Merge branch 'feature/refresh-token' into 'master'

refresh token See merge request !7

Merge branch 'feature/refresh-token' into 'master'
refresh token See merge request !7
6863fa73 · Enzo Santangelo Dodera · a539f643 · 36b05fcb · 6863fa73 · 6863fa73
Commit 6863fa73 authored 4 years ago by Enzo Santangelo Dodera
--- a/Tsi1.Api/Tsi1.Api/Controllers/UserController.cs
+++ b/Tsi1.Api/Tsi1.Api/Controllers/UserController.cs
@@ -2,8 +2,10 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.IdentityModel.Tokens;
 using Tsi1.Api.Infrastructure;
 using Tsi1.Api.Models;
 using Tsi1.BusinessLayer.Dtos;
@@ -60,6 +62,36 @@ namespace Tsi1.Api.Controllers
            });
        }

+        [HttpPost("RefreshToken")]
+        [Authorize]
+        public async Task<ActionResult> RefreshToken([FromBody] RefreshTokenRequest request)
+        {
+            try
+            {
+                var username = HttpContext.User.Claims.FirstOrDefault(x => x.Type == "Username").Value;
+
+                if (string.IsNullOrWhiteSpace(request.RefreshToken))
+                {
+                    return Unauthorized();
+                }
+
+                var accessToken = await HttpContext.GetTokenAsync("Bearer", "access_token");
+                var jwtResult = _jwtAuthManager.Refresh(request.RefreshToken, accessToken, DateTime.Now);
+
+                return Ok(new LoginResult
+                {
+                    UserName = username,
+                    Role = User.FindFirst(ClaimTypes.Role)?.Value ?? string.Empty,
+                    AccessToken = jwtResult.AccessToken,
+                    RefreshToken = jwtResult.RefreshToken.TokenString
+                });
+            }
+            catch (SecurityTokenException e)
+            {
+                return Unauthorized(e.Message); // return 401 so that the client side can redirect the user to login page
+            }
+        }
+
        [Authorize(Roles = UserTypes.FacultyAdmin)]
        [HttpPost("Register")]
        public async Task<IActionResult> Register(UserRegisterDto dto)

--- a/Tsi1.Api/Tsi1.Api/Infrastructure/JwtAuthManager.cs
+++ b/Tsi1.Api/Tsi1.Api/Infrastructure/JwtAuthManager.cs
@@ -81,7 +81,7 @@ namespace Tsi1.Api.Infrastructure
                throw new SecurityTokenException("Invalid token");
            }

-            var userName = principal.Identity.Name;
+            var userName = principal.Claims.FirstOrDefault(x => x.Type == "Username").Value;
            if (!_usersRefreshTokens.TryGetValue(refreshToken, out var existingRefreshToken))
            {
                throw new SecurityTokenException("Invalid token");

--- a/Tsi1.Api/Tsi1.Api/Tsi1.Api.csproj.user
+++ b/Tsi1.Api/Tsi1.Api/Tsi1.Api.csproj.user
@@ -4,5 +4,9 @@
    <Controller_SelectedScaffolderID>ApiControllerEmptyScaffolder</Controller_SelectedScaffolderID>
    <Controller_SelectedScaffolderCategoryPath>root/Controller</Controller_SelectedScaffolderCategoryPath>
    <WebStackScaffolding_ControllerDialogWidth>600</WebStackScaffolding_ControllerDialogWidth>
+    <ActiveDebugProfile>Tsi1.Api</ActiveDebugProfile>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <DebuggerFlavor>ProjectDebugger</DebuggerFlavor>
  </PropertyGroup>
 </Project>
\ No newline at end of file
--- a/Tsi1.Api/Tsi1.Api/appsettings.json
+++ b/Tsi1.Api/Tsi1.Api/appsettings.json
 {
-  "IsElasticCloud": true,
+  "IsElasticCloud": false,
  "ConnectionStrings": {
    "PostgreSql": "Host=localhost;Database=tsi1;Username=postgres;Password=111111",
    "PostgreSqlCloud": "Host=postgres;Database=tsi1;Username=postgres;Password=postgres"