public async Task <ActionResult> RefreshAsync(RefreshRequest refreshRequest, ModelStateDictionary modelState)
{
if (!modelState.IsValid)
{
return(BadRequestModelState(modelState));
}
bool isValidRefreshToken = _refreshTokenValidator.Validate(refreshRequest.RefreshToken);
if (!isValidRefreshToken)
{
return(new BadRequestObjectResult(new ErrorResponse("Invalid refresh token.")));
}
RefreshToken refreshTokenDTO = await _refreshTokenRepository.GetByTokenAsync(refreshRequest.RefreshToken);
if (refreshTokenDTO == null)
{
return(new NotFoundObjectResult(new ErrorResponse("Invalid refresh token.")));
}
await _refreshTokenRepository.DeleteAsync(refreshTokenDTO.Id);
Account account = await _accountService.GetAsync(refreshTokenDTO.AccountId);
if (account == null)
{
return(new NotFoundObjectResult(new ErrorResponse("Account not found.")));
}
AuthenticatedAccountResponse response = await _authenticator.AuthenticateAsync(account);
return(new OkObjectResult(response));
}
public async Task <RefreshTokenAccountResponseViewModel> RefreshToken(RefreshTokenAccountRequestViewModel refreshTokenAccountRequestViewModel)
{
RefreshToken currentRefreshToken = await _refreshTokenRepository.GetByTokenAsync(refreshTokenAccountRequestViewModel.RefreshToken);
if (currentRefreshToken == null)
{
throw new IdentityException("Refresh token is not valid.");
}
if (currentRefreshToken.ExpiresUtc < DateTime.Now.ToUniversalTime())
{
throw new IdentityException("Refresh token has expired.");
}
Token token = await GetToken(currentRefreshToken.AccountId, currentRefreshToken.Account.Email);
var refreshTokenAccountResponseViewModel = new RefreshTokenAccountResponseViewModel
{
AccessToken = token.AccessToken,
RefreshToken = token.RefreshToken,
AccessTokenExpirationDate = token.AccessTokenExpirationDate,
RefreshTokenExpirationDate = token.RefreshTokenExpirationDate,
AccountId = token.Id
};
return(refreshTokenAccountResponseViewModel);
}
public async Task <AuthenticationResult> RefreshTokenAsync(string token, string refreshToken)
{
var validatedToken = GetClaimsPrincipalFromToken(token);
if (validatedToken == null)
{
return(new AuthenticationResult
{
ErrorMessages = new List <string> {
"Invalid token"
}
});
}
var expiryDateUnix =
long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);
var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(expiryDateUnix);
if (expiryDateTimeUtc > DateTime.UtcNow)
{
return(new AuthenticationResult
{
ErrorMessages = new List <string> {
"This token hasn't expired yet"
}
});
}
var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;
var storeRefreshToken = await _refreshTokenRepository.GetByTokenAsync(refreshToken);
if (storeRefreshToken == null)
{
return(new AuthenticationResult
{
ErrorMessages = new List <string> {
"This refresh token does not exist"
}
});
}
if (DateTime.UtcNow > storeRefreshToken.ExpiredOnUtc)
{
return(new AuthenticationResult
{
ErrorMessages = new List <string> {
"This refresh token has expired"
}
});
}
if (storeRefreshToken.Invalidated)
{
return(new AuthenticationResult
{
ErrorMessages = new List <string> {
"This refresh token has been invalidated"
}
});
}
if (storeRefreshToken.JwtId != jti)
{
return(new AuthenticationResult
{
ErrorMessages = new List <string> {
"This refresh token does not match JWT"
}
});
}
storeRefreshToken.Used = true;
await _refreshTokenRepository.UpdateAsync(storeRefreshToken);
await _unitOfWork.SaveChangesAsync();
var user = await _userManager.FindByIdAsync((validatedToken.Claims.Single(x => x.Type == "id").Value));
return(await GenerateAuthenticationResultForUserAsync(user));
}