public string Refresh() { // attempt getting user from claims User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("JwtTokenKey")); ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"]); // make sure this is a valid token for the user string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("JwtTokenKey")); RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context); string ret = HelperMethods.GenerateLoginResponse(newTokenStr, newRefToken, user.ID); _context.SaveChanges(); // save refresh token just before returning string to be safe // append cookies after refresh HelperMethods.SetCookies(Response, newTokenStr, newRefToken); return(ret); }
[HttpPost("login"), AllowAnonymous] //working public string User_Login([FromBody] string credentials) { JObject json = null; try { json = JObject.Parse(credentials); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", credentials, ex.Message); return(JObject.FromObject(error).ToString()); } try { // get users saved password hash and salt User user = _context.Users.Single(a => a.Email == json["email"].ToString()); // successful login.. compare user hash to the hash generated from the inputted password and salt if (ValidatePassword(json["password"].ToString(), user.Password)) { string tokenString = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("JwtTokenKey")); RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context); string ret = HelperMethods.GenerateLoginResponse(tokenString, refToken, user.ID); _context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info // append cookies to response after login HelperMethods.SetCookies(Response, tokenString, refToken); return(ret); } else { Response.StatusCode = 401; ErrorMessage error = new ErrorMessage("Invalid Credentials", credentials, Unauthorized().ToString()); return(JObject.FromObject(error).ToString()); } } catch (Exception ex) { Response.StatusCode = 500; // later we will add logic to see if the error comes from users not giving all json arguments ErrorMessage error = new ErrorMessage("Error validating credentials", credentials, ex.Message); return(JObject.FromObject(error).ToString()); } }