public HttpResponseMessage Login([FromBody] LoginApiModel apiModel) { HttpResponseMessage response = new HttpResponseMessage(); ResponseFormat responseData; if (apiModel == null) { response.StatusCode = HttpStatusCode.BadRequest; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.INVALID_BODY; } else { var validate = _userService.ValidatePassword(apiModel.email, apiModel.password); if (validate.Item1 == true) { var dbUser = _userRepository.GetByEmail(validate.Item3.Email); //generate jwt token var JwtToken = JwtTokenManager.GenerateJwtToken(validate.Item3); //generate refresh token var RefreshToken = JwtTokenManager.GenerateRefreshToken(); REFRESH_TOKEN newRefreshToken = new REFRESH_TOKEN(); newRefreshToken.USER_ID = dbUser.ID; newRefreshToken.Token = RefreshToken; db.REFRESH_TOKEN.Add(newRefreshToken); db.SaveChanges(); //set refresh token to httponly and add it to cookies //var nv = new NameValueCollection(); //nv["refreshToken"] = RefreshToken; //nv["seriesIdentifier"] = dbUser.ID.ToString(); //nv["tokenIdentifier"] = newRefreshToken.ID.ToString(); response.Headers.Add("set-cookie", $"refreshTokenData=refreshToken={RefreshToken}&seriesIdentifier={dbUser.ID}&tokenIdentifier={newRefreshToken.ID}; path=/; SameSite=None; Secure; max-age=2592000"); //create response data responseData = ResponseFormat.Success; if (dbUser.Avatar != null) { responseData.data = new { user = new { id = validate.Item3.ID, username = validate.Item3.Username, firstName = validate.Item3.FirstName, lastName = validate.Item3.LastName, jwt = JwtToken, group = dbUser.GROUP.ID, avatar = $"{StaticStrings.ServerHost}avatar?fileName={dbUser.Avatar}" } }; } else { responseData.data = new { user = new { id = validate.Item3.ID, username = validate.Item3.Username, firstName = validate.Item3.FirstName, lastName = validate.Item3.LastName, jwt = JwtToken, group = dbUser.GROUP.ID, avatar = "" } }; } if (string.IsNullOrEmpty(dbUser.CalendarId)) { try { var calId = googleCalendar.AddCalendar(dbUser.Email); googleCalendar.AddPeopleToAcl(dbUser.Email, calId, true); _userService.UpdateCalendarId(dbUser.Email, calId); } catch { } } response.StatusCode = HttpStatusCode.OK; } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = validate.Item2; } } var json = JsonConvert.SerializeObject(responseData); response.Content = new StringContent(json, Encoding.UTF8, "application/json"); return(response); }
public HttpResponseMessage Refresh() { string c_refreshToken = ""; string c_series = ""; string t_series = ""; HttpResponseMessage response = new HttpResponseMessage(); ResponseFormat responseData; CookieHeaderValue cookie = Request.Headers.GetCookies("refreshTokenData").FirstOrDefault(); if (cookie != null) { CookieState cookieState = cookie["refreshTokenData"]; c_refreshToken = cookieState["refreshToken"]; c_series = cookieState["seriesIdentifier"]; t_series = cookieState["tokenIdentifier"]; var dbUser = db.USERs.Find(int.Parse(c_series)); if (dbUser != null) { //look for token var temp = int.Parse(t_series); //var a = WebUtility.UrlDecode(c_refreshToken); var a = Base64UrlEncoder.Decode(c_refreshToken); var dbToken = dbUser.REFRESH_TOKEN.Where(c => c.ID == temp).FirstOrDefault(); if (dbToken != null) { if (c_refreshToken == dbToken.Token) { var user = AutoMapper.Mapper.Map <User>(dbUser); //grab a new jwt token var JwtToken = JwtTokenManager.GenerateJwtToken(user); //grab a new refresh token var RefreshToken = JwtTokenManager.GenerateRefreshToken(); //store new value for token dbToken.Token = RefreshToken; db.SaveChanges(); //response.Headers.Add("set-cookie", $"refreshTokenData=refreshToken={RefreshToken}&seriesIdentifier={dbUser.ID}&tokenIdentifier={dbToken.ID}; path=/; SameSite=None; Secure; max-age=2592000"); response.Headers.Add("set-cookie", $"refreshTokenData=refreshToken={RefreshToken}&seriesIdentifier={dbUser.ID}&tokenIdentifier={dbToken.ID}; path=/; SameSite=None; Secure; max-age=2592000"); //build response data responseData = ResponseFormat.Success; if (dbUser.Avatar != null) { responseData.data = new { user = new { id = user.ID, username = user.Username, firstName = user.FirstName, lastName = user.LastName, jwt = JwtToken, group = dbUser.GROUP.ID, avatar = $"{StaticStrings.ServerHost}avatar?fileName={dbUser.Avatar}" } }; } else { responseData.data = new { user = new { id = user.ID, username = user.Username, firstName = user.FirstName, lastName = user.LastName, jwt = JwtToken, group = dbUser.GROUP.ID, avatar = "" } }; } response.StatusCode = HttpStatusCode.OK; } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = "Cookie Invalid"; } } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = "Cookie Invalid"; } } else { response.StatusCode = HttpStatusCode.NotFound; responseData = ResponseFormat.Fail; responseData.message = "Not a valid user"; } } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = "No cookie found"; } var json = JsonConvert.SerializeObject(responseData); response.Content = new StringContent(json, Encoding.UTF8, "application/json"); return(response); }