public async Task <IActionResult> Refresh([FromBody] RefreshRequestDto model) { var claimsPrincipal = _authService.IsJwtTokenValid(model.AccessToken); if (claimsPrincipal == null) { // Case of invalid (malformed) access token. return(BadRequest()); } // Claim that uniquely identifies a JWT token. var jti = claimsPrincipal.Claims.Single(c => c.Type == JwtRegisteredClaimNames.Jti).Value; var storedRefreshToken = await _appDbContext.RefreshTokens.FirstOrDefaultAsync(rt => rt.Token.ToString() == model.RefreshToken); if ( (storedRefreshToken == null) || // Case of invalid refresh token. (DateTime.UtcNow > storedRefreshToken.ExpiryDate) || // Case of expired refresh token. (storedRefreshToken.jti != jti) || // Case of refresh token and access token each belonging to a different user. (storedRefreshToken.IsInvalidated) || // Case of invalidated refresh token. (storedRefreshToken.IsUsed) // Case of already used refresh token. ) { return(BadRequest()); } // Mark the refresh token as used at this stage. storedRefreshToken.IsUsed = true; await _appDbContext.SaveChangesAsync(); // NameIdentifier is the user id claim. var user = await _userManager.FindByIdAsync(claimsPrincipal.Claims.Single(c => c.Type == ClaimTypes.NameIdentifier).Value); return(Ok(await _authService.GenerateLoginResponse(user))); }
public async Task <ActionResult <RefreshResponseDto> > Refresh([FromBody] RefreshRequestDto requestData) { try { var user = await _dataContext.Users.FirstAsync(u => u.Email == requestData.Email); if (BCrypt.Net.BCrypt.Verify(requestData.Password, user.Password)) { return new RefreshResponseDto { Token = _authService.GenerateRefreshToken(user) } } ; return(new BadRequestResult()); } catch (InvalidOperationException) { return(new NotFoundResult()); } catch (ArgumentNullException) { return(new NotFoundResult()); } }