtToken, refreshToken, true))); }
public async Task <IActionResult> RefreshToken([FromBody] CheckTokenResource checkTokenResource) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var cp = _jwtTokenValidator.GetPrincipalFromToken(checkTokenResource.Token, _authSettings.SigningKey, false); if (cp != null) { var id = cp.Claims.Single(c => c.Type == "id"); var user = await _userManager.Users.Include(u => u.Role).SingleOrDefaultAsync(u => u.Id == id.Value); var existingRefreshToken = await _refreshTokenRepository.GetByUserId(user.Id); if (existingRefreshToken != null) { var refreshToken = _refreshTokenRepository.CreateToken(user.Id, ""); _refreshTokenRepository.Delete(existingRefreshToken); await _unitOfWork.CompleteAsync(); // TO DO: Create a response class with appropriate constructor var response = new { token = await _jwtFactory.GenerateEncodedToken(user.Id, user.Email, user.Role.Name), refreshToken = refreshToken.Result, expires_in = (int)_jwtOptions.ValidFor.TotalSeconds }; return(Ok(response)); } } return(BadRequest(ModelState)); }
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName, new List <string> { "ROLE_ADMINISTRADOR" }); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one await _userRepository.Update(user); outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); return(true); } } outputPort.Handle(new ExchangeRefreshTokenResponse(false, "Invalid token.")); return(false); }
public async Task <ApplicationUser> GetUserFromAuthHeader(HttpRequest request) { var token = request.Headers.SingleOrDefault(h => h.Key == "Authorization").Value.ToString().Replace("bearer ", ""); var cp = _jwtTokenValidator.GetPrincipalFromToken(token, _authSettings.SigningKey, true); var userId = cp.FindFirstValue("id"); var user = await _userManager.FindByIdAsync(userId); return(user); }
public string GetCurrentUserName() { var accessToken = _httpContextAccessor.HttpContext.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");; var claimsPrincipal = _tokenValidator.GetPrincipalFromToken(accessToken, _authSettings.SecretKey); var userName = claimsPrincipal.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier) .Select(c => c.Value).SingleOrDefault(); return(userName); }
public async Task <IActionResult> RefreshToken([FromBody] ExchangeRefreshTokenModel model) { _logger.LogInformation("Refreshing access token: {0} with refresh token: {1}", model.AccessToken, model.RefreshToken); if (!ModelState.IsValid) { return(Error("Invalid request paramters")); } var cp = _jwtTokenValidator.GetPrincipalFromToken(model.AccessToken, _authSettings.SecretKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id").Value; Maybe <AppUser> account = _appUserRepo.GetById(int.Parse(id)); if (account.HasNoValue) { return(Error($"No matching user account found: {id}")); } Maybe <RefreshToken> refreshToken = account.Value.RefreshTokens.FirstOrDefault(x => x.Token == model.RefreshToken); // validate referesh token if ( //RefereshTokenStore.TryGetValue(id, out string oldRefereshToken) && oldRefereshToken == model.RefreshToken //&& refreshToken.Unwrap(d => d.IsActive)) { List <AppGroup> groups = _groupRepo.GetList(account.Value.UserGroups.Select(d => d.AppGroupId).ToArray()).ToList(); string[] permissions = groups.SelectMany(d => d.GroupPermissions.Select(p => p.Permission.Name)).ToArray(); var jwtToken = await account.Unwrap(d => _jwtFactory.GenerateEncodedToken(d.Id.ToString(), d.Username, permissions)); string newRefreshToken = _tokenFactory.GenerateToken(); RefereshTokenStore[id] = newRefreshToken; // delete the token exchanged and store the new one refreshToken.Value.Revoked = DateTime.UtcNow; refreshToken.Value.RevokedByIp = IpAddress(); refreshToken.Value.ReplacedByToken = newRefreshToken; account.Value.RefreshTokens.Add(new RefreshToken { Token = newRefreshToken, Expires = DateTime.UtcNow.AddHours(4), // 4 hours Created = DateTime.UtcNow, CreatedByIp = IpAddress() }); _appUserRepo.Update(account.Value); return(Ok(new ExchangeRefreshTokenResponseDTO(jwtToken, newRefreshToken))); } } return(Error("Provided token is invalid or expired.")); }
public string ValidateToken(string token) { if (_jwtOption.SecretKey == null) { throw new ArgumentNullException(nameof(_jwtOption.SecretKey)); } var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(token, _jwtOption.SecretKey); var userId = claimsPrincipal?.FindFirst(ClaimTypes.NameIdentifier); return(string.IsNullOrWhiteSpace(userId?.Value) ? null : userId.Value); }
public bool RefreshCacheToken(string token) { var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(token, _configOptions.SecretKey); var key = claimsPrincipal.Claims.First(c => c.Type == "id")?.Value; IDatabase db = _cache.GetDatabase(); if (db.KeyExists(key)) { db.KeyExpire(key, new TimeSpan(0, _configOptions.CacheTimeout, 0)); return(true); } else { db.StringSet(key, token, TimeSpan.FromMinutes(_configOptions.CacheTimeout)); return(true); } //return false; --commented temp }
public async Task <IActionResult> GetByHeader() { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var token = Request.Headers.SingleOrDefault(h => h.Key == "Authorization").Value.ToString().Replace("bearer ", ""); var cp = _jwtTokenValidator.GetPrincipalFromToken(token, _authSettings.SigningKey, true); var id = cp.FindFirstValue("id"); var identityUser = await _userManager.Users .Include(u => u.Role) .Include(u => u.Language) .Include(u => u.Company) .SingleOrDefaultAsync(u => u.Id == id); var userResource = _mapper.Map <UserResource>(identityUser); return(Ok(userResource)); }
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { Claim claim = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(claim.Value)); if (user != null && user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, ""); // add the new one await _userRepository.Update(user); outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); return(true); } else if (user == null) { outputPort.Handle(new ExchangeRefreshTokenResponse(new List <Error>() { new Error(HttpStatusCode.BadRequest.ToString(), "Invalid user!") })); } } outputPort.Handle(new ExchangeRefreshTokenResponse(new List <Error>() { new Error(HttpStatusCode.BadRequest.ToString(), "Invalid token!") })); return(false); }
public async Task <AuthUserViewModel> Handle(ExchangeRefreshTokenCommand request, CancellationToken cancellationToken) { try { var signingKey = _configurationSection["SecretKey"]; var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, signingKey); if (claimsPrincipal == null) { throw new Exception("Invalid access Token provided"); } var id = claimsPrincipal.Claims.First(c => c.Type == "id"); var user = await _appDbContext.AppUser .Where(u => u.Id == id.Value) .Select(UserDTO.Projection) .FirstOrDefaultAsync(cancellationToken); var userTokenDetails = await _appDbContext.RefreshToken .Where(t => t.Token == request.RefreshToken && t.UserId == user.Id) .FirstOrDefaultAsync(cancellationToken); if (user == null || userTokenDetails == null) { throw new Exception("Kindly sign in to continue"); } var userRoles = await _userManager.GetRolesAsync(new IdentityUser { Id = id.Value }); var accessToken = await _jwtFactory.GenerateEncodedToken(id.Value, user.UserEmail, userRoles); var refreshToken = _tokenFactory.GenerateToken(); userTokenDetails.LastEditedBy = id.Value; userTokenDetails.Token = refreshToken; userTokenDetails.LastEditedDate = _dateTime.Now; userTokenDetails.Expires = _dateTime.Now.AddSeconds((double)accessToken.ExpiresIn); userTokenDetails.RemoteIpAddress = request.RemoteIPAddress; _appDbContext.RefreshToken.Update(userTokenDetails); await _appDbContext.SaveChangesAsync(cancellationToken); return(new AuthUserViewModel { UserDetails = user, UserToken = new AccessTokenViewModel { AccessToken = accessToken, RefreshToken = refreshToken, }, RequestStatus = 1, StatusMessage = "Success" }); } catch (Exception e) { return(new AuthUserViewModel { RequestStatus = 0, StatusMessage = e.Message }); } }
public ClaimsPrincipal ResolveClaimsFromToken(string accessToken) => _jwtTokenValidator.GetPrincipalFromToken(accessToken, SecretKey);
public async Task <Result <UserViewModel> > ExchangeRefreshToken(string accessToken, string refrashToken, CancellationToken cancellationToken = default) { var cp = _jwtTokenValidator.GetPrincipalFromToken(accessToken, _jwtSettings.Secret); if (cp != null) { var userId = cp.Claims.First(c => c.Type == "id"); Guid id = Guid.Parse(userId.Value); var isRemovedRefrashToken = await _service.DeleteRefreshTokenAsync(refrashToken, id, cancellationToken); if (isRemovedRefrashToken.IsSuccess) { var user = await _userManager.FindByIdAsync(userId.Value); if (user == null) { return((Result <UserViewModel>) Result <UserViewModel> .NotOk <UserViewModel>(null, "User with this id does not exist")); } var profile = await _service.GetUserProfileByIdentityIdAsync(user.Id, cancellationToken); var token = await GenerateAuthanticationResult(user, profile?.Data?.NickName); if (profile.IsError || string.IsNullOrEmpty(token.Data)) { return((Result <UserViewModel>) Result <UserViewModel> .Fail <UserViewModel>($"{profile.Message}\n" + $"or token is null")); } if (!profile.IsSuccess) { UserViewModel notOkResult = new UserViewModel() { Profile = null, Token = token.Data }; return((Result <UserViewModel>) Result <UserViewModel> .Ok <UserViewModel>(notOkResult)); } UserViewModel result = new UserViewModel() { Profile = profile.Data, Token = token.Data, RefreshToken = GenerateRefrashToken(), ExpiresIn = 3300 }; var isRefrashToketAdded = await _service.AddRefrashTokenAsync(result.RefreshToken, Guid.Parse(result.Profile.Id)); if (isRefrashToketAdded.IsError) { return((Result <UserViewModel>) Result <UserViewModel> .Fail <UserViewModel>(isRefrashToketAdded.Message)); } return((Result <UserViewModel>) Result <UserViewModel> .Ok(result)); } return((Result <UserViewModel>) Result <UserViewModel> .Fail <UserViewModel>(isRemovedRefrashToken.Message)); } return((Result <UserViewModel>) Result <UserViewModel> .NotOk <UserViewModel>(null, "Fail principal")); }